talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Enable quic and add CUSTOM kernel.

Browse Source
This commit is contained in:
Tom Alexander 2024-07-04 00:45:54 -04:00
parent 9e107d4a75
commit fb90c63d84
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
6 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ansible/environments/vm/host_vars/poudrieremrmanager
View File

@ -11,7 +11,7 @@ poudriere_builds:
set: framework set: framework
version: CURRENT version: CURRENT
# revision: 66d37dbedfbf2dc94ccf49e6983c3652d5909b91 # revision: 66d37dbedfbf2dc94ccf49e6983c3652d5909b91
kernel: GENERIC-NODEBUG kernel: CUSTOM
branch: main branch: main
srcconf: currentznver4_src.conf srcconf: currentznver4_src.conf
# - jail: 14broadwell # - jail: 14broadwell
@ -24,6 +24,6 @@ poudriere_builds:
ports: default ports: default
set: computer set: computer
version: CURRENT version: CURRENT
kernel: GENERIC kernel: CUSTOM
branch: releng/14.1 branch: releng/14.1
srcconf: 14broadwell_src.conf srcconf: 14broadwell_src.conf

3
ansible/roles/jail_bastion/files/headers.include
View File

@ -10,3 +10,6 @@ add_header X-Content-Type-Options "nosniff" always;
# Disallow the site to be rendered within a frame (clickjacking # Disallow the site to be rendered within a frame (clickjacking
# protection) # protection)
add_header X-Frame-Options "DENY" always; add_header X-Frame-Options "DENY" always;
# Indicate that we are serving http3 on port 443
add_header Alt-Svc 'h3=":443"; ma=864000';

2
ansible/roles/jail_bastion/files/nginx.conf
View File

@ -26,6 +26,8 @@ http {
} }
server { server {
listen 443 quic reuseport;
listen [::]:443 quic reuseport;
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
http2 on; http2 on;

2
ansible/roles/jail_bastion/files/proxy.include
View File

@ -5,3 +5,5 @@ proxy_set_header X-Forwarded-Proto $scheme;
# Settings for keepalive module for upstreams # Settings for keepalive module for upstreams
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Connection ""; proxy_set_header Connection "";
# Requests sent with early data are subject to replay attacks so the application needs to protect against that by using the Early-Data header.
# proxy_set_header Early-Data $ssl_early_data;

2
ansible/roles/poudriere/files/poudriere_delete_jail.bash
View File

@ -12,5 +12,7 @@ if ! grep -q "${jail_name}" <<<"$jail_list"; then
fi fi
poudriere jail -d -j "$jail_name" -C all poudriere jail -d -j "$jail_name" -C all
rm -rf /usr/local/poudriere/data/images/${jail_name}-repo \
/usr/obj/usr/local/poudriere/jails/${jail_name}
echo "Deleted jail $jail_name" echo "Deleted jail $jail_name"

2
ansible/roles/poudriere/tasks/freebsd.yaml
View File

@ -123,6 +123,7 @@
- name: Create the jails - name: Create the jails
when: item.version != "CURRENT" when: item.version != "CURRENT"
check_mode: false
command: |- command: |-
echo poudriere jail {{poudriere_perf_flags}} -c -j {{ item.jail }} -v {{ item.version }} -a amd64 -K {{ item.kernel|default("GENERIC") }} -B -b echo poudriere jail {{poudriere_perf_flags}} -c -j {{ item.jail }} -v {{ item.version }} -a amd64 -K {{ item.kernel|default("GENERIC") }} -B -b
args: args:
@ -131,6 +132,7 @@
- name: Create the jails - name: Create the jails
when: item.version == "CURRENT" when: item.version == "CURRENT"
check_mode: false
# -D clones the entire history instead of just the most recent commit # -D clones the entire history instead of just the most recent commit
# -B to build the pkgbase packages # -B to build the pkgbase packages
# -b to build the jail OS from source # -b to build the jail OS from source