Add support for setting the group owning the file.

Add test invocation.
Add a mixin to install files instead of using home-manager.
2025-05-26 21:17:11 -04:00 · 2025-05-26 21:05:56 -04:00 · 2025-05-26 21:05:56 -04:00 · 2025-05-26 19:26:13 -04:00 · 2025-05-26 19:25:10 -04:00 · 2025-05-26 18:23:10 -04:00
726 changed files with 26389 additions and 1910 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,3 +1,5 @@
 cargo_credentials.toml filter=git-crypt diff=git-crypt
 **/wireguard_configs/** filter=git-crypt diff=git-crypt
 *.key filter=git-crypt diff=git-crypt
 credentials filter=git-crypt diff=git-crypt
 htpasswd filter=git-crypt diff=git-crypt
--- a/TODO.org
+++ b/TODO.org
@@ -0,0 +1,5 @@
 * to-do
 ** Switch to overlay driver when zfs 2.2 is released
 This might fix some stability issues (like a container getting stuck in a terminating state), may improve performance (since the zfs driver is noticably slower than overlay on ext4 on a zvol), and will avoid a lot of noise in my zfs dataset lists
 ref: https://github.com/moby/moby/issues/40132
--- a/ansible/environments/colo/host_vars/mrmanager
+++ b/ansible/environments/colo/host_vars/mrmanager
@@ -1,6 +1,10 @@
 os_flavor: "freebsd"
 zfs_snapshot_datasets:
-  - zroot/freebsd/main/be
+  - path: zroot/freebsd/main/be
  - path: zdata/vm
  - path: zdata/vm/poudriere/disk0
    include: false
  - path: zdata/k8spersistent
 sshd_enabled: true
 loader_conf: "mrmanager_loader.conf"
 rc_conf: "mrmanager_rc.conf"
@@ -11,12 +15,13 @@ pflog_conf:
  - name: 0
    dev: pflog0
 cputype: "amd"
 hwpstate: true
 etc_hosts: {}
 wireguard_directory: mrmanager
 enabled_wireguard:
  - colo
 jail_zfs_dataset: zdata/jail
-jail_zfs_dataset_mountpoint: /jail/main
+jail_zfs_dataset_mountpoint: /jail
 jail_canmount: "on"
 jail_list:
  - name: nat_dhcp
@@ -35,3 +40,18 @@ bhyve_dataset: zdata/vm
 bhyve_canmount: "on"
 # efi_dev: /dev/gpt/EFI
 devfs_rules: "mrmanager_devfs.rules"
 users:
  talexander:
    initialize: true
    uid: 11235
    gid: 11235
    groups:
      - name: wheel
    authorized_keys:
      - yubikey
      - main_fido
      - backup_fido
  mole:
    initialize: true
    authorized_keys:
      - mole
--- a/ansible/environments/home/host_vars/homeserver
+++ b/ansible/environments/home/host_vars/homeserver
@@ -1,8 +1,32 @@
 os_flavor: "freebsd"
 custom_repo: "https://freebsdpkg.fizz.buzz/repo/14broadwell-default-computer"
 pkgbase_url: "https://freebsdpkg.fizz.buzz/pkgbase/14broadwell-repo/FreeBSD:14:amd64/latest"
 zfs_snapshot_datasets:
-  - zroot/freebsd/computer/be/default
+  - path: zroot/freebsd/computer/be
  - path: zmass/encrypted/vm
  - path: zmass/encrypted/data
 users:
  talexander:
    initialize: true
    uid: 11235
    gid: 11235
    groups:
      - name: wheel
      - name: video
      - name: u2f
      - name: operator # To be able to shutdown without root
      - name: webcamd
        gid: 145
    authorized_keys:
      - yubikey
      - main_fido
      - backup_fido
      - homeassistant
    gitconfig: "gitconfig_home"
 sshd_enabled: true
 sshd_conf: "sshd_config"
 prefer_ipv6: true
 dummynet_config: "dnctl.conf"
 pf_config: "homeserver_pf.conf"
 pflog_conf:
  - name: 0
@@ -10,15 +34,11 @@ pflog_conf:
 network_rc: "homeserver_network.conf"
 rc_conf: "homeserver_rc.conf"
 loader_conf: "homeserver_loader.conf"
 netgraph_config: "setup_netgraph_homeserver"
 cputype: "intel"
 cpu_opt: broadwell
 hwpstate: false
-build_user:
+devfs_rules: "homeserver_devfs.rules"
  name: talexander
  group: talexander
 jail_zfs_dataset: zmass/encrypted/jails
-jail_zfs_dataset_mountpoint: /jail/main
+jail_zfs_dataset_mountpoint: /jail
 jail_canmount: "on"
 jail_bemount: "on"
 jail_list:
@@ -33,16 +53,41 @@ jail_list:
  - name: dagger
    conf:
      src: dagger
-  - name: mumble
+  - name: olddagger
    conf:
-      src: mumble
+      src: olddagger
-    persist:
+  - name: sftp
-      - name: mumbledb
+    conf:
-        mount: /var/db/murmur
+      src: sftp
    fstab: sftp_fstab
  - name: bastion
    conf:
      src: bastion
    fstab: fstab_bastion
  - name: certificate
    conf:
      src: certificate
  - name: momlaptop
    conf:
      src: momlaptop
  # - name: mumble
  #   conf:
  #     src: mumble
  #   persist:
  #     - name: mumbledb
  #       mount: /var/db/murmur
 bhyve_dataset: zmass/encrypted/vm
-bhyve_list: []
+# Disable mounting bhyve dataset so it doesn't hide the unencrypted linfi vm
-bhyve_canmount: "on"
+bhyve_canmount: "off"
 bhyve_mountpoint: "none"
 bhyve_bemount: "on"
 wireguard_directory: homeserver
 enabled_wireguard:
  - wgh
 linfi:
  enabled: true
  zfs_dataset: zmass/unencrypted/vm/linfi
  zfs_mountpoint: /vm/linfi
  driver_blocklist: "ath if_ath if_ath_pci ath_hal if_iwm if_iwlwifi"
  pci_blocklist: "6/0/0"
  amd: false
--- a/ansible/environments/home/hosts
+++ b/ansible/environments/home/hosts
@@ -1,2 +1,2 @@
 [headless]
-homeserver ansible_user=talexander ansible_host=10.216.1.1
+homeserver ansible_user=talexander ansible_host=homeserver
--- a/ansible/environments/jail/host_vars/bastion
+++ b/ansible/environments/jail/host_vars/bastion
@@ -0,0 +1 @@
 os_flavor: freebsd
--- a/ansible/environments/jail/host_vars/certificate
+++ b/ansible/environments/jail/host_vars/certificate
@@ -0,0 +1 @@
 os_flavor: freebsd
--- a/ansible/environments/jail/host_vars/momlaptop
+++ b/ansible/environments/jail/host_vars/momlaptop
@@ -0,0 +1 @@
 os_flavor: freebsd
--- a/ansible/environments/jail/host_vars/sftp
+++ b/ansible/environments/jail/host_vars/sftp
@@ -0,0 +1,6 @@
 os_flavor: "freebsd"
 users:
  nochainstounlock:
    initialize: true
    uid: 11235
    gid: 11235
--- a/ansible/environments/jail/hosts
+++ b/ansible/environments/jail/hosts
@@ -1,7 +1,11 @@
 [jail]
 nat_dhcp ansible_connection=jail
-homeserver_nat_dhcp ansible_ssh_host=nat_dhcp@172.16.16.2 ansible_connection=sshjail
+homeserver_nat_dhcp ansible_ssh_host=nat_dhcp@homeserver ansible_connection=sshjail
 mrmanager_nat_dhcp ansible_ssh_host=nat_dhcp@10.217.2.1 ansible_connection=sshjail
 nat_dhcp@172.16.16.2 ansible_connection=sshjail
 admin_git ansible_ssh_host=admin_git@10.217.2.1 ansible_connection=sshjail
 public_dns ansible_ssh_host=public_dns@10.217.2.1 ansible_connection=sshjail
 sftp ansible_ssh_host=sftp@homeserver ansible_connection=sshjail
 bastion ansible_ssh_host=bastion@homeserver ansible_connection=sshjail
 certificate ansible_ssh_host=certificate@homeserver ansible_connection=sshjail
 momlaptop ansible_ssh_host=momlaptop@homeserver ansible_connection=sshjail
--- a/ansible/environments/laptop/group_vars/all
+++ b/ansible/environments/laptop/group_vars/all
@@ -1,2 +1,28 @@
 timezone: "America/New_York"
 install_bluetooth: true
 emacs_flavor: "full"
 ssh_hosts:
  - name: poudriere
    proxy_jump: talexander@mrmanager
    host_name: 10.215.1.203
  - name: controller0
    proxy_jump: talexander@mrmanager
    host_name: 10.215.1.204
  - name: controller1
    proxy_jump: talexander@mrmanager
    host_name: 10.215.1.205
  - name: controller2
    proxy_jump: talexander@mrmanager
    host_name: 10.215.1.206
  - name: worker0
    proxy_jump: talexander@mrmanager
    host_name: 10.215.1.207
  - name: worker1
    proxy_jump: talexander@mrmanager
    host_name: 10.215.1.208
  - name: worker2
    proxy_jump: talexander@mrmanager
    host_name: 10.215.1.209
  - name: brianai
    proxy_jump: talexander@mrmanager
    host_name: 10.215.1.215
--- a/ansible/environments/laptop/host_vars/odofreebsd
+++ b/ansible/environments/laptop/host_vars/odofreebsd
@@ -1,25 +1,25 @@
 os_flavor: "freebsd"
-custom_repo: 13amd64-default-framework
+custom_repo: "https://freebsdpkg.fizz.buzz/repo/currentznver4-default-framework"
 pkgbase_url: "https://freebsdpkg.fizz.buzz/pkgbase/currentznver4-repo/FreeBSD:15:amd64/latest"
 zfs_snapshot_datasets:
-  - zroot/freebsd/release/be/default
+  - path: zroot/freebsd/current/be/default
 sshd_enabled: true
 sshd_conf: "sshd_config"
 pf_config: "odofreebsd_pf.conf"
 pflog_conf:
-  - name: 0
+ - name: 0
-    dev: pflog0
+   dev: pflog0
 prefer_ipv6: true
 dummynet_config: "dnctl.conf"
 network_rc: "odofreebsd_network.conf"
 rc_conf: "odofreebsd_rc.conf"
 loader_conf: "odofreebsd_loader.conf"
 install_graphics: true
-graphics_driver: "intel"
+graphics_driver: "amd"
-cputype: "intel"
+cputype: "amd"
 cpu_opt: tigerlake
 hwpstate: true
-cores: 8
+cores: 16
-build_user:
+sound_system: "oss"
  name: talexander
  group: talexander
 users:
  talexander:
    initialize: true
@@ -31,6 +31,8 @@ users:
      - name: u2f
      - name: operator # To be able to shutdown without root
      - name: webcamd
        gid: 145
      - name: realtime
    authorized_keys:
      - yubikey
      - main_fido
@@ -38,16 +40,18 @@ users:
      - homeassistant
    gitconfig: "gitconfig_home"
 devfs_rules: "odo_devfs.rules"
-jail_zfs_dataset: zroot/freebsd/release/jails
+jail_zfs_dataset: zroot/freebsd/current/jails
-jail_zfs_dataset_mountpoint: /jail/main
+jail_zfs_dataset_mountpoint: /jail
 jail_canmount: "on"
 jail_list:
  - name: nat_dhcp
    enabled: true
    conf:
      src: nat_dhcp
-bhyve_dataset: zroot/freebsd/release/vm
+bhyve_dataset: zroot/freebsd/current/vm
-bhyve_list: []
+bhyve_bemount: off
-efi_dev: /dev/gpt/EFI
+# efi_dev: /dev/gpt/EFI
 efi_dev: /dev/diskid/DISK-SJB7N717610407Q0Hp1
 sway_conf_files:
  - launch_gpg
 wireguard_directory: odo
@@ -55,3 +59,10 @@ enabled_wireguard:
  - wgh
  - drmario
  - colo
 linfi:
  enabled: true
  zfs_dataset: zroot/freebsd/current/vm/linfi
  zfs_mountpoint: /vm/linfi
  driver_blocklist: "if_iwm if_iwlwifi"
  pci_blocklist: "1/0/0"
  amd: true
--- a/ansible/environments/laptop/host_vars/odolinux
+++ b/ansible/environments/laptop/host_vars/odolinux
@@ -16,12 +16,13 @@ users:
      - backup_fido
      - homeassistant
    gitconfig: "gitconfig_home"
 periodic_scrub_pools: [zroot]
 zfs_snapshot_datasets:
  # - zroot/linux/archmain/home
-  - zroot/linux/archmain/be
+  - path: zroot/linux/archmain/be
-  - zroot/data/bridge/family_disks
+  - path: zroot/data/bridge/family_disks
 install_graphics: true
-graphics_driver: "intel"
+graphics_driver: "amd"
 build_user:
  name: talexander
  group: talexander
@@ -30,10 +31,9 @@ enabled_wireguard:
  - wgh
  - drmario
  - colo
-cputype: "intel"
+cputype: "amd"
 hwpstate: true
-cores: 8
+cores: 16
 sway_conf_files:
  - rofimoji
-docker_storage_driver: zfs # alternatively overlay2
+docker_storage_driver: overlay2 # alternatively zfs
 docker_zfs_dataset: zroot/linux/archmain/docker
--- a/ansible/environments/laptop/host_vars/odowork
+++ b/ansible/environments/laptop/host_vars/odowork
@@ -0,0 +1,37 @@
 os_flavor: "linux"
 hostname: odowork
 etc_hosts: {}
 users:
  talexander:
    initialize: true
    uid: 11235
    gid: 1000
    groups:
      - name: wheel
      - name: users
      - name: docker
      - name: libvirt
      - name: uucp
    authorized_keys:
      - yubikey
      - main_fido
      - backup_fido
    gitconfig: "gitconfig_work"
 periodic_scrub_pools: [zroot]
 zfs_snapshot_datasets:
  - path: zroot/linux/archwork/be
 install_graphics: true
 graphics_driver: "amd"
 pgp_key: "gpg_work.asc"
 build_user:
  name: talexander
  group: talexander
 # wireguard_directory: odowork
 # enabled_wireguard: []
 cputype: "amd"
 hwpstate: true
 cores: 16
 sway_conf_files:
  - rofimoji
 docker_storage_driver: overlay2 # alternatively zfs
 closed_source_vscode: true
--- a/ansible/environments/laptop/hosts
+++ b/ansible/environments/laptop/hosts
@@ -1,3 +1,4 @@
 [gui]
 odolinux ansible_connection=local ansible_host=127.0.0.1
 odofreebsd ansible_connection=local ansible_host=127.0.0.1
 odowork ansible_connection=local ansible_host=127.0.0.1
--- a/ansible/environments/vm/host_vars/poudrieremrmanager
+++ b/ansible/environments/vm/host_vars/poudrieremrmanager
@@ -1,13 +1,30 @@
 os_flavor: "freebsd"
 sshd_enabled: true
 custom_repo: "file:///usr/local/poudriere/data/packages/currentznver4-default-framework"
 pkgbase_url: "file:///usr/local/poudriere/data/images/currentznver4-repo/FreeBSD:15:amd64/latest"
 poudriere_builds:
-  - jail: 13amd64
+  # - jail: 13amd64
    ports: default
    set: framework
    version: 13.2-RELEASE
  # - jail: current
  #   ports: default
  #   set: framework
-  #   version: CURRENT
+  #   version: 13.2-RELEASE
-  #   revision: af01b4722577903f91acc44f01bdcb8cdb2d65ad
+  - jail: currentznver4
-  #   kernel: CUSTOM
+    ports: default
-  #   branch: main
+    set: framework
    version: CURRENT
    # revision: 66d37dbedfbf2dc94ccf49e6983c3652d5909b91
    kernel: CUSTOM
    branch: main
    srcconf: currentznver4_src.conf
  # - jail: 14broadwell
  #   ports: default
  #   set: computer
  #   version: 14.0-RELEASE
  #   kernel: GENERIC
  #   srcconf: 14broadwell_src.conf
  - jail: 14broadwell
    ports: default
    set: computer
    version: CURRENT
    kernel: CUSTOM
    branch: releng/14.1
    srcconf: 14broadwell_src.conf
--- a/ansible/environments/vm/hosts
+++ b/ansible/environments/vm/hosts
@@ -6,4 +6,3 @@ poudrieremrmanager ansible_user=root ansible_host=poudriere
 #    Host poudriere
 #       ProxyJump talexander@mrmanager
 #       HostName 10.215.1.203
 #
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@@ -20,12 +20,14 @@
    - build
    - sound
    - graphics
    - power_management
    - gpg
    - fonts
    - alacritty
    - sway
    - emacs
    - firefox
    - chromium
    - devfs
    - ssh_client
    - sshfs
@@ -41,14 +43,19 @@
    - ansible
    - wireguard
    - portshaker
    - poudriere
    - android
    - latex
    - python
    - pyenv
    - webcam
    - docker
    - vscode
    - javascript
    - launch_keyboard
    - lvfs
    - restaurant_health_rating
    - wasm
    - noise_suppression
 - hosts: nat_dhcp:homeserver_nat_dhcp:mrmanager_nat_dhcp
  vars:
@@ -61,7 +68,12 @@
    ansible_become: True
  roles:
    - sudo # for poudboot script
    - doas
    - fstab
    - package_manager
    - zsh
    - termcap
    - sshd
    - portshaker
    - poudriere
    - poudrierenginx
@@ -109,3 +121,48 @@
    - doas
    - users
    - public_dns
 - hosts: odolinux:odofreebsd:odowork
  vars:
    ansible_become: True
  roles:
    - linfi
    - framework_laptop
 - hosts: homeserver
  vars:
    ansible_become: True
  roles:
    - linfi
    - homeserver
 - hosts: odowork
  vars:
    ansible_become: True
  roles:
    - odowork
 - hosts: sftp
  vars:
    ansible_become: True
  roles:
    - users
    - sftp
 - hosts: bastion
  vars:
    ansible_become: True
  roles:
    - jail_bastion
 - hosts: certificate
  vars:
    ansible_become: True
  roles:
    - jail_certificate
 - hosts: momlaptop
  vars:
    ansible_become: True
  roles:
    - jail_momlaptop
--- a/ansible/roles/alacritty/files/alacritty.toml
+++ b/ansible/roles/alacritty/files/alacritty.toml
@@ -0,0 +1,44 @@
 [colors]
 draw_bold_text_with_bright_colors = true
 indexed_colors = []
 [colors.bright]
 black = "0x666666"
 blue = "0x7aa6da"
 cyan = "0x54ced6"
 green = "0x9ec400"
 magenta = "0xb77ee0"
 red = "0xff3334"
 white = "0xffffff"
 yellow = "0xe7c547"
 [colors.normal]
 black = "0x000000"
 blue = "0x7aa6da"
 cyan = "0x70c0ba"
 green = "0xb9ca4a"
 magenta = "0xc397d8"
 red = "0xd54e53"
 white = "0xeaeaea"
 yellow = "0xe6c547"
 [colors.primary]
 background = "0x000000"
 foreground = "0xeaeaea"
 [font]
 size = 11.0
 [[hints.enabled]]
 command = "xdg-open"
 post_processing = true
 regex = "(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\u0000-\u001F\u007F-<>\"\\s{-}\\^⟨⟩`]+"
 [hints.enabled.mouse]
 enabled = false
 mods = "None"
 [scrolling]
 history = 10000
 # Lines moved per scroll.
 multiplier = 3
--- a/ansible/roles/alacritty/files/alacritty.yml
+++ b/ansible/roles/alacritty/files/alacritty.yml
@@ -1,103 +0,0 @@
 # If `true`, bold text is drawn using the bright color variants.
 draw_bold_text_with_bright_colors: true
 colors:
  # Default colors
  primary:
    background: "0x000000"
    foreground: "0xeaeaea"
    # Bright and dim foreground colors
    #
    # The dimmed foreground color is calculated automatically if it is not present.
    # If the bright foreground color is not set, or `draw_bold_text_with_bright_colors`
    # is `false`, the normal foreground color will be used.
    #dim_foreground: '0x9a9a9a'
    #bright_foreground: '0xffffff'
  # Cursor colors
  #
  # Colors which should be used to draw the terminal cursor. If these are unset,
  # the cursor color will be the inverse of the cell color.
  #cursor:
  #  text: '0x000000'
  #  cursor: '0xffffff'
  # Selection colors
  #
  # Colors which should be used to draw the selection area. If selection
  # background is unset, selection color will be the inverse of the cell colors.
  # If only text is unset the cell text color will remain the same.
  #selection:
  #  text: '0xeaeaea'
  #  background: '0x404040'
  # Normal colors
  normal:
    black: "0x000000"
    red: "0xd54e53"
    green: "0xb9ca4a"
    yellow: "0xe6c547"
    blue: "0x7aa6da"
    magenta: "0xc397d8"
    cyan: "0x70c0ba"
    white: "0xeaeaea"
  # Bright colors
  bright:
    black: "0x666666"
    red: "0xff3334"
    green: "0x9ec400"
    yellow: "0xe7c547"
    blue: "0x7aa6da"
    magenta: "0xb77ee0"
    cyan: "0x54ced6"
    white: "0xffffff"
  # Dim colors
  #
  # If the dim colors are not set, they will be calculated automatically based
  # on the `normal` colors.
  #dim:
  #  black:   '0x000000'
  #  red:     '0x8c3336'
  #  green:   '0x7a8530'
  #  yellow:  '0x97822e'
  #  blue:    '0x506d8f'
  #  magenta: '0x80638e'
  #  cyan:    '0x497e7a'
  #  white:   '0x9a9a9a'
  # Indexed Colors
  #
  # The indexed colors include all colors from 16 to 256.
  # When these are not set, they're filled with sensible defaults.
  #
  # Example:
  #   `- { index: 16, color: '0xff00ff' }`
  #
  indexed_colors: []
 scrolling:
  # Maximum number of lines in the scrollback buffer.
  # Specifying '0' will disable scrolling.
  history: 10000
  # Number of lines the viewport will move for every line scrolled when
  # scrollback is enabled (history > 0).
  multiplier: 3
 font:
  size: 11.0
 hints:
  enabled:
    # Disable opening links when clicked
    - regex:
        "(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)\
        [^\u0000-\u001F\u007F-\u009F<>\"\\s{-}\\^⟨⟩`]+"
      command: xdg-open
      post_processing: true
      mouse:
        enabled: false
        mods: None
--- a/ansible/roles/alacritty/tasks/peruser.yaml
+++ b/ansible/roles/alacritty/tasks/peruser.yaml
@@ -19,8 +19,8 @@
    owner: "{{ account_name.stdout }}"
    group: "{{ group_name.stdout }}"
  loop:
-    - src: alacritty.yml
+    - src: alacritty.toml
-      dest: .config/alacritty/alacritty.yml
+      dest: .config/alacritty/alacritty.toml
 - import_tasks: tasks/peruser_freebsd.yaml
  when: 'os_flavor == "freebsd"'
--- a/ansible/roles/android/tasks/linux.yaml
+++ b/ansible/roles/android/tasks/linux.yaml
@@ -13,10 +13,12 @@
 #     name: []
 #     state: present
 #     update_cache: true
-    
+
 - name: Install packages
  package:
    name:
      - gvfs
      - gvfs-mtp
      - android-udev # Access android over USB without root.
      - android-tools # For fastboot to flash phones.
    state: present
--- a/ansible/roles/ansible/tasks/freebsd.yaml
+++ b/ansible/roles/ansible/tasks/freebsd.yaml
@@ -1,6 +1,6 @@
 - name: Install packages
  package:
    name:
-      - py39-ansible
+      - py311-ansible
      - ansible-sshjail
    state: present
--- a/ansible/roles/autofs/files/auto_master
+++ b/ansible/roles/autofs/files/auto_master
@@ -1,4 +1,3 @@
 # $FreeBSD$
 #
 # Automounter master map, see auto_master(5) for details.
 #
--- a/ansible/roles/base/files/alacritty.termcap
+++ b/ansible/roles/base/files/alacritty.termcap
@@ -1,24 +0,0 @@
 #	Reconstructed via infocmp from file: /usr/share/terminfo/a/alacritty
 # (untranslatable capabilities removed to fit entry within 1023 bytes)
 # (sgr removed to fit entry within 1023 bytes)
 # (acsc removed to fit entry within 1023 bytes)
 # (terminfo-only capabilities suppressed to fit entry within 1023 bytes)
 alacritty|alacritty terminal emulator:\
 	:am:bs:hs:mi:ms:xn:\
 	:co#80:it#8:li#24:\
 	:AL=\E[%dL:DC=\E[%dP:DL=\E[%dM:DO=\E[%dB:IC=\E[%d@:\
 	:K2=\EOE:LE=\E[%dD:RI=\E[%dC:SF=\E[%dS:SR=\E[%dT:\
 	:UP=\E[%dA:ae=\E(B:al=\E[L:as=\E(0:bl=^G:bt=\E[Z:cd=\E[J:\
 	:ce=\E[K:cl=\E[H\E[2J:cm=\E[%i%d;%dH:cr=\r:\
 	:cs=\E[%i%d;%dr:ct=\E[3g:dc=\E[P:dl=\E[M:do=\n:\
 	:ds=\E]2;\007:ec=\E[%dX:ei=\E[4l:fs=^G:ho=\E[H:im=\E[4h:\
 	:is=\E[!p\E[?3;4l\E[4l\E>:k1=\EOP:k2=\EOQ:k3=\EOR:\
 	:k4=\EOS:k5=\E[15~:k6=\E[17~:k7=\E[18~:k8=\E[19~:\
 	:k9=\E[20~:kD=\E[3~:kI=\E[2~:kN=\E[6~:kP=\E[5~:kb=\177:\
 	:kd=\EOB:ke=\E[?1l\E>:kh=\EOH:kl=\EOD:kr=\EOC:\
 	:ks=\E[?1h\E=:ku=\EOA:le=^H:mb=\E[5m:md=\E[1m:me=\E[0m:\
 	:mh=\E[2m:mm=\E[?1034h:mo=\E[?1034l:mr=\E[7m:nd=\E[C:\
 	:rc=\E8:sc=\E7:se=\E[27m:sf=\n:so=\E[7m:sr=\EM:st=\EH:ta=^I:\
 	:te=\E[?1049l\E[23;0;0t:ti=\E[?1049h\E[22;0;0t:\
 	:ts=\E]2;:ue=\E[24m:up=\E[A:us=\E[4m:vb=\E[?5h\E[?5l:\
 	:ve=\E[?12l\E[?25h:vi=\E[?25l:vs=\E[?12;25h:
--- a/ansible/roles/base/files/bbr_loader.conf
+++ b/ansible/roles/base/files/bbr_loader.conf
@@ -0,0 +1 @@
 tcp_bbr_load="YES"
--- a/ansible/roles/base/files/cleartmp_rc.conf
+++ b/ansible/roles/base/files/cleartmp_rc.conf
@@ -0,0 +1 @@
 clear_tmp_enable="YES"
--- a/ansible/roles/base/files/decode_jwt.bash
+++ b/ansible/roles/base/files/decode_jwt.bash
@@ -0,0 +1,8 @@
 #!/usr/bin/env bash
 #
 # Decode the contents of a JWT
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 exec jq -R 'split(".") | .[0],.[1] | gsub("-"; "+") | gsub("_"; "/") | gsub("%3D"; "=")| @base64d | fromjson'
--- a/ansible/roles/base/files/disk_labels_loader.conf
+++ b/ansible/roles/base/files/disk_labels_loader.conf
@@ -1,8 +1,12 @@
-# Disabling both of these will make /dev/gpt/* populated
+# Populates the /dev/diskid
 kern.geom.label.disk_ident.enable="1"
 # Populates /dev/gpt but only if kern.geom.label.disk_ident.enable is disabled.
 #
 # This uses gpt partition labels which you can set with:
 #
 #     gpart modify -l EFI -i 1 nvd0
 # kern.geom.label.disk_ident.enable="0"
 # kern.geom.label.gptid.enable="1"
--- a/ansible/roles/base/files/git_fix_author.bash
+++ b/ansible/roles/base/files/git_fix_author.bash
@@ -0,0 +1,22 @@
 #!/usr/bin/env bash
 #
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 git filter-branch --env-filter '
 WRONG_EMAIL="old@email.foo"
 NEW_NAME="New Name"
 NEW_EMAIL="new@email.buzz"
 if [ "$GIT_COMMITTER_EMAIL" = "$WRONG_EMAIL" ]
 then
    export GIT_COMMITTER_NAME="$NEW_NAME"
    export GIT_COMMITTER_EMAIL="$NEW_EMAIL"
 fi
 if [ "$GIT_AUTHOR_EMAIL" = "$WRONG_EMAIL" ]
 then
    export GIT_AUTHOR_NAME="$NEW_NAME"
    export GIT_AUTHOR_EMAIL="$NEW_EMAIL"
 fi
 ' --tag-name-filter cat --commit-filter 'git commit-tree -S "$@";' -- --branches --tags
--- a/ansible/roles/base/files/gitconfig_home
+++ b/ansible/roles/base/files/gitconfig_home
@@ -7,6 +7,7 @@
 [alias]
 	lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
 	bh = log --oneline --branches=* --remotes=* --graph --decorate
 	amend = commit --amend --no-edit
 [core]
 	excludesfile = ~/.gitignore_global
 [commit]
@@ -17,3 +18,18 @@
 	date = local
 [init]
 	defaultBranch = main
 # Use meld for `git difftool` and `git mergetool`
 [diff]
 	tool = meld
 [difftool]
 	prompt = false
 [difftool "meld"]
 	cmd = meld "$LOCAL" "$REMOTE"
 [merge]
 	tool = meld
 [mergetool "meld"]
        # Make the middle pane start with partially-merged contents:
 	cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
        # Make the middle pane start without any merge progress:
 	# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
--- a/ansible/roles/base/files/gitconfig_work
+++ b/ansible/roles/base/files/gitconfig_work
@@ -0,0 +1,37 @@
 [user]
 	email = ThomasA.Alexander@hmhn.org
 	name = Tom Alexander
 	signingkey = D3A179C9A53C0EDE
 [push]
 	default = simple
 [alias]
 	lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
 	bh = log --oneline --branches=* --remotes=* --graph --decorate
 	amend = commit --amend --no-edit
 [core]
 	excludesfile = ~/.gitignore_global
 [commit]
 	gpgsign = true
 [pull]
 	rebase = true
 [log]
 	date = local
 [init]
 	defaultBranch = main
 # Use meld for `git difftool` and `git mergetool`
 [diff]
 	tool = meld
 [difftool]
 	prompt = false
 [difftool "meld"]
 	cmd = meld "$LOCAL" "$REMOTE"
 [merge]
 	tool = meld
 [mergetool "meld"]
        # Make the middle pane start with partially-merged contents:
 	cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
        # Make the middle pane start without any merge progress:
 	# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
 [includeIf "gitdir:/bridge/"]
 	path = /bridge/git/machine_setup/ansible/roles/base/files/gitconfig_home
--- a/ansible/roles/base/files/gitignore_global
+++ b/ansible/roles/base/files/gitignore_global
@@ -1,2 +1,8 @@
 .idea
 .python-version
 # Emacs per-directory settings
 .dir-locals.el
 # C/C++ Language Server compile commands
 compile_commands.json
--- a/ansible/roles/base/files/homeserver_loader.conf
+++ b/ansible/roles/base/files/homeserver_loader.conf
@@ -1,5 +1,3 @@
 security.bsd.allow_destructive_dtrace=0
 kern.geom.label.disk_ident.enable="0"
 kern.geom.label.gptid.enable="0"
 cryptodev_load="YES"
 zfs_load="YES"
--- a/ansible/roles/base/files/login.conf
+++ b/ansible/roles/base/files/login.conf
@@ -7,7 +7,6 @@
 # This file controls resource limits, accounting limits and
 # default user environment settings.
 #
 # $FreeBSD$
 #
 # Default settings effectively disable resource limits, see the
@@ -33,7 +32,7 @@ default:\
 	:cputime=unlimited:\
 	:datasize=unlimited:\
 	:stacksize=unlimited:\
-	:memorylocked=64K:\
+	:memorylocked=128M:\
 	:memoryuse=unlimited:\
 	:filesize=unlimited:\
 	:coredumpsize=unlimited:\
@@ -45,6 +44,7 @@ default:\
 	:pseudoterminals=unlimited:\
 	:kqueues=unlimited:\
 	:umtxp=unlimited:\
 	:pipebuf=unlimited:\
 	:priority=0:\
 	:ignoretime@:\
 	:umask=022:\
--- a/ansible/roles/base/files/odofreebsd_loader.conf
+++ b/ansible/roles/base/files/odofreebsd_loader.conf
@@ -1,6 +1,3 @@
 security.bsd.allow_destructive_dtrace=0
 kern.geom.label.disk_ident.enable="0"
 kern.geom.label.gptid.enable="0"
 cryptodev_load="YES"
 zfs_load="YES"
--- a/ansible/roles/base/files/odofreebsd_rc.conf
+++ b/ansible/roles/base/files/odofreebsd_rc.conf
@@ -1,8 +1,6 @@
 clear_tmp_enable="YES"
 syslogd_flags="-ss"
 sendmail_enable="NONE"
 hostname="odo"
 sshd_enable="YES"
 # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
 dumpdev="NO"
 zfs_enable="YES"
--- a/ansible/roles/base/files/tmux.conf
+++ b/ansible/roles/base/files/tmux.conf
@@ -1,4 +1,4 @@
-set-option -g mouse on
+# set-option -g mouse on
 set-option -g history-limit 20000
 # set -g @plugin 'tmux-plugins/tmux-yank'
 # Emacs style
--- a/ansible/roles/base/files/watch_freebsd
+++ b/ansible/roles/base/files/watch_freebsd
@@ -10,7 +10,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 function cleanup {
    switch_to_main_screen
 }
-for sig in EXIT INT QUIT HUP TERM; do
+for sig in EXIT; do
  trap "set +e; cleanup; exit" "$sig"
 done
--- a/ansible/roles/base/meta/main.yaml
+++ b/ansible/roles/base/meta/main.yaml
@@ -1,2 +1,3 @@
 dependencies:
  - fstab
  - termcap
--- a/ansible/roles/base/tasks/common.yaml
+++ b/ansible/roles/base/tasks/common.yaml
@@ -16,20 +16,19 @@
      - wget
      - colordiff
      - ipcalc
      - kdiff3
      - tcpdump
      - moreutils # for ts [%Y-%m-%d %H:%M:%.S]
      - ddrescue
      - dmidecode
    state: present
- name: Set timezone
+- name: Install packages
-  file:
+  when: install_graphics
-    src: "/usr/share/zoneinfo/{{ timezone|default('UTC') }}"
+  package:
-    dest: /etc/localtime
+    name:
-    owner: root
+      - kdiff3
-    # TODO: Arch Linux is changing the group to root instead of wheel. Maybe make this a variable?
+      - meld
-    group: wheel
+    state: present
    state: link
 - name: Install scripts
  copy:
@@ -47,6 +46,10 @@
      dest: /usr/local/bin/git_find_merged_branches
    - src: cleanup_temporary_files
      dest: /usr/local/bin/cleanup_temporary_files
    - src: git_fix_author.bash
      dest: /usr/local/bin/git_fix_author
    - src: decode_jwt.bash
      dest: /usr/local/bin/decode_jwt
 - import_tasks: tasks/freebsd.yaml
  when: 'os_flavor == "freebsd"'
--- a/ansible/roles/base/tasks/freebsd.yaml
+++ b/ansible/roles/base/tasks/freebsd.yaml
@@ -1,3 +1,11 @@
 - name: Set timezone
  file:
    src: "/usr/share/zoneinfo/{{ timezone|default('UTC') }}"
    dest: /etc/localtime
    owner: root
    group: wheel
    state: link
 - name: Install packages
  package:
    name:
@@ -5,29 +13,18 @@
      - gsed
      - gmake
      - rust-coreutils
      - shuf
    state: present
- name: See if the alacritty termcap has been added
+- name: Install service configuration
-  lineinfile:
+  copy:
-    name: /usr/share/misc/termcap
+    src: "files/{{ item }}_rc.conf"
-    regexp: |-
+    dest: "/etc/rc.conf.d/{{ item }}"
-      ^alacritty\|
+    mode: 0644
-    state: absent
+    owner: root
-  check_mode: yes
+    group: wheel
-  changed_when: false
+  loop:
-  register: alacritty_cap
+    - cleartmp
 - name: Append alacritty termcap info
  blockinfile:
    path: /usr/share/misc/termcap
    block: "{{ lookup('file', 'alacritty.termcap') }}"
    marker: "# {mark} ANSIBLE MANAGED BLOCK alacritty"
  when: not alacritty_cap.found
  register: wrote_alacritty_cap
 - name: Update cap_mkdb
  command: cap_mkdb /usr/share/misc/termcap
  when: wrote_alacritty_cap.changed
 - name: Install login.conf
  copy:
@@ -42,18 +39,6 @@
  command: cap_mkdb /etc/login.conf
  when: login_config.changed
 - name: Enable periodic scrub
  community.general.sysrc:
    name: daily_scrub_zfs_enable
    value: "YES"
    path: /etc/periodic.conf.local
 - name: Set scrub interval
  community.general.sysrc:
    name: daily_scrub_zfs_default_threshold
    value: "7"
    path: /etc/periodic.conf.local
 - name: Install loader.conf
  copy:
    src: "{{loader_conf}}"
@@ -123,3 +108,65 @@
    group: wheel
  loop:
    - disk_labels
 - name: Configure sysctls
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    state: present
    reload: false
    sysctl_file: "/etc/sysctl.conf.local"
  loop:
    # Adjust ttl
    - name: net.inet.ip.ttl
      value: 65
    - name: net.inet6.ip6.hlim
      value: 65
 - name: Log periodic output instead of getting it as mail
  blockinfile:
    path: "/etc/periodic.conf.local"
    marker: "# {mark} ANSIBLE MANAGED BLOCK log"
    # create: true
    mode: 0644
    owner: root
    group: wheel
    block: |
      daily_output=/var/log/daily.log
      weekly_output=/var/log/weekly.log
      monthly_output=/var/log/monthly.log
 - name: Enable periodic zfs scrub
  when: install_zfs
  blockinfile:
    path: "/etc/periodic.conf.local"
    marker: "# {mark} ANSIBLE MANAGED BLOCK zfs"
    # create: true
    mode: 0644
    owner: root
    group: wheel
    block: |
      daily_scrub_zfs_enable="YES"
      daily_scrub_zfs_default_threshold="7"
 # Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
 - name: Install loader.conf
  copy:
    src: "files/{{ item }}_loader.conf"
    dest: "/boot/loader.conf.d/{{ item }}.conf"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - bbr
 - name: Configure sysctls
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    state: present
    reload: false
    sysctl_file: "/etc/sysctl.conf.local"
  loop:
    - name: net.inet.tcp.functions_default
      value: "bbr"
--- a/ansible/roles/base/tasks/linux.yaml
+++ b/ansible/roles/base/tasks/linux.yaml
@@ -1,3 +1,11 @@
 - name: Set timezone
  file:
    src: "/usr/share/zoneinfo/{{ timezone|default('UTC') }}"
    dest: /etc/localtime
    owner: root
    group: root
    state: link
 - name: Install packages
  package:
    name:
@@ -7,6 +15,9 @@
      - bind # dig
      - man-db
      - uutils-coreutils
      - usbutils # for lsusb
      - bolt
      - whois
    state: present
 - name: Start pkgfile update service
@@ -16,17 +27,6 @@
    daemon_reload: yes
    enabled: yes
 # Of questionable value since I don't use swap on my machines
 - name: Configure sysctls for swap
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    state: present
    sysctl_file: /etc/sysctl.d/swap.conf
  loop:
    - name: vm.swappiness
      value: 10
 - name: Install scripts
  copy:
    src: "files/{{ item.src }}"
@@ -39,3 +39,41 @@
      dest: /usr/local/bin/mount_disk_image
    - src: watch_linux
      dest: /usr/local/bin/ww
 - name: Configure sysctls
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    state: present
    sysctl_file: /etc/sysctl.d/{{ item.file }}
  loop:
    # Of questionable value since I don't use swap on my machines
    - name: vm.swappiness
      value: 10
      file: swap.conf
    # Enable TCP packetization-layer PMTUD when an ICMP black hole is detected.
    - name: net.ipv4.tcp_mtu_probing
      value: 1
      file: tcp.conf
    # Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
    - name: net.ipv4.tcp_congestion_control
      value: bbr
      file: tcp.conf
    # Don't do a slow start after a connection has been idle for a single RTO.
    - name: net.ipv4.tcp_slow_start_after_idle
      value: 0
      file: tcp.conf
    # 3x time to accumulate filesystem changes before flushing to disk.
    - name: vm.dirty_writeback_centisecs
      value: 1500
      file: power.conf
    # Adjust ttl
    - name: net.ipv4.ip_default_ttl
      value: 65
      file: ttl.conf
    - name: net.ipv6.conf.all.hop_limit
      value: 65
      file: ttl.conf
    - name: net.ipv6.conf.default.hop_limit
      value: 65
      file: ttl.conf
--- a/ansible/roles/bhyve/defaults/main.yaml
+++ b/ansible/roles/bhyve/defaults/main.yaml
@@ -1,2 +1 @@
 bhyve_mountpoint: "/vm"
 bhyve_list: []
--- a/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
+++ b/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
@@ -30,6 +30,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : ${BRIDGE_NAME:="bridge_$INTERFACE_NAME"} # or bridge_raw for RAW networks
 : ${VNC_ENABLE:="NO"}
 : ${VNC_LISTEN:="127.0.0.1:5900"}
 : ${VNC_WIDTH:="1920"}
 : ${VNC_HEIGHT:="1080"}
 if [ "$VERBOSE" = "YES" ]; then
    set -x
@@ -39,14 +41,14 @@ fi
 function cleanup {
    for vm in "${vms[@]}"; do
-        log "Destroying bhyve vm $f"
+        log "Destroying bhyve vm $vm"
        bhyvectl "--vm=$vm" --destroy
-        log "Destroyed bhyve vm $f"
+        log "Destroyed bhyve vm $vm"
    done
 }
 vms=()
-for sig in EXIT INT QUIT HUP TERM; do
+for sig in EXIT; do
-  trap "set +e; cleanup" "$sig"
+  trap "set +e; sleep 10; cleanup" "$sig"
 done
 function die {
@@ -74,13 +76,6 @@ function main {
    fi
 }
 function die {
    local status_code="$1"
    shift
    (>&2 echo "${@}")
    exit "$status_code"
 }
 function create_disk {
    local zfs_path="$1"
    local mount_path="$2"
@@ -112,7 +107,8 @@ function start_vm {
    local bridge_name="$BRIDGE_NAME"
    local ip_range="$IP_RANGE" # for raw this value does not matter
-    local mac_address=$(calculate_mac_address "$name")
+    local mac_address
    mac_address=$(calculate_mac_address "$name")
    local additional_args=()
@@ -144,10 +140,10 @@ function start_vm {
    # TODO: Look into using nmdm instead of stdio for serial console
    if [ -n "$mount_cd" ]; then
-        additional_args+=("-s" "3,ahci-cd,$mount_cd")
+        additional_args+=("-s" "5,ahci-cd,$mount_cd")
    fi
    if [ "$VNC_ENABLE" = "YES" ]; then
-        additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=1920,h=1080")
+        additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=$VNC_WIDTH,h=$VNC_HEIGHT")
    fi
    vms+=("$name")
    while true; do
@@ -158,6 +154,8 @@ function start_vm {
            -c $CPU_CORES \
            -m $MEMORY \
            -H \
            -P \
            -o 'rtc.use_localtime=false' \
            -s 0,hostbridge \
            -s "4,nvme,/dev/zvol/${zfs_path}/disk0" \
            -s 30,xhci,tablet \
@@ -170,6 +168,7 @@ function start_vm {
        set +x
        if [ $exit_code -eq 0 ]; then
            echo "Rebooting."
            sleep 5
        elif [ $exit_code -eq 1 ]; then
            echo "Powered off."
            break
@@ -251,7 +250,8 @@ function ng_exists {
 function calculate_mac_address {
    local name="$1"
-    local source=$(md5 -r -s "$name" | awk '{print $1}')
+    local source
    source=$(md5 -r -s "$name" | awk '{print $1}')
    echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
 }
--- a/ansible/roles/blank/tasks/common.yaml
+++ b/ansible/roles/blank/tasks/common.yaml
@@ -1,3 +1,43 @@
 # - name: Create directories
 #   file:
 #     name: "{{ item }}"
 #     state: directory
 #     mode: 0755
 #     owner: root
 #     group: wheel
 #   loop:
 #     - /foo/bar
 # - name: Install scripts
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ item.dest }}"
 #     mode: 0755
 #     owner: root
 #     group: wheel
 #   loop:
 #     - src: foo.bash
 #       dest: /usr/local/bin/foo
 # - name: Install Configuration
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ item.dest }}"
 #     mode: 0600
 #     owner: root
 #     group: wheel
 #   loop:
 #     - src: foo.conf
 #       dest: /usr/local/etc/foo.conf
 # - name: Clone Source
 #   git:
 #     repo: "https://foo.bar/baz.git"
 #     dest: /foo/bar
 #     version: "v1.0.2"
 #     force: true
 #   diff: false
 - import_tasks: tasks/freebsd.yaml
  when: 'os_flavor == "freebsd"'
--- a/ansible/roles/blank/tasks/linux.yaml
+++ b/ansible/roles/blank/tasks/linux.yaml
@@ -13,7 +13,7 @@
 #     name: []
 #     state: present
 #     update_cache: true
-    
+
 # - name: Install packages
 #   package:
 #     name:
--- a/ansible/roles/build/defaults/main.yaml
+++ b/ansible/roles/build/defaults/main.yaml
@@ -1 +0,0 @@
 freebsd_version: "releng/13.2"
--- a/ansible/roles/build/files/CUSTOM
+++ b/ansible/roles/build/files/CUSTOM
@@ -1,6 +0,0 @@
 include GENERIC-NODEBUG
 # Disable Intel SD/MMC controller for reading eMMC
 nodevice sdhci
 ident   CUSTOM
--- a/ansible/roles/build/files/aurutils-nuke
+++ b/ansible/roles/build/files/aurutils-nuke
@@ -0,0 +1,12 @@
 #!/usr/bin/env bash
 #
 # If something is very wrong in pacman, this removes the keyring and the entire custom repo, then sets up pacman's keyring again. Running the ansible playbook is necessary to get the custom repo added.
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 doas rm -rf /var/cache/pacman/custom/ /etc/pacman.d/conf.d/aurutils.conf
 doas rm -rf /etc/pacman.d/gnupg
 doas pacman-key --init
 doas pacman-key --populate archlinux
 doas pacman -S archlinux-keyring
--- a/ansible/roles/build/files/freebsd_update_step1
+++ b/ansible/roles/build/files/freebsd_update_step1
@@ -1,20 +0,0 @@
 #!/usr/bin/env bash
 #
 # Build and installs whatever is in /usr/src. Run step 1, reboot, then step 2.
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cores=$(sysctl -n hw.ncpu)
 if sudo etcupdate status | grep -qE '^  C '; then
    >&2 echo 'Conflicts remain in etcupdate. Run `etcupdate resolve` to fix them first.'
    exit 1
 fi
 cd /usr/src
 make -j "$cores" clean
 make -j "$cores" buildworld buildkernel
 sudo make installkernel
 echo "FreeBSD update step 1 done. Please reboot."
--- a/ansible/roles/build/files/freebsd_update_step2
+++ b/ansible/roles/build/files/freebsd_update_step2
@@ -1,19 +0,0 @@
 #!/usr/bin/env bash
 #
 # Build and installs whatever is in /usr/src. Run step 1, reboot, then step 2.
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 sudo etcupdate -p
 cd /usr/src
 sudo make installworld
 sudo etcupdate -B
 if sudo etcupdate status | grep -qE '^  C '; then
    >&2 echo 'Conflicts in etcupdate. Run `etcupdate resolve` to fix them first.'
    exit 1
 fi
 echo "FreeBSD update step 2 done. Please reboot."
--- a/ansible/roles/build/files/gpg.asc
+++ b/ansible/roles/build/files/gpg.asc
@@ -1,34 +1,27 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
-0H+RsWG0HVRvbSBBbGV4YW5kZXIgPHRvbUBmaXp6LmJ1eno+iJAEExYIADgWIQS4
+0H+RsWG0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE
-SBWTY8KHeReVS+En3kDZuEVcGwUCXZwWGgIbAwULCQgHAgYVCAkKCwIEFgIDAQIe
+uEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwEC
-AQIXgAAKCRAn3kDZuEVcG9glAQDX3Bzaz9sQpycc40LeLxSKQsWplfJigfr8wWOg
+HgECF4AACgkQJ95A2bhFXBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0C
-C15TywEAqkTtCrTNsltdZERLMre7qnv/6RSo54OW0C4pdN7UUAa0HlRvbSBBbGV4
+uU4m1/MA+gPDKME7syEtJsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB1Ub20gQWxl
-YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A
+eGFuZGVyIDx0b21AZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A
-2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhF
+2bhFXBsFAl2cFhoCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQJ95A2bhF
-XBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0CuU4m1/MA+gPDKME7syEt
+XBvYJQEA19wc2s/bEKcnHONC3i8UikLFqZXyYoH6/MFjoAteU8sBAKpE7Qq0zbJb
-JsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB9Ub20gQWxleGFuZGVyIDx0b21AaGFy
+XWRESzK3u6p7/+kUqOeDltAuKXTe1FAGuDMEXZwWyhYJKwYBBAHaRw8BAQdAPyIL
-bW9uaWMuYWk+iJAEExYIADgWIQS4SBWTY8KHeReVS+En3kDZuEVcGwUCX7D5RAIb
+4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI9QQYFggAJgIbAhYhBLhIFZNj
-AwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAn3kDZuEVcGzjDAP9pM1ScstOk
+wod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2IAQZFggAHRYhBIHmRDmWdVAu
-ti+oRAsNSk8qsjIsCT9O5voDS0Q7plWlcwD/btKVFO9tPLsXhyvdB+NSwueVs7TA
+sSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7ejJ4A/iq7N2mMhx+ovOXm1REo
-kRVjlW3hktpefg24OARdnBYaEgorBgEEAZdVAQUBAQdArbTYQgDBMG7EBFTKA6+f
+ASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZLuka/KVB/etkkJvDzvaTtiQQ
-4CWgwl26Lf2b6cyCGfUw2j4DAQgHiHgEGBYIACAWIQS4SBWTY8KHeReVS+En3kDZ
+QG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/EZ3/d8wxfA9E3Fb/1mt4c2Zr
-uEVcGwUCXZwWGgIbDAAKCRAn3kDZuEVcG03MAQCrkjrE+MhtvbfGaHGHlwz9QnF0
+NnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/duA4lwsLuDMEXZwXARYJKwYB
-Z519YzK8Xr8m0O+09QEA9BFCfkAzBM4D4JKeWJh/tmN9U6UexzLrRdY+W9cugAm4
+BAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+UiQb8x0k1z2DmTKIfgQYFggA
-MwRdnBbKFgkrBgEEAdpHDwEBB0A/IgvgQaDhPkk72raSlUPLZaMyJfPedlfBhbgY
+JgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdZgAAoJECfeQNm4
-uhNiSIj1BBgWCAAmAhsCFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+hYFCQe4
+RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SBPG4VvrCzXrmlAP46wUjIRpkM
-fcwAgXYgBBkWCAAdFiEEgeZEOZZ1UC6xJRa606F5yaU8Dt4FAl2cFsoACgkQ06F5
+rTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2cFygSCisGAQQBl1UBBQEBB0AO
-yaU8Dt6MngD+Krs3aYyHH6i85ebVESgBI8XeXhgACM4exepw+0UcoYkBAKK4DvV3
+0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWIEgMBCAeIfgQYFggAJgIbDBYh
-oJD6o1ku6Rr8pUH962SQm8PO9pO2JBBAb6ADCRAn3kDZuEVcG9uAAP43vUsbe24/
+BLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdY5AAoJECfeQNm4RVwbXscA
-6tjEezAW0a4L2E1u4HNU8t53lolngs1kswEAy1HBdYEMR9TovX/kMeBHLcz1J2pM
+/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcWd5t8APwIwcuFVZZA3yayhIxi
-VRSV0JnJhj5eZwa4MwRdnBcBFgkrBgEEAdpHDwEBB0BrvpOZa4q6JHVuc1XUVQTq
+3aqYpMRxpn2t6Nswax1MIM8DBQ==
-hDgLwD5SJBvzHSTXPYOZMoh+BBgWCAAmAhsgFiEEuEgVk2PCh3kXlUvhJ95A2bhF
+=dzEV
 XBsFAl+w+hYFCQe4fZUACgkQJ95A2bhFXBs3NgEA3SFYTgRVstidfoEpEZV4DdSL
 kXaOwN3Eyba4UniClyMA/2CCxQt24vu19TyvUtOXWCp9Zi8SyIqoeiXQ4ZmhhnQO
 uDgEXZwXKBIKKwYBBAGXVQEFAQEHQA7S3cFTEu6iROopVyF4UBl3hQrEAbOc9CW+
 xXKFZYgSAwEIB4h+BBgWCAAmAhsMFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w
 +hcFCQe4fW4ACgkQJ95A2bhFXBtUXAEAyEJCUNVSJ7qvQv5IXuwbYTX2Mh7JU3+F
 GJHO7AWBXCQA/2aLAi9kYmz9ba770XYwTeBZIv9Y6UIwIwVmFdYHC/EM
 =a/z4
 -----END PGP PUBLIC KEY BLOCK-----
--- a/ansible/roles/build/files/gpg_work.asc
+++ b/ansible/roles/build/files/gpg_work.asc
@@ -0,0 +1,27 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
 0H+RsWG0LVRob21hcyBBbGV4YW5kZXIgPFRob21hc0EuQWxleGFuZGVyQGhtaG4u
 b3JnPoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAmULicsCGwMFCwkI
 BwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhFXBsUtQD9GWPdWc/nSmO0Gp7p
 DzxrieliriAnO+ZCHp31mFbMtToBAPxPYN9y4kgSiXhLiFLoRK5k5FCspksTSitg
 0CbXDE4LuDgEXZwWGhIKKwYBBAGXVQEFAQEHQK202EIAwTBuxARUygOvn+AloMJd
 ui39m+nMghn1MNo+AwEIB4h4BBgWCAAgFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsF
 Al2cFhoCGwwACgkQJ95A2bhFXBtNzAEAq5I6xPjIbb23xmhxh5cM/UJxdGedfWMy
 vF6/JtDvtPUBAPQRQn5AMwTOA+CSnliYf7ZjfVOlHscy60XWPlvXLoAJuDMEXZwW
 yhYJKwYBBAHaRw8BAQdAPyIL4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI
 9QQYFggAJgIbAhYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2
 IAQZFggAHRYhBIHmRDmWdVAusSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7e
 jJ4A/iq7N2mMhx+ovOXm1REoASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZ
 Luka/KVB/etkkJvDzvaTtiQQQG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/
 EZ3/d8wxfA9E3Fb/1mt4c2ZrNnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/
 duA4lwsLuDMEXZwXARYJKwYBBAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+
 UiQb8x0k1z2DmTKIfgQYFggAJgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJl
 C4ZwBQkLMdZgAAoJECfeQNm4RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SB
 PG4VvrCzXrmlAP46wUjIRpkMrTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2c
 FygSCisGAQQBl1UBBQEBB0AO0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWI
 EgMBCAeIfgQYFggAJgIbDBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkL
 MdY5AAoJECfeQNm4RVwbXscA/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcW
 d5t8APwIwcuFVZZA3yayhIxi3aqYpMRxpn2t6Nswax1MIM8DBQ==
 =0HtE
 -----END PGP PUBLIC KEY BLOCK-----
--- a/ansible/roles/build/files/make.conf
+++ b/ansible/roles/build/files/make.conf
@@ -1,3 +0,0 @@
 KERNCONF=CUSTOM
 BUILD_STATIC=YES
--- a/ansible/roles/build/files/pacman-x86_64.conf
+++ b/ansible/roles/build/files/pacman-x86_64.conf
@@ -31,10 +31,11 @@ Architecture = auto
 # Misc options
 #UseSyslog
 #Color
-#TotalDownload
+NoProgressBar
 # We cannot check disk space from within a chroot environment
 #CheckSpace
-#VerbosePkgLists
+VerbosePkgLists
 ParallelDownloads = 5
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
@@ -69,32 +70,24 @@ LocalFileSigLevel = Optional
 # repo name header and Include lines. You can add preferred servers immediately
 # after the header, and they will be used before the default mirrors.
-#[testing]
+#[core-testing]
 #Include = /etc/pacman.d/mirrorlist
 [core]
 Include = /etc/pacman.d/mirrorlist
 #[extra-testing]
 #Include = /etc/pacman.d/mirrorlist
 [extra]
 Include = /etc/pacman.d/mirrorlist
 #[community-testing]
 #Include = /etc/pacman.d/mirrorlist
 [community]
 Include = /etc/pacman.d/mirrorlist
 # If you want to run 32 bit applications on your x86_64 system,
 # enable the multilib repositories as required here.
 #[multilib-testing]
 #Include = /etc/pacman.d/mirrorlist
 [multilib]
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
 #SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
 [custom]
 SigLevel = Required
 Server = file:///var/cache/pacman/custom
--- a/ansible/roles/build/meta/main.yaml
+++ b/ansible/roles/build/meta/main.yaml
@@ -1,3 +1,5 @@
 dependencies:
-  - users
+  - role: users
-  - gpg
+    when: 'os_flavor == "linux"'
  - role: gpg
    when: 'os_flavor == "linux"'
--- a/ansible/roles/build/tasks/common.yaml
+++ b/ansible/roles/build/tasks/common.yaml
@@ -3,12 +3,3 @@
 - import_tasks: tasks/linux.yaml
  when: 'os_flavor == "linux"'
 - include_tasks:
    file: tasks/peruser.yaml
    apply:
      become: yes
      become_user: "{{ initialize_user }}"
  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
  loop_control:
    loop_var: initialize_user
--- a/ansible/roles/build/tasks/freebsd.yaml
+++ b/ansible/roles/build/tasks/freebsd.yaml
@@ -1,94 +0,0 @@
 - name: Install packages
  package:
    name:
      - git
    state: present
 - name: Create directories
  file:
    name: "{{ item }}"
    state: directory
    mode: 0755
    owner: "{{ build_user.name }}"
    group: "{{ build_user.group }}"
  loop:
    - "/usr/src"
    # - "/usr/ports"
    - "/usr/obj"
 - name: chown the FreeBSD source
  file:
    name: "{{ item }}"
    state: directory
    owner: "{{ build_user.name }}"
    group: "{{ build_user.group }}"
    recurse: true
  loop:
    - "/usr/src"
 - name: Clone FreeBSD Source
  git:
    repo: "https://git.FreeBSD.org/src.git"
    dest: /usr/src
    version: "{{ freebsd_version }}"
    force: true
  become: true
  become_user: "{{ build_user.name }}"
  diff: false
 # - name: Clone Ports Tree
 #   git:
 #     repo: "https://git.FreeBSD.org/ports.git"
 #     dest: /usr/ports
 #     version: "main"
 #     force: true
 #     update: false
 #   become: true
 #   become_user: "{{ build_user.name }}"
 #   diff: false
 - name: Install Configuration
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - src: make.conf
      dest: /etc/make.conf
 - name: Install Configuration
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0644
    owner: "{{ build_user.name }}"
    group: "{{ build_user.group }}"
  loop:
    - src: CUSTOM
      dest: /usr/src/sys/amd64/conf/CUSTOM
 - name: Install Configuration
  template:
    src: "templates/{{ item.src }}.j2"
    dest: "{{ item.dest }}"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - src: src.conf
      dest: /etc/src.conf
 - name: Install scripts
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0700
    owner: "{{ build_user.name }}"
    group: "{{ build_user.group }}"
  loop:
    - src: freebsd_update_step1
      dest: /usr/local/bin/freebsd_update_step1
    - src: freebsd_update_step2
      dest: /usr/local/bin/freebsd_update_step2
--- a/ansible/roles/build/tasks/linux.yaml
+++ b/ansible/roles/build/tasks/linux.yaml
@@ -39,7 +39,7 @@
 - name: Trust my signing key
  command: pacman-key -a -
  args:
-    stdin: "{{ lookup('file', 'gpg.asc') }}"
+    stdin: "{{ lookup('file', pgp_key|default('gpg.asc')) }}"
  when: '"B848159363C2877917954BE127DE40D9B8455C1B" not in pacmankeys.stdout'
  register: my_key_imported
@@ -89,17 +89,25 @@
  loop:
    - src: aurutils.conf
      dest: /etc/pacman.d/conf.d/
-    - src: pacman-custom.conf
+    - src: pacman-x86_64.conf
      dest: /etc/aurutils/
    - src: makepkg.conf # TODO: Is this needed or can I use the default from devtools?
      dest: /etc/aurutils/
 - name: chown the custom package db
  file:
    path: "{{ item }}"
    owner: "{{ build_user.name }}"
    recurse: true
  loop:
    - /var/cache/pacman/custom/
 - name: Create custom repo db
-  command: repo-add --sign /var/cache/pacman/custom/custom.db.tar
+  command: repo-add --new --sign /var/cache/pacman/custom/custom.db.tar "/home/{{ build_user.name }}/.config/ansible_deploy/aurutils/aurutils-*-any.pkg.tar.*"
  become: true
  become_user: "{{ build_user.name }}"
  args:
-    creates: /var/cache/pacman/custom/custom.db.tar
+    creates: /var/cache/pacman/custom/custom.db.tar.sig
 - name: Install scripts
  copy:
@@ -111,6 +119,8 @@
  loop:
    - src: aurutils-purge
      dest: /usr/local/bin/aurutils-purge
    - src: aurutils-nuke
      dest: /usr/local/bin/aurutils-nuke
    - src: aurutils-sync
      dest: /usr/local/bin/aurutils-sync
    - src: aurutils-update-devel-packages
--- a/ansible/roles/build/templates/src.conf.j2
+++ b/ansible/roles/build/templates/src.conf.j2
@@ -1,22 +0,0 @@
 {% if cpu_opt is defined and cpu_opt %}
 CPUTYPE?={{ cpu_opt }}
 {% endif %}
 OPTIMIZED_CFLAGS=YES
 BUILD_OPTIMIZED=YES
 WITH_CPUFLAGS=YES
 WITH_MALLOC_PRODUCTION=YES
 WITHOUT_LLVM_ASSERTIONS=YES
 WITH_REPRODUCIBLE_BUILD=YES
 # Would be fun to experiment with:
 # WITHOUT_SOURCELESS=YES
 # Questionable Optimizations
 WITHOUT_FLOPPY=YES
 WITHOUT_HTML=YES
 WITHOUT_IPFW=YES
 WITHOUT_IPFILTER=YES
 WITHOUT_LLVM_TARGET_ALL=YES
 # Commented out because maybe I want email alerts for failing disks
 # WITHOUT_MAIL=YES
 # WITHOUT_SENDMAIL=YES
--- a/ansible/roles/chromium/files/chromium-flags.conf
+++ b/ansible/roles/chromium/files/chromium-flags.conf
@@ -0,0 +1,2 @@
 --ozone-platform-hint=auto
 --enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE
--- a/ansible/roles/kubernetes/meta/main.yaml
+++ b/ansible/roles/kubernetes/meta/main.yaml
@@ -1,2 +1,2 @@
 dependencies:
-  - build
+  - users
--- a/ansible/roles/chromium/tasks/common.yaml
+++ b/ansible/roles/chromium/tasks/common.yaml
@@ -0,0 +1,55 @@
 # - name: Create directories
 #   file:
 #     name: "{{ item }}"
 #     state: directory
 #     mode: 0755
 #     owner: root
 #     group: wheel
 #   loop:
 #     - /foo/bar
 # - name: Install scripts
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ item.dest }}"
 #     mode: 0755
 #     owner: root
 #     group: wheel
 #   loop:
 #     - src: foo.bash
 #       dest: /usr/local/bin/foo
 # - name: Install Configuration
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ item.dest }}"
 #     mode: 0600
 #     owner: root
 #     group: wheel
 #   loop:
 #     - src: foo.conf
 #       dest: /usr/local/etc/foo.conf
 # - name: Clone Source
 #   git:
 #     repo: "https://foo.bar/baz.git"
 #     dest: /foo/bar
 #     version: "v1.0.2"
 #     force: true
 #   diff: false
 - import_tasks: tasks/freebsd.yaml
  when: 'os_flavor == "freebsd"'
 - import_tasks: tasks/linux.yaml
  when: 'os_flavor == "linux"'
 - include_tasks:
    file: tasks/peruser.yaml
    apply:
      become: yes
      become_user: "{{ initialize_user }}"
  when: users is defined
  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
  loop_control:
    loop_var: initialize_user
--- a/ansible/roles/chromium/tasks/freebsd.yaml
+++ b/ansible/roles/chromium/tasks/freebsd.yaml
@@ -0,0 +1,5 @@
 # - name: Install packages
 #   package:
 #     name:
 #       - foo
 #     state: present
--- a/ansible/roles/chromium/tasks/linux.yaml
+++ b/ansible/roles/chromium/tasks/linux.yaml
@@ -0,0 +1,7 @@
 # Check chrome://gpu/ to confirm hardware video decoding and vulkan rendering is working.
 - name: Install packages
  package:
    name:
      - chromium
    state: present
--- a/ansible/roles/chromium/tasks/main.yaml
+++ b/ansible/roles/chromium/tasks/main.yaml
@@ -0,0 +1,2 @@
 - import_tasks: tasks/common.yaml
  when: install_graphics
--- a/ansible/roles/chromium/tasks/peruser.yaml
+++ b/ansible/roles/chromium/tasks/peruser.yaml
--- a/ansible/roles/chromium/tasks/peruser_freebsd.yaml
+++ b/ansible/roles/chromium/tasks/peruser_freebsd.yaml
--- a/ansible/roles/chromium/tasks/peruser_linux.yaml
+++ b/ansible/roles/chromium/tasks/peruser_linux.yaml
@@ -0,0 +1,10 @@
 - name: Copy files
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
    mode: 0600
    owner: "{{ account_name.stdout }}"
    group: "{{ group_name.stdout }}"
  loop:
    - src: chromium-flags.conf
      dest: .config/chromium-flags.conf
--- a/ansible/roles/cpu/files/cpu_set_perf_perc_freebsd
+++ b/ansible/roles/cpu/files/cpu_set_perf_perc_freebsd
@@ -7,6 +7,12 @@ IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 perc=$1
 if [ "$perc" -gt 100 ]; then
    perc=100
 fi
 if [ "$perc" -lt 0 ]; then
    perc=0
 fi
 epp=$((100 - perc))
 sysctl -N dev.hwpstate_intel | grep -E 'dev.hwpstate_intel.[0-9]+.epp' | while read var; do
--- a/ansible/roles/cpu/files/cpu_set_perf_perc_linux
+++ b/ansible/roles/cpu/files/cpu_set_perf_perc_linux
@@ -1,15 +0,0 @@
 #!/usr/bin/env bash
 #
 # Tell speedshift whether to maximize CPU performance (100) or energy
 # efficiency (0).
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 perc=$1
 if [ $perc -lt 50 ]; then
    echo "power" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
 else
    echo "performance" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
 fi
--- a/ansible/roles/cpu/files/cpu_set_perf_perc_linux_amd
+++ b/ansible/roles/cpu/files/cpu_set_perf_perc_linux_amd
@@ -0,0 +1,29 @@
 #!/usr/bin/env bash
 #
 # Tell hardware p-states whether to maximize CPU performance (100) or
 # energy efficiency (0).
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 perc=$1
 if [ "$perc" -gt 80 ]; then
    echo performance | tee /sys/firmware/acpi/platform_profile
 elif [ "$perc" -ge 20 ]; then
    echo balanced | tee /sys/firmware/acpi/platform_profile
 else
    echo low-power | tee /sys/firmware/acpi/platform_profile
 fi
 if [ "$perc" -ge 80 ]; then
    echo "performance" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
 elif [ "$perc" -ge 60 ]; then
    echo "balance_performance" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
 elif [ "$perc" -ge 40 ]; then
    echo "default" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
 elif [ "$perc" -ge 20 ]; then
    echo "balance_power" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
 else
    echo "power" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
 fi
--- a/ansible/roles/cpu/files/cpu_set_perf_perc_linux_intel
+++ b/ansible/roles/cpu/files/cpu_set_perf_perc_linux_intel
@@ -0,0 +1,27 @@
 #!/usr/bin/env bash
 #
 # Tell speedshift whether to maximize CPU performance (100) or energy
 # efficiency (0). If set to 101 this will enable turboboost.
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 perc=$1
 if [ "$perc" -gt 100 ]; then
    echo 0 | tee /sys/devices/system/cpu/intel_pstate/no_turbo
 else
    echo 1 | tee /sys/devices/system/cpu/intel_pstate/no_turbo
 fi
 if [ "$perc" -ge 80 ]; then
    echo "performance" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
 elif [ "$perc" -ge 60 ]; then
    echo "balance_performance" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
 elif [ "$perc" -ge 40 ]; then
    echo "default" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
 elif [ "$perc" -ge 20 ]; then
    echo "balance_power" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
 else
    echo "power" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
 fi
--- a/ansible/roles/cpu/files/intel_microcode_loader.conf
+++ b/ansible/roles/cpu/files/intel_microcode_loader.conf
@@ -0,0 +1,6 @@
 # Load Intel microcode at boot before the kernel does feature detection.
 #
 # The alternative would have been /etc/rc.conf with:
 #   microcode_update_enable="YES"
 cpu_microcode_load="YES"
 cpu_microcode_name="/boot/firmware/intel-ucode.bin"
--- a/ansible/roles/cpu/files/per_core_hwpstate_loader.conf
+++ b/ansible/roles/cpu/files/per_core_hwpstate_loader.conf
--- a/ansible/roles/cpu/files/platform_profile_tmpfiles.conf
+++ b/ansible/roles/cpu/files/platform_profile_tmpfiles.conf
@@ -0,0 +1,2 @@
 # Favor energy efficiency for platform profile (EC / system, not CPU)
 w- /sys/firmware/acpi/platform_profile - - - - low-power
--- a/ansible/roles/cpu/tasks/freebsd_amd.yaml
+++ b/ansible/roles/cpu/tasks/freebsd_amd.yaml
@@ -27,3 +27,14 @@
    group: wheel
  loop:
    - aesni
 - name: Install loader.conf
  when: hwpstate is defined and hwpstate
  copy:
    src: "files/{{ item }}_loader.conf"
    dest: "/boot/loader.conf.d/{{ item }}.conf"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - per_core_hwpstate
--- a/ansible/roles/cpu/tasks/freebsd_intel.yaml
+++ b/ansible/roles/cpu/tasks/freebsd_intel.yaml
@@ -3,6 +3,7 @@
    name:
      - lscpu # need to kldload cpuctl
      - powermon # need to kldload cpuctl
      - cpu-microcode-intel
    state: present
 - name: Install loader.conf
@@ -16,6 +17,7 @@
    - coretemp
    - cpuctl
    - aesni
    - intel_microcode
 - name: Install service configuration
  copy:
@@ -76,4 +78,4 @@
    owner: root
    group: wheel
  loop:
-    - percorespeedshift
+    - per_core_hwpstate
--- a/ansible/roles/cpu/tasks/linux_amd.yaml
+++ b/ansible/roles/cpu/tasks/linux_amd.yaml
@@ -0,0 +1,40 @@
 - name: Install packages
  package:
    name:
      - powertop
    state: present
 - name: Favor energy efficiency for hardware p-states
  when: hwpstate is defined and hwpstate and cores is defined
  template:
    src: "templates/{{ item.src }}.j2"
    dest: "{{ item.dest }}"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - src: energy_performance_preference.conf
      dest: /etc/tmpfiles.d/energy_performance_preference.conf
 - name: Install tmpfiles.d configuration
  when: hwpstate is defined and hwpstate and cores is defined
  copy:
    src: "files/{{ item }}_tmpfiles.conf"
    dest: "/etc/tmpfiles.d/{{ item }}.conf"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - platform_profile
 - name: Install scripts
  when: hwpstate is defined and hwpstate
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0755
    owner: root
    group: wheel
  loop:
    - src: cpu_set_perf_perc_linux_amd
      dest: /usr/local/bin/cpu_set_perf_perc
--- a/ansible/roles/cpu/tasks/linux_intel.yaml
+++ b/ansible/roles/cpu/tasks/linux_intel.yaml
@@ -19,7 +19,7 @@
  template:
    src: "templates/{{ item.src }}.j2"
    dest: "{{ item.dest }}"
-    mode: 0755
+    mode: 0644
    owner: root
    group: wheel
  loop:
@@ -35,5 +35,5 @@
    owner: root
    group: wheel
  loop:
-    - src: cpu_set_perf_perc_linux
+    - src: cpu_set_perf_perc_linux_intel
      dest: /usr/local/bin/cpu_set_perf_perc
--- a/ansible/roles/cpu/templates/energy_performance_preference.conf.j2
+++ b/ansible/roles/cpu/templates/energy_performance_preference.conf.j2
@@ -1,4 +1,4 @@
-# Favor energy efficiency for Speed Shift
+# Favor energy efficiency for hardware p-states
 {% for core in range(0, cores, 1) %}
 w- /sys/devices/system/cpu/cpufreq/policy{{core}}/energy_performance_preference - - - - power
 {% endfor %}
--- a/ansible/roles/devfs/files/homeserver_devfs.rules
+++ b/ansible/roles/devfs/files/homeserver_devfs.rules
@@ -0,0 +1,25 @@
 # [localrules=10]
 # add path 'input/*' mode 0660 group video
 # add path 'usb/*' mode 0660 group usb
 [tajailwg=13]
 add include $devfsrules_hide_all
 add include $devfsrules_unhide_basic
 add include $devfsrules_unhide_login
 add path 'bpf*' unhide
 add path pf unhide
 add path pflog unhide
 add path pfsynv unhide
 add path 'tun*' unhide
 [tajaildhcp=14]
 add include $devfsrules_hide_all
 add include $devfsrules_unhide_basic
 add include $devfsrules_unhide_login
 add path 'bpf*' unhide
 [tajailrand=15]
 add include $devfsrules_hide_all
 add include $devfsrules_unhide_basic
 add include $devfsrules_unhide_login
 add path urandom unhide
--- a/ansible/roles/docker/tasks/linux.yaml
+++ b/ansible/roles/docker/tasks/linux.yaml
@@ -2,6 +2,8 @@
  package:
    name:
      - docker
      - docker-compose
      - docker-buildx
    state: present
 - name: Create docker zfs dataset
--- a/ansible/roles/dummynet/files/dnctl.conf
+++ b/ansible/roles/dummynet/files/dnctl.conf
@@ -0,0 +1,2 @@
 pipe 1 config bw 100KByte/s
 pipe 2 config
--- a/ansible/roles/dummynet/files/dummynet
+++ b/ansible/roles/dummynet/files/dummynet
@@ -0,0 +1,28 @@
 #!/bin/sh
 #
 #
 # PROVIDE: dummynet
 # BEFORE: pf ipfw
 # KEYWORD: nojailvnet
 . /etc/rc.subr
 name="dummynet"
 desc="Dummynet packet queuing and scheduling"
 rcvar="${name}_enable"
 load_rc_config $name
 start_cmd="${name}_start"
 required_files="$dummynet_rules"
 required_modules="dummynet"
 dummynet_start()
 {
 	startmsg -n "Enabling ${name}"
        cat "$dnctl_rules" | while read l; do
          dnctl $l
        done
 	startmsg '.'
 }
 run_rc_command $*
--- a/ansible/roles/dummynet/files/dummynet_rc.conf
+++ b/ansible/roles/dummynet/files/dummynet_rc.conf
@@ -0,0 +1,2 @@
 dummynet_enable="YES"
 dummynet_rules="/etc/dnctl.conf"
--- a/ansible/roles/dummynet/tasks/common.yaml
+++ b/ansible/roles/dummynet/tasks/common.yaml
@@ -0,0 +1,55 @@
 # - name: Create directories
 #   file:
 #     name: "{{ item }}"
 #     state: directory
 #     mode: 0755
 #     owner: root
 #     group: wheel
 #   loop:
 #     - /foo/bar
 # - name: Install scripts
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ item.dest }}"
 #     mode: 0755
 #     owner: root
 #     group: wheel
 #   loop:
 #     - src: foo.bash
 #       dest: /usr/local/bin/foo
 # - name: Install Configuration
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ item.dest }}"
 #     mode: 0600
 #     owner: root
 #     group: wheel
 #   loop:
 #     - src: foo.conf
 #       dest: /usr/local/etc/foo.conf
 # - name: Clone Source
 #   git:
 #     repo: "https://foo.bar/baz.git"
 #     dest: /foo/bar
 #     version: "v1.0.2"
 #     force: true
 #   diff: false
 - import_tasks: tasks/freebsd.yaml
  when: 'os_flavor == "freebsd"'
 - import_tasks: tasks/linux.yaml
  when: 'os_flavor == "linux"'
 - include_tasks:
    file: tasks/peruser.yaml
    apply:
      become: yes
      become_user: "{{ initialize_user }}"
  when: users is defined
  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
  loop_control:
    loop_var: initialize_user
--- a/ansible/roles/dummynet/tasks/freebsd.yaml
+++ b/ansible/roles/dummynet/tasks/freebsd.yaml
@@ -0,0 +1,30 @@
 - name: Install Configuration
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0600
    owner: root
    group: wheel
  loop:
    - src: "{{ dummynet_config }}"
      dest: /etc/dnctl.conf
 - name: Install rc script
  copy:
    src: "files/{{ item.src }}"
    dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}"
    owner: root
    group: wheel
    mode: 0755
  loop:
    - src: dummynet
 - name: Install service configuration
  copy:
    src: "files/{{ item }}_rc.conf"
    dest: "/etc/rc.conf.d/{{ item }}"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - dummynet
--- a/ansible/roles/dummynet/tasks/linux.yaml
+++ b/ansible/roles/dummynet/tasks/linux.yaml
@@ -0,0 +1,29 @@
 # - name: Build aur packages
 #   register: buildaur
 #   become_user: "{{ build_user.name }}"
 #   command: "aurutils-sync --no-view {{ item }}"
 #   args:
 #     creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
 #   loop:
 #     - foo
 # - name: Update cache
 #   when: buildaur.changed
 #   pacman:
 #     name: []
 #     state: present
 #     update_cache: true
 # - name: Install packages
 #   package:
 #     name:
 #       - foo
 #     state: present
 # - name: Enable services
 #   systemd:
 #     enabled: yes
 #     name: "{{ item }}"
 #     daemon_reload: yes
 #   loop:
 #     - foo.service
--- a/ansible/roles/dummynet/tasks/main.yaml
+++ b/ansible/roles/dummynet/tasks/main.yaml
@@ -0,0 +1,2 @@
 - import_tasks: tasks/common.yaml
  when: (dummynet_config is defined and os_flavor == "freebsd") or (os_flavor == "linux")
--- a/ansible/roles/dummynet/tasks/peruser.yaml
+++ b/ansible/roles/dummynet/tasks/peruser.yaml
--- a/ansible/roles/dummynet/tasks/peruser_freebsd.yaml
+++ b/ansible/roles/dummynet/tasks/peruser_freebsd.yaml
--- a/ansible/roles/dummynet/tasks/peruser_linux.yaml
+++ b/ansible/roles/dummynet/tasks/peruser_linux.yaml
--- a/ansible/roles/emacs/defaults/main.yaml
+++ b/ansible/roles/emacs/defaults/main.yaml
@@ -0,0 +1 @@
 emacs_flavor: "plain" # or full for systems where I do real development.
--- a/ansible/roles/emacs/files/base.el
+++ b/ansible/roles/emacs/files/base.el
@@ -1,106 +0,0 @@
 (package-initialize)
 (add-to-list 'package-archives
             '("melpa" . "https://melpa.org/packages/")
             )
 (when (not package-archive-contents)
  (package-refresh-contents))
 (unless (package-installed-p 'use-package)
  (package-install 'use-package))
 (use-package auto-package-update
   :ensure t
   :config
   (setq auto-package-update-delete-old-versions t
         auto-package-update-interval 14)
   (auto-package-update-maybe))
 (defconst private-dir  (expand-file-name "private" user-emacs-directory))
 (defconst temp-dir (format "%s/cache" private-dir)
  "Hostname-based elisp temp directories")
 ;; Emacs customizations
 (setq-default
 inhibit-startup-screen              t
 initial-scratch-message             nil
 ;; Send prompts to mini-buffer not the GUI
 use-dialog-box                      nil
 confirm-nonexistent-file-or-buffer  t
 save-interprogram-paste-before-kill t
 mouse-yank-at-point                 t
 require-final-newline               t
 visible-bell                        nil
 ring-bell-function                  'ignore
 custom-file                         "~/.emacs.d/.custom.el"
 ;; http://ergoemacs.org/emacs/emacs_stop_cursor_enter_prompt.html
 minibuffer-prompt-properties
 '(read-only t point-entered minibuffer-avoid-prompt face minibuffer-prompt)
 ;; Disable non selected window highlight
 cursor-in-non-selected-windows     nil
 highlight-nonselected-windows      nil
 ;; PATH
 exec-path                          (append exec-path '("/usr/local/bin/"))
 indent-tabs-mode                   nil
 tab-width                          4
 inhibit-startup-message            t
 fringes-outside-margins            t
 x-select-enable-clipboard          t
 use-package-always-ensure          t
 ispell-program-name                "aspell"
 browse-url-browser-function        'browse-url-generic
 browse-url-generic-program         "firefox-developer-edition"
 frame-title-format                 '("" invocation-name ": "(:eval (if (buffer-file-name)
                                                                        (abbreviate-file-name (buffer-file-name))
                                                                      "%b")))
 ;; mouse-wheel-progressive-speed      nil ;; Don't accelerate mouse wheel
 ;; mouse-wheel-scroll-amount '(5 ((shift) . 3))
 use-short-answers                  t
 package-native-compile             t
 delete-selection-mode              t
 )
 (defun assert-directory (p)
  (unless (file-exists-p p) (make-directory p t))
  p
  )
 (assert-directory (concat temp-dir "/auto-save-list/"))
 (setq autoload-directory (concat user-emacs-directory (file-name-as-directory "elisp") (file-name-as-directory "autoload")))
 (add-to-list 'load-path (assert-directory autoload-directory))
 ;; Bookmarks
 (setq
 ;; persistent bookmarks
 bookmark-save-flag                      t
 bookmark-default-file              (concat temp-dir "/bookmarks"))
 ;; Backups enabled, use nil to disable
 (setq
 history-length                     1000
 backup-inhibited                   nil
 make-backup-files                  nil
 auto-save-default                  nil
 auto-save-list-file-name           (concat temp-dir "/autosave")
 create-lockfiles                   nil
 backup-directory-alist            `((".*" . ,(concat temp-dir "/backup/")))
 auto-save-file-name-transforms    `((".*" ,(concat temp-dir "/auto-save-list/") t)))
 ;; Disable toolbar & menubar
 (menu-bar-mode -1)
 (when (fboundp 'tool-bar-mode)
  (tool-bar-mode -1))
 (when (  fboundp 'scroll-bar-mode)
  (scroll-bar-mode -1))
 (context-menu-mode +1)
 ;; Delete trailing whitespace before save
 (add-hook 'before-save-hook 'delete-trailing-whitespace)
 (use-package diminish)
 (provide 'base)
 ;;; base ends here
--- a/ansible/roles/emacs/files/common-lsp.el
+++ b/ansible/roles/emacs/files/common-lsp.el
@@ -1,41 +0,0 @@
 (use-package eglot
  :commands (eglot eglot-ensure)
  :bind (:map eglot-mode-map
              ;; M-.
              ;; ([remap xref-find-definitions] . lsp-ui-peek-find-definitions)
              ;; M-?
              ;; ([remap xref-find-references] . lsp-ui-peek-find-references)
              ("C-c C-a" . eglot-code-actions)
              )
  :hook (
         (eglot-managed-mode . (lambda ()
                                 (when (eglot-managed-p)
                                   (corfu-mode +1)
                                   )
                                 ))
         )
  :config
  ;; Increase garbage collection threshold for performance (default 800000)
  (setq gc-cons-threshold 100000000)
  ;; Increase amount of data read from processes, default 4k
  (when (>= emacs-major-version 27)
    (setq read-process-output-max (* 1024 1024)) ;; 1mb
    )
  (set-face-attribute 'eglot-highlight-symbol-face nil :background "#0291a1" :foreground "black")
  (set-face-attribute 'eglot-mode-line nil :inherit 'mode-line :bold nil)
  (use-package consult-eglot
    :bind (
           :map eglot-mode-map
           ;; C-M-.
           ([remap xref-find-apropos] . #'consult-eglot-symbols)
           )
    )
  :custom
  (eglot-autoshutdown t "Shut down server when last buffer is killed.")
  (eglot-sync-connect 0 "Don't block on language server starting.")
  )
 (provide 'common-lsp)
--- a/ansible/roles/emacs/files/early-init.el
+++ b/ansible/roles/emacs/files/early-init.el
@@ -0,0 +1,25 @@
 (setq gc-cons-threshold (* 128 1024 1024)) ;; 128MiB Increase garbage collection threshold for performance (default 800000)
 ;; Increase amount of data read from processes, default 4k
 (when (version<= "27.0" emacs-version)
  (setq read-process-output-max (* 10 1024 1024)) ;; 10MiB
  )
 ;; Suppress warnings
 (setq byte-compile-warnings '(not obsolete))
 (setq warning-suppress-log-types '((comp) (bytecomp)))
 (setq native-comp-async-report-warnings-errors 'silent)
 ;; Set up default visual settings
 (setq frame-resize-pixelwise t)
 ;; Disable toolbar & menubar
 (menu-bar-mode -1)
 (when (fboundp 'tool-bar-mode)
  (tool-bar-mode -1))
 (when (display-graphic-p)
  (context-menu-mode +1))
 (setq default-frame-alist '((fullscreen . maximized)
                            (vertical-scroll-bars . nil)
                            (horizontal-scroll-bars . nil)
                            ;; Set dark colors in early-init to prevent flashes of white.
                            (background-color . "#000000")))
--- a/ansible/roles/emacs/files/elisp/base-extensions.el
+++ b/ansible/roles/emacs/files/elisp/base-extensions.el
@@ -1,5 +1,7 @@
 (use-package diminish)
 ;; Eglot recommends pulling the latest of the standard libraries it
-;; uses from ELPA if you're not tracking the current emacs development
+;; uses from ELPA if you're not tracking the current.config/emacsevelopment
 ;; branch.
 (use-package xref
  :pin gnu
@@ -27,24 +29,23 @@
  :config
  (dashboard-setup-startup-hook))
 (use-package ediff
  :config
  (setq ediff-window-setup-function 'ediff-setup-windows-plain)
  (setq-default ediff-highlight-all-diffs 'nil)
  (setq ediff-diff-options "-w"))
 (when (version<= "26.0.50" emacs-version )
  (add-hook 'prog-mode-hook 'display-line-numbers-mode)
  (add-hook 'prog-mode-hook 'column-number-mode)
  )
-(use-package page-break-lines)
+;; Display a horizontal line instead of ^L for page break characters
 (use-package page-break-lines
  :diminish
  :config
  (global-page-break-lines-mode +1)
  )
 (use-package recentf
  ;; This is an emacs built-in but we're pulling the latest version
  :config
  (setq recentf-max-saved-items 100)
-  (setq recentf-save-file (recentf-expand-file-name "~/.emacs.d/private/cache/recentf"))
+  (setq recentf-save-file (recentf-expand-file-name "~/.config/emacs/private/cache/recentf"))
  (recentf-mode 1))
 ;; Persist history over Emacs restarts. Vertico sorts by history position.
@@ -64,9 +65,10 @@
 (setq tramp-default-method "ssh")
 (use-package dockerfile-mode)
 (use-package nginx-mode
  :mode (
         ("headers\\.include\\'" . nginx-mode)
         )
  :config
  (setq nginx-indent-level 4))
--- a/ansible/roles/emacs/files/elisp/base-functions.el
+++ b/ansible/roles/emacs/files/elisp/base-functions.el
@@ -53,7 +53,15 @@
  (let ((load-it (lambda (f)
                   (load-file (concat (file-name-as-directory dir) f)))
                 ))
-       (mapc load-it (directory-files dir nil "\\.el$"))))
+    (mapc load-it (directory-files dir nil "\\.el$"))))
 (defun generate-vc-link ()
  (interactive)
  (or
   (generate-github-link)
   (generate-source-hut-link)
   )
  )
 (defun generate-github-link ()
  "Generate a permalink to the current line."
@@ -69,10 +77,37 @@
           (let* (
                 (gh-org (match-string 2 repository-url))
                 (gh-repo (match-string 3 repository-url))
-                 (full-url (format "https://github.com/%s/%s/blob/%s/%s#L%s" gh-org gh-repo current-rev relative-path line-number))
+                 (full-url (format "https://github.com/%s/%s/blob/%s/%s?plain=1#L%s" gh-org gh-repo current-rev relative-path line-number))
                 )
             (message "%s" full-url)
             (kill-new full-url)
             t
             )
           )
      )
    )
  )
 (defun generate-source-hut-link ()
  "Generate a permalink to the current line."
  (interactive)
  (let (
        (current-rev (vc-working-revision buffer-file-name))
        (line-number (line-number-at-pos))
        (repository-url (vc-git-repository-url buffer-file-name))
        (relative-path (file-relative-name buffer-file-name (vc-root-dir)))
        )
    (message "Using repo url %s" repository-url)
    (save-match-data
      (and (string-match "https://git.sr.ht/\\([^/]+\\)/\\([^/]+\\)" repository-url)
           (let* (
                 (sh-org (match-string 1 repository-url))
                 (sh-repo (match-string 2 repository-url))
                 (full-url (format "https://git.sr.ht/%s/%s/tree/%s/%s#L%s" sh-org sh-repo current-rev relative-path line-number))
                 )
             (message "%s" full-url)
             (kill-new full-url)
             t
             )
           )
      )
--- a/Show More
+++ b/Show More
`@@ -1,2 +1,2 @@`
	`[headless]`	`[headless]`
	`homeserver ansible_user=talexander ansible_host=10.216.1.1`	`homeserver ansible_user=talexander ansible_host=homeserver`
`@@ -1,2 +1 @@`
	`bhyve_mountpoint: "/vm"`	`bhyve_mountpoint: "/vm"`
	`bhyve_list: []`
		`@@ -0,0 +1,2 @@`
							`--ozone-platform-hint=auto`
							`--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE`
`@@ -1,2 +1,2 @@`
	`dependencies:`	`dependencies:`
	`- build`	`- users`
		`@@ -0,0 +1,2 @@`
							`- import_tasks: tasks/common.yaml`
							`when: install_graphics`
		`@@ -0,0 +1,2 @@`
							`# Favor energy efficiency for platform profile (EC / system, not CPU)`
							`w- /sys/firmware/acpi/platform_profile - - - - low-power`
		`@@ -0,0 +1,2 @@`
							`pipe 1 config bw 100KByte/s`
							`pipe 2 config`
		`@@ -0,0 +1,2 @@`
							`dummynet_enable="YES"`
							`dummynet_rules="/etc/dnctl.conf"`
		`@@ -0,0 +1,2 @@`
							`- import_tasks: tasks/common.yaml`
							`when: (dummynet_config is defined and os_flavor == "freebsd") or (os_flavor == "linux")`
		`@@ -0,0 +1 @@`
							`emacs_flavor: "plain" # or full for systems where I do real development.`