talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:63a966947b6e330fa6e2d475a33869990eb8d032
Branches Tags
talexander:main
talexander:nix
talexander:install_files_mixin
talexander:starship
talexander:pixelbook
..
compare: talexander:9e107d4a7511a1cdcdbb6c329fc8916fd3d82fea
Branches Tags
talexander:nix
talexander:install_files_mixin
talexander:main
talexander:starship
talexander:pixelbook

No commits in common. "63a966947b6e330fa6e2d475a33869990eb8d032" and "9e107d4a7511a1cdcdbb6c329fc8916fd3d82fea" have entirely different histories.
63a966947b ... 9e107d4a75

13 changed files with 24 additions and 85 deletions
Show Stats Expand all files Collapse all files

4
ansible/environments/vm/host_vars/poudrieremrmanager
View File

@ -11,7 +11,7 @@ poudriere_builds:
set: framework set: framework
version: CURRENT version: CURRENT
# revision: 66d37dbedfbf2dc94ccf49e6983c3652d5909b91 # revision: 66d37dbedfbf2dc94ccf49e6983c3652d5909b91
kernel: CUSTOM kernel: GENERIC-NODEBUG
branch: main branch: main
srcconf: currentznver4_src.conf srcconf: currentznver4_src.conf
# - jail: 14broadwell # - jail: 14broadwell
@ -24,6 +24,6 @@ poudriere_builds:
ports: default ports: default
set: computer set: computer
version: CURRENT version: CURRENT
kernel: CUSTOM kernel: GENERIC
branch: releng/14.1 branch: releng/14.1
srcconf: 14broadwell_src.conf srcconf: 14broadwell_src.conf

3
ansible/roles/jail_bastion/files/headers.include
View File

@ -10,6 +10,3 @@ add_header X-Content-Type-Options "nosniff" always;
# Disallow the site to be rendered within a frame (clickjacking # Disallow the site to be rendered within a frame (clickjacking
# protection) # protection)
add_header X-Frame-Options "DENY" always; add_header X-Frame-Options "DENY" always;
# Indicate that we are serving http3 on port 443
add_header Alt-Svc 'h3=":443"; ma=864000';

2
ansible/roles/jail_bastion/files/nginx.conf
View File

@ -26,8 +26,6 @@ http {
} }
server { server {
listen 443 quic reuseport;
listen [::]:443 quic reuseport;
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
http2 on; http2 on;

2
ansible/roles/jail_bastion/files/proxy.include
View File

@ -5,5 +5,3 @@ proxy_set_header X-Forwarded-Proto $scheme;
# Settings for keepalive module for upstreams # Settings for keepalive module for upstreams
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Connection ""; proxy_set_header Connection "";
# Requests sent with early data are subject to replay attacks so the application needs to protect against that by using the Early-Data header.
# proxy_set_header Early-Data $ssl_early_data;

1
ansible/roles/network/files/main.conf
View File

@ -1,4 +1,5 @@
[Network] [Network]
EnableIPv6=true
# NameResolvingService=resolvconf # NameResolvingService=resolvconf
NameResolvingService=systemd NameResolvingService=systemd

12
ansible/roles/network/tasks/freebsd.yaml
View File

@ -42,12 +42,12 @@
state: present state: present
sysctl_file: "/etc/sysctl.conf.local" sysctl_file: "/etc/sysctl.conf.local"
loop: loop:
- name: net.inet6.ip6.accept_rtadv # Enable stateless autoconfiguration (SLAAC) []
value: "1" # - name: net.inet6.ip6.accept_rtadv # Enable stateless autoconfiguration (SLAAC)
- name: net.inet6.ip6.use_tempaddr # Enable privacy addresses # value: "1"
value: "1" # - name: net.inet6.ip6.use_tempaddr # Enable privacy addresses
- name: net.inet6.ip6.prefer_tempaddr # Prefer privacy addresses # value: "1"
value: "1" # - name: net.inet6.ip6.prefer_tempaddr # Prefer privacy addresses
- name: Install service configuration - name: Install service configuration
copy: copy:

20
ansible/roles/network/tasks/linux.yaml
View File

@ -29,26 +29,6 @@
- src: 10-wired.network - src: 10-wired.network
dest: /etc/systemd/network/10-wired.network dest: /etc/systemd/network/10-wired.network
- name: Configure sysctls
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
state: present
sysctl_file: /etc/sysctl.d/{{ item.file }}
loop:
# Enable IPv6 Privacy Extensions
- name: net.ipv6.conf.all.use_tempaddr
value: 2
file: 40-ipv6.conf
# Enable IPv6 Privacy Extensions
- name: net.ipv6.conf.default.use_tempaddr
value: 2
file: 40-ipv6.conf
# Enable IPv6 Privacy Extensions
# - name: net.ipv6.conf.nic.use_tempaddr
# value: 2
# file: 40-ipv6.conf
- name: Enable services - name: Enable services
systemd: systemd:
enabled: yes enabled: yes

8
ansible/roles/package_manager/files/pkgbase_diff.bash
View File

@ -1,8 +0,0 @@
#!/usr/bin/env bash
#
# Show the diff to have local pkgbase become matching to the remote pkgbase
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
diff --color=always <(doas pkg info --glob 'FreeBSD-*' | sed 's/-[0-9]*.snap[0-9]*//g') <(doas pkg search -q --glob 'FreeBSD-*' | sed 's/-[0-9]*.snap[0-9]*//g')

12
ansible/roles/package_manager/tasks/freebsd.yaml
View File

@ -75,18 +75,6 @@
mode: 0644 mode: 0644
loop: loop:
- { src: pkgbase.conf.j2, dest: /usr/local/etc/pkg/repos/pkgbase.conf } - { src: pkgbase.conf.j2, dest: /usr/local/etc/pkg/repos/pkgbase.conf }
# - name: Replace all packages with packages from new repo # - name: Replace all packages with packages from new repo
# command: pkg upgrade -f -y # command: pkg upgrade -f -y
# when: changed_config.changed # when: changed_config.changed
- name: Install scripts
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0755
owner: root
group: wheel
loop:
- src: pkgbase_diff.bash
dest: /usr/local/bin/pkgbase_diff

37
ansible/roles/poudriere/files/14broadwell_src.conf
View File

@ -3,37 +3,28 @@ WITH_MALLOC_PRODUCTION=YES
WITHOUT_LLVM_ASSERTIONS=YES WITHOUT_LLVM_ASSERTIONS=YES
WITH_REPRODUCIBLE_BUILD=YES WITH_REPRODUCIBLE_BUILD=YES
WITHOUT_DEBUG_FILES=YES
WITHOUT_ASSERT_DEBUG=YES
WITHOUT_LLVM_TARGET_ALL=YES
WITHOUT_LIB32=YES
WITHOUT_HTML=YES
WITHOUT_OFED=YES # OpenFabrics Enterprise Distributio
WITHOUT_FLOPPY=YES
WITHOUT_IPFILTER=YES
WITHOUT_GAMES=YES
WITH_SORT_THREADS=YES
WITHOUT_TESTS=YES
WITHOUT_USB_GADGET_EXAMPLES=YES
WITHOUT_HYPERV=YES
WITHOUT_LEGACY_CONSOLE=YES
# Would be fun to experiment with: # Would be fun to experiment with:
# WITHOUT_SOURCELESS=YES # WITHOUT_SOURCELESS=YES
# WITHOUT_GAMES=YES
# WITHOUT_KERBEROS=YES
# WITHOUT_LEGACY_CONSOLE=YES
# WITHOUT_LIB32=YES
# WITHOUT_LOADER_GELI=YES # WITHOUT_LOADER_GELI=YES
# WITHOUT_MLX5TOOL=YES # WITHOUT_MLX5TOOL=YES
# WITHOUT_NDIS=YES # WITHOUT_NDIS=YES
# WITHOUT_OFED=YES
# WITHOUT_PPP=YES # WITHOUT_PPP=YES
# WITH_SORT_THREADS=YES
# WITHOUT_TALK=YES # WITHOUT_TALK=YES
# WITHOUT_TCSH=YES # WITHOUT_TCSH=YES
# WITHOUT_KERNEL_SYMBOLS=YES
# Questionable Optimizations
WITHOUT_FLOPPY=YES
WITHOUT_HTML=YES
WITHOUT_IPFW=YES
WITHOUT_IPFILTER=YES
WITHOUT_LLVM_TARGET_ALL=YES
# Commented out because maybe I want email alerts for failing disks # Commented out because maybe I want email alerts for failing disks
# WITHOUT_MAIL=YES # WITHOUT_MAIL=YES
# Some ports like curl depend on kerberos by default. I figure I'd rather just have kerberos built into the base system than depend on a port.
# WITHOUT_KERBEROS=YES
# Need to enable IPFW for dummynet
# WITHOUT_IPFW=YES

4
ansible/roles/poudriere/files/currentznver4_src.conf
View File

@ -11,6 +11,7 @@ WITHOUT_HTML=YES
WITHOUT_OFED=YES # OpenFabrics Enterprise Distributio WITHOUT_OFED=YES # OpenFabrics Enterprise Distributio
WITHOUT_FLOPPY=YES WITHOUT_FLOPPY=YES
WITHOUT_IPFW=YES
WITHOUT_IPFILTER=YES WITHOUT_IPFILTER=YES
WITHOUT_GAMES=YES WITHOUT_GAMES=YES
WITH_SORT_THREADS=YES WITH_SORT_THREADS=YES
@ -34,6 +35,3 @@ WITHOUT_LEGACY_CONSOLE=YES
# Some ports like curl depend on kerberos by default. I figure I'd rather just have kerberos built into the base system than depend on a port. # Some ports like curl depend on kerberos by default. I figure I'd rather just have kerberos built into the base system than depend on a port.
# WITHOUT_KERBEROS=YES # WITHOUT_KERBEROS=YES
# Need to enable IPFW for dummynet
# WITHOUT_IPFW=YES

2
ansible/roles/poudriere/files/poudriere_delete_jail.bash
View File

@ -12,7 +12,5 @@ if ! grep -q "${jail_name}" <<<"$jail_list"; then
fi fi
poudriere jail -d -j "$jail_name" -C all poudriere jail -d -j "$jail_name" -C all
rm -rf /usr/local/poudriere/data/images/${jail_name}-repo \
/usr/obj/usr/local/poudriere/jails/${jail_name}
echo "Deleted jail $jail_name" echo "Deleted jail $jail_name"

2
ansible/roles/poudriere/tasks/freebsd.yaml
View File

@ -123,7 +123,6 @@
- name: Create the jails - name: Create the jails
when: item.version != "CURRENT" when: item.version != "CURRENT"
check_mode: false
command: |- command: |-
echo poudriere jail {{poudriere_perf_flags}} -c -j {{ item.jail }} -v {{ item.version }} -a amd64 -K {{ item.kernel|default("GENERIC") }} -B -b echo poudriere jail {{poudriere_perf_flags}} -c -j {{ item.jail }} -v {{ item.version }} -a amd64 -K {{ item.kernel|default("GENERIC") }} -B -b
args: args:
@ -132,7 +131,6 @@
- name: Create the jails - name: Create the jails
when: item.version == "CURRENT" when: item.version == "CURRENT"
check_mode: false
# -D clones the entire history instead of just the most recent commit # -D clones the entire history instead of just the most recent commit
# -B to build the pkgbase packages # -B to build the pkgbase packages
# -b to build the jail OS from source # -b to build the jail OS from source