Compare commits
10 Commits
310fea89ae
...
6c7265d1d3
Author | SHA1 | Date | |
---|---|---|---|
|
6c7265d1d3 | ||
|
b17a5f352d | ||
|
db17b87cb8 | ||
|
f667f50f84 | ||
|
8346065c6f | ||
|
ab48b1e01f | ||
|
eb547bf1bf | ||
|
9d16e1d42e | ||
|
0e86dac2ac | ||
|
edfdb203a0 |
@ -1,4 +1,5 @@
|
|||||||
os_flavor: "freebsd"
|
os_flavor: "freebsd"
|
||||||
|
custom_repo: 13amd64-default-framework
|
||||||
zfs_snapshot_datasets:
|
zfs_snapshot_datasets:
|
||||||
- zroot/freebsd/release/be/default
|
- zroot/freebsd/release/be/default
|
||||||
sshd_enabled: true
|
sshd_enabled: true
|
||||||
|
@ -5,49 +5,49 @@
|
|||||||
- sudo
|
- sudo
|
||||||
- doas
|
- doas
|
||||||
- users
|
- users
|
||||||
# - package_manager
|
- package_manager
|
||||||
# - zfs
|
- zfs
|
||||||
# - zrepl
|
- zrepl
|
||||||
# - zsh
|
- zsh
|
||||||
# - network
|
- network
|
||||||
# - sshd
|
- sshd
|
||||||
# - base
|
- base
|
||||||
# - firewall
|
- firewall
|
||||||
# - cpu
|
- cpu
|
||||||
# - ntp
|
- ntp
|
||||||
# - nvme
|
- nvme
|
||||||
# - hosts
|
- hosts
|
||||||
# - build
|
- build
|
||||||
# - sound
|
- sound
|
||||||
# - graphics
|
- graphics
|
||||||
# - gpg
|
- gpg
|
||||||
# - fonts
|
- fonts
|
||||||
# - alacritty
|
- alacritty
|
||||||
# - sway
|
- sway
|
||||||
# - emacs
|
- emacs
|
||||||
# - firefox
|
- firefox
|
||||||
# - devfs
|
- devfs
|
||||||
# - ssh_client
|
- ssh_client
|
||||||
# - sshfs
|
- sshfs
|
||||||
# - jail
|
- jail
|
||||||
# - fuse
|
- fuse
|
||||||
# - autofs
|
- autofs
|
||||||
# - exfat
|
- exfat
|
||||||
# - bhyve
|
- bhyve
|
||||||
# - bluetooth
|
- bluetooth
|
||||||
# - media
|
- media
|
||||||
# - kubernetes
|
- kubernetes
|
||||||
# - google_cloud_sdk
|
- google_cloud_sdk
|
||||||
# - ansible
|
- ansible
|
||||||
# - wireguard
|
- wireguard
|
||||||
# - portshaker
|
- portshaker
|
||||||
# - poudriere
|
- poudriere
|
||||||
# - android
|
- android
|
||||||
# - latex
|
- latex
|
||||||
# - pyenv
|
- pyenv
|
||||||
# - webcam
|
- webcam
|
||||||
# - docker
|
- docker
|
||||||
# - vscode
|
- vscode
|
||||||
- javascript
|
- javascript
|
||||||
|
|
||||||
- hosts: nat_dhcp:homeserver_nat_dhcp:mrmanager_nat_dhcp
|
- hosts: nat_dhcp:homeserver_nat_dhcp:mrmanager_nat_dhcp
|
||||||
|
@ -68,7 +68,7 @@ IP_RANGE="$IP_RANGE"
|
|||||||
BRIDGE_NAME="$BRIDGE_NAME"
|
BRIDGE_NAME="$BRIDGE_NAME"
|
||||||
INTERFACE_NAME="$INTERFACE_NAME"
|
INTERFACE_NAME="$INTERFACE_NAME"
|
||||||
EOF
|
EOF
|
||||||
zfs create -s "-V${gigabytes}G" -o volmode=dev "$zfs_path/disk0"
|
zfs create -s "-V${gigabytes}G" -o volmode=dev -o primarycache=metadata -o secondarycache=none "$zfs_path/disk0"
|
||||||
}
|
}
|
||||||
|
|
||||||
function start_vm {
|
function start_vm {
|
||||||
|
@ -30,9 +30,9 @@ rdr pass on jail_nat inet proto tcp from $jail_nat_v4 to $not_jail_nat_v4 port 6
|
|||||||
# nat pass on $not_ext_if proto {tcp, udp} from $not_jail_nat_v4 to 10.215.1.210 port 65099 -> (jail_nat)
|
# nat pass on $not_ext_if proto {tcp, udp} from $not_jail_nat_v4 to 10.215.1.210 port 65099 -> (jail_nat)
|
||||||
# nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.210 port 65099 -> (lagg0)
|
# nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.210 port 65099 -> (lagg0)
|
||||||
|
|
||||||
rdr pass inet proto {tcp, udp} from any to ($ext_if) port 53 -> 10.215.1.211 port 53
|
rdr pass proto {tcp, udp} from $not_jail_nat_v4 to ($ext_if) port 53 -> 10.215.1.211 port 53
|
||||||
nat pass on jail_nat proto {tcp, udp} from { 10.215.1.0/24, !10.215.1.1 } to 10.215.1.211 -> (jail_nat)
|
rdr pass proto {tcp, udp} from $jail_nat_v4 to ($ext_if) port 53 tag REDIRINTERNAL -> 10.215.1.211 port 53
|
||||||
|
nat pass proto {tcp, udp} tagged REDIRINTERNAL -> (jail_nat)
|
||||||
|
|
||||||
# filtering
|
# filtering
|
||||||
block log all
|
block log all
|
||||||
|
@ -20,7 +20,7 @@ function main {
|
|||||||
function start_jail {
|
function start_jail {
|
||||||
host_interface_name="$1"
|
host_interface_name="$1"
|
||||||
bridge_name="bridge_${host_interface_name}"
|
bridge_name="bridge_${host_interface_name}"
|
||||||
jail_interface_name="$2"
|
jail_interface_name=$(sanitize_interface_name "$2")
|
||||||
ip_range="$3"
|
ip_range="$3"
|
||||||
|
|
||||||
assert_bridge "$host_interface_name" "$bridge_name" "$ip_range"
|
assert_bridge "$host_interface_name" "$bridge_name" "$ip_range"
|
||||||
@ -36,7 +36,7 @@ EOF
|
|||||||
function stop_jail {
|
function stop_jail {
|
||||||
host_interface_name="$1"
|
host_interface_name="$1"
|
||||||
bridge_name="bridge_${host_interface_name}"
|
bridge_name="bridge_${host_interface_name}"
|
||||||
jail_interface_name="$2"
|
jail_interface_name=$(sanitize_interface_name "$2")
|
||||||
|
|
||||||
if ng_exists "${jail_interface_name}:"; then
|
if ng_exists "${jail_interface_name}:"; then
|
||||||
wait_for_interface_to_exist "${jail_interface_name}" 120
|
wait_for_interface_to_exist "${jail_interface_name}" 120
|
||||||
@ -117,4 +117,8 @@ function wait_for_interface_to_exist {
|
|||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function sanitize_interface_name {
|
||||||
|
echo "${1:0:15}"
|
||||||
|
}
|
||||||
|
|
||||||
main "${@}"
|
main "${@}"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# - name: Install packages
|
- name: Start ntp service
|
||||||
# pacman:
|
systemd:
|
||||||
# name:
|
state: started
|
||||||
# - foo
|
name: systemd-timesyncd
|
||||||
# state: present
|
daemon_reload: yes
|
||||||
# update_cache: true
|
enabled: yes
|
||||||
|
@ -0,0 +1,3 @@
|
|||||||
|
FreeBSD: {
|
||||||
|
enabled: no
|
||||||
|
}
|
14
ansible/roles/package_manager/files/poudriere.pub
Normal file
14
ansible/roles/package_manager/files/poudriere.pub
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv/0Hh9ace1/nH+QnlPPx
|
||||||
|
XFbSAcp1soEypMuSGgEc+ZNXIkQT11rkzXkTI5vyYIgVYLEE4iMTzXCGhMkb8M1Y
|
||||||
|
zsXRB8l4+Dimcrtqj/+Fvsk+WVeadXwugZ3LWOIb6V7hLMyGxvbouZHC9gduMaLh
|
||||||
|
xGoBup3kgOxSuVXVAlCGBZgmdGNmbpZNYl6BcJtK8bnlxFOmBPQsompSzLzIAItO
|
||||||
|
7r0Rf3xXFOwaCpB1QkFMBGrIDSXkhpXTl1/k5LU2kpM81Ec4EvZwXQJuj3+J3q+n
|
||||||
|
tMeTY2ARb3e4vBaieTww7obfHqLgx6jyL07gl/pW8WXrx4aLGvMkdpVnTFg0K0X1
|
||||||
|
3xoZKGWJdjSznHFtJo+IICLPGMbOxz52lwXDCrRV2yCUMH29hQiCIK9j5q4q1JAD
|
||||||
|
rV4p5ccabfzUduc4yT9kx0+hAXLxVs5mtIianDnJAEBE4yXucWbM6FaE+jYaN9L3
|
||||||
|
dXU6vESTdS6+o8Tz/lo/a0MLyj99URvAxKFsYKg4PnbUcSs+qFuUI0yMpcNIMImy
|
||||||
|
+7gY54t3Izma5pCS7WXtl38SdM8d/gfl/d5xD88BYWIS82gCXoh9G37PFxzCZaNx
|
||||||
|
OKclQq1dZ1mXLDD2yHymDCLBXqfEfTBp4tb5A8JBRKBeqkDCOYZNmp+06VzgdPiO
|
||||||
|
PYwdK2INLfUnBKGN02hgPosCAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
@ -16,6 +16,18 @@
|
|||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Install Configuration
|
- name: Install Configuration
|
||||||
|
copy:
|
||||||
|
src: "files/{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
mode: 0644
|
||||||
|
owner: root
|
||||||
|
group: wheel
|
||||||
|
loop:
|
||||||
|
- src: pkg.conf
|
||||||
|
dest: /usr/local/etc/pkg.conf
|
||||||
|
|
||||||
|
- name: Install Configuration
|
||||||
|
when: custom_repo is not defined
|
||||||
register: changed_config
|
register: changed_config
|
||||||
copy:
|
copy:
|
||||||
src: "files/{{ item.src }}"
|
src: "files/{{ item.src }}"
|
||||||
@ -26,8 +38,32 @@
|
|||||||
loop:
|
loop:
|
||||||
- src: FreeBSD.conf
|
- src: FreeBSD.conf
|
||||||
dest: /usr/local/etc/pkg/repos/FreeBSD.conf
|
dest: /usr/local/etc/pkg/repos/FreeBSD.conf
|
||||||
- src: pkg.conf
|
|
||||||
dest: /usr/local/etc/pkg.conf
|
- name: Install Configuration
|
||||||
|
when: custom_repo is defined
|
||||||
|
copy:
|
||||||
|
src: "files/{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
mode: 0644
|
||||||
|
owner: root
|
||||||
|
group: wheel
|
||||||
|
loop:
|
||||||
|
- src: disable_freebsd_upstream.conf
|
||||||
|
dest: /usr/local/etc/pkg/repos/FreeBSD.conf
|
||||||
|
- src: poudriere.pub
|
||||||
|
dest: /usr/local/etc/pkg/poudriere.pub
|
||||||
|
|
||||||
|
- name: Install Configuration
|
||||||
|
when: custom_repo is defined
|
||||||
|
register: changed_config
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
owner: root
|
||||||
|
group: wheel
|
||||||
|
mode: 0644
|
||||||
|
loop:
|
||||||
|
- { src: custom.conf.j2, dest: /usr/local/etc/pkg/repos/custom.conf }
|
||||||
|
|
||||||
# - name: Replace all packages with packages from new repo
|
# - name: Replace all packages with packages from new repo
|
||||||
# command: pkg upgrade -f -y
|
# command: pkg upgrade -f -y
|
||||||
|
8
ansible/roles/package_manager/templates/custom.conf.j2
Normal file
8
ansible/roles/package_manager/templates/custom.conf.j2
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
custom: {
|
||||||
|
# url: "file:///opt/pkgrepo/packages/current-default-framework"
|
||||||
|
url: "https://freebsdpkg.fizz.buzz/repo/{{ custom_repo }}",
|
||||||
|
enabled: yes,
|
||||||
|
signature_type: "pubkey",
|
||||||
|
pubkey: "/usr/local/etc/pkg/poudriere.pub",
|
||||||
|
priority: 100
|
||||||
|
}
|
@ -5,26 +5,59 @@ set -euo pipefail
|
|||||||
IFS=$'\n\t'
|
IFS=$'\n\t'
|
||||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||||
|
|
||||||
|
: ${LOCKFILE:="/var/run/poudboot.lock"}
|
||||||
|
: ${INFO_DIR:="/opt/poudriere/run_info"}
|
||||||
|
: ${PORT_UPDATE_SECONDS:="86400"}
|
||||||
|
: ${BUILD_SECONDS:="7200"}
|
||||||
|
|
||||||
|
############## Setup #########################
|
||||||
|
|
||||||
|
# function cleanup {
|
||||||
|
# for f in "${folders[@]}"; do
|
||||||
|
# log "Deleting $f"
|
||||||
|
# rm -rf "$f"
|
||||||
|
# done
|
||||||
|
# }
|
||||||
|
# folders=()
|
||||||
|
# for sig in EXIT INT QUIT HUP TERM; do
|
||||||
|
# trap "set +e; cleanup" "$sig"
|
||||||
|
# done
|
||||||
|
|
||||||
|
function die {
|
||||||
|
local status_code="$1"
|
||||||
|
shift
|
||||||
|
(>&2 echo "${@}")
|
||||||
|
exit "$status_code"
|
||||||
|
}
|
||||||
|
|
||||||
|
function log {
|
||||||
|
(>&2 echo "${@}")
|
||||||
|
}
|
||||||
|
|
||||||
|
function run_locked {
|
||||||
|
if [ "${RUN_LOCKED:-}" != "RUN" ]; then
|
||||||
|
exec env RUN_LOCKED=RUN flock --nonblock $LOCKFILE $0 $@
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
############## Program #########################
|
||||||
|
|
||||||
function main {
|
function main {
|
||||||
COMMAND="$1"
|
local COMMAND="$1"
|
||||||
shift 1
|
|
||||||
|
|
||||||
if [ "$COMMAND" = "start" ]; then
|
if [ "$COMMAND" = "start" ]; then
|
||||||
|
run_locked "${@}"
|
||||||
|
shift 1
|
||||||
cmd_start "${@}"
|
cmd_start "${@}"
|
||||||
elif [ "$COMMAND" = "stop" ]; then
|
elif [ "$COMMAND" = "stop" ]; then
|
||||||
|
shift 1
|
||||||
cmd_stop "${@}"
|
cmd_stop "${@}"
|
||||||
else
|
else
|
||||||
die 1 "Unrecognized command: $COMMAND"
|
die 1 "Unrecognized command: $COMMAND"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function die {
|
|
||||||
exit_code="$1"
|
|
||||||
shift 1
|
|
||||||
(>&2 echo "${@}")
|
|
||||||
exit "$exit_code"
|
|
||||||
}
|
|
||||||
|
|
||||||
function abort_if_jobs_running {
|
function abort_if_jobs_running {
|
||||||
if [[ $(sudo poudriere status) != *"No running builds"* ]]; then
|
if [[ $(sudo poudriere status) != *"No running builds"* ]]; then
|
||||||
echo "There is already a poudriere build in progress, exiting."
|
echo "There is already a poudriere build in progress, exiting."
|
||||||
@ -40,30 +73,47 @@ function build {
|
|||||||
function cmd_start {
|
function cmd_start {
|
||||||
abort_if_jobs_running
|
abort_if_jobs_running
|
||||||
|
|
||||||
# Allow command failures without quitting the script because some
|
while true; do
|
||||||
# package sets might fail whereas others may succeed based on which
|
for conf in /opt/poudriere/build_configs/*; do
|
||||||
# packages are in each set.
|
(
|
||||||
set +e
|
# Allow command failures without quitting the script because some
|
||||||
|
# package sets might fail whereas others may succeed based on which
|
||||||
|
# packages are in each set.
|
||||||
|
set +e
|
||||||
|
|
||||||
for conf in /opt/poudriere/build_configs/*; do
|
source "$conf"
|
||||||
(
|
local RUN_DIR="$INFO_DIR/$JAIL-$PORTS-$SET"
|
||||||
source "$conf"
|
local TIMES_FILE="$RUN_DIR/times"
|
||||||
build -j "$JAIL" -p "$PORTS" -z "$SET" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist
|
mkdir -p "$RUN_DIR"
|
||||||
)
|
local PORTUPDATE=0
|
||||||
|
local LASTBUILD=0
|
||||||
|
if [ -e "$TIMES_FILE" ]; then
|
||||||
|
source "$TIMES_FILE"
|
||||||
|
fi
|
||||||
|
local now=$(date +%s)
|
||||||
|
if [ $((now - PORTUPDATE)) -gt "$PORT_UPDATE_SECONDS" ]; then
|
||||||
|
log "Updating ports for $JAIL-$PORTS-$SET"
|
||||||
|
portshaker -U
|
||||||
|
portshaker -M
|
||||||
|
PORTUPDATE=$(date +%s)
|
||||||
|
fi
|
||||||
|
if [ $((now - LASTBUILD)) -gt "$BUILD_SECONDS" ]; then
|
||||||
|
log "Building ports for $JAIL-$PORTS-$SET"
|
||||||
|
build -j "$JAIL" -p "$PORTS" -z "$SET" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist
|
||||||
|
LASTBUILD=$(date +%s)
|
||||||
|
# Cleanup old unused dist files
|
||||||
|
poudriere distclean -y -p "$PORTS" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist
|
||||||
|
poudriere logclean -y 180
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat > "$TIMES_FILE" <<EOF
|
||||||
|
PORTUPDATE=$PORTUPDATE
|
||||||
|
LASTBUILD=$LASTBUILD
|
||||||
|
EOF
|
||||||
|
)
|
||||||
|
done
|
||||||
|
sleep 300
|
||||||
done
|
done
|
||||||
|
|
||||||
# Re-enable exiting on failed commands
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# Cleanup old unused dist files
|
|
||||||
for conf in /opt/poudriere/build_configs/*; do
|
|
||||||
(
|
|
||||||
source "$conf"
|
|
||||||
poudriere distclean -y -p "$PORTS" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist
|
|
||||||
)
|
|
||||||
done
|
|
||||||
|
|
||||||
poudriere logclean -y 180
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function cmd_stop {
|
function cmd_stop {
|
||||||
|
@ -67,3 +67,6 @@ _carddavs._tcp IN SRV 0 1 443 carddav.fastmail.com
|
|||||||
|
|
||||||
_caldav._tcp IN SRV 0 0 0 .
|
_caldav._tcp IN SRV 0 0 0 .
|
||||||
_caldavs._tcp IN SRV 0 1 443 caldav.fastmail.com
|
_caldavs._tcp IN SRV 0 1 443 caldav.fastmail.com
|
||||||
|
|
||||||
|
home IN A 68.197.252.22
|
||||||
|
opstunnel IN CNAME home.fizz.buzz.
|
||||||
|
@ -6,6 +6,6 @@ IFS=$'\n\t'
|
|||||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||||
|
|
||||||
export XDG_CURRENT_DESKTOP=sway
|
export XDG_CURRENT_DESKTOP=sway
|
||||||
#export WLR_RENDERER=vulkan
|
export WLR_RENDERER=vulkan
|
||||||
|
|
||||||
exec sway -d &> $HOME/.config/swaylog
|
exec sway -d &> $HOME/.config/swaylog
|
||||||
|
Loading…
Reference in New Issue
Block a user