Support launching old dagger.

ansible/environments/colo/host_vars/mrmanager

@@ -21,7 +21,7 @@ wireguard_directory: mrmanager
 enabled_wireguard:
   - colo
 jail_zfs_dataset: zdata/jail
-jail_zfs_dataset_mountpoint: /jail/main
+jail_zfs_dataset_mountpoint: /jail
 jail_canmount: "on"
 jail_list:
   - name: nat_dhcp

ansible/environments/home/host_vars/homeserver

@@ -31,12 +31,11 @@ pflog_conf:
 network_rc: "homeserver_network.conf"
 rc_conf: "homeserver_rc.conf"
 loader_conf: "homeserver_loader.conf"
-netgraph_config: "setup_netgraph_homeserver"
 cputype: "intel"
 hwpstate: false
 devfs_rules: "homeserver_devfs.rules"
 jail_zfs_dataset: zmass/encrypted/jails
-jail_zfs_dataset_mountpoint: /jail/main
+jail_zfs_dataset_mountpoint: /jail
 jail_canmount: "on"
 jail_bemount: "on"
 jail_list:
@@ -51,12 +50,18 @@ jail_list:
   - name: dagger
     conf:
       src: dagger
-  - name: mumble
+  - name: olddagger
     conf:
-      src: mumble
+      src: olddagger
-    persist:
+  - name: sftp
-      - name: mumbledb
+    conf:
-        mount: /var/db/murmur
+      src: sftp
+  # - name: mumble
+  #   conf:
+  #     src: mumble
+  #   persist:
+  #     - name: mumbledb
+  #       mount: /var/db/murmur
 bhyve_dataset: zmass/encrypted/vm
 bhyve_list: []
 bhyve_canmount: "on"

ansible/environments/laptop/host_vars/odofreebsd

@@ -39,7 +39,7 @@ users:
     gitconfig: "gitconfig_home"
 devfs_rules: "odo_devfs.rules"
 jail_zfs_dataset: zroot/freebsd/current/jails
-jail_zfs_dataset_mountpoint: /jail/main
+jail_zfs_dataset_mountpoint: /jail
 jail_list:
   - name: nat_dhcp
     enabled: true
@@ -47,7 +47,8 @@ jail_list:
       src: nat_dhcp
 bhyve_dataset: zroot/freebsd/current/vm
 bhyve_list: []
-efi_dev: /dev/gpt/EFI
+# efi_dev: /dev/gpt/EFI
+efi_dev: /dev/diskid/DISK-SJB7N717610407Q0Hp1
 sway_conf_files:
   - launch_gpg
 wireguard_directory: odo

ansible/environments/vm/host_vars/poudrieremrmanager

@@ -25,5 +25,5 @@ poudriere_builds:
     set: computer
     version: CURRENT
     kernel: GENERIC
-    branch: releng/14.0
+    branch: releng/14.1
     srcconf: 14broadwell_src.conf

ansible/roles/base/files/disk_labels_loader.conf

@@ -3,10 +3,10 @@ kern.geom.label.disk_ident.enable="1"
 
 
 
-# Populates /dev/gpt
+# Populates /dev/gpt but only if kern.geom.label.disk_ident.enable is disabled.
 #
 # This uses gpt partition labels which you can set with:
 #
 #     gpart modify -l EFI -i 1 nvd0
 
-kern.geom.label.gptid.enable="1"
+# kern.geom.label.gptid.enable="1"

ansible/roles/base/files/tmux.conf

@@ -1,4 +1,4 @@
-set-option -g mouse on
+# set-option -g mouse on
 set-option -g history-limit 20000
 # set -g @plugin 'tmux-plugins/tmux-yank'
 # Emacs style

ansible/roles/firewall/files/homeserver_pf.conf

@@ -25,9 +25,14 @@ rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1
 nat pass on $ext_if inet from 10.215.2.0/24 to !10.215.2.0/24 -> (wlan0)
 rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.2.1 port 53 -> 1.1.1.1 port 53
 
+# cloak -> dagger
 rdr pass on $ext_if inet proto tcp from $not_restricted_nat_v4 to any port 8081 -> 10.215.2.2 port 8081
 nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8081 -> 10.215.2.1
 
+# cloak -> olddagger
+rdr pass on $ext_if inet proto tcp from $not_restricted_nat_v4 to any port 8082 -> 10.215.2.2 port 8082
+nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8082 -> 10.215.2.1
+
 # Forward ports for unifi controller
 # rdr pass on $ext_if inet proto tcp from any to any port 65022 -> 10.213.177.8 port 22
 rdr pass on $ext_if inet proto {udp, tcp} from any to any port $unifi_ports -> 10.215.1.202

ansible/roles/jail/files/jails/admin_git.conf

@@ -1,5 +1,5 @@
 admin_git {
-    path = "/jail/main/jails/${name}";
+    path = "/jail/${name}";
     vnet;
     exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
     exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";

ansible/roles/jail/files/jails/cloak.conf

@@ -1,7 +1,10 @@
 cloak {
-    path = "/jail/main/jails/${name}";
+    path = "/jail/${name}";
     vnet;
     exec.prestart += "/usr/local/bin/jail_netgraph_bridge start restricted_nat jail${name} 10.215.2.1/24";
+    # Create a dummy interface that is never used, just to create the cloak bridge that is used by children.
+    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak dummy${name} 192.168.1.0/24";
+    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop cloak dummy{name}";
     exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop restricted_nat jail${name}";
     vnet.interface += "jail${name}";
     vnet.interface += "cloak";

ansible/roles/jail/files/jails/dagger.conf

@@ -1,8 +1,11 @@
 dagger {
-    path = "/jail/main/jails/${name}";
+    path = "/jail/${name}";
     vnet;
     vnet.interface += "dagger";
 
+    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak ${name} 192.168.1.0/24";
+    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop cloak ${name}";
+
     exec.start += "/bin/sh /etc/rc";
     exec.stop = "/bin/sh /etc/rc.shutdown jail";
     exec.consolelog = "/var/log/jail_${name}_console.log";

ansible/roles/jail/files/jails/mumble.conf

@@ -1,5 +1,5 @@
 cloak {
-    path = "/jail/main/jails/mumble";
+    path = "/jail/mumble";
     vnet;
     vnet.interface += "host_link3";
 

ansible/roles/jail/files/jails/nat_dhcp.conf

@@ -1,5 +1,5 @@
 nat_dhcp {
-    path = "/jail/main/jails/${name}";
+    path = "/jail/${name}";
     vnet;
     exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
     exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";

ansible/roles/jail/files/jails/olddagger.conf

@@ -0,0 +1,12 @@
+olddagger {
+    path = "/jail/${name}";
+    vnet;
+    vnet.interface += "olddagger";
+
+    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak ${name} 192.168.1.0/24";
+    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop cloak ${name}";
+
+    exec.start += "/bin/sh /etc/rc";
+    exec.stop = "/bin/sh /etc/rc.shutdown jail";
+    exec.consolelog = "/var/log/jail_${name}_console.log";
+}

ansible/roles/jail/files/jails/public_dns.conf

@@ -1,5 +1,5 @@
 public_dns {
-    path = "/jail/main/jails/${name}";
+    path = "/jail/${name}";
     vnet;
     exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
     exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";

ansible/roles/jail/files/jails/sample.conf

@@ -1,5 +1,5 @@
 sample {
-    path = "/jail/main/jails/${name}";
+    path = "/jail/${name}";
     vnet;
     exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
     exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";

ansible/roles/jail/files/jails/sftp.conf

@@ -0,0 +1,14 @@
+sftp {
+    path = "/jail/${name}";
+    vnet;
+    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
+    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";
+    vnet.interface += "jail${name}";
+
+    devfs_ruleset = 14;
+    mount.devfs;
+
+    exec.start += "/bin/sh /etc/rc";
+    exec.stop = "/bin/sh /etc/rc.shutdown jail";
+    exec.consolelog = "/var/log/jail_${name}_console.log";
+}

ansible/roles/jail/files/setup_netgraph_homeserver

@@ -1,23 +0,0 @@
-#!/usr/local/bin/bash
-
-cleanup() {
-    /usr/local/bin/jail_netgraph_bridge stop cloak dagger
-}
-
-setup_netgraph_start() {
-    cleanup
-
-    /usr/local/bin/jail_netgraph_bridge start cloak dagger 192.168.1.0/24
-}
-
-setup_netgraph_stop() {
-    cleanup
-}
-
-if [ "$1" = "start" ]; then
-    setup_netgraph_start
-elif [ "$1" = "stop" ]; then
-    setup_netgraph_stop
-else
-    >&2 echo "Unrecognized command"
-fi

ansible/roles/jail/tasks/freebsd.yaml

@@ -10,7 +10,7 @@
   zfs:
     name: "{{ item.dataset|default(jail_zfs_dataset) }}/jails/{{ item.name }}"
     state: present
-    extra_zfs_properties: '{{ {''mountpoint'': item.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/jails/" + item.name}|combine({''canmount'': jail_canmount|default(''noauto''), ''ta:bemount'': jail_bemount|default(''on'')})|combine(item.properties|default({})) }}'
+    extra_zfs_properties: '{{ {''mountpoint'': item.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/" + item.name}|combine({''canmount'': jail_canmount|default(''noauto'')})|combine(item.properties|default({})) }}'
 
   loop: "{{ jail_list }}"
 
@@ -27,7 +27,7 @@
   zfs:
     name: "{{ item.0.dataset|default(jail_zfs_dataset) }}/persistent/{{ item.0.name }}/{{ item.1.name }}"
     state: present
-    extra_zfs_properties: '{{ {''mountpoint'': item.0.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/jails/" + item.0.name + item.1.mount }|combine({''canmount'': jail_canmount|default(''noauto''), ''ta:bemount'': jail_bemount|default(''on'')})|combine(item.1.properties|default({})) }}'
+    extra_zfs_properties: '{{ {''mountpoint'': item.0.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/" + item.0.name + item.1.mount }|combine({''canmount'': jail_canmount|default(''noauto'')})|combine(item.1.properties|default({})) }}'
   loop: "{{ jail_list|subelements('persist', skip_missing=True) }}"
 
 - name: Install scripts

ansible/roles/jail/templates/new_jail.bash.j2

@@ -5,7 +5,7 @@ set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
-: ${JAIL_MOUNTPOINT:="{{ jail_zfs_dataset_mountpoint }}/jails"}
+: ${JAIL_MOUNTPOINT:="{{ jail_zfs_dataset_mountpoint }}"}
 
 function die {
     echo >&2 "$@"
@@ -22,6 +22,7 @@ function by_src {
     make -j 16 buildworld
     make installworld DESTDIR=$DESTDIR
     make distribution DESTDIR=$DESTDIR
+    switch_to_latest_packages
 }
 
 function by_bin {
@@ -29,12 +30,48 @@ function by_bin {
     DESTARCH=`uname -m`
     SOURCEURL=http://ftp.freebsd.org/pub/FreeBSD/releases/$DESTARCH/$DESTRELEASE/
     for component in base ports; do fetch $SOURCEURL/$component.txz -o - | tar -xf - -C "$DESTDIR" ; done
+    switch_to_latest_packages
+}
+
+function by_pkg {
+    # current https://pkg.freebsd.org/FreeBSD:15:amd64/base_latest
+    # 14/stable https://pkg.freebsd.org/FreeBSD:14:amd64/base_latest
+    # 14.1 https://pkg.freebsd.org/FreeBSD:14:amd64/base_release_1
+    local config
+    config=$(cat <<EOF
+base: {
+    url: "https://pkg.freebsd.org/FreeBSD:14:amd64/base_release_1",
+    mirror_type: "none",
+    enabled: yes,
+    priority: 100
+}
+EOF
+             )
+    IGNORE_OSVERSION=yes pkg --rootdir "$DESTDIR" --config <(cat <<<"$config") install --repository base --yes --glob 'FreeBSD-*'
+    switch_to_latest_packages
+    cat > "$DESTDIR/usr/local/etc/pkg/repos/pkgbase.conf" <<<"$config"
+    # Post-install remove extra packages
+    # pkg remove --glob 'FreeBSD-*-lib32*' 'FreeBSD-*-dbg*' FreeBSD-src
+}
+
+function switch_to_latest_packages {
+    local latest_pkg
+    latest_pkg=$(cat <<EOF
+FreeBSD: {
+  url: "pkg+http://pkg.FreeBSD.org/\${ABI}/latest"
+}
+EOF
+              )
+    mkdir -p "$DESTDIR/usr/local/etc/pkg/repos"
+    cat > "$DESTDIR/usr/local/etc/pkg/repos/FreeBSD.conf" <<<"$latest_pkg"
 }
 
 if [ "$1" = "src" ]; then
     by_src
 elif [ "$1" = "bin" ]; then
     by_bin
+elif [ "$1" = "pkg" ]; then
+    by_pkg
 else
     die "First argument must be either 'src' or 'bin', got $1"
 fi

ansible/roles/package_manager/files/FreeBSD.conf

@@ -1,7 +1,3 @@
 FreeBSD: {
-  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
+  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest"
-  mirror_type: "srv",
-  signature_type: "fingerprints",
-  fingerprints: "/usr/share/keys/pkg",
-  enabled: yes
 }

ansible/roles/poudriere/files/poudriere.d/14broadwell-default-computer-pkglist

@@ -1,19 +1,20 @@
 audio/mixertui
 devel/git
 devel/libccid
-devel/pyenv
 devel/py-jmespath
 devel/py-yamllint
+devel/pyenv
 editors/emacs@nox
 editors/mg
 ftp/wget
 graphics/ImageMagick7
 lang/python
+misc/terminfo-db
 multimedia/ffmpeg
 multimedia/v4l-utils
 multimedia/webcamd
-net/google-cloud-sdk
 net-mgmt/ipcalc
+net/google-cloud-sdk
 net/rsync
 net/tcpdump
 net/wireguard-tools

ansible/roles/sshd/files/sshd_config

@@ -106,7 +106,6 @@ KbdInteractiveAuthentication no
 #PermitTunnel no
 #ChrootDirectory none
 #UseBlacklist no
-#VersionAddendum FreeBSD-20231004
 
 # no default banner path
 #Banner none