Enable ipv6 privacy extensions and build ipfw for dummynet.

2024-07-04 01:31:07 -04:00 · 2024-07-04 01:31:07 -04:00 · fb679924bc
commit fb679924bc
parent fb90c63d84
5 changed files with 52 additions and 22 deletions
--- a/ansible/roles/network/files/main.conf
+++ b/ansible/roles/network/files/main.conf
@ -1,5 +1,4 @@
 [Network]
 EnableIPv6=true
 # NameResolvingService=resolvconf
 NameResolvingService=systemd
--- a/ansible/roles/network/tasks/freebsd.yaml
+++ b/ansible/roles/network/tasks/freebsd.yaml
@ -42,12 +42,12 @@
    state: present
    sysctl_file: "/etc/sysctl.conf.local"
  loop:
-    []
+    - name: net.inet6.ip6.accept_rtadv # Enable stateless autoconfiguration (SLAAC)
-    # - name: net.inet6.ip6.accept_rtadv # Enable stateless autoconfiguration (SLAAC)
+      value: "1"
-    #   value: "1"
+    - name: net.inet6.ip6.use_tempaddr # Enable privacy addresses
-    # - name: net.inet6.ip6.use_tempaddr # Enable privacy addresses
+      value: "1"
-    #   value: "1"
+    - name: net.inet6.ip6.prefer_tempaddr # Prefer privacy addresses
-    # - name: net.inet6.ip6.prefer_tempaddr # Prefer privacy addresses
+      value: "1"
 - name: Install service configuration
  copy:
--- a/ansible/roles/network/tasks/linux.yaml
+++ b/ansible/roles/network/tasks/linux.yaml
@ -29,6 +29,26 @@
    - src: 10-wired.network
      dest: /etc/systemd/network/10-wired.network
 - name: Configure sysctls
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    state: present
    sysctl_file: /etc/sysctl.d/{{ item.file }}
  loop:
    # Enable IPv6 Privacy Extensions
    - name: net.ipv6.conf.all.use_tempaddr
      value: 2
      file: 40-ipv6.conf
    # Enable IPv6 Privacy Extensions
    - name: net.ipv6.conf.default.use_tempaddr
      value: 2
      file: 40-ipv6.conf
    # Enable IPv6 Privacy Extensions
    # - name: net.ipv6.conf.nic.use_tempaddr
    #   value: 2
    #   file: 40-ipv6.conf
 - name: Enable services
  systemd:
    enabled: yes
--- a/ansible/roles/poudriere/files/14broadwell_src.conf
+++ b/ansible/roles/poudriere/files/14broadwell_src.conf
@ -3,28 +3,37 @@ WITH_MALLOC_PRODUCTION=YES
 WITHOUT_LLVM_ASSERTIONS=YES
 WITH_REPRODUCIBLE_BUILD=YES
 WITHOUT_DEBUG_FILES=YES
 WITHOUT_ASSERT_DEBUG=YES
 WITHOUT_LLVM_TARGET_ALL=YES
 WITHOUT_LIB32=YES
 WITHOUT_HTML=YES
 WITHOUT_OFED=YES # OpenFabrics Enterprise Distributio
 WITHOUT_FLOPPY=YES
 WITHOUT_IPFILTER=YES
 WITHOUT_GAMES=YES
 WITH_SORT_THREADS=YES
 WITHOUT_TESTS=YES
 WITHOUT_USB_GADGET_EXAMPLES=YES
 WITHOUT_HYPERV=YES
 WITHOUT_LEGACY_CONSOLE=YES
 # Would be fun to experiment with:
 # WITHOUT_SOURCELESS=YES
 # WITHOUT_GAMES=YES
 # WITHOUT_KERBEROS=YES
 # WITHOUT_LEGACY_CONSOLE=YES
 # WITHOUT_LIB32=YES
 # WITHOUT_LOADER_GELI=YES
 # WITHOUT_MLX5TOOL=YES
 # WITHOUT_NDIS=YES
 # WITHOUT_OFED=YES
 # WITHOUT_PPP=YES
 # WITH_SORT_THREADS=YES
 # WITHOUT_TALK=YES
 # WITHOUT_TCSH=YES
-
+# WITHOUT_KERNEL_SYMBOLS=YES
 # Questionable Optimizations
 WITHOUT_FLOPPY=YES
 WITHOUT_HTML=YES
 WITHOUT_IPFW=YES
 WITHOUT_IPFILTER=YES
 WITHOUT_LLVM_TARGET_ALL=YES
 # Commented out because maybe I want email alerts for failing disks
 # WITHOUT_MAIL=YES
 # Some ports like curl depend on kerberos by default. I figure I'd rather just have kerberos built into the base system than depend on a port.
 # WITHOUT_KERBEROS=YES
 # Need to enable IPFW for dummynet
 # WITHOUT_IPFW=YES
--- a/ansible/roles/poudriere/files/currentznver4_src.conf
+++ b/ansible/roles/poudriere/files/currentznver4_src.conf
@ -11,7 +11,6 @@ WITHOUT_HTML=YES
 WITHOUT_OFED=YES # OpenFabrics Enterprise Distributio
 WITHOUT_FLOPPY=YES
 WITHOUT_IPFW=YES
 WITHOUT_IPFILTER=YES
 WITHOUT_GAMES=YES
 WITH_SORT_THREADS=YES
@ -35,3 +34,6 @@ WITHOUT_LEGACY_CONSOLE=YES
 # Some ports like curl depend on kerberos by default. I figure I'd rather just have kerberos built into the base system than depend on a port.
 # WITHOUT_KERBEROS=YES
 # Need to enable IPFW for dummynet
 # WITHOUT_IPFW=YES