Enable ipv6 privacy extensions and build ipfw for dummynet.

2024-07-04 01:31:07 -04:00 · 2024-07-04 01:31:07 -04:00 · fb679924bc
parent fb90c63d84
commit fb679924bc
5 changed files with 52 additions and 22 deletions
--- a/ansible/roles/network/files/main.conf
+++ b/ansible/roles/network/files/main.conf
@ -1,5 +1,4 @@
 [Network]
-EnableIPv6=true
 # NameResolvingService=resolvconf
 NameResolvingService=systemd

--- a/ansible/roles/network/tasks/freebsd.yaml
+++ b/ansible/roles/network/tasks/freebsd.yaml
@ -42,12 +42,12 @@
    state: present
    sysctl_file: "/etc/sysctl.conf.local"
  loop:
-    []
-    # - name: net.inet6.ip6.accept_rtadv # Enable stateless autoconfiguration (SLAAC)
-    #   value: "1"
-    # - name: net.inet6.ip6.use_tempaddr # Enable privacy addresses
-    #   value: "1"
-    # - name: net.inet6.ip6.prefer_tempaddr # Prefer privacy addresses
+    - name: net.inet6.ip6.accept_rtadv # Enable stateless autoconfiguration (SLAAC)
+      value: "1"
+    - name: net.inet6.ip6.use_tempaddr # Enable privacy addresses
+      value: "1"
+    - name: net.inet6.ip6.prefer_tempaddr # Prefer privacy addresses
+      value: "1"

 - name: Install service configuration
  copy:
--- a/ansible/roles/network/tasks/linux.yaml
+++ b/ansible/roles/network/tasks/linux.yaml
@ -29,6 +29,26 @@
    - src: 10-wired.network
      dest: /etc/systemd/network/10-wired.network

+- name: Configure sysctls
+  sysctl:
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    state: present
+    sysctl_file: /etc/sysctl.d/{{ item.file }}
+  loop:
+    # Enable IPv6 Privacy Extensions
+    - name: net.ipv6.conf.all.use_tempaddr
+      value: 2
+      file: 40-ipv6.conf
+    # Enable IPv6 Privacy Extensions
+    - name: net.ipv6.conf.default.use_tempaddr
+      value: 2
+      file: 40-ipv6.conf
+    # Enable IPv6 Privacy Extensions
+    # - name: net.ipv6.conf.nic.use_tempaddr
+    #   value: 2
+    #   file: 40-ipv6.conf
+
 - name: Enable services
  systemd:
    enabled: yes
--- a/ansible/roles/poudriere/files/14broadwell_src.conf
+++ b/ansible/roles/poudriere/files/14broadwell_src.conf
@ -3,28 +3,37 @@ WITH_MALLOC_PRODUCTION=YES
 WITHOUT_LLVM_ASSERTIONS=YES
 WITH_REPRODUCIBLE_BUILD=YES

+WITHOUT_DEBUG_FILES=YES
+WITHOUT_ASSERT_DEBUG=YES
+WITHOUT_LLVM_TARGET_ALL=YES
+WITHOUT_LIB32=YES
+WITHOUT_HTML=YES
+
+WITHOUT_OFED=YES # OpenFabrics Enterprise Distributio
+WITHOUT_FLOPPY=YES
+WITHOUT_IPFILTER=YES
+WITHOUT_GAMES=YES
+WITH_SORT_THREADS=YES
+WITHOUT_TESTS=YES
+WITHOUT_USB_GADGET_EXAMPLES=YES
+WITHOUT_HYPERV=YES
+WITHOUT_LEGACY_CONSOLE=YES
+
 # Would be fun to experiment with:
 # WITHOUT_SOURCELESS=YES
-# WITHOUT_GAMES=YES
-# WITHOUT_KERBEROS=YES
-# WITHOUT_LEGACY_CONSOLE=YES
-# WITHOUT_LIB32=YES
 # WITHOUT_LOADER_GELI=YES
 # WITHOUT_MLX5TOOL=YES
 # WITHOUT_NDIS=YES
-# WITHOUT_OFED=YES
 # WITHOUT_PPP=YES
-# WITH_SORT_THREADS=YES
 # WITHOUT_TALK=YES
 # WITHOUT_TCSH=YES
-
-
-# Questionable Optimizations
-WITHOUT_FLOPPY=YES
-WITHOUT_HTML=YES
-WITHOUT_IPFW=YES
-WITHOUT_IPFILTER=YES
-WITHOUT_LLVM_TARGET_ALL=YES
+# WITHOUT_KERNEL_SYMBOLS=YES

 # Commented out because maybe I want email alerts for failing disks
 # WITHOUT_MAIL=YES
+
+# Some ports like curl depend on kerberos by default. I figure I'd rather just have kerberos built into the base system than depend on a port.
+# WITHOUT_KERBEROS=YES
+
+# Need to enable IPFW for dummynet
+# WITHOUT_IPFW=YES
--- a/ansible/roles/poudriere/files/currentznver4_src.conf
+++ b/ansible/roles/poudriere/files/currentznver4_src.conf
@ -11,7 +11,6 @@ WITHOUT_HTML=YES

 WITHOUT_OFED=YES # OpenFabrics Enterprise Distributio
 WITHOUT_FLOPPY=YES
-WITHOUT_IPFW=YES
 WITHOUT_IPFILTER=YES
 WITHOUT_GAMES=YES
 WITH_SORT_THREADS=YES
@ -35,3 +34,6 @@ WITHOUT_LEGACY_CONSOLE=YES

 # Some ports like curl depend on kerberos by default. I figure I'd rather just have kerberos built into the base system than depend on a port.
 # WITHOUT_KERBEROS=YES
+
+# Need to enable IPFW for dummynet
+# WITHOUT_IPFW=YES