talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:60e440b0c6af0be219ea6db9ca4b2a059ef63c08
Branches Tags
talexander:main
talexander:nix
talexander:yubipi
talexander:upstream_amd_debug_tools
talexander:install_files_mixin
talexander:starship
talexander:pixelbook
..
compare: talexander:e3e78b3eb587e6dee5ed1b1b4f676b570c028f6a
Branches Tags
talexander:nix
talexander:yubipi
talexander:main
talexander:upstream_amd_debug_tools
talexander:install_files_mixin
talexander:starship
talexander:pixelbook

8 Commits
60e440b0c6 ... e3e78b3eb5

Author SHA1 Message Date
Tom Alexander
e3e78b3eb5
Add a force focus mode to sway. 2024-01-10 22:21:11 -05:00
Tom Alexander
3706eda8f3
Use meld for git merges. 2024-01-10 22:20:30 -05:00
Tom Alexander
6fc16362ba
Use docker compose for unifi controller. 2024-01-09 19:11:39 -05:00
Tom Alexander
a04b52ec72
Add a unifi vm. 2024-01-09 17:31:12 -05:00
Tom Alexander
460a614cf7
Set up the router manually. 2024-01-08 23:14:23 -05:00
Tom Alexander
3e0de0e87a
Add a work-specific role. 2024-01-07 14:43:10 -05:00
Tom Alexander
80a3f2291c
Add a separate pgp key for work. 2024-01-02 12:29:39 -05:00
Tom Alexander
6e13ac355a
Add a work machine to ansible. 2023-12-31 22:21:28 -05:00
37 changed files with 781 additions and 12 deletions
Show Stats Expand all files Collapse all files

36
ansible/environments/laptop/host_vars/odowork Normal file
View File

@ -0,0 +1,36 @@
os_flavor: "linux"
hostname: odowork
etc_hosts: {}
users:
talexander:
initialize: true
uid: 11235
gid: 1000
groups:
- name: wheel
- name: users
- name: docker
- name: libvirt
- name: uucp
authorized_keys:
- yubikey
- main_fido
- backup_fido
gitconfig: "gitconfig_work"
zfs_snapshot_datasets:
- path: zroot/linux/archwork/be
install_graphics: true
graphics_driver: "amd"
pgp_key: "gpg_work.asc"
build_user:
name: talexander
group: talexander
# wireguard_directory: odowork
# enabled_wireguard: []
cputype: "amd"
hwpstate: true
cores: 16
sway_conf_files:
- rofimoji
docker_storage_driver: overlay2 # alternatively zfs
docker_zfs_dataset: zroot/linux/archwork/docker

1
ansible/environments/laptop/hosts
View File

@ -1,3 +1,4 @@
[gui]
odolinux ansible_connection=local ansible_host=127.0.0.1
odofreebsd ansible_connection=local ansible_host=127.0.0.1
odowork ansible_connection=local ansible_host=127.0.0.1

8
ansible/playbook.yaml
View File

@ -117,7 +117,7 @@
- users
- public_dns
- hosts: odolinux:odofreebsd
- hosts: odolinux:odofreebsd:odowork
vars:
ansible_become: True
roles:
@ -144,3 +144,9 @@
ansible_become: True
roles:
- homeserver
- hosts: odowork
vars:
ansible_become: True
roles:
- odowork

15
ansible/roles/base/files/gitconfig_home
View File

@ -18,3 +18,18 @@
date = local
[init]
defaultBranch = main
# Use meld for `git difftool` and `git mergetool`
[diff]
tool = meld
[difftool]
prompt = false
[difftool "meld"]
cmd = meld "$LOCAL" "$REMOTE"
[merge]
tool = meld
[mergetool "meld"]
# Make the middle pane start with partially-merged contents:
cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
# Make the middle pane start without any merge progress:
# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"

35
ansible/roles/base/files/gitconfig_work Normal file
View File

@ -0,0 +1,35 @@
[user]
email = ThomasA.Alexander@hmhn.org
name = Tom Alexander
signingkey = D3A179C9A53C0EDE
[push]
default = simple
[alias]
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit
[core]
excludesfile = ~/.gitignore_global
[commit]
gpgsign = true
[pull]
rebase = true
[log]
date = local
[init]
defaultBranch = main
# Use meld for `git difftool` and `git mergetool`
[diff]
tool = meld
[difftool]
prompt = false
[difftool "meld"]
cmd = meld "$LOCAL" "$REMOTE"
[merge]
tool = meld
[mergetool "meld"]
# Make the middle pane start with partially-merged contents:
cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
# Make the middle pane start without any merge progress:
# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"

1
ansible/roles/base/tasks/common.yaml
View File

@ -17,6 +17,7 @@
- colordiff
- ipcalc
- kdiff3
- meld
- tcpdump
- moreutils # for ts [%Y-%m-%d %H:%M:%.S]
- ddrescue

7
ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
View File

@ -74,13 +74,6 @@ function main {
fi
}
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function create_disk {
local zfs_path="$1"
local mount_path="$2"

27
ansible/roles/build/files/gpg_work.asc Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
0H+RsWG0LVRob21hcyBBbGV4YW5kZXIgPFRob21hc0EuQWxleGFuZGVyQGhtaG4u
b3JnPoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAmULicsCGwMFCwkI
BwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhFXBsUtQD9GWPdWc/nSmO0Gp7p
DzxrieliriAnO+ZCHp31mFbMtToBAPxPYN9y4kgSiXhLiFLoRK5k5FCspksTSitg
0CbXDE4LuDgEXZwWGhIKKwYBBAGXVQEFAQEHQK202EIAwTBuxARUygOvn+AloMJd
ui39m+nMghn1MNo+AwEIB4h4BBgWCAAgFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsF
Al2cFhoCGwwACgkQJ95A2bhFXBtNzAEAq5I6xPjIbb23xmhxh5cM/UJxdGedfWMy
vF6/JtDvtPUBAPQRQn5AMwTOA+CSnliYf7ZjfVOlHscy60XWPlvXLoAJuDMEXZwW
yhYJKwYBBAHaRw8BAQdAPyIL4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI
9QQYFggAJgIbAhYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2
IAQZFggAHRYhBIHmRDmWdVAusSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7e
jJ4A/iq7N2mMhx+ovOXm1REoASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZ
Luka/KVB/etkkJvDzvaTtiQQQG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/
EZ3/d8wxfA9E3Fb/1mt4c2ZrNnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/
duA4lwsLuDMEXZwXARYJKwYBBAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+
UiQb8x0k1z2DmTKIfgQYFggAJgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJl
C4ZwBQkLMdZgAAoJECfeQNm4RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SB
PG4VvrCzXrmlAP46wUjIRpkMrTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2c
FygSCisGAQQBl1UBBQEBB0AO0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWI
EgMBCAeIfgQYFggAJgIbDBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkL
MdY5AAoJECfeQNm4RVwbXscA/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcW
d5t8APwIwcuFVZZA3yayhIxi3aqYpMRxpn2t6Nswax1MIM8DBQ==
=0HtE
-----END PGP PUBLIC KEY BLOCK-----

2
ansible/roles/build/tasks/linux.yaml
View File

@ -39,7 +39,7 @@
- name: Trust my signing key
command: pacman-key -a -
args:
stdin: "{{ lookup('file', 'gpg.asc') }}"
stdin: "{{ lookup('file', pgp_key|default('gpg.asc')) }}"
when: '"B848159363C2877917954BE127DE40D9B8455C1B" not in pacmankeys.stdout'
register: my_key_imported

1
ansible/roles/firefox/defaults/main.yaml
View File

@ -11,3 +11,4 @@ firefox_config:
browser.newtabpage.activity-stream.showSponsoredTopSites: false
browser.newtabpage.activity-stream.feeds.section.topstories: false
browser.newtabpage.pinned: "[]"
browser.newtabpage.activity-stream.section.highlights.includePocket: false

27
ansible/roles/gpg/files/gpg_work.asc Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
0H+RsWG0LVRob21hcyBBbGV4YW5kZXIgPFRob21hc0EuQWxleGFuZGVyQGhtaG4u
b3JnPoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAmULicsCGwMFCwkI
BwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhFXBsUtQD9GWPdWc/nSmO0Gp7p
DzxrieliriAnO+ZCHp31mFbMtToBAPxPYN9y4kgSiXhLiFLoRK5k5FCspksTSitg
0CbXDE4LuDgEXZwWGhIKKwYBBAGXVQEFAQEHQK202EIAwTBuxARUygOvn+AloMJd
ui39m+nMghn1MNo+AwEIB4h4BBgWCAAgFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsF
Al2cFhoCGwwACgkQJ95A2bhFXBtNzAEAq5I6xPjIbb23xmhxh5cM/UJxdGedfWMy
vF6/JtDvtPUBAPQRQn5AMwTOA+CSnliYf7ZjfVOlHscy60XWPlvXLoAJuDMEXZwW
yhYJKwYBBAHaRw8BAQdAPyIL4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI
9QQYFggAJgIbAhYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2
IAQZFggAHRYhBIHmRDmWdVAusSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7e
jJ4A/iq7N2mMhx+ovOXm1REoASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZ
Luka/KVB/etkkJvDzvaTtiQQQG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/
EZ3/d8wxfA9E3Fb/1mt4c2ZrNnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/
duA4lwsLuDMEXZwXARYJKwYBBAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+
UiQb8x0k1z2DmTKIfgQYFggAJgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJl
C4ZwBQkLMdZgAAoJECfeQNm4RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SB
PG4VvrCzXrmlAP46wUjIRpkMrTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2c
FygSCisGAQQBl1UBBQEBB0AO0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWI
EgMBCAeIfgQYFggAJgIbDBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkL
MdY5AAoJECfeQNm4RVwbXscA/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcW
d5t8APwIwcuFVZZA3yayhIxi3aqYpMRxpn2t6Nswax1MIM8DBQ==
=0HtE
-----END PGP PUBLIC KEY BLOCK-----

2
ansible/roles/gpg/tasks/peruser.yaml
View File

@ -43,7 +43,7 @@
command: gpg --import
when: '"cv25519/B0B50C7FDDE009E5" not in gpgkeys.stdout'
args:
stdin: "{{ lookup('file', 'gpg.asc') }}"
stdin: "{{ lookup('file', pgp_key|default('gpg.asc')) }}"
- import_tasks: tasks/peruser_freebsd.yaml
when: 'os_flavor == "freebsd"'

9
ansible/roles/hosts/tasks/common.yaml
View File

@ -1,10 +1,19 @@
- name: Set the /etc/hosts
when: hostname is undefined or item.key != hostname
ansible.builtin.lineinfile:
path: /etc/hosts
regexp: '^{{ item.key | regex_escape() }}\s+'
line: "{{ item.key }} {{ item.value | join(' ') }}"
loop: "{{ etc_hosts | dict2items }}"
# Without an entry for the local hostname, firefox takes multiple minutes to launch.
- name: Set the /etc/hosts
when: hostname is defined
ansible.builtin.lineinfile:
path: /etc/hosts
regexp: '\s+{{ hostname | regex_escape() }}\s*$'
line: "127.0.0.1 {{ hostname }}"
- import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"'

4
ansible/roles/network/files/main.conf
View File

@ -7,5 +7,5 @@ NameResolvingService=systemd
EnableNetworkConfiguration=True
# route_priority_offset=300
[Scan]
DisablePeriodicScan=true
# [Scan]
# DisablePeriodicScan=true

55
ansible/roles/odowork/tasks/common.yaml Normal file
View File

@ -0,0 +1,55 @@
# - name: Create directories
# file:
# name: "{{ item }}"
# state: directory
# mode: 0755
# owner: root
# group: wheel
# loop:
# - /foo/bar
# - name: Install scripts
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ item.dest }}"
# mode: 0755
# owner: root
# group: wheel
# loop:
# - src: foo.bash
# dest: /usr/local/bin/foo
# - name: Install Configuration
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ item.dest }}"
# mode: 0600
# owner: root
# group: wheel
# loop:
# - src: foo.conf
# dest: /usr/local/etc/foo.conf
# - name: Clone Source
# git:
# repo: "https://foo.bar/baz.git"
# dest: /foo/bar
# version: "v1.0.2"
# force: true
# diff: false
- import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"'
- import_tasks: tasks/linux.yaml
when: 'os_flavor == "linux"'
- include_tasks:
file: tasks/peruser.yaml
apply:
become: yes
become_user: "{{ initialize_user }}"
when: users is defined
loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
loop_control:
loop_var: initialize_user

5
ansible/roles/odowork/tasks/freebsd.yaml Normal file
View File

@ -0,0 +1,5 @@
# - name: Install packages
# package:
# name:
# - foo
# state: present

5
ansible/roles/odowork/tasks/linux.yaml Normal file
View File

@ -0,0 +1,5 @@
- name: Install packages
package:
name:
- python-numpy # Increases the speed of iap tunnels
state: present

2
ansible/roles/odowork/tasks/main.yaml Normal file
View File

@ -0,0 +1,2 @@
- import_tasks: tasks/common.yaml
# when: foo is defined

29
ansible/roles/odowork/tasks/peruser.yaml Normal file
View File

@ -0,0 +1,29 @@
- include_role:
name: per_user
# - name: Create directories
# file:
# name: "{{ account_homedir.stdout }}/{{ item }}"
# state: directory
# mode: 0700
# owner: "{{ account_name.stdout }}"
# group: "{{ group_name.stdout }}"
# loop:
# - ".config/foo"
# - name: Copy files
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
# mode: 0600
# owner: "{{ account_name.stdout }}"
# group: "{{ group_name.stdout }}"
# loop:
# - src: foo.conf
# dest: .config/foo/foo.conf
- import_tasks: tasks/peruser_freebsd.yaml
when: 'os_flavor == "freebsd"'
- import_tasks: tasks/peruser_linux.yaml
when: 'os_flavor == "linux"'

0
ansible/roles/odowork/tasks/peruser_freebsd.yaml Normal file
View File

0
ansible/roles/odowork/tasks/peruser_linux.yaml Normal file
View File

1
ansible/roles/sway/defaults/main.yaml
View File

@ -10,3 +10,4 @@ default_sway_conf_files:
- disable_focus_follows_mouse
- lockscreen
- logout
- force_focus

4
ansible/roles/sway/files/sway_config_files/force_focus.conf Normal file
View File

@ -0,0 +1,4 @@
mode "force focus" {
bindsym $mod+Shift+Escape fullscreen; mode "default"
}
bindsym $mod+Shift+f fullscreen; mode "force focus"

2
ansible/run.bash
View File

@ -22,6 +22,8 @@ elif [ "$target" = "odolinux" ]; then
ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odolinux "${@}"
elif [ "$target" = "odofreebsd" ]; then
ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odofreebsd "${@}"
elif [ "$target" = "odowork" ]; then
ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odowork "${@}"
elif [ "$target" = "jail_nat_dhcp" ]; then
ansible-playbook -v -i environments/jail playbook.yaml --diff --limit nat_dhcp "${@}"
elif [ "$target" = "jail_homeserver_nat_dhcp" ]; then

6
router/boot_loader.conf Normal file
View File

@ -0,0 +1,6 @@
security.bsd.allow_destructive_dtrace=0
cryptodev_load="YES"
zfs_load="YES"
vmm_load="YES"
pptdevs="1/0/0 2/0/0 3/0/0 4/0/0 5/0/0 7/0/0"
autoboot_delay="0"

16
router/etc_rc.conf Normal file
View File

@ -0,0 +1,16 @@
clear_tmp_enable="YES"
syslogd_flags="-ss"
hostname="turtle"
#ifconfig_bridgeif="DHCP"
#ifconfig_bridgeif_ipv6="inet6 accept_rtadv"
wlans_rtwn0="wlan0"
ifconfig_wlan0="WPA DHCP"
ifconfig_wlan0_ipv6="inet6 accept_rtadv"
create_args_wlan0="country US regdomain FCC"
sshd_enable="YES"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
moused_nondefault_enable="NO"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
zfs_enable="YES"

168
router/launch_opnsense.bash Normal file
View File

@ -0,0 +1,168 @@
#!/usr/local/bin/bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${CD:=""}
: ${VNC_ENABLE:="NO"}
: ${VNC_LISTEN:="127.0.0.1:5900"}
: ${PID_FILE:="/var/run/opnsense.pid"}
############## Setup #########################
function cleanup {
for vm in "${vms[@]}"; do
log "Destroying bhyve vm $vm"
bhyvectl "--vm=$vm" --destroy
log "Destroyed bhyve vm $vm"
done
}
vms=()
for sig in EXIT INT QUIT HUP TERM; do
trap "set +e; sleep 10; cleanup" "$sig"
done
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function log {
(>&2 echo "${@}")
}
############## Program #########################
function main {
start_vm
}
function start_vm {
local name="opnsense"
# -H release the CPU when guest issues HLT instruction. Otherwise 100% of core will be consumed.
# -s 3,ahci-cd,/vm/.iso/archlinux-2023.04.01-x86_64.iso \
# -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080,wait \
# -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080 \
# TODO: Look into using nmdm instead of stdio for serial console
if [ -n "$CD" ]; then
additional_args+=("-s" "5,ahci-cd,$CD")
fi
if [ "$VNC_ENABLE" = "YES" ]; then
additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=1920,h=1080")
fi
local bridge_name="bridge_vm"
local host_interface_name="bridgeif"
assert_bridge "$host_interface_name" "$bridge_name"
local mac_address
mac_address=$(calculate_mac_address "$name")
local bridge_link_name
bridge_link_name=$(detect_available_link "${bridge_name}")
additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
vms+=("$name")
while true; do
set -x
set +e
bhyve \
-D \
-c 6 \
-m 8G \
-H \
-s 0,hostbridge \
-s "4,nvme,/dev/zvol/zroot/vm/opnsense/disk0" \
-S \
-s 7,passthru,1/0/0 \
-s 8,passthru,2/0/0 \
-s 9,passthru,3/0/0 \
-s 10,passthru,4/0/0 \
-s 11,passthru,5/0/0 \
-s 12,passthru,7/0/0 \
-s 30,xhci,tablet \
-s 31,lpc -l com1,stdio \
-l "bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,/vm/opnsense/BHYVE_UEFI_VARS.fd" \
"${additional_args[@]}" \
"$name"
# local bhyvepid=$!
# echo "$bhyvepid" > "$PID_FILE"
# wait $bhyvepid
local exit_code=$?
set +x
set -e
if [ $exit_code -eq 0 ]; then
echo "Rebooting."
sleep 5
elif [ $exit_code -eq 1 ]; then
echo "Powered off."
break
elif [ $exit_code -eq 2 ]; then
echo "Halted."
break
elif [ $exit_code -eq 3 ]; then
echo "Triple fault."
break
elif [ $exit_code -eq 4 ]; then
echo "Exited due to an error."
break
fi
done
}
function ng_exists {
ngctl status "${1}" >/dev/null 2>&1
}
function assert_bridge {
local host_interface_name="$1"
local bridge_name="$2"
# local ip_range="$3"
if ! ng_exists "${bridge_name}:"; then
ngctl -d -f - <<EOF
mkpeer . eiface hook ether
name .:hook $host_interface_name
EOF
ngctl -d -f - <<EOF
mkpeer ${host_interface_name}: bridge ether link0
name ${host_interface_name}:ether $bridge_name
EOF
ifconfig "$(ngctl msg "${host_interface_name}:" getifname | grep Args | cut -d '"' -f 2)" name "${host_interface_name}" up
dhclient "${host_interface_name}"
# (set +e; service netif start wlan0) &
fi
}
function detect_available_link {
local bridge_name="$1"
local linknum=1
while true; do
local link_name="link${linknum}"
if ! ng_exists "${bridge_name}:${link_name}"; then
echo "$link_name"
return
fi
linknum=$((linknum + 1))
if [ "$linknum" -gt 90 ]; then
(>&2 echo "No available links on bridge $bridge_name")
exit 1
fi
done
}
function calculate_mac_address {
local name="$1"
local source
source=$(md5 -r -s "$name" | awk '{print $1}')
echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
}
main "${@}"

149
router/launch_unifi.bash Normal file
View File

@ -0,0 +1,149 @@
#!/usr/local/bin/bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${CD:=""}
: ${VNC_ENABLE:="NO"}
: ${VNC_LISTEN:="127.0.0.1:5900"}
: ${PID_FILE:="/var/run/unifi.pid"}
############## Setup #########################
function cleanup {
for vm in "${vms[@]}"; do
log "Destroying bhyve vm $vm"
bhyvectl "--vm=$vm" --destroy
log "Destroyed bhyve vm $vm"
done
}
vms=()
for sig in EXIT INT QUIT HUP TERM; do
trap "set +e; sleep 10; cleanup" "$sig"
done
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function log {
(>&2 echo "${@}")
}
############## Program #########################
function main {
start_vm
}
function start_vm {
local name="unifi"
# -H release the CPU when guest issues HLT instruction. Otherwise 100% of core will be consumed.
# -s 3,ahci-cd,/vm/.iso/archlinux-2023.04.01-x86_64.iso \
# -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080,wait \
# -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080 \
# TODO: Look into using nmdm instead of stdio for serial console
if [ -n "$CD" ]; then
additional_args+=("-s" "5,ahci-cd,$CD")
fi
if [ "$VNC_ENABLE" = "YES" ]; then
additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=1920,h=1080")
fi
local bridge_name="bridge_vm"
wait_for_bridge "$bridge_name"
local mac_address
mac_address=$(calculate_mac_address "$name")
local bridge_link_name
bridge_link_name=$(detect_available_link "${bridge_name}")
additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
vms+=("$name")
while true; do
set -x
set +e
bhyve \
-D \
-c 1 \
-m 2G \
-H \
-s 0,hostbridge \
-s "4,nvme,/dev/zvol/zroot/vm/unifi/disk0" \
-s 30,xhci,tablet \
-s 31,lpc -l com1,stdio \
-l "bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,/vm/unifi/BHYVE_UEFI_VARS.fd" \
"${additional_args[@]}" \
"$name"
# local bhyvepid=$!
# echo "$bhyvepid" > "$PID_FILE"
# wait $bhyvepid
local exit_code=$?
set +x
set -e
if [ $exit_code -eq 0 ]; then
echo "Rebooting."
sleep 5
elif [ $exit_code -eq 1 ]; then
echo "Powered off."
break
elif [ $exit_code -eq 2 ]; then
echo "Halted."
break
elif [ $exit_code -eq 3 ]; then
echo "Triple fault."
break
elif [ $exit_code -eq 4 ]; then
echo "Exited due to an error."
break
fi
done
}
function ng_exists {
ngctl status "${1}" >/dev/null 2>&1
}
function wait_for_bridge {
local bridge_name="$1"
while ! ng_exists "${bridge_name}:"; do
echo "${bridge_name} does not yet exist, sleeping."
sleep 10
done
}
function detect_available_link {
local bridge_name="$1"
local linknum=1
while true; do
local link_name="link${linknum}"
if ! ng_exists "${bridge_name}:${link_name}"; then
echo "$link_name"
return
fi
linknum=$((linknum + 1))
if [ "$linknum" -gt 90 ]; then
(>&2 echo "No available links on bridge $bridge_name")
exit 1
fi
done
}
function calculate_mac_address {
local name="$1"
local source
source=$(md5 -r -s "$name" | awk '{print $1}')
echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
}
main "${@}"

47
router/opnsense_rc.bash Normal file
View File

@ -0,0 +1,47 @@
#!/bin/sh
#
# REQUIRE: FILESYSTEMS kld
# PROVIDE: opnsense
# BEFORE: netif
. /etc/rc.subr
name=opnsense
rcvar=${name}_enable
start_cmd="${name}_start"
stop_cmd="${name}_stop"
status_cmd="${name}_status"
load_rc_config $name
tmux_name="opnsense"
opnsense_start() {
# /usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=YES VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /home/talexander/launch_opnsense.bash"
/usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=NO VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /home/talexander/launch_opnsense.bash"
}
opnsense_status() {
if /usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null; then
echo "$tmux_name is running."
else
echo "$tmux_name is not running."
return 1
fi
}
opnsense_stop() {
/usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null && (
/usr/local/bin/tmux kill-session -t $tmux_name
sleep 10
bhyvectl --vm=opnsense --destroy
# kill `cat /var/run/opnsense.pid`
)
opnsense_wait_for_end
}
opnsense_wait_for_end() {
while /usr/local/bin/tmux has-session -t $tmux_name 2>dev/null; do
sleep 1
done
}
run_rc_command "$1"

8
router/reboot Normal file
View File

@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
: ${PID:="95762"}
: ${TMUX_NAME:="opnsense"}
doas kill "$PID"
while doas tmux has-session -t "$TMUX_NAME" 2>/dev/null; do sleep 1; done
doas shutdown -r now

9
router/reload Normal file
View File

@ -0,0 +1,9 @@
#!/usr/bin/env bash
#
: ${PID:="19711"}
: ${TMUX_NAME:="opnsense"}
doas kill "$PID"
while doas tmux has-session -t "$TMUX_NAME" 2>/dev/null; do sleep 1; done
sleep 1
doas service opnsense start

10
router/rollback Normal file
View File

@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
: ${PID:="37880"}
: ${SNAPSHOT:="zroot/vm/opnsense/disk0@20240108_00_initial_working_state"}
: ${TMUX_NAME:="opnsense"}
doas kill "$PID"
while doas tmux has-session -t "$TMUX_NAME" 2>/dev/null; do sleep 1; done
doas zfs rollback -r "$SNAPSHOT"
doas service opnsense start

10
router/snapshot Normal file
View File

@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
: ${PID:="74229"}
: ${SNAPSHOT:="zroot/vm/opnsense/disk0@20240108_02_configured"}
: ${TMUX_NAME:="opnsense"}
doas kill "$PID"
while doas tmux has-session -t "$TMUX_NAME" 2>/dev/null; do sleep 1; done
doas zfs snapshot -r "$SNAPSHOT"
doas service opnsense start

42
router/unifi/docker-compose/docker-compose.yaml Normal file
View File

@ -0,0 +1,42 @@
# docker-compose up -d
---
version: "2.1"
services:
unifi-network-application:
image: lscr.io/linuxserver/unifi-network-application:latest
container_name: unifi-network-application
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- MONGO_USER=unifi
- MONGO_PASS=unifipw
- MONGO_HOST=unifi-db
- MONGO_PORT=27017
- MONGO_DBNAME=unifi
- MEM_LIMIT=1024 #optional
- MEM_STARTUP=1024 #optional
- MONGO_TLS= #optional
- MONGO_AUTHSOURCE= #optional
volumes:
- /data/unifi:/config
ports:
- 80:8080
- 443:8443
- 8443:8443
- 3478:3478/udp
- 10001:10001/udp
- 8080:8080
- 1900:1900/udp #optional
- 8843:8843 #optional
- 8880:8880 #optional
- 6789:6789 #optional
- 5514:5514/udp #optional
restart: unless-stopped
unifi-db:
image: mongo:7.0.5
container_name: unifi-db
volumes:
- /data/mongodb:/data/db
- ./init_mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
restart: unless-stopped

2
router/unifi/docker-compose/init_mongo.js Normal file
View File

@ -0,0 +1,2 @@
db.getSiblingDB("unifi").createUser({user: "unifi", pwd: "unifipw", roles: [{role: "dbOwner", db: "unifi"}]});
db.getSiblingDB("unifi_stat").createUser({user: "unifi", pwd: "unifipw", roles: [{role: "dbOwner", db: "MONGO_DBNAME_stat"}]});

47
router/unifi_rc.bash Normal file
View File

@ -0,0 +1,47 @@
#!/bin/sh
#
# REQUIRE: FILESYSTEMS kld
# PROVIDE: unifi
# BEFORE: netif
. /etc/rc.subr
name=opnsense
rcvar=${name}_enable
start_cmd="${name}_start"
stop_cmd="${name}_stop"
status_cmd="${name}_status"
load_rc_config $name
tmux_name="unifi"
opnsense_start() {
# /usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=YES VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /home/talexander/launch_opnsense.bash"
/usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=NO VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /home/talexander/launch_unifi.bash"
}
opnsense_status() {
if /usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null; then
echo "$tmux_name is running."
else
echo "$tmux_name is not running."
return 1
fi
}
opnsense_stop() {
/usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null && (
/usr/local/bin/tmux kill-session -t $tmux_name
sleep 10
bhyvectl --vm=unifi --destroy
# kill `cat /var/run/opnsense.pid`
)
opnsense_wait_for_end
}
opnsense_wait_for_end() {
while /usr/local/bin/tmux has-session -t $tmux_name 2>dev/null; do
sleep 1
done
}
run_rc_command "$1"

1
router/unifi_vm_efibootmgr Normal file
View File

@ -0,0 +1 @@
efibootmgr --create --disk /dev/nvme0n1p1 --label "Arch Linux" --loader /vmlinuz-linux-lts --unicode 'rw root=/dev/disk/by-partlabel/Arch rw initrd=\initramfs-linux-lts.img console=ttyS0,115200n8'