Add a poudriere build for the home server.

2024-04-11 19:57:02 -04:00 · 2024-04-11 19:57:02 -04:00 · ef18e94ff8
commit ef18e94ff8
parent 6d198d290d
12 changed files with 141 additions and 9 deletions
--- a/ansible/environments/laptop/host_vars/odofreebsd
+++ b/ansible/environments/laptop/host_vars/odofreebsd
@ -1,5 +1,6 @@
 os_flavor: "freebsd"
-custom_repo: current-default-framework
+custom_repo: currentznver4-default-framework
+pkgbase_url: "https://freebsdpkg.fizz.buzz/pkgbase/currentznver4-repo/FreeBSD:15:amd64/latest"
 zfs_snapshot_datasets:
  - path: zroot/freebsd/current/be/default
 sshd_enabled: true
--- a/ansible/environments/vm/host_vars/poudrieremrmanager
+++ b/ansible/environments/vm/host_vars/poudrieremrmanager
@ -13,3 +13,16 @@ poudriere_builds:
    kernel: GENERIC-NODEBUG
    branch: main
    srcconf: currentznver4_src.conf
+  # - jail: 14broadwell
+  #   ports: default
+  #   set: computer
+  #   version: 14.0-RELEASE
+  #   kernel: GENERIC
+  #   srcconf: 14broadwell_src.conf
+  - jail: 14broadwell
+    ports: default
+    set: computer
+    version: CURRENT
+    kernel: GENERIC
+    branch: releng/14.0
+    srcconf: 14broadwell_src.conf
--- a/ansible/roles/base/files/gitconfig_work
+++ b/ansible/roles/base/files/gitconfig_work
@ -33,5 +33,5 @@
 	cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
        # Make the middle pane start without any merge progress:
 	# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
-[includeIf "gitdir:/bridge/git/machine_setup/"]
+[includeIf "gitdir:/bridge/"]
 	path = /bridge/git/machine_setup/ansible/roles/base/files/gitconfig_home
--- a/ansible/roles/google_cloud_sdk/files/google_logging_link.py
+++ b/ansible/roles/google_cloud_sdk/files/google_logging_link.py
@ -0,0 +1,14 @@
+#!/usr/bin/env python
+#
+# Generate a link to google cloud logging by passing in a logging query.
+import sys
+import urllib.parse
+
+def main():
+    query = "\n".join([line.strip() for line in sys.stdin.readlines()])
+    query = urllib.parse.quote(query)
+    query = query + "?project=project-id-here"
+    print(query)
+
+if __name__ == "__main__":
+    main()
--- a/ansible/roles/google_cloud_sdk/tasks/common.yaml
+++ b/ansible/roles/google_cloud_sdk/tasks/common.yaml
@ -1,3 +1,14 @@
+- name: Install scripts
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0755
+    owner: root
+    group: wheel
+  loop:
+    - src: google_logging_link.py
+      dest: /usr/local/bin/google_logging_link
+
 - import_tasks: tasks/freebsd.yaml
  when: 'os_flavor == "freebsd"'

--- a/ansible/roles/package_manager/templates/pkgbase.conf.j2
+++ b/ansible/roles/package_manager/templates/pkgbase.conf.j2
@ -1,12 +1,7 @@
 base: {
-    # url: "file:///usr/local/poudriere/data/images/currentznver4-repo/FreeBSD:15:amd64/latest"
-    # url: "file:///update"
-    # url: "https://freebsdpkg.fizz.buzz/pkgbase/currentznver4-repo/FreeBSD:15:amd64/latest",
    url: "{{ pkgbase_url }}",
    mirror_type: "none",
    enabled: yes,
-    # signature_type: "pubkey",
-    # pubkey: "/usr/local/etc/pkg/poudriere.pub",
    priority: 100
 }
 # poudriere jail -c -j current -v main -a amd64 -m git -D -U https://git.FreeBSD.org/src.git -K GENERIC-NODEBUG -B -b
--- a/ansible/roles/poudriere/files/14broadwell_src.conf
+++ b/ansible/roles/poudriere/files/14broadwell_src.conf
@ -0,0 +1,30 @@
+CPUTYPE?=broadwell
+WITH_MALLOC_PRODUCTION=YES
+WITHOUT_LLVM_ASSERTIONS=YES
+WITH_REPRODUCIBLE_BUILD=YES
+
+# Would be fun to experiment with:
+# WITHOUT_SOURCELESS=YES
+# WITHOUT_GAMES=YES
+# WITHOUT_KERBEROS=YES
+# WITHOUT_LEGACY_CONSOLE=YES
+# WITHOUT_LIB32=YES
+# WITHOUT_LOADER_GELI=YES
+# WITHOUT_MLX5TOOL=YES
+# WITHOUT_NDIS=YES
+# WITHOUT_OFED=YES
+# WITHOUT_PPP=YES
+# WITH_SORT_THREADS=YES
+# WITHOUT_TALK=YES
+# WITHOUT_TCSH=YES
+
+
+# Questionable Optimizations
+WITHOUT_FLOPPY=YES
+WITHOUT_HTML=YES
+WITHOUT_IPFW=YES
+WITHOUT_IPFILTER=YES
+WITHOUT_LLVM_TARGET_ALL=YES
+
+# Commented out because maybe I want email alerts for failing disks
+# WITHOUT_MAIL=YES
--- a/ansible/roles/poudriere/files/poudriere.d/14broadwell-default-computer-make.conf
+++ b/ansible/roles/poudriere/files/poudriere.d/14broadwell-default-computer-make.conf
@ -0,0 +1,22 @@
+CPUTYPE?=broadwell
+
+# Disable static for subversion because /usr/local/lib/libutf8proc.a not found despite utf8proc being installed
+#
+# Disable static for netpbm because "ld: error: undefined symbol: libdeflate_free_compressor" which is "referenced by tif_zip.o:(ZIPVSetField) in archive /usr/local/lib/libtiff.a"
+#
+# Disable static for libsndfile because pulseaudio and libsamplerate fails to find libsndfile.so
+#
+# Disable static for firefox because "ld: error: /wrkdirs/usr/ports/www/firefox/work/.build/x86_64-unknown-freebsd/release/libgkrust.a(gkrust_shared-8ce2324940b7b6ec.gkrust_shared.45f3776c712ef4bb-cgu.0.rcgu.o): Unknown attribute kind (86) (Producer: 'LLVM16.0.5-rust-1.71.0-stable' Reader: 'LLVM 13.0.1')"
+#
+# Disable static for zsh because histdb is throwing "failed to load module: zsh/regex" and "-regex-match not available for regex"
+.if ${.CURDIR:N*/devel/subversion*} && ${.CURDIR:N*/graphics/netpbm*} && ${.CURDIR:N*/audio/libsndfile*} && ${.CURDIR:N*/www/firefox*} && ${.CURDIR:N*/shells/zsh*}
+OPTIONS_SET+=STATIC LTO
+.endif
+
+.if ${.CURDIR:M*/editors/emacs*}
+OPTIONS_SET+=NATIVECOMP
+.endif
+
+OPTIONS_SET+=OPTIMIZED_CFLAGS
+# qemu uses STATIC_LINK instead of the more standard flag of STATIC
+OPTIONS_SET+=STATIC_LINK
--- a/ansible/roles/poudriere/files/poudriere.d/14broadwell-default-computer-pkglist
+++ b/ansible/roles/poudriere/files/poudriere.d/14broadwell-default-computer-pkglist
@ -0,0 +1,34 @@
+devel/git
+editors/emacs@nox
+editors/mg
+ftp/wget
+lang/python
+net/rsync
+net/tcpdump
+net/wireguard-tools
+ports-mgmt/pkg
+ports-mgmt/pkg-provides
+security/doas
+security/git-crypt
+security/gnupg
+security/libfido2
+security/pcsc-tools
+security/pinentry
+security/sops
+security/sudo
+security/u2f-devd
+shells/bash
+shells/zsh
+sysutils/ansible
+sysutils/ansible-sshjail
+sysutils/bhyve-firmware
+sysutils/cpu-microcode
+sysutils/exfat-utils
+sysutils/htop
+sysutils/tmux
+sysutils/tree
+sysutils/zrepl
+textproc/aspell
+textproc/colordiff
+textproc/en-aspell
+textproc/ripgrep
--- a/ansible/roles/poudriere/tasks/freebsd.yaml
+++ b/ansible/roles/poudriere/tasks/freebsd.yaml
@ -131,7 +131,7 @@
 - name: Create the jails
  when: item.version != "CURRENT"
  command: |-
-    poudriere jail {{poudriere_perf_flags}} -c -j {{ item.jail }} -v {{ item.version }} -B -b
+    echo poudriere jail {{poudriere_perf_flags}} -c -j {{ item.jail }} -v {{ item.version }} -a amd64 -K {{ item.kernel|default("GENERIC") }} -B -b
  args:
    creates: "/usr/local/poudriere/jails/{{ item.jail }}"
  loop: "{{ poudriere_builds }}"
--- a/ansible/roles/rust/tasks/peruser_linux.yaml
+++ b/ansible/roles/rust/tasks/peruser_linux.yaml
@ -49,4 +49,4 @@
    - src: cargo_credentials.toml
      dest: .cargo/credentials
    - src: cargo_config.toml
-      dest: .cargo/config
+      dest: .cargo/config.toml
--- a/ansible/roles/ssh_client/tasks/peruser.yaml
+++ b/ansible/roles/ssh_client/tasks/peruser.yaml
@ -30,6 +30,18 @@
  when: ssh_hosts is defined
  loop: "{{ ssh_hosts }}"

+- name: Compress all SSH connections by default
+  blockinfile:
+    path: "{{ account_homedir.stdout }}/.ssh/config"
+    marker: "# {mark} ANSIBLE MANAGED BLOCK compression"
+    create: true
+    mode: 0600
+    owner: "{{ account_name.stdout }}"
+    group: "{{ group_name.stdout }}"
+    block: |
+      Host *
+        Compression yes
+
 - import_tasks: tasks/peruser_freebsd.yaml
  when: 'os_flavor == "freebsd"'