Compare commits
No commits in common. "6c7265d1d345e00810fb4bd45abacc4706cac074" and "310fea89aea7eee841c04169c8dce8891c6e0753" have entirely different histories.
6c7265d1d3
...
310fea89ae
@ -1,5 +1,4 @@
|
|||||||
os_flavor: "freebsd"
|
os_flavor: "freebsd"
|
||||||
custom_repo: 13amd64-default-framework
|
|
||||||
zfs_snapshot_datasets:
|
zfs_snapshot_datasets:
|
||||||
- zroot/freebsd/release/be/default
|
- zroot/freebsd/release/be/default
|
||||||
sshd_enabled: true
|
sshd_enabled: true
|
||||||
|
@ -5,49 +5,49 @@
|
|||||||
- sudo
|
- sudo
|
||||||
- doas
|
- doas
|
||||||
- users
|
- users
|
||||||
- package_manager
|
# - package_manager
|
||||||
- zfs
|
# - zfs
|
||||||
- zrepl
|
# - zrepl
|
||||||
- zsh
|
# - zsh
|
||||||
- network
|
# - network
|
||||||
- sshd
|
# - sshd
|
||||||
- base
|
# - base
|
||||||
- firewall
|
# - firewall
|
||||||
- cpu
|
# - cpu
|
||||||
- ntp
|
# - ntp
|
||||||
- nvme
|
# - nvme
|
||||||
- hosts
|
# - hosts
|
||||||
- build
|
# - build
|
||||||
- sound
|
# - sound
|
||||||
- graphics
|
# - graphics
|
||||||
- gpg
|
# - gpg
|
||||||
- fonts
|
# - fonts
|
||||||
- alacritty
|
# - alacritty
|
||||||
- sway
|
# - sway
|
||||||
- emacs
|
# - emacs
|
||||||
- firefox
|
# - firefox
|
||||||
- devfs
|
# - devfs
|
||||||
- ssh_client
|
# - ssh_client
|
||||||
- sshfs
|
# - sshfs
|
||||||
- jail
|
# - jail
|
||||||
- fuse
|
# - fuse
|
||||||
- autofs
|
# - autofs
|
||||||
- exfat
|
# - exfat
|
||||||
- bhyve
|
# - bhyve
|
||||||
- bluetooth
|
# - bluetooth
|
||||||
- media
|
# - media
|
||||||
- kubernetes
|
# - kubernetes
|
||||||
- google_cloud_sdk
|
# - google_cloud_sdk
|
||||||
- ansible
|
# - ansible
|
||||||
- wireguard
|
# - wireguard
|
||||||
- portshaker
|
# - portshaker
|
||||||
- poudriere
|
# - poudriere
|
||||||
- android
|
# - android
|
||||||
- latex
|
# - latex
|
||||||
- pyenv
|
# - pyenv
|
||||||
- webcam
|
# - webcam
|
||||||
- docker
|
# - docker
|
||||||
- vscode
|
# - vscode
|
||||||
- javascript
|
- javascript
|
||||||
|
|
||||||
- hosts: nat_dhcp:homeserver_nat_dhcp:mrmanager_nat_dhcp
|
- hosts: nat_dhcp:homeserver_nat_dhcp:mrmanager_nat_dhcp
|
||||||
|
@ -68,7 +68,7 @@ IP_RANGE="$IP_RANGE"
|
|||||||
BRIDGE_NAME="$BRIDGE_NAME"
|
BRIDGE_NAME="$BRIDGE_NAME"
|
||||||
INTERFACE_NAME="$INTERFACE_NAME"
|
INTERFACE_NAME="$INTERFACE_NAME"
|
||||||
EOF
|
EOF
|
||||||
zfs create -s "-V${gigabytes}G" -o volmode=dev -o primarycache=metadata -o secondarycache=none "$zfs_path/disk0"
|
zfs create -s "-V${gigabytes}G" -o volmode=dev "$zfs_path/disk0"
|
||||||
}
|
}
|
||||||
|
|
||||||
function start_vm {
|
function start_vm {
|
||||||
|
@ -30,9 +30,9 @@ rdr pass on jail_nat inet proto tcp from $jail_nat_v4 to $not_jail_nat_v4 port 6
|
|||||||
# nat pass on $not_ext_if proto {tcp, udp} from $not_jail_nat_v4 to 10.215.1.210 port 65099 -> (jail_nat)
|
# nat pass on $not_ext_if proto {tcp, udp} from $not_jail_nat_v4 to 10.215.1.210 port 65099 -> (jail_nat)
|
||||||
# nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.210 port 65099 -> (lagg0)
|
# nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.210 port 65099 -> (lagg0)
|
||||||
|
|
||||||
rdr pass proto {tcp, udp} from $not_jail_nat_v4 to ($ext_if) port 53 -> 10.215.1.211 port 53
|
rdr pass inet proto {tcp, udp} from any to ($ext_if) port 53 -> 10.215.1.211 port 53
|
||||||
rdr pass proto {tcp, udp} from $jail_nat_v4 to ($ext_if) port 53 tag REDIRINTERNAL -> 10.215.1.211 port 53
|
nat pass on jail_nat proto {tcp, udp} from { 10.215.1.0/24, !10.215.1.1 } to 10.215.1.211 -> (jail_nat)
|
||||||
nat pass proto {tcp, udp} tagged REDIRINTERNAL -> (jail_nat)
|
|
||||||
|
|
||||||
# filtering
|
# filtering
|
||||||
block log all
|
block log all
|
||||||
|
@ -20,7 +20,7 @@ function main {
|
|||||||
function start_jail {
|
function start_jail {
|
||||||
host_interface_name="$1"
|
host_interface_name="$1"
|
||||||
bridge_name="bridge_${host_interface_name}"
|
bridge_name="bridge_${host_interface_name}"
|
||||||
jail_interface_name=$(sanitize_interface_name "$2")
|
jail_interface_name="$2"
|
||||||
ip_range="$3"
|
ip_range="$3"
|
||||||
|
|
||||||
assert_bridge "$host_interface_name" "$bridge_name" "$ip_range"
|
assert_bridge "$host_interface_name" "$bridge_name" "$ip_range"
|
||||||
@ -36,7 +36,7 @@ EOF
|
|||||||
function stop_jail {
|
function stop_jail {
|
||||||
host_interface_name="$1"
|
host_interface_name="$1"
|
||||||
bridge_name="bridge_${host_interface_name}"
|
bridge_name="bridge_${host_interface_name}"
|
||||||
jail_interface_name=$(sanitize_interface_name "$2")
|
jail_interface_name="$2"
|
||||||
|
|
||||||
if ng_exists "${jail_interface_name}:"; then
|
if ng_exists "${jail_interface_name}:"; then
|
||||||
wait_for_interface_to_exist "${jail_interface_name}" 120
|
wait_for_interface_to_exist "${jail_interface_name}" 120
|
||||||
@ -117,8 +117,4 @@ function wait_for_interface_to_exist {
|
|||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
function sanitize_interface_name {
|
|
||||||
echo "${1:0:15}"
|
|
||||||
}
|
|
||||||
|
|
||||||
main "${@}"
|
main "${@}"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
- name: Start ntp service
|
# - name: Install packages
|
||||||
systemd:
|
# pacman:
|
||||||
state: started
|
# name:
|
||||||
name: systemd-timesyncd
|
# - foo
|
||||||
daemon_reload: yes
|
# state: present
|
||||||
enabled: yes
|
# update_cache: true
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
FreeBSD: {
|
|
||||||
enabled: no
|
|
||||||
}
|
|
@ -1,14 +0,0 @@
|
|||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv/0Hh9ace1/nH+QnlPPx
|
|
||||||
XFbSAcp1soEypMuSGgEc+ZNXIkQT11rkzXkTI5vyYIgVYLEE4iMTzXCGhMkb8M1Y
|
|
||||||
zsXRB8l4+Dimcrtqj/+Fvsk+WVeadXwugZ3LWOIb6V7hLMyGxvbouZHC9gduMaLh
|
|
||||||
xGoBup3kgOxSuVXVAlCGBZgmdGNmbpZNYl6BcJtK8bnlxFOmBPQsompSzLzIAItO
|
|
||||||
7r0Rf3xXFOwaCpB1QkFMBGrIDSXkhpXTl1/k5LU2kpM81Ec4EvZwXQJuj3+J3q+n
|
|
||||||
tMeTY2ARb3e4vBaieTww7obfHqLgx6jyL07gl/pW8WXrx4aLGvMkdpVnTFg0K0X1
|
|
||||||
3xoZKGWJdjSznHFtJo+IICLPGMbOxz52lwXDCrRV2yCUMH29hQiCIK9j5q4q1JAD
|
|
||||||
rV4p5ccabfzUduc4yT9kx0+hAXLxVs5mtIianDnJAEBE4yXucWbM6FaE+jYaN9L3
|
|
||||||
dXU6vESTdS6+o8Tz/lo/a0MLyj99URvAxKFsYKg4PnbUcSs+qFuUI0yMpcNIMImy
|
|
||||||
+7gY54t3Izma5pCS7WXtl38SdM8d/gfl/d5xD88BYWIS82gCXoh9G37PFxzCZaNx
|
|
||||||
OKclQq1dZ1mXLDD2yHymDCLBXqfEfTBp4tb5A8JBRKBeqkDCOYZNmp+06VzgdPiO
|
|
||||||
PYwdK2INLfUnBKGN02hgPosCAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
@ -16,18 +16,6 @@
|
|||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Install Configuration
|
- name: Install Configuration
|
||||||
copy:
|
|
||||||
src: "files/{{ item.src }}"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
mode: 0644
|
|
||||||
owner: root
|
|
||||||
group: wheel
|
|
||||||
loop:
|
|
||||||
- src: pkg.conf
|
|
||||||
dest: /usr/local/etc/pkg.conf
|
|
||||||
|
|
||||||
- name: Install Configuration
|
|
||||||
when: custom_repo is not defined
|
|
||||||
register: changed_config
|
register: changed_config
|
||||||
copy:
|
copy:
|
||||||
src: "files/{{ item.src }}"
|
src: "files/{{ item.src }}"
|
||||||
@ -38,32 +26,8 @@
|
|||||||
loop:
|
loop:
|
||||||
- src: FreeBSD.conf
|
- src: FreeBSD.conf
|
||||||
dest: /usr/local/etc/pkg/repos/FreeBSD.conf
|
dest: /usr/local/etc/pkg/repos/FreeBSD.conf
|
||||||
|
- src: pkg.conf
|
||||||
- name: Install Configuration
|
dest: /usr/local/etc/pkg.conf
|
||||||
when: custom_repo is defined
|
|
||||||
copy:
|
|
||||||
src: "files/{{ item.src }}"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
mode: 0644
|
|
||||||
owner: root
|
|
||||||
group: wheel
|
|
||||||
loop:
|
|
||||||
- src: disable_freebsd_upstream.conf
|
|
||||||
dest: /usr/local/etc/pkg/repos/FreeBSD.conf
|
|
||||||
- src: poudriere.pub
|
|
||||||
dest: /usr/local/etc/pkg/poudriere.pub
|
|
||||||
|
|
||||||
- name: Install Configuration
|
|
||||||
when: custom_repo is defined
|
|
||||||
register: changed_config
|
|
||||||
template:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
owner: root
|
|
||||||
group: wheel
|
|
||||||
mode: 0644
|
|
||||||
loop:
|
|
||||||
- { src: custom.conf.j2, dest: /usr/local/etc/pkg/repos/custom.conf }
|
|
||||||
|
|
||||||
# - name: Replace all packages with packages from new repo
|
# - name: Replace all packages with packages from new repo
|
||||||
# command: pkg upgrade -f -y
|
# command: pkg upgrade -f -y
|
||||||
|
@ -1,8 +0,0 @@
|
|||||||
custom: {
|
|
||||||
# url: "file:///opt/pkgrepo/packages/current-default-framework"
|
|
||||||
url: "https://freebsdpkg.fizz.buzz/repo/{{ custom_repo }}",
|
|
||||||
enabled: yes,
|
|
||||||
signature_type: "pubkey",
|
|
||||||
pubkey: "/usr/local/etc/pkg/poudriere.pub",
|
|
||||||
priority: 100
|
|
||||||
}
|
|
@ -5,59 +5,26 @@ set -euo pipefail
|
|||||||
IFS=$'\n\t'
|
IFS=$'\n\t'
|
||||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||||
|
|
||||||
: ${LOCKFILE:="/var/run/poudboot.lock"}
|
|
||||||
: ${INFO_DIR:="/opt/poudriere/run_info"}
|
|
||||||
: ${PORT_UPDATE_SECONDS:="86400"}
|
|
||||||
: ${BUILD_SECONDS:="7200"}
|
|
||||||
|
|
||||||
############## Setup #########################
|
|
||||||
|
|
||||||
# function cleanup {
|
|
||||||
# for f in "${folders[@]}"; do
|
|
||||||
# log "Deleting $f"
|
|
||||||
# rm -rf "$f"
|
|
||||||
# done
|
|
||||||
# }
|
|
||||||
# folders=()
|
|
||||||
# for sig in EXIT INT QUIT HUP TERM; do
|
|
||||||
# trap "set +e; cleanup" "$sig"
|
|
||||||
# done
|
|
||||||
|
|
||||||
function die {
|
|
||||||
local status_code="$1"
|
|
||||||
shift
|
|
||||||
(>&2 echo "${@}")
|
|
||||||
exit "$status_code"
|
|
||||||
}
|
|
||||||
|
|
||||||
function log {
|
|
||||||
(>&2 echo "${@}")
|
|
||||||
}
|
|
||||||
|
|
||||||
function run_locked {
|
|
||||||
if [ "${RUN_LOCKED:-}" != "RUN" ]; then
|
|
||||||
exec env RUN_LOCKED=RUN flock --nonblock $LOCKFILE $0 $@
|
|
||||||
fi
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
############## Program #########################
|
|
||||||
|
|
||||||
function main {
|
function main {
|
||||||
local COMMAND="$1"
|
COMMAND="$1"
|
||||||
|
shift 1
|
||||||
|
|
||||||
if [ "$COMMAND" = "start" ]; then
|
if [ "$COMMAND" = "start" ]; then
|
||||||
run_locked "${@}"
|
|
||||||
shift 1
|
|
||||||
cmd_start "${@}"
|
cmd_start "${@}"
|
||||||
elif [ "$COMMAND" = "stop" ]; then
|
elif [ "$COMMAND" = "stop" ]; then
|
||||||
shift 1
|
|
||||||
cmd_stop "${@}"
|
cmd_stop "${@}"
|
||||||
else
|
else
|
||||||
die 1 "Unrecognized command: $COMMAND"
|
die 1 "Unrecognized command: $COMMAND"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function die {
|
||||||
|
exit_code="$1"
|
||||||
|
shift 1
|
||||||
|
(>&2 echo "${@}")
|
||||||
|
exit "$exit_code"
|
||||||
|
}
|
||||||
|
|
||||||
function abort_if_jobs_running {
|
function abort_if_jobs_running {
|
||||||
if [[ $(sudo poudriere status) != *"No running builds"* ]]; then
|
if [[ $(sudo poudriere status) != *"No running builds"* ]]; then
|
||||||
echo "There is already a poudriere build in progress, exiting."
|
echo "There is already a poudriere build in progress, exiting."
|
||||||
@ -73,47 +40,30 @@ function build {
|
|||||||
function cmd_start {
|
function cmd_start {
|
||||||
abort_if_jobs_running
|
abort_if_jobs_running
|
||||||
|
|
||||||
while true; do
|
# Allow command failures without quitting the script because some
|
||||||
for conf in /opt/poudriere/build_configs/*; do
|
# package sets might fail whereas others may succeed based on which
|
||||||
(
|
# packages are in each set.
|
||||||
# Allow command failures without quitting the script because some
|
set +e
|
||||||
# package sets might fail whereas others may succeed based on which
|
|
||||||
# packages are in each set.
|
|
||||||
set +e
|
|
||||||
|
|
||||||
source "$conf"
|
for conf in /opt/poudriere/build_configs/*; do
|
||||||
local RUN_DIR="$INFO_DIR/$JAIL-$PORTS-$SET"
|
(
|
||||||
local TIMES_FILE="$RUN_DIR/times"
|
source "$conf"
|
||||||
mkdir -p "$RUN_DIR"
|
build -j "$JAIL" -p "$PORTS" -z "$SET" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist
|
||||||
local PORTUPDATE=0
|
)
|
||||||
local LASTBUILD=0
|
|
||||||
if [ -e "$TIMES_FILE" ]; then
|
|
||||||
source "$TIMES_FILE"
|
|
||||||
fi
|
|
||||||
local now=$(date +%s)
|
|
||||||
if [ $((now - PORTUPDATE)) -gt "$PORT_UPDATE_SECONDS" ]; then
|
|
||||||
log "Updating ports for $JAIL-$PORTS-$SET"
|
|
||||||
portshaker -U
|
|
||||||
portshaker -M
|
|
||||||
PORTUPDATE=$(date +%s)
|
|
||||||
fi
|
|
||||||
if [ $((now - LASTBUILD)) -gt "$BUILD_SECONDS" ]; then
|
|
||||||
log "Building ports for $JAIL-$PORTS-$SET"
|
|
||||||
build -j "$JAIL" -p "$PORTS" -z "$SET" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist
|
|
||||||
LASTBUILD=$(date +%s)
|
|
||||||
# Cleanup old unused dist files
|
|
||||||
poudriere distclean -y -p "$PORTS" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist
|
|
||||||
poudriere logclean -y 180
|
|
||||||
fi
|
|
||||||
|
|
||||||
cat > "$TIMES_FILE" <<EOF
|
|
||||||
PORTUPDATE=$PORTUPDATE
|
|
||||||
LASTBUILD=$LASTBUILD
|
|
||||||
EOF
|
|
||||||
)
|
|
||||||
done
|
|
||||||
sleep 300
|
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Re-enable exiting on failed commands
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Cleanup old unused dist files
|
||||||
|
for conf in /opt/poudriere/build_configs/*; do
|
||||||
|
(
|
||||||
|
source "$conf"
|
||||||
|
poudriere distclean -y -p "$PORTS" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist
|
||||||
|
)
|
||||||
|
done
|
||||||
|
|
||||||
|
poudriere logclean -y 180
|
||||||
}
|
}
|
||||||
|
|
||||||
function cmd_stop {
|
function cmd_stop {
|
||||||
|
@ -67,6 +67,3 @@ _carddavs._tcp IN SRV 0 1 443 carddav.fastmail.com
|
|||||||
|
|
||||||
_caldav._tcp IN SRV 0 0 0 .
|
_caldav._tcp IN SRV 0 0 0 .
|
||||||
_caldavs._tcp IN SRV 0 1 443 caldav.fastmail.com
|
_caldavs._tcp IN SRV 0 1 443 caldav.fastmail.com
|
||||||
|
|
||||||
home IN A 68.197.252.22
|
|
||||||
opstunnel IN CNAME home.fizz.buzz.
|
|
||||||
|
@ -6,6 +6,6 @@ IFS=$'\n\t'
|
|||||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||||
|
|
||||||
export XDG_CURRENT_DESKTOP=sway
|
export XDG_CURRENT_DESKTOP=sway
|
||||||
export WLR_RENDERER=vulkan
|
#export WLR_RENDERER=vulkan
|
||||||
|
|
||||||
exec sway -d &> $HOME/.config/swaylog
|
exec sway -d &> $HOME/.config/swaylog
|
||||||
|
Loading…
Reference in New Issue
Block a user