Add a force focus mode to sway.

ansible/environments/laptop/host_vars/odowork

@@ -0,0 +1,36 @@
+os_flavor: "linux"
+hostname: odowork
+etc_hosts: {}
+users:
+  talexander:
+    initialize: true
+    uid: 11235
+    gid: 1000
+    groups:
+      - name: wheel
+      - name: users
+      - name: docker
+      - name: libvirt
+      - name: uucp
+    authorized_keys:
+      - yubikey
+      - main_fido
+      - backup_fido
+    gitconfig: "gitconfig_work"
+zfs_snapshot_datasets:
+  - path: zroot/linux/archwork/be
+install_graphics: true
+graphics_driver: "amd"
+pgp_key: "gpg_work.asc"
+build_user:
+  name: talexander
+  group: talexander
+# wireguard_directory: odowork
+# enabled_wireguard: []
+cputype: "amd"
+hwpstate: true
+cores: 16
+sway_conf_files:
+  - rofimoji
+docker_storage_driver: overlay2 # alternatively zfs
+docker_zfs_dataset: zroot/linux/archwork/docker

ansible/environments/laptop/hosts

@@ -1,3 +1,4 @@
 [gui]
 odolinux ansible_connection=local ansible_host=127.0.0.1
 odofreebsd ansible_connection=local ansible_host=127.0.0.1
+odowork ansible_connection=local ansible_host=127.0.0.1

ansible/playbook.yaml

@@ -117,7 +117,7 @@
     - users
     - public_dns
 
-- hosts: odolinux:odofreebsd
+- hosts: odolinux:odofreebsd:odowork
   vars:
     ansible_become: True
   roles:
@@ -144,3 +144,9 @@
     ansible_become: True
   roles:
     - homeserver
+
+- hosts: odowork
+  vars:
+    ansible_become: True
+  roles:
+    - odowork

ansible/roles/base/files/gitconfig_home

@@ -18,3 +18,18 @@
 	date = local
 [init]
 	defaultBranch = main
+
+# Use meld for `git difftool` and `git mergetool`
+[diff]
+	tool = meld
+[difftool]
+	prompt = false
+[difftool "meld"]
+	cmd = meld "$LOCAL" "$REMOTE"
+[merge]
+	tool = meld
+[mergetool "meld"]
+        # Make the middle pane start with partially-merged contents:
+	cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
+        # Make the middle pane start without any merge progress:
+	# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"

ansible/roles/base/files/gitconfig_work

@@ -0,0 +1,35 @@
+[user]
+	email = ThomasA.Alexander@hmhn.org
+	name = Tom Alexander
+	signingkey = D3A179C9A53C0EDE
+[push]
+	default = simple
+[alias]
+	lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
+	bh = log --oneline --branches=* --remotes=* --graph --decorate
+	amend = commit --amend --no-edit
+[core]
+	excludesfile = ~/.gitignore_global
+[commit]
+	gpgsign = true
+[pull]
+	rebase = true
+[log]
+	date = local
+[init]
+	defaultBranch = main
+
+# Use meld for `git difftool` and `git mergetool`
+[diff]
+	tool = meld
+[difftool]
+	prompt = false
+[difftool "meld"]
+	cmd = meld "$LOCAL" "$REMOTE"
+[merge]
+	tool = meld
+[mergetool "meld"]
+        # Make the middle pane start with partially-merged contents:
+	cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
+        # Make the middle pane start without any merge progress:
+	# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"

ansible/roles/base/tasks/common.yaml

@@ -17,6 +17,7 @@
       - colordiff
       - ipcalc
       - kdiff3
+      - meld
       - tcpdump
       - moreutils # for ts [%Y-%m-%d %H:%M:%.S]
       - ddrescue

ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash

@@ -74,13 +74,6 @@ function main {
     fi
 }
 
-function die {
-    local status_code="$1"
-    shift
-    (>&2 echo "${@}")
-    exit "$status_code"
-}
-
 function create_disk {
     local zfs_path="$1"
     local mount_path="$2"

ansible/roles/build/files/gpg_work.asc

@@ -0,0 +1,27 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
+0H+RsWG0LVRob21hcyBBbGV4YW5kZXIgPFRob21hc0EuQWxleGFuZGVyQGhtaG4u
+b3JnPoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAmULicsCGwMFCwkI
+BwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhFXBsUtQD9GWPdWc/nSmO0Gp7p
+DzxrieliriAnO+ZCHp31mFbMtToBAPxPYN9y4kgSiXhLiFLoRK5k5FCspksTSitg
+0CbXDE4LuDgEXZwWGhIKKwYBBAGXVQEFAQEHQK202EIAwTBuxARUygOvn+AloMJd
+ui39m+nMghn1MNo+AwEIB4h4BBgWCAAgFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsF
+Al2cFhoCGwwACgkQJ95A2bhFXBtNzAEAq5I6xPjIbb23xmhxh5cM/UJxdGedfWMy
+vF6/JtDvtPUBAPQRQn5AMwTOA+CSnliYf7ZjfVOlHscy60XWPlvXLoAJuDMEXZwW
+yhYJKwYBBAHaRw8BAQdAPyIL4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI
+9QQYFggAJgIbAhYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2
+IAQZFggAHRYhBIHmRDmWdVAusSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7e
+jJ4A/iq7N2mMhx+ovOXm1REoASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZ
+Luka/KVB/etkkJvDzvaTtiQQQG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/
+EZ3/d8wxfA9E3Fb/1mt4c2ZrNnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/
+duA4lwsLuDMEXZwXARYJKwYBBAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+
+UiQb8x0k1z2DmTKIfgQYFggAJgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJl
+C4ZwBQkLMdZgAAoJECfeQNm4RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SB
+PG4VvrCzXrmlAP46wUjIRpkMrTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2c
+FygSCisGAQQBl1UBBQEBB0AO0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWI
+EgMBCAeIfgQYFggAJgIbDBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkL
+MdY5AAoJECfeQNm4RVwbXscA/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcW
+d5t8APwIwcuFVZZA3yayhIxi3aqYpMRxpn2t6Nswax1MIM8DBQ==
+=0HtE
+-----END PGP PUBLIC KEY BLOCK-----

ansible/roles/build/tasks/linux.yaml

@@ -39,7 +39,7 @@
 - name: Trust my signing key
   command: pacman-key -a -
   args:
-    stdin: "{{ lookup('file', 'gpg.asc') }}"
+    stdin: "{{ lookup('file', pgp_key|default('gpg.asc')) }}"
   when: '"B848159363C2877917954BE127DE40D9B8455C1B" not in pacmankeys.stdout'
   register: my_key_imported
 

ansible/roles/firefox/defaults/main.yaml

@@ -11,3 +11,4 @@ firefox_config:
   browser.newtabpage.activity-stream.showSponsoredTopSites: false
   browser.newtabpage.activity-stream.feeds.section.topstories: false
   browser.newtabpage.pinned: "[]"
+  browser.newtabpage.activity-stream.section.highlights.includePocket: false

ansible/roles/gpg/files/gpg_work.asc

@@ -0,0 +1,27 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
+0H+RsWG0LVRob21hcyBBbGV4YW5kZXIgPFRob21hc0EuQWxleGFuZGVyQGhtaG4u
+b3JnPoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAmULicsCGwMFCwkI
+BwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhFXBsUtQD9GWPdWc/nSmO0Gp7p
+DzxrieliriAnO+ZCHp31mFbMtToBAPxPYN9y4kgSiXhLiFLoRK5k5FCspksTSitg
+0CbXDE4LuDgEXZwWGhIKKwYBBAGXVQEFAQEHQK202EIAwTBuxARUygOvn+AloMJd
+ui39m+nMghn1MNo+AwEIB4h4BBgWCAAgFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsF
+Al2cFhoCGwwACgkQJ95A2bhFXBtNzAEAq5I6xPjIbb23xmhxh5cM/UJxdGedfWMy
+vF6/JtDvtPUBAPQRQn5AMwTOA+CSnliYf7ZjfVOlHscy60XWPlvXLoAJuDMEXZwW
+yhYJKwYBBAHaRw8BAQdAPyIL4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI
+9QQYFggAJgIbAhYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2
+IAQZFggAHRYhBIHmRDmWdVAusSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7e
+jJ4A/iq7N2mMhx+ovOXm1REoASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZ
+Luka/KVB/etkkJvDzvaTtiQQQG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/
+EZ3/d8wxfA9E3Fb/1mt4c2ZrNnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/
+duA4lwsLuDMEXZwXARYJKwYBBAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+
+UiQb8x0k1z2DmTKIfgQYFggAJgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJl
+C4ZwBQkLMdZgAAoJECfeQNm4RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SB
+PG4VvrCzXrmlAP46wUjIRpkMrTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2c
+FygSCisGAQQBl1UBBQEBB0AO0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWI
+EgMBCAeIfgQYFggAJgIbDBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkL
+MdY5AAoJECfeQNm4RVwbXscA/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcW
+d5t8APwIwcuFVZZA3yayhIxi3aqYpMRxpn2t6Nswax1MIM8DBQ==
+=0HtE
+-----END PGP PUBLIC KEY BLOCK-----

ansible/roles/gpg/tasks/peruser.yaml

@@ -43,7 +43,7 @@
   command: gpg --import
   when: '"cv25519/B0B50C7FDDE009E5" not in gpgkeys.stdout'
   args:
-    stdin: "{{ lookup('file', 'gpg.asc') }}"
+    stdin: "{{ lookup('file', pgp_key|default('gpg.asc')) }}"
 
 - import_tasks: tasks/peruser_freebsd.yaml
   when: 'os_flavor == "freebsd"'

ansible/roles/hosts/tasks/common.yaml

@@ -1,10 +1,19 @@
 - name: Set the /etc/hosts
+  when: hostname is undefined or item.key != hostname
   ansible.builtin.lineinfile:
     path: /etc/hosts
     regexp: '^{{ item.key | regex_escape() }}\s+'
     line: "{{ item.key }}		{{ item.value | join(' ') }}"
   loop: "{{ etc_hosts | dict2items }}"
 
+# Without an entry for the local hostname, firefox takes multiple minutes to launch.
+- name: Set the /etc/hosts
+  when: hostname is defined
+  ansible.builtin.lineinfile:
+    path: /etc/hosts
+    regexp: '\s+{{ hostname | regex_escape() }}\s*$'
+    line: "127.0.0.1		{{ hostname }}"
+
 - import_tasks: tasks/freebsd.yaml
   when: 'os_flavor == "freebsd"'
 

ansible/roles/network/files/main.conf

@@ -7,5 +7,5 @@ NameResolvingService=systemd
 EnableNetworkConfiguration=True
 # route_priority_offset=300
 
-[Scan]
+# [Scan]
-DisablePeriodicScan=true
+# DisablePeriodicScan=true

ansible/roles/odowork/tasks/common.yaml

@@ -0,0 +1,55 @@
+# - name: Create directories
+#   file:
+#     name: "{{ item }}"
+#     state: directory
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - /foo/bar
+
+# - name: Install scripts
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.bash
+#       dest: /usr/local/bin/foo
+
+# - name: Install Configuration
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0600
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.conf
+#       dest: /usr/local/etc/foo.conf
+
+# - name: Clone Source
+#   git:
+#     repo: "https://foo.bar/baz.git"
+#     dest: /foo/bar
+#     version: "v1.0.2"
+#     force: true
+#   diff: false
+
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  when: users is defined
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user

ansible/roles/odowork/tasks/freebsd.yaml

@@ -0,0 +1,5 @@
+# - name: Install packages
+#   package:
+#     name:
+#       - foo
+#     state: present

ansible/roles/odowork/tasks/linux.yaml

@@ -0,0 +1,5 @@
+- name: Install packages
+  package:
+    name:
+      - python-numpy # Increases the speed of iap tunnels
+    state: present

ansible/roles/odowork/tasks/main.yaml

@@ -0,0 +1,2 @@
+- import_tasks: tasks/common.yaml
+  # when: foo is defined

ansible/roles/odowork/tasks/peruser.yaml

@@ -0,0 +1,29 @@
+- include_role:
+    name: per_user
+
+# - name: Create directories
+#   file:
+#     name: "{{ account_homedir.stdout }}/{{ item }}"
+#     state: directory
+#     mode: 0700
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - ".config/foo"
+
+# - name: Copy files
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+#     mode: 0600
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - src: foo.conf
+#       dest: .config/foo/foo.conf
+
+- import_tasks: tasks/peruser_freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/peruser_linux.yaml
+  when: 'os_flavor == "linux"'

ansible/roles/sway/defaults/main.yaml

@@ -10,3 +10,4 @@ default_sway_conf_files:
   - disable_focus_follows_mouse
   - lockscreen
   - logout
+  - force_focus

ansible/roles/sway/files/sway_config_files/force_focus.conf

@@ -0,0 +1,4 @@
+mode "force focus" {
+    bindsym $mod+Shift+Escape fullscreen; mode "default"
+}
+bindsym $mod+Shift+f fullscreen; mode "force focus"

ansible/run.bash

@@ -22,6 +22,8 @@ elif [ "$target" = "odolinux" ]; then
     ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odolinux "${@}"
 elif [ "$target" = "odofreebsd" ]; then
     ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odofreebsd "${@}"
+elif [ "$target" = "odowork" ]; then
+    ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odowork "${@}"
 elif [ "$target" = "jail_nat_dhcp" ]; then
     ansible-playbook -v -i environments/jail playbook.yaml --diff --limit nat_dhcp "${@}"
 elif [ "$target" = "jail_homeserver_nat_dhcp" ]; then

router/boot_loader.conf

@@ -0,0 +1,6 @@
+security.bsd.allow_destructive_dtrace=0
+cryptodev_load="YES"
+zfs_load="YES"
+vmm_load="YES"
+pptdevs="1/0/0 2/0/0 3/0/0 4/0/0 5/0/0 7/0/0"
+autoboot_delay="0"

router/etc_rc.conf

@@ -0,0 +1,16 @@
+clear_tmp_enable="YES"
+syslogd_flags="-ss"
+hostname="turtle"
+#ifconfig_bridgeif="DHCP"
+#ifconfig_bridgeif_ipv6="inet6 accept_rtadv"
+wlans_rtwn0="wlan0"
+ifconfig_wlan0="WPA DHCP"
+ifconfig_wlan0_ipv6="inet6 accept_rtadv"
+create_args_wlan0="country US regdomain FCC"
+sshd_enable="YES"
+ntpd_enable="YES"
+ntpd_sync_on_start="YES"
+moused_nondefault_enable="NO"
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+zfs_enable="YES"

router/launch_opnsense.bash

@@ -0,0 +1,168 @@
+#!/usr/local/bin/bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+: ${CD:=""}
+: ${VNC_ENABLE:="NO"}
+: ${VNC_LISTEN:="127.0.0.1:5900"}
+: ${PID_FILE:="/var/run/opnsense.pid"}
+
+############## Setup #########################
+
+function cleanup {
+    for vm in "${vms[@]}"; do
+        log "Destroying bhyve vm $vm"
+        bhyvectl "--vm=$vm" --destroy
+        log "Destroyed bhyve vm $vm"
+    done
+}
+vms=()
+for sig in EXIT INT QUIT HUP TERM; do
+  trap "set +e; sleep 10; cleanup" "$sig"
+done
+
+function die {
+    local status_code="$1"
+    shift
+    (>&2 echo "${@}")
+    exit "$status_code"
+}
+
+function log {
+    (>&2 echo "${@}")
+}
+
+############## Program #########################
+
+function main {
+    start_vm
+}
+
+function start_vm {
+    local name="opnsense"
+
+
+
+    # -H release the CPU when guest issues HLT instruction. Otherwise 100% of core will be consumed.
+         # -s 3,ahci-cd,/vm/.iso/archlinux-2023.04.01-x86_64.iso \
+             # -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080,wait \
+            # -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080 \
+
+    # TODO: Look into using nmdm instead of stdio for serial console
+    if [ -n "$CD" ]; then
+        additional_args+=("-s" "5,ahci-cd,$CD")
+    fi
+    if [ "$VNC_ENABLE" = "YES" ]; then
+        additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=1920,h=1080")
+    fi
+
+    local bridge_name="bridge_vm"
+    local host_interface_name="bridgeif"
+
+    assert_bridge "$host_interface_name" "$bridge_name"
+    local mac_address
+    mac_address=$(calculate_mac_address "$name")
+    local bridge_link_name
+    bridge_link_name=$(detect_available_link "${bridge_name}")
+    additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
+    vms+=("$name")
+    while true; do
+        set -x
+        set +e
+        bhyve \
+            -D \
+            -c 6 \
+            -m 8G \
+            -H \
+            -s 0,hostbridge \
+            -s "4,nvme,/dev/zvol/zroot/vm/opnsense/disk0" \
+            -S \
+            -s 7,passthru,1/0/0 \
+            -s 8,passthru,2/0/0 \
+            -s 9,passthru,3/0/0 \
+            -s 10,passthru,4/0/0 \
+            -s 11,passthru,5/0/0 \
+            -s 12,passthru,7/0/0 \
+            -s 30,xhci,tablet \
+            -s 31,lpc -l com1,stdio \
+            -l "bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,/vm/opnsense/BHYVE_UEFI_VARS.fd" \
+            "${additional_args[@]}" \
+            "$name"
+        # local bhyvepid=$!
+        # echo "$bhyvepid" > "$PID_FILE"
+        # wait $bhyvepid
+        local exit_code=$?
+        set +x
+        set -e
+        if [ $exit_code -eq 0 ]; then
+            echo "Rebooting."
+            sleep 5
+        elif [ $exit_code -eq 1 ]; then
+            echo "Powered off."
+            break
+        elif [ $exit_code -eq 2 ]; then
+            echo "Halted."
+            break
+        elif [ $exit_code -eq 3 ]; then
+            echo "Triple fault."
+            break
+        elif [ $exit_code -eq 4 ]; then
+            echo "Exited due to an error."
+            break
+        fi
+    done
+}
+
+function ng_exists {
+    ngctl status "${1}" >/dev/null 2>&1
+}
+
+function assert_bridge {
+    local host_interface_name="$1"
+    local bridge_name="$2"
+    # local ip_range="$3"
+
+    if ! ng_exists "${bridge_name}:"; then
+        ngctl -d -f - <<EOF
+mkpeer . eiface hook ether
+name .:hook $host_interface_name
+EOF
+        ngctl -d -f - <<EOF
+mkpeer ${host_interface_name}: bridge ether link0
+name ${host_interface_name}:ether $bridge_name
+EOF
+        ifconfig "$(ngctl msg "${host_interface_name}:" getifname | grep Args | cut -d '"' -f 2)" name "${host_interface_name}" up
+
+        dhclient "${host_interface_name}"
+        # (set +e; service netif start wlan0) &
+    fi
+}
+
+function detect_available_link {
+    local bridge_name="$1"
+    local linknum=1
+    while true; do
+        local link_name="link${linknum}"
+        if ! ng_exists "${bridge_name}:${link_name}"; then
+            echo "$link_name"
+            return
+        fi
+        linknum=$((linknum + 1))
+        if [ "$linknum" -gt 90 ]; then
+            (>&2 echo "No available links on bridge $bridge_name")
+            exit 1
+        fi
+    done
+}
+
+function calculate_mac_address {
+    local name="$1"
+    local source
+    source=$(md5 -r -s "$name" | awk '{print $1}')
+    echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
+}
+
+
+main "${@}"

router/launch_unifi.bash

@@ -0,0 +1,149 @@
+#!/usr/local/bin/bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+: ${CD:=""}
+: ${VNC_ENABLE:="NO"}
+: ${VNC_LISTEN:="127.0.0.1:5900"}
+: ${PID_FILE:="/var/run/unifi.pid"}
+
+############## Setup #########################
+
+function cleanup {
+    for vm in "${vms[@]}"; do
+        log "Destroying bhyve vm $vm"
+        bhyvectl "--vm=$vm" --destroy
+        log "Destroyed bhyve vm $vm"
+    done
+}
+vms=()
+for sig in EXIT INT QUIT HUP TERM; do
+  trap "set +e; sleep 10; cleanup" "$sig"
+done
+
+function die {
+    local status_code="$1"
+    shift
+    (>&2 echo "${@}")
+    exit "$status_code"
+}
+
+function log {
+    (>&2 echo "${@}")
+}
+
+############## Program #########################
+
+function main {
+    start_vm
+}
+
+function start_vm {
+    local name="unifi"
+
+
+
+    # -H release the CPU when guest issues HLT instruction. Otherwise 100% of core will be consumed.
+         # -s 3,ahci-cd,/vm/.iso/archlinux-2023.04.01-x86_64.iso \
+             # -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080,wait \
+            # -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080 \
+
+    # TODO: Look into using nmdm instead of stdio for serial console
+    if [ -n "$CD" ]; then
+        additional_args+=("-s" "5,ahci-cd,$CD")
+    fi
+    if [ "$VNC_ENABLE" = "YES" ]; then
+        additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=1920,h=1080")
+    fi
+
+    local bridge_name="bridge_vm"
+    wait_for_bridge "$bridge_name"
+
+    local mac_address
+    mac_address=$(calculate_mac_address "$name")
+
+    local bridge_link_name
+    bridge_link_name=$(detect_available_link "${bridge_name}")
+
+    additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
+    vms+=("$name")
+    while true; do
+        set -x
+        set +e
+        bhyve \
+            -D \
+            -c 1 \
+            -m 2G \
+            -H \
+            -s 0,hostbridge \
+            -s "4,nvme,/dev/zvol/zroot/vm/unifi/disk0" \
+            -s 30,xhci,tablet \
+            -s 31,lpc -l com1,stdio \
+            -l "bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,/vm/unifi/BHYVE_UEFI_VARS.fd" \
+            "${additional_args[@]}" \
+            "$name"
+        # local bhyvepid=$!
+        # echo "$bhyvepid" > "$PID_FILE"
+        # wait $bhyvepid
+        local exit_code=$?
+        set +x
+        set -e
+        if [ $exit_code -eq 0 ]; then
+            echo "Rebooting."
+            sleep 5
+        elif [ $exit_code -eq 1 ]; then
+            echo "Powered off."
+            break
+        elif [ $exit_code -eq 2 ]; then
+            echo "Halted."
+            break
+        elif [ $exit_code -eq 3 ]; then
+            echo "Triple fault."
+            break
+        elif [ $exit_code -eq 4 ]; then
+            echo "Exited due to an error."
+            break
+        fi
+    done
+}
+
+function ng_exists {
+    ngctl status "${1}" >/dev/null 2>&1
+}
+
+function wait_for_bridge {
+    local bridge_name="$1"
+    while ! ng_exists "${bridge_name}:"; do
+        echo "${bridge_name} does not yet exist, sleeping."
+        sleep 10
+    done
+}
+
+function detect_available_link {
+    local bridge_name="$1"
+    local linknum=1
+    while true; do
+        local link_name="link${linknum}"
+        if ! ng_exists "${bridge_name}:${link_name}"; then
+            echo "$link_name"
+            return
+        fi
+        linknum=$((linknum + 1))
+        if [ "$linknum" -gt 90 ]; then
+            (>&2 echo "No available links on bridge $bridge_name")
+            exit 1
+        fi
+    done
+}
+
+function calculate_mac_address {
+    local name="$1"
+    local source
+    source=$(md5 -r -s "$name" | awk '{print $1}')
+    echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
+}
+
+
+main "${@}"

router/opnsense_rc.bash

@@ -0,0 +1,47 @@
+#!/bin/sh
+#
+# REQUIRE: FILESYSTEMS kld
+# PROVIDE: opnsense
+# BEFORE: netif
+
+. /etc/rc.subr
+name=opnsense
+rcvar=${name}_enable
+start_cmd="${name}_start"
+stop_cmd="${name}_stop"
+status_cmd="${name}_status"
+load_rc_config $name
+
+tmux_name="opnsense"
+
+opnsense_start() {
+    # /usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=YES VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /home/talexander/launch_opnsense.bash"
+    /usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=NO VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /home/talexander/launch_opnsense.bash"
+}
+
+opnsense_status() {
+    if /usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null; then
+	echo "$tmux_name is running."
+    else
+	echo "$tmux_name is not running."
+	return 1
+    fi
+}
+
+opnsense_stop() {
+    /usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null && (
+        /usr/local/bin/tmux kill-session -t $tmux_name
+        sleep 10
+        bhyvectl --vm=opnsense --destroy
+        # kill `cat /var/run/opnsense.pid`
+    )
+    opnsense_wait_for_end
+}
+
+opnsense_wait_for_end() {
+    while /usr/local/bin/tmux has-session -t $tmux_name 2>dev/null; do
+        sleep 1
+    done
+}
+
+run_rc_command "$1"

router/reboot

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+#
+: ${PID:="95762"}
+: ${TMUX_NAME:="opnsense"}
+
+doas kill "$PID"
+while doas tmux has-session -t "$TMUX_NAME" 2>/dev/null; do sleep 1; done
+doas shutdown -r now

router/reload

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+#
+: ${PID:="19711"}
+: ${TMUX_NAME:="opnsense"}
+
+doas kill "$PID"
+while doas tmux has-session -t "$TMUX_NAME" 2>/dev/null; do sleep 1; done
+sleep 1
+doas service opnsense start

router/rollback

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+#
+: ${PID:="37880"}
+: ${SNAPSHOT:="zroot/vm/opnsense/disk0@20240108_00_initial_working_state"}
+: ${TMUX_NAME:="opnsense"}
+
+doas kill "$PID"
+while doas tmux has-session -t "$TMUX_NAME" 2>/dev/null; do sleep 1; done
+doas zfs rollback -r "$SNAPSHOT"
+doas service opnsense start

router/snapshot

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+#
+: ${PID:="74229"}
+: ${SNAPSHOT:="zroot/vm/opnsense/disk0@20240108_02_configured"}
+: ${TMUX_NAME:="opnsense"}
+
+doas kill "$PID"
+while doas tmux has-session -t "$TMUX_NAME" 2>/dev/null; do sleep 1; done
+doas zfs snapshot -r "$SNAPSHOT"
+doas service opnsense start

router/unifi/docker-compose/docker-compose.yaml

@@ -0,0 +1,42 @@
+# docker-compose up -d
+---
+version: "2.1"
+services:
+  unifi-network-application:
+    image: lscr.io/linuxserver/unifi-network-application:latest
+    container_name: unifi-network-application
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+      - MONGO_USER=unifi
+      - MONGO_PASS=unifipw
+      - MONGO_HOST=unifi-db
+      - MONGO_PORT=27017
+      - MONGO_DBNAME=unifi
+      - MEM_LIMIT=1024 #optional
+      - MEM_STARTUP=1024 #optional
+      - MONGO_TLS= #optional
+      - MONGO_AUTHSOURCE= #optional
+    volumes:
+      - /data/unifi:/config
+    ports:
+      - 80:8080
+      - 443:8443
+      - 8443:8443
+      - 3478:3478/udp
+      - 10001:10001/udp
+      - 8080:8080
+      - 1900:1900/udp #optional
+      - 8843:8843 #optional
+      - 8880:8880 #optional
+      - 6789:6789 #optional
+      - 5514:5514/udp #optional
+    restart: unless-stopped
+  unifi-db:
+    image: mongo:7.0.5
+    container_name: unifi-db
+    volumes:
+      - /data/mongodb:/data/db
+      - ./init_mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
+    restart: unless-stopped

router/unifi/docker-compose/init_mongo.js

@@ -0,0 +1,2 @@
+db.getSiblingDB("unifi").createUser({user: "unifi", pwd: "unifipw", roles: [{role: "dbOwner", db: "unifi"}]});
+db.getSiblingDB("unifi_stat").createUser({user: "unifi", pwd: "unifipw", roles: [{role: "dbOwner", db: "MONGO_DBNAME_stat"}]});

router/unifi_rc.bash

@@ -0,0 +1,47 @@
+#!/bin/sh
+#
+# REQUIRE: FILESYSTEMS kld
+# PROVIDE: unifi
+# BEFORE: netif
+
+. /etc/rc.subr
+name=opnsense
+rcvar=${name}_enable
+start_cmd="${name}_start"
+stop_cmd="${name}_stop"
+status_cmd="${name}_status"
+load_rc_config $name
+
+tmux_name="unifi"
+
+opnsense_start() {
+    # /usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=YES VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /home/talexander/launch_opnsense.bash"
+    /usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=NO VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /home/talexander/launch_unifi.bash"
+}
+
+opnsense_status() {
+    if /usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null; then
+	echo "$tmux_name is running."
+    else
+	echo "$tmux_name is not running."
+	return 1
+    fi
+}
+
+opnsense_stop() {
+    /usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null && (
+        /usr/local/bin/tmux kill-session -t $tmux_name
+        sleep 10
+        bhyvectl --vm=unifi --destroy
+        # kill `cat /var/run/opnsense.pid`
+    )
+    opnsense_wait_for_end
+}
+
+opnsense_wait_for_end() {
+    while /usr/local/bin/tmux has-session -t $tmux_name 2>dev/null; do
+        sleep 1
+    done
+}
+
+run_rc_command "$1"

router/unifi_vm_efibootmgr

@@ -0,0 +1 @@
+efibootmgr --create --disk /dev/nvme0n1p1 --label "Arch Linux" --loader /vmlinuz-linux-lts --unicode 'rw root=/dev/disk/by-partlabel/Arch rw initrd=\initramfs-linux-lts.img console=ttyS0,115200n8'