talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:8e5034a39358feadf5fc65d7047eed4cbaf61445
Branches Tags
talexander:main
talexander:nix
talexander:install_files_mixin
talexander:starship
talexander:pixelbook
..
compare: talexander:20768edcf69eddae5cf65e30a0bde869f9ddd19b
Branches Tags
talexander:nix
talexander:install_files_mixin
talexander:main
talexander:starship
talexander:pixelbook

No commits in common. "8e5034a39358feadf5fc65d7047eed4cbaf61445" and "20768edcf69eddae5cf65e30a0bde869f9ddd19b" have entirely different histories.
8e5034a393 ... 20768edcf6

60 changed files with 131 additions and 1265 deletions
Show Stats Expand all files Collapse all files

4
ansible/environments/home/host_vars/homeserver
View File

@ -67,9 +67,6 @@ jail_list:
- name: certificate - name: certificate
conf: conf:
src: certificate src: certificate
- name: momlaptop
conf:
src: momlaptop
# - name: mumble # - name: mumble
# conf: # conf:
# src: mumble # src: mumble
@ -77,6 +74,7 @@ jail_list:
# - name: mumbledb # - name: mumbledb
# mount: /var/db/murmur # mount: /var/db/murmur
bhyve_dataset: zmass/encrypted/vm bhyve_dataset: zmass/encrypted/vm
bhyve_list: []
bhyve_canmount: "on" bhyve_canmount: "on"
bhyve_bemount: "on" bhyve_bemount: "on"
wireguard_directory: homeserver wireguard_directory: homeserver

1
ansible/environments/jail/host_vars/momlaptop
View File

@ -1 +0,0 @@
os_flavor: freebsd

1
ansible/environments/jail/hosts
View File

@ -8,4 +8,3 @@ public_dns ansible_ssh_host=public_dns@10.217.2.1 ansible_connection=sshjail
sftp ansible_ssh_host=sftp@homeserver ansible_connection=sshjail sftp ansible_ssh_host=sftp@homeserver ansible_connection=sshjail
bastion ansible_ssh_host=bastion@homeserver ansible_connection=sshjail bastion ansible_ssh_host=bastion@homeserver ansible_connection=sshjail
certificate ansible_ssh_host=certificate@homeserver ansible_connection=sshjail certificate ansible_ssh_host=certificate@homeserver ansible_connection=sshjail
momlaptop ansible_ssh_host=momlaptop@homeserver ansible_connection=sshjail

2
ansible/environments/laptop/host_vars/odofreebsd
View File

@ -49,7 +49,7 @@ jail_list:
conf: conf:
src: nat_dhcp src: nat_dhcp
bhyve_dataset: zroot/freebsd/current/vm bhyve_dataset: zroot/freebsd/current/vm
bhyve_bemount: off bhyve_list: []
# efi_dev: /dev/gpt/EFI # efi_dev: /dev/gpt/EFI
efi_dev: /dev/diskid/DISK-SJB7N717610407Q0Hp1 efi_dev: /dev/diskid/DISK-SJB7N717610407Q0Hp1
sway_conf_files: sway_conf_files:

7
ansible/playbook.yaml
View File

@ -27,7 +27,6 @@
- sway - sway
- emacs - emacs
- firefox - firefox
- chromium
- devfs - devfs
- ssh_client - ssh_client
- sshfs - sshfs
@ -158,9 +157,3 @@
ansible_become: True ansible_become: True
roles: roles:
- jail_certificate - jail_certificate
- hosts: momlaptop
vars:
ansible_become: True
roles:
- jail_momlaptop

2
ansible/roles/base/files/watch_freebsd
View File

@ -10,7 +10,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
function cleanup { function cleanup {
switch_to_main_screen switch_to_main_screen
} }
for sig in EXIT; do for sig in EXIT INT QUIT HUP TERM; do
trap "set +e; cleanup; exit" "$sig" trap "set +e; cleanup; exit" "$sig"
done done

15
ansible/roles/base/tasks/freebsd.yaml
View File

@ -13,7 +13,6 @@
- gsed - gsed
- gmake - gmake
- rust-coreutils - rust-coreutils
- shuf
state: present state: present
- name: Install service configuration - name: Install service configuration
@ -120,17 +119,3 @@
group: wheel group: wheel
loop: loop:
- disk_labels - disk_labels
- name: Configure sysctls
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
state: present
reload: false
sysctl_file: "/etc/sysctl.conf.local"
loop:
# Adjust ttl
- name: net.inet.ip.ttl
value: 65
- name: net.inet6.ip6.hlim
value: 65

10
ansible/roles/base/tasks/linux.yaml
View File

@ -67,13 +67,3 @@
- name: vm.dirty_writeback_centisecs - name: vm.dirty_writeback_centisecs
value: 1500 value: 1500
file: power.conf file: power.conf
# Adjust ttl
- name: net.ipv4.ip_default_ttl
value: 65
file: ttl.conf
- name: net.ipv6.conf.all.hop_limit
value: 65
file: ttl.conf
- name: net.ipv6.conf.default.hop_limit
value: 65
file: ttl.conf

1
ansible/roles/bhyve/defaults/main.yaml
View File

@ -1 +1,2 @@
bhyve_mountpoint: "/vm" bhyve_mountpoint: "/vm"
bhyve_list: []

4
ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
View File

@ -47,7 +47,7 @@ function cleanup {
done done
} }
vms=() vms=()
for sig in EXIT; do for sig in EXIT INT QUIT HUP TERM; do
trap "set +e; sleep 10; cleanup" "$sig" trap "set +e; sleep 10; cleanup" "$sig"
done done
@ -154,8 +154,6 @@ function start_vm {
-c $CPU_CORES \ -c $CPU_CORES \
-m $MEMORY \ -m $MEMORY \
-H \ -H \
-P \
-o 'rtc.use_localtime=false' \
-s 0,hostbridge \ -s 0,hostbridge \
-s "4,nvme,/dev/zvol/${zfs_path}/disk0" \ -s "4,nvme,/dev/zvol/${zfs_path}/disk0" \
-s 30,xhci,tablet \ -s 30,xhci,tablet \

2
ansible/roles/chromium/files/chromium-flags.conf
View File

@ -1,2 +0,0 @@
--ozone-platform-hint=auto
--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE

2
ansible/roles/chromium/meta/main.yaml
View File

@ -1,2 +0,0 @@
dependencies:
- users

55
ansible/roles/chromium/tasks/common.yaml
View File

@ -1,55 +0,0 @@
# - name: Create directories
# file:
# name: "{{ item }}"
# state: directory
# mode: 0755
# owner: root
# group: wheel
# loop:
# - /foo/bar
# - name: Install scripts
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ item.dest }}"
# mode: 0755
# owner: root
# group: wheel
# loop:
# - src: foo.bash
# dest: /usr/local/bin/foo
# - name: Install Configuration
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ item.dest }}"
# mode: 0600
# owner: root
# group: wheel
# loop:
# - src: foo.conf
# dest: /usr/local/etc/foo.conf
# - name: Clone Source
# git:
# repo: "https://foo.bar/baz.git"
# dest: /foo/bar
# version: "v1.0.2"
# force: true
# diff: false
- import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"'
- import_tasks: tasks/linux.yaml
when: 'os_flavor == "linux"'
- include_tasks:
file: tasks/peruser.yaml
apply:
become: yes
become_user: "{{ initialize_user }}"
when: users is defined
loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
loop_control:
loop_var: initialize_user

5
ansible/roles/chromium/tasks/freebsd.yaml
View File

@ -1,5 +0,0 @@
# - name: Install packages
# package:
# name:
# - foo
# state: present

7
ansible/roles/chromium/tasks/linux.yaml
View File

@ -1,7 +0,0 @@
# Check chrome://gpu/ to confirm hardware video decoding and vulkan rendering is working.
- name: Install packages
package:
name:
- chromium
state: present

2
ansible/roles/chromium/tasks/main.yaml
View File

@ -1,2 +0,0 @@
- import_tasks: tasks/common.yaml
when: install_graphics

29
ansible/roles/chromium/tasks/peruser.yaml
View File

@ -1,29 +0,0 @@
- include_role:
name: per_user
# - name: Create directories
# file:
# name: "{{ account_homedir.stdout }}/{{ item }}"
# state: directory
# mode: 0700
# owner: "{{ account_name.stdout }}"
# group: "{{ group_name.stdout }}"
# loop:
# - ".config/foo"
# - name: Copy files
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
# mode: 0600
# owner: "{{ account_name.stdout }}"
# group: "{{ group_name.stdout }}"
# loop:
# - src: foo.conf
# dest: .config/foo/foo.conf
- import_tasks: tasks/peruser_freebsd.yaml
when: 'os_flavor == "freebsd"'
- import_tasks: tasks/peruser_linux.yaml
when: 'os_flavor == "linux"'

0
ansible/roles/chromium/tasks/peruser_freebsd.yaml
View File

10
ansible/roles/chromium/tasks/peruser_linux.yaml
View File

@ -1,10 +0,0 @@
- name: Copy files
copy:
src: "files/{{ item.src }}"
dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
mode: 0600
owner: "{{ account_name.stdout }}"
group: "{{ group_name.stdout }}"
loop:
- src: chromium-flags.conf
dest: .config/chromium-flags.conf

1
ansible/roles/docker/tasks/linux.yaml
View File

@ -2,7 +2,6 @@
package: package:
name: name:
- docker - docker
- docker-compose
state: present state: present
- name: Create docker zfs dataset - name: Create docker zfs dataset

2
ansible/roles/emacs/files/elisp/lang-org.el
View File

@ -4,8 +4,6 @@
:bind ( :bind (
("C-c l" . org-store-link) ("C-c l" . org-store-link)
("C-c a" . org-agenda) ("C-c a" . org-agenda)
("C--" . org-timestamp-down)
("C-=" . org-timestamp-up)
) )
:hook ( :hook (
(org-mode . (lambda () (org-mode . (lambda ()

4
ansible/roles/firewall/files/homeserver_pf.conf
View File

@ -51,10 +51,6 @@ nat pass on jail_nat proto {tcp, udp} from any to 10.215.1.216 port 22 -> 10.215
# rdr pass on $ext_if inet proto {tcp, udp} from any to any port 65022 -> 10.213.177.8 port 22 # rdr pass on $ext_if inet proto {tcp, udp} from any to any port 65022 -> 10.213.177.8 port 22
rdr pass on $ext_if inet proto {udp, tcp} from any to any port $unifi_ports -> 10.215.1.202 rdr pass on $ext_if inet proto {udp, tcp} from any to any port $unifi_ports -> 10.215.1.202
# -> momlaptop
rdr pass on $ext_if inet proto {tcp, udp} from $not_jail_nat_v4 to any port 8033 -> 10.215.1.218 port 443
nat pass on jail_nat proto {tcp, udp} from any to 10.215.1.218 port 443 -> 10.215.1.1
# filtering # filtering
# match in on jail_nat from any to any dnpipe(1, 2) # match in on jail_nat from any to any dnpipe(1, 2)
# match in on restricted_nat from any to any dnpipe(1, 2) # match in on restricted_nat from any to any dnpipe(1, 2)

3
ansible/roles/framework_laptop/files/disable_wifi_powersave_loader.conf
View File

@ -1,3 +0,0 @@
# Disable power save for wifi card because power save caused video stuttering in google meet on Linux. Both of these are currently the default on FreeBSD but I'm saving it just in case that default changes.
compat.linuxkpi.iwlwifi_power_save="0"
compat.linuxkpi.iwlwifi_mvm_power_scheme="1"

285
ansible/roles/framework_laptop/files/launch_windows.bash
View File

@ -1,285 +0,0 @@
#!/usr/local/bin/bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# Share a host directory to the guest via 9pfs.
#
# Inside the VM run:
# mount -t virtfs -o trans=virtio sharename /some/vm/path
# mount -t 9p -o cache=mmap -o msize=512000 sharename /mnt/9p
# mount -t 9p -o trans=virtio,cache=mmap,msize=512000 sharename /path/to/mountpoint
# bhyve_options="-s 28,virtio-9p,sharename=/"
# Enable Sound
# bhyve_options="-s 16,hda,play=/dev/dsp,rec=/dev/dsp"
# Example usage:
#
# doas bhyve_netgraph_bridge create-disk zdata/vm/poudriere /vm/poudriere 10
# doas bhyve_netgraph_bridge start poudriere zdata/vm/poudriere /vm/poudriere /vm/iso/FreeBSD-13.2-RELEASE-amd64-bootonly.iso
# doas bhyve_netgraph_bridge start poudriere zdata/vm/poudriere /vm/poudriere
: ${VERBOSE:="NO"} # or YES
: ${CPU_CORES:="1"}
: ${MEMORY:="1G"}
: ${NETWORK:="NAT"} # or RAW or BOTH
: ${IP_RANGE:="10.215.1.1/24"} # Ignored for RAW networks
: ${INTERFACE_NAME:="jail_nat"} # or the external interface like lagg0 for RAW networks
: ${BRIDGE_NAME:="bridge_$INTERFACE_NAME"} # or bridge_raw for RAW networks
: ${VNC_ENABLE:="NO"}
: ${VNC_LISTEN:="127.0.0.1:5900"}
: ${VNC_WIDTH:="1920"}
: ${VNC_HEIGHT:="1080"}
if [ "$VERBOSE" = "YES" ]; then
set -x
fi
############## Setup #########################
function cleanup {
for vm in "${vms[@]}"; do
log "Destroying bhyve vm $vm"
bhyvectl "--vm=$vm" --destroy
log "Destroyed bhyve vm $vm"
done
}
vms=()
for sig in EXIT; do
trap "set +e; sleep 10; cleanup" "$sig"
done
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function log {
(>&2 echo "${@}")
}
############## Program #########################
function main {
local cmd="$1"
shift 1
if [ "$cmd" = "create-disk" ]; then
create_disk "${@}"
elif [ "$cmd" = "start" ]; then
start_vm "${@}"
else
die 1 "Unrecognized command $cmd"
fi
}
function create_disk {
local zfs_path="$1"
local mount_path="$2"
local gigabytes="$3"
zfs create -o "mountpoint=$mount_path" "$zfs_path"
cp /usr/local/share/edk2-bhyve/BHYVE_UEFI_VARS.fd "${mount_path}/"
tee "${mount_path}/settings" <<EOF
CPU_CORES="$CPU_CORES"
MEMORY="$MEMORY"
NETWORK="$NETWORK"
IP_RANGE="$IP_RANGE"
BRIDGE_NAME="$BRIDGE_NAME"
INTERFACE_NAME="$INTERFACE_NAME"
EOF
zfs create -s "-V${gigabytes}G" -o volmode=dev -o primarycache=metadata -o secondarycache=none -o volblocksize=64K "$zfs_path/disk0"
}
function start_vm {
local name="$1"
local zfs_path="$2"
local mount_path="$3"
local mount_cd="${4:-}"
if [ -e "${mount_path}/settings" ]; then
source "${mount_path}/settings"
fi
local host_interface_name="$INTERFACE_NAME" # for raw, external interface
local bridge_name="$BRIDGE_NAME"
local ip_range="$IP_RANGE" # for raw this value does not matter
local mac_address
mac_address=$(calculate_mac_address "$name")
local additional_args=()
if [ "$NETWORK" = "NAT" ]; then
assert_bridge "$host_interface_name" "$bridge_name" "$ip_range"
local bridge_link_name=$(detect_available_link "${bridge_name}")
additional_args+=("-s" "2:0,e1000,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
elif [ "$NETWORK" = "RAW" ]; then
assert_raw "$host_interface_name" "$bridge_name"
local bridge_link_name=$(detect_available_link "${bridge_name}")
additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
elif [ "$NETWORK" = "BOTH" ]; then
assert_bridge "jail_nat" "$bridge_name" "$ip_range"
assert_raw "$host_interface_name" "bridge_raw"
local bridge_link_name=$(detect_available_link "${bridge_name}")
local raw_bridge_link_name=$(detect_available_link "bridge_raw")
local raw_mac_address=$(calculate_mac_address "${name}_raw")
additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
additional_args+=("-s" "3:0,virtio-net,netgraph,path=bridge_raw:,peerhook=${raw_bridge_link_name},mac=${raw_mac_address}")
elif [ "$NETWORK" = "NONE" ]; then
(>&2 echo "Not using any network.")
else
die 1 "Unrecognized NETWORK type $NETWORK"
fi
# -H release the CPU when guest issues HLT instruction. Otherwise 100% of core will be consumed.
# -s 3,ahci-cd,/vm/.iso/archlinux-2023.04.01-x86_64.iso \
# -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080,wait \
# -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080 \
# TODO: Look into using nmdm instead of stdio for serial console
if [ -n "$mount_cd" ]; then
additional_args+=("-s" "5,ahci-cd,$mount_cd")
fi
if [ "$VNC_ENABLE" = "YES" ]; then
additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=$VNC_WIDTH,h=$VNC_HEIGHT,wait")
fi
vms+=("$name")
# Removes CPU_CORES because windows must be a single CPU in bhyve
# -c $CPU_CORES \
# We need tpm
# -l "tpm,passthru,/dev/tpm0" \
# -S \
while true; do
set -x
set +e
bhyve \
-D \
-c sockets=1,cores=2,threads=2 \
-m $MEMORY \
-H \
-w \
-o 'rtc.use_localtime=false' \
-s 0,hostbridge \
-s "4,nvme,/dev/zvol/${zfs_path}/disk0" \
-s 16,hda,play=/dev/dsp,rec=/dev/dsp \
-s 30,xhci,tablet \
-s 31,lpc -l com1,stdio \
-l "bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,${mount_path}/BHYVE_UEFI_VARS.fd" \
-U '5a63bcd1-5cb4-4401-8a6f-d4042fb928a6' \
"${additional_args[@]}" \
"$name"
local exit_code=$?
set -e
set +x
if [ $exit_code -eq 0 ]; then
echo "Rebooting."
sleep 5
elif [ $exit_code -eq 1 ]; then
echo "Powered off."
break
elif [ $exit_code -eq 2 ]; then
echo "Halted."
break
elif [ $exit_code -eq 3 ]; then
echo "Triple fault."
break
elif [ $exit_code -eq 4 ]; then
echo "Exited due to an error."
break
fi
done
}
function detect_available_link {
local bridge_name="$1"
local linknum=1
while true; do
local link_name="link${linknum}"
if ! ng_exists "${bridge_name}:${link_name}"; then
echo "$link_name"
return
fi
linknum=$((linknum + 1))
if [ "$linknum" -gt 90 ]; then
(>&2 echo "No available links on bridge $bridge_name")
exit 1
fi
done
}
function assert_bridge {
local host_interface_name="$1"
local bridge_name="$2"
local ip_range="$3"
if ! ng_exists "${bridge_name}:"; then
ngctl -d -f - <<EOF
mkpeer . eiface hook ether
name .:hook $host_interface_name
EOF
ngctl -d -f - <<EOF
mkpeer ${host_interface_name}: bridge ether link0
name ${host_interface_name}:ether $bridge_name
EOF
ifconfig $(ngctl msg "${host_interface_name}:" getifname | grep Args | cut -d '"' -f 2) name "${host_interface_name}" "$ip_range" up
fi
}
function assert_raw {
local extif="$1"
local bridge_name="$2"
kldload -n ng_bridge ng_eiface ng_ether
if ! ng_exists "${bridge_name}:"; then
ngctlcat <<EOF
# Create a bridge.
mkpeer $extif: bridge lower link0
# Assign a name to the bridge.
name $extif:lower ${bridge_name}
# Since the host is also using $extif, we need to connect the upper hook also. Otherwise we will lose connectivity.
connect $extif: ${bridge_name}: upper link1
# Enable promiscuous mode so the host ethernet adapter accepts packets for all addresses
msg $extif: setpromisc 1
# Do not overwrite source address on packets
msg $extif: setautosrc 0
EOF
fi
}
function ng_exists {
ngctl status "${1}" >/dev/null 2>&1
}
function calculate_mac_address {
local name="$1"
local source
source=$(md5 -r -s "$name" | awk '{print $1}')
echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
}
function find_available_port {
local start_port="$1"
local port="$start_port"
while true; do
sockstat -P tcp -p 443
port=$((port + 1))
done
}
function ngctlcat {
if [ "$VERBOSE" = "YES" ]; then
tee /dev/tty | ngctl -d -f -
else
ngctl -d -f -
fi
}
main "${@}"

46
ansible/roles/framework_laptop/files/windows
View File

@ -1,46 +0,0 @@
#!/bin/sh
#
# REQUIRE: LOGIN
# PROVIDE: windows
# KEYWORD: shutdown
. /etc/rc.subr
name=windows
rcvar=${name}_enable
start_cmd="${name}_start"
stop_cmd="${name}_stop"
status_cmd="${name}_status"
load_rc_config $name
tmux_name="windows"
windows_start() {
/usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=YES VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /usr/local/bin/launch_windows start windows zroot/freebsd/current/vm/windows /vm/windows /vm/.iso/Win11_23H2_English_x64v2.iso"
}
windows_status() {
if /usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null; then
echo "$tmux_name is running."
else
echo "$tmux_name is not running."
return 1
fi
}
windows_stop() {
/usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null && (
/usr/local/bin/tmux kill-session -t $tmux_name
sleep 10
bhyvectl --vm=windows --destroy
# kill `cat /var/run/windows.pid`
)
windows_wait_for_end
}
windows_wait_for_end() {
while /usr/local/bin/tmux has-session -t $tmux_name 2>dev/null; do
sleep 1
done
}
run_rc_command "$1"

3
ansible/roles/framework_laptop/meta/main.yaml
View File

@ -1,3 +0,0 @@
dependencies:
- role: bhyve
when: 'os_flavor == "freebsd"'

35
ansible/roles/framework_laptop/tasks/freebsd.yaml
View File

@ -1,30 +1,5 @@
- name: Install loader.conf # - name: Install packages
copy: # package:
src: "files/{{ item }}_loader.conf" # name:
dest: "/boot/loader.conf.d/{{ item }}.conf" # - foo
mode: 0644 # state: present
owner: root
group: wheel
loop:
- disable_wifi_powersave
- name: Install scripts
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0755
owner: root
group: wheel
loop:
- src: launch_windows.bash
dest: /usr/local/bin/launch_windows
- name: Install rc script
copy:
src: "files/{{ item.src }}"
dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}"
owner: root
group: wheel
mode: 0755
loop:
- src: windows

11
ansible/roles/framework_laptop/tasks/linux.yaml
View File

@ -42,8 +42,7 @@
# amd_pstate=passive :: Fully automated hardware pstate control. # amd_pstate=passive :: Fully automated hardware pstate control.
# amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency. # amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds. # amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32 "org.zfsbootmenu:commandline": "rw quiet amdgpu.abmlevel=3 pcie_aspm=force pcie_aspm.policy=powersupersave nowatchdog"
"org.zfsbootmenu:commandline": "rw quiet amdgpu.abmlevel=3 pcie_aspm=force pcie_aspm.policy=powersupersave nowatchdog amdgpu.dcdebugmask=0x10"
- name: Install Configuration - name: Install Configuration
copy: copy:
@ -66,11 +65,3 @@
loop: loop:
- gpe10-boot.service - gpe10-boot.service
- gpe10-sleep.service - gpe10-sleep.service
# install swtpm
# install edk2-ovmf for /usr/share/ovmf/OVMF.fd
# install qemu-system-x86
# doas qemu-system-x86_64 -cdrom /vm/.iso/Win11_23H2_English_x64v2.iso -cpu Skylake-Client-v3 -enable-kvm -m 8192 —device chardev,socket,id=chrtpm,path=/tmp/emulated_tpm/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0 -smp 2 -device intel-hda -device hda-duplex -usb -nic user,ipv6=off,model=rtl8139,mac=84:1b:77:c9:03:a6 -bios /usr/share/edk2/x64/OVMF.fd -drive file=/dev/zvol/zroot/freebsd/current/vm/windows/disk0,format=raw,media=disk,if=none,id=nvm -device nvme,drive=nvm,serial=foo,opt_io_size=4096,min_io_size=4096,logical_block_size=4096,physical_block_size=4096
# doas mkdir /tmp/emulated_tpm
# doas swtpm socket --tpmstate dir=/tmp/emulated_tpm --ctrl type=unixio,path=/tmp/emulated_tpm/swtpm-sock --log level=20 --tpm2

15
ansible/roles/jail/files/jails/momlaptop.conf
View File

@ -1,15 +0,0 @@
momlaptop {
path = "/jail/${name}";
vnet;
exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
exec.poststop += "sleep 10; /usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";
vnet.interface += "jail${name}";
devfs_ruleset = 14;
mount.devfs;
mount.fstab = "/etc/fstab.${name}";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown jail";
exec.consolelog = "/var/log/jail_${name}_console.log";
}

15
ansible/roles/jail_momlaptop/files/headers.include
View File

@ -1,15 +0,0 @@
# Enable HTTP Strict Transport Security (HSTS) to force clients to
# always connect via HTTPS (do not use if only testing)
add_header Strict-Transport-Security "max-age=31536000;" always;
# Enable cross-site filter (XSS) and tell browser to block detected
# attacks
add_header X-XSS-Protection "1; mode=block" always;
# Prevent some browsers from MIME-sniffing a response away from the
# declared Content-Type
add_header X-Content-Type-Options "nosniff" always;
# Disallow the site to be rendered within a frame (clickjacking
# protection)
add_header X-Frame-Options "DENY" always;
# Indicate that we are serving http3 on port 443
add_header Alt-Svc 'h3=":8033"; ma=864000';

BIN
ansible/roles/jail_momlaptop/files/htpasswd
View File

Binary file not shown.

2
ansible/roles/jail_momlaptop/files/newsyslog.conf
View File

@ -1,2 +0,0 @@
# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num]
/var/log/nginx/*.log 640 5 1000 @T00 GYC /var/run/nginx.pid SIGUSR1

48
ansible/roles/jail_momlaptop/files/nginx.conf
View File

@ -1,48 +0,0 @@
worker_processes auto;
user www www;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
types {
text/plain log;
}
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gzip on;
include conf.d/headers.include;
server {
listen 443 quic reuseport;
listen [::]:443 quic reuseport;
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name momlaptop.fizz.buzz;
include conf.d/tls_settings.include;
# RSA
ssl_certificate /momlaptop.fizz.buzz/tls.crt;
ssl_certificate_key /momlaptop.fizz.buzz/tls.key;
# Nginx by default only allows file uploads up to 50M in size
client_max_body_size 50M;
location / {
auth_basic "Stuff";
auth_basic_user_file conf.d/htpasswd;
alias /srv/http/;
autoindex on;
}
}
}

1
ansible/roles/jail_momlaptop/files/nginx_rc.conf
View File

@ -1 +0,0 @@
nginx_enable="YES"

9
ansible/roles/jail_momlaptop/files/proxy.include
View File

@ -1,9 +0,0 @@
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
# Settings for keepalive module for upstreams
proxy_http_version 1.1;
proxy_set_header Connection "";
# Requests sent with early data are subject to replay attacks so the application needs to protect against that by using the Early-Data header.
# proxy_set_header Early-Data $ssl_early_data;

3
ansible/roles/jail_momlaptop/files/tls_settings.include
View File

@ -1,3 +0,0 @@
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;

2
ansible/roles/jail_momlaptop/meta/main.yaml
View File

@ -1,2 +0,0 @@
dependencies:
- syslog

55
ansible/roles/jail_momlaptop/tasks/common.yaml
View File

@ -1,55 +0,0 @@
# - name: Create directories
# file:
# name: "{{ item }}"
# state: directory
# mode: 0755
# owner: root
# group: wheel
# loop:
# - /foo/bar
# - name: Install scripts
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ item.dest }}"
# mode: 0755
# owner: root
# group: wheel
# loop:
# - src: foo.bash
# dest: /usr/local/bin/foo
# - name: Install Configuration
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ item.dest }}"
# mode: 0600
# owner: root
# group: wheel
# loop:
# - src: foo.conf
# dest: /usr/local/etc/foo.conf
# - name: Clone Source
# git:
# repo: "https://foo.bar/baz.git"
# dest: /foo/bar
# version: "v1.0.2"
# force: true
# diff: false
- import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"'
- import_tasks: tasks/linux.yaml
when: 'os_flavor == "linux"'
# - include_tasks:
# file: tasks/peruser.yaml
# apply:
# become: yes
# become_user: "{{ initialize_user }}"
# when: users is defined
# loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
# loop_control:
# loop_var: initialize_user

81
ansible/roles/jail_momlaptop/tasks/freebsd.yaml
View File

@ -1,81 +0,0 @@
- name: Create www group
group:
name: www
- name: Create www user
user:
name: www
home: /srv/http
createhome: false
group: www
- name: Create directories
file:
name: "{{ item }}"
state: directory
mode: 0755
owner: root
group: wheel
loop:
- /momlaptop.fizz.buzz
- /etc/rc.conf.d
- /usr/local/etc/nginx/conf.d
- name: Create directories
file:
name: "{{ item }}"
state: directory
mode: 0755
owner: www
group: www
loop:
- /srv/http
- name: Install packages
package:
name:
- nginx
state: present
# validate fails because nginx config relies on a local mime.types
- name: Install Configuration
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0644
owner: root
group: wheel
loop:
- src: nginx.conf
dest: /usr/local/etc/nginx/nginx.conf
- src: headers.include
dest: /usr/local/etc/nginx/conf.d/headers.include
- src: proxy.include
dest: /usr/local/etc/nginx/conf.d/proxy.include
- src: tls_settings.include
dest: /usr/local/etc/nginx/conf.d/tls_settings.include
# Generate htpasswd with `htpasswd -c files/htpasswd user1`
# or `printf "USER:$(openssl passwd)\n" >> files/htpasswd`
- src: htpasswd
dest: /usr/local/etc/nginx/conf.d/htpasswd
- name: Install newsyslog configuration
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0600
owner: root
group: wheel
loop:
- src: newsyslog.conf
dest: /usr/local/etc/newsyslog.conf.d/nginx.conf
- name: Install service configuration
copy:
src: "files/{{ item }}_rc.conf"
dest: "/etc/rc.conf.d/{{ item }}"
mode: 0644
owner: root
group: wheel
loop:
- nginx

29
ansible/roles/jail_momlaptop/tasks/linux.yaml
View File

@ -1,29 +0,0 @@
# - name: Build aur packages
# register: buildaur
# become_user: "{{ build_user.name }}"
# command: "aurutils-sync --no-view {{ item }}"
# args:
# creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
# loop:
# - foo
# - name: Update cache
# when: buildaur.changed
# pacman:
# name: []
# state: present
# update_cache: true
# - name: Install packages
# package:
# name:
# - foo
# state: present
# - name: Enable services
# systemd:
# enabled: yes
# name: "{{ item }}"
# daemon_reload: yes
# loop:
# - foo.service

2
ansible/roles/jail_momlaptop/tasks/main.yaml
View File

@ -1,2 +0,0 @@
- import_tasks: tasks/common.yaml
# when: foo is defined

29
ansible/roles/jail_momlaptop/tasks/peruser.yaml
View File

@ -1,29 +0,0 @@
- include_role:
name: per_user
# - name: Create directories
# file:
# name: "{{ account_homedir.stdout }}/{{ item }}"
# state: directory
# mode: 0700
# owner: "{{ account_name.stdout }}"
# group: "{{ group_name.stdout }}"
# loop:
# - ".config/foo"
# - name: Copy files
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
# mode: 0600
# owner: "{{ account_name.stdout }}"
# group: "{{ group_name.stdout }}"
# loop:
# - src: foo.conf
# dest: .config/foo/foo.conf
- import_tasks: tasks/peruser_freebsd.yaml
when: 'os_flavor == "freebsd"'
- import_tasks: tasks/peruser_linux.yaml
when: 'os_flavor == "linux"'

0
ansible/roles/jail_momlaptop/tasks/peruser_freebsd.yaml
View File

0
ansible/roles/jail_momlaptop/tasks/peruser_linux.yaml
View File

10
ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf
View File

@ -6,7 +6,6 @@
"subnet4": [ "subnet4": [
{ {
"subnet": "10.215.1.0/24", "subnet": "10.215.1.0/24",
"id": 1,
"pools": [ { "pool": "10.215.1.10-10.215.1.200" } ], "pools": [ { "pool": "10.215.1.10-10.215.1.200" } ],
"option-data": [ "option-data": [
{ {
@ -62,12 +61,12 @@
}, },
{ {
// admin_git // admin_git
"hw-address": "06:4c:9f:0e:e2:cc", "hw-address": "58:9c:fc:10:fc:5a",
"ip-address": "10.215.1.210" "ip-address": "10.215.1.210"
}, },
{ {
// public_dns // public_dns
"hw-address": "06:81:a6:f4:ab:24", "hw-address": "58:9c:fc:10:ff:80",
"ip-address": "10.215.1.211" "ip-address": "10.215.1.211"
}, },
{ {
@ -89,11 +88,6 @@
// bastion - hard-coded in rc.conf, reproduced here to reserve ip // bastion - hard-coded in rc.conf, reproduced here to reserve ip
"hw-address": "06:ca:1a:10:74:09", "hw-address": "06:ca:1a:10:74:09",
"ip-address": "10.215.1.217" "ip-address": "10.215.1.217"
},
{
// momlaptop - hard-coded in rc.conf, reproduced here to reserve ip
"hw-address": "06:85:69:c5:6a:d6",
"ip-address": "10.215.1.218"
} }
] ]
} }

2
ansible/roles/kubernetes/files/kshell
View File

@ -13,7 +13,7 @@ function cleanup {
done done
} }
pods=() pods=()
for sig in EXIT; do for sig in EXIT INT QUIT HUP TERM; do
trap "set +e; cleanup" "$sig" trap "set +e; cleanup" "$sig"
done done

470
ansible/roles/launch_keyboard/files/launch_keyboard_layout.json
View File

@ -508,372 +508,98 @@
] ]
}, },
"key_leds": { "key_leds": {
"K00": [ "K00": null,
0, "K01": null,
0 "K02": null,
], "K03": null,
"K01": [ "K04": null,
0, "K05": null,
0 "K06": null,
], "K07": null,
"K02": [ "K08": null,
0, "K09": null,
0 "K0A": null,
], "K0B": null,
"K03": [ "K0C": null,
0, "K0D": null,
0 "K0E": null,
], "K10": null,
"K04": [ "K11": null,
0, "K12": null,
0 "K13": null,
], "K14": null,
"K05": [ "K15": null,
0, "K16": null,
0 "K17": null,
], "K18": null,
"K06": [ "K19": null,
0, "K1A": null,
0 "K1B": null,
], "K1C": null,
"K07": [ "K1D": null,
0, "K1E": null,
0 "K20": null,
], "K21": null,
"K08": [ "K22": null,
0, "K23": null,
0 "K24": null,
], "K25": null,
"K09": [ "K26": null,
0, "K27": null,
0 "K28": null,
], "K29": null,
"K0A": [ "K2A": null,
0, "K2B": null,
0 "K2C": null,
], "K2D": null,
"K0B": [ "K2E": null,
0, "K30": null,
0 "K31": null,
], "K32": null,
"K0C": [ "K33": null,
0, "K34": null,
0 "K35": null,
], "K36": null,
"K0D": [ "K37": null,
0, "K38": null,
0 "K39": null,
], "K3A": null,
"K0E": [ "K3B": null,
0, "K3C": null,
0 "K3D": null,
], "K40": null,
"K10": [ "K41": null,
0, "K42": null,
0 "K43": null,
], "K44": null,
"K11": [ "K45": null,
0, "K46": null,
0 "K47": null,
], "K48": null,
"K12": [ "K49": null,
0, "K4A": null,
0 "K4B": null,
], "K4C": null,
"K13": [ "K50": null,
0, "K51": null,
0 "K52": null,
], "K53": null,
"K14": [ "K54": null,
0, "K55": null,
0 "K56": null,
], "K57": null,
"K15": [ "K58": null,
0, "K59": null,
0 "K5A": null,
], "K5B": null
"K16": [
0,
0
],
"K17": [
0,
0
],
"K18": [
0,
0
],
"K19": [
0,
0
],
"K1A": [
0,
0
],
"K1B": [
0,
0
],
"K1C": [
0,
0
],
"K1D": [
0,
0
],
"K1E": [
0,
0
],
"K20": [
0,
0
],
"K21": [
0,
0
],
"K22": [
0,
0
],
"K23": [
0,
0
],
"K24": [
0,
0
],
"K25": [
0,
0
],
"K26": [
0,
0
],
"K27": [
0,
0
],
"K28": [
0,
0
],
"K29": [
0,
0
],
"K2A": [
0,
0
],
"K2B": [
0,
0
],
"K2C": [
0,
0
],
"K2D": [
0,
0
],
"K2E": [
0,
0
],
"K30": [
0,
0
],
"K31": [
0,
0
],
"K32": [
0,
0
],
"K33": [
0,
0
],
"K34": [
0,
0
],
"K35": [
0,
0
],
"K36": [
0,
0
],
"K37": [
0,
0
],
"K38": [
0,
0
],
"K39": [
0,
0
],
"K3A": [
0,
0
],
"K3B": [
0,
0
],
"K3C": [
0,
0
],
"K3D": [
0,
0
],
"K40": [
0,
0
],
"K41": [
0,
0
],
"K42": [
0,
0
],
"K43": [
0,
0
],
"K44": [
0,
0
],
"K45": [
0,
0
],
"K46": [
0,
0
],
"K47": [
0,
0
],
"K48": [
0,
0
],
"K49": [
0,
0
],
"K4A": [
0,
0
],
"K4B": [
0,
0
],
"K4C": [
0,
0
],
"K50": [
0,
0
],
"K51": [
0,
0
],
"K52": [
0,
0
],
"K53": [
0,
0
],
"K54": [
0,
0
],
"K55": [
0,
0
],
"K56": [
0,
0
],
"K57": [
0,
0
],
"K58": [
0,
0
],
"K59": [
0,
0
],
"K5A": [
0,
0
],
"K5B": [
0,
0
]
}, },
"layers": [ "layers": [
{ {
"mode": [ "mode": [
0, 7,
127 127
], ],
"brightness": 109, "brightness": 135,
"color": [
0,
0
]
},
{
"mode": [
13,
127
],
"brightness": 109,
"color": [
21,
255
]
},
{
"mode": [
13,
127
],
"brightness": 109,
"color": [ "color": [
142, 142,
255 255
@ -884,7 +610,29 @@
13, 13,
127 127
], ],
"brightness": 109, "brightness": 135,
"color": [
142,
255
]
},
{
"mode": [
13,
127
],
"brightness": 135,
"color": [
142,
255
]
},
{
"mode": [
13,
127
],
"brightness": 135,
"color": [ "color": [
142, 142,
255 255

28
ansible/roles/media/files/cast_file_vaapi
View File

@ -317,32 +317,4 @@ function encode_webcam {
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch" "rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
} }
function speed_up_preprocess_vp8 {
local file_to_cast file_to_save
file_to_cast="$1"
file_to_save="$2"
set -x
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
# -strict -2 :: Enable support for experimental codecs like opus.
# -b:v 2M :: Target 2 megabit/s
# -crf 10 :: Target a quality level and adjust bitrate accordingly. This should be preferred, but ideally both should be used.
# Could also use -filter_complex "[0:v]setpts=0.5*PTS[v];[0:a]atempo=2.0[a]" -map "[v]" -map "[a]"
</dev/null exec ffmpeg \
-i "$file_to_cast" \
-filter:v "setpts=0.66666666*PTS" \
-filter:a "atempo=1.5" \
-c:v vp8 \
-b:v 2M \
-crf 10 \
-bf 0 \
-c:a opus \
-b:a 320k \
-ar 48000 \
-strict -2 \
"$file_to_save"
}
main "${@}" main "${@}"

13
ansible/roles/media/tasks/freebsd.yaml
View File

@ -4,18 +4,5 @@
# Have to use yt-dlp instead of youtube_dl because of mpv # Have to use yt-dlp instead of youtube_dl because of mpv
# - youtube_dl # - youtube_dl
- yt-dlp - yt-dlp
state: present
- name: Install packages
when: install_graphics
package:
name:
- mkvtoolnix # for mkvmerge - mkvtoolnix # for mkvmerge
state: present state: present
- name: Install packages
when: not install_graphics
package:
name:
- mkvtoolnix-nogui # for mkvmerge
state: present

1
ansible/roles/network/tasks/freebsd.yaml
View File

@ -40,7 +40,6 @@
name: "{{ item.name }}" name: "{{ item.name }}"
value: "{{ item.value }}" value: "{{ item.value }}"
state: present state: present
reload: false
sysctl_file: "/etc/sysctl.conf.local" sysctl_file: "/etc/sysctl.conf.local"
loop: loop:
- name: net.inet6.ip6.use_tempaddr # Enable privacy addresses - name: net.inet6.ip6.use_tempaddr # Enable privacy addresses

3
ansible/roles/poudriere/files/poudriere.d/14broadwell-default-computer-pkglist
View File

@ -11,7 +11,6 @@ graphics/ImageMagick7
lang/python lang/python
misc/terminfo-db misc/terminfo-db
multimedia/ffmpeg multimedia/ffmpeg
multimedia/mkvtoolnix@nogui
multimedia/v4l-utils multimedia/v4l-utils
multimedia/webcamd multimedia/webcamd
net-mgmt/ipcalc net-mgmt/ipcalc
@ -40,7 +39,6 @@ sysutils/bhyve-firmware
sysutils/btop sysutils/btop
sysutils/cpu-microcode sysutils/cpu-microcode
sysutils/ddrescue sysutils/ddrescue
sysutils/dmidecode
sysutils/exfat-utils sysutils/exfat-utils
sysutils/fusefs-exfat sysutils/fusefs-exfat
sysutils/fusefs-sshfs sysutils/fusefs-sshfs
@ -56,7 +54,6 @@ sysutils/powerdxx
sysutils/powermon sysutils/powermon
sysutils/pstree sysutils/pstree
sysutils/rust-coreutils sysutils/rust-coreutils
sysutils/shuf
sysutils/tmux sysutils/tmux
sysutils/tree sysutils/tree
sysutils/zrepl sysutils/zrepl

2
ansible/roles/poudriere/files/poudriere.d/currentznver4-default-framework-make.conf
View File

@ -1,7 +1,7 @@
# Disable CPUTYPE optimizations when compiling gcc48 because zen 4 is not included in gcc4.8 # Disable CPUTYPE optimizations when compiling gcc48 because zen 4 is not included in gcc4.8
# #
# Example from bottom of /usr/share/examples/etc/make.conf # Example from bottom of /usr/share/examples/etc/make.conf
.if ${.CURDIR:M*/devel/boost-libs*} || ${.CURDIR:M*/multimedia/wl-screenrec*} || ${.CURDIR:M*/www/firefox*} || ${.CURDIR:M*/devel/libclc*} .if ${.CURDIR:M*/devel/boost-libs*} || ${.CURDIR:M*/multimedia/wl-screenrec*} || ${.CURDIR:M*/www/firefox*}
CPUTYPE?=x86-64-v4 CPUTYPE?=x86-64-v4
.elif ${.CURDIR:N*/lang/gcc48*} && ${.CURDIR:N*/lang/gcc10*} && ${.CURDIR:N*/devel/binutils*} && ${.CURDIR:N*/devel/qt6-base*} && ${.CURDIR:N*/www/node20*} .elif ${.CURDIR:N*/lang/gcc48*} && ${.CURDIR:N*/lang/gcc10*} && ${.CURDIR:N*/devel/binutils*} && ${.CURDIR:N*/devel/qt6-base*} && ${.CURDIR:N*/www/node20*}
CPUTYPE?=znver4 CPUTYPE?=znver4

2
ansible/roles/poudriere/files/poudriere.d/currentznver4-default-framework-pkglist
View File

@ -34,7 +34,6 @@ graphics/qt5-wayland
graphics/vulkan-loader graphics/vulkan-loader
graphics/vulkan-tools graphics/vulkan-tools
graphics/vulkan-validation-layers graphics/vulkan-validation-layers
graphics/wayland-utils
lang/python lang/python
lang/rust-nightly lang/rust-nightly
math/gnuplot math/gnuplot
@ -102,7 +101,6 @@ sysutils/pstree
sysutils/pv sysutils/pv
sysutils/radeontop sysutils/radeontop
sysutils/rust-coreutils sysutils/rust-coreutils
sysutils/shuf
sysutils/terraform sysutils/terraform
sysutils/tmux sysutils/tmux
sysutils/tree sysutils/tree

3
ansible/roles/poudriere/files/poudriere_delete_jail.bash
View File

@ -11,9 +11,6 @@ if ! grep -q "${jail_name}" <<<"$jail_list"; then
die "No jail named ${jail_name} found." die "No jail named ${jail_name} found."
fi fi
# We could do
# poudriere pkgclean -A -y -j "$jail_name"
# instead of the packages line below but we'd need to know every set
poudriere jail -d -j "$jail_name" -C all poudriere jail -d -j "$jail_name" -C all
rm -rf /usr/local/poudriere/data/images/${jail_name}-repo \ rm -rf /usr/local/poudriere/data/images/${jail_name}-repo \
/usr/obj/usr/local/poudriere/jails/${jail_name} \ /usr/obj/usr/local/poudriere/jails/${jail_name} \

1
ansible/roles/public_dns/files/master.db
View File

@ -72,4 +72,3 @@ home IN A 68.197.252.22
opstunnel IN CNAME home.fizz.buzz. opstunnel IN CNAME home.fizz.buzz.
stream IN CNAME home.fizz.buzz. stream IN CNAME home.fizz.buzz.
stuff IN CNAME home.fizz.buzz. stuff IN CNAME home.fizz.buzz.
momlaptop IN CNAME home.fizz.buzz.

2
ansible/roles/sway/files/start_screen_share.bash → ansible/roles/sway/files/disable_notifications.bash
View File

@ -6,5 +6,3 @@ IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
makoctl set-mode do-not-disturb makoctl set-mode do-not-disturb
swaymsg output "'Dell Inc. DELL U3014 P1V6N35M329L'" scale 2

2
ansible/roles/sway/files/stop_screen_share.bash → ansible/roles/sway/files/enable_notifications.bash
View File

@ -6,5 +6,3 @@ IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
makoctl set-mode default makoctl set-mode default
swaymsg output "'Dell Inc. DELL U3014 P1V6N35M329L'" scale 1

6
ansible/roles/sway/files/xdg-desktop-portal-wlr-config
View File

@ -1,7 +1,7 @@
[screencast] [screencast]
#output_name=HDMI-A-1 #output_name=HDMI-A-1
max_fps=30 #max_fps=30
exec_before=/usr/local/bin/start_screen_share exec_before=/usr/local/bin/disable_notifications
exec_after=/usr/local/bin/stop_screen_share exec_after=/usr/local/bin/enable_notifications
chooser_type=simple chooser_type=simple
chooser_cmd=slurp -f %o -or chooser_cmd=slurp -f %o -or

9
ansible/roles/sway/tasks/common.yaml
View File

@ -22,7 +22,6 @@
# - adwaita-qt5 # For dark theme # - adwaita-qt5 # For dark theme
# - adwaita-qt6 # For dark theme # - adwaita-qt6 # For dark theme
- wlsunset - wlsunset
- wayland-utils # for wayland-info
state: present state: present
- name: Install scripts - name: Install scripts
@ -33,10 +32,10 @@
owner: root owner: root
group: wheel group: wheel
loop: loop:
- src: start_screen_share.bash - src: enable_notifications.bash
dest: /usr/local/bin/start_screen_share dest: /usr/local/bin/enable_notifications
- src: stop_screen_share.bash - src: disable_notifications.bash
dest: /usr/local/bin/stop_screen_share dest: /usr/local/bin/disable_notifications
- import_tasks: tasks/freebsd.yaml - import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"' when: 'os_flavor == "freebsd"'

2
ansible/run.bash
View File

@ -34,8 +34,6 @@ elif [ "$target" = "certificate" ]; then
ansible-playbook -v -i environments/jail playbook.yaml --diff --limit certificate "${@}" ansible-playbook -v -i environments/jail playbook.yaml --diff --limit certificate "${@}"
elif [ "$target" = "bastion" ]; then elif [ "$target" = "bastion" ]; then
ansible-playbook -v -i environments/jail playbook.yaml --diff --limit bastion "${@}" ansible-playbook -v -i environments/jail playbook.yaml --diff --limit bastion "${@}"
elif [ "$target" = "momlaptop" ]; then
ansible-playbook -v -i environments/jail playbook.yaml --diff --limit momlaptop "${@}"
elif [ "$target" = "vm_poudriereodo" ]; then elif [ "$target" = "vm_poudriereodo" ]; then
ansible-playbook -v -i environments/vm playbook.yaml --diff --limit poudriereodo "${@}" ansible-playbook -v -i environments/vm playbook.yaml --diff --limit poudriereodo "${@}"
elif [ "$target" = "vm_poudrieremrmanager" ]; then elif [ "$target" = "vm_poudrieremrmanager" ]; then