Merge branch 'custom_freebsd'

I'm hoping this fixes an issue where the chroot for building the ports only contains the kernel files and therefore lacks /bin/sh.

ansible/environments/vm/host_vars/freebsdupdatemrmanager

@@ -0,0 +1,5 @@
+os_flavor: "freebsd"
+cpu_opt: tigerlake
+build_user:
+  name: root
+  group: wheel

ansible/environments/vm/hosts

@@ -1,9 +1,13 @@
 [vm]
 poudriereodo ansible_user=builder ansible_host=10.213.177.12
 poudrieremrmanager ansible_user=root ansible_host=poudriere
+freebsdupdatemrmanager ansible_user=root ansible_host=freebsdupdate
 #
 # Put in ~/.ssh/config
 #    Host poudriere
 #       ProxyJump talexander@mrmanager
 #       HostName 10.215.1.203
 #
+#    Host freebsdupdate
+#       ProxyJump talexander@mrmanager
+#       HostName 10.215.1.213

ansible/playbook.yaml

@@ -68,6 +68,7 @@
     - portshaker
     - poudriere
     - poudrierenginx
+    - freebsd_update_server
 
 - hosts: mrmanager
   vars:
@@ -118,3 +119,19 @@
     ansible_become: True
   roles:
     - framework_laptop
+
+- hosts: odofreebsd
+  vars:
+    ansible_become: True
+  roles:
+    - freebsd_update_server
+
+- hosts: freebsdupdatemrmanager
+  vars:
+    ansible_become: True
+  roles:
+    - sudo # for poudboot script
+    - doas
+    - fstab
+    - build
+    - freebsd_update_server

ansible/roles/blank/tasks/common.yaml

@@ -1,3 +1,43 @@
+# - name: Create directories
+#   file:
+#     name: "{{ item }}"
+#     state: directory
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - /foo/bar
+
+# - name: Install scripts
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.bash
+#       dest: /usr/local/bin/foo
+
+# - name: Install Configuration
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0600
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.conf
+#       dest: /usr/local/etc/foo.conf
+
+# - name: Clone Source
+#   git:
+#     repo: "https://foo.bar/baz.git"
+#     dest: /foo/bar
+#     version: "v1.0.2"
+#     force: true
+#   diff: false
+
 - import_tasks: tasks/freebsd.yaml
   when: 'os_flavor == "freebsd"'
 

ansible/roles/build/defaults/main.yaml

@@ -1 +1,2 @@
-freebsd_version: "releng/13.2"
+# freebsd_version: "releng/13.2"
+freebsd_version: "9c80d66ec1b4c5b9ac7aaf5b0fdbb1628d49c181"

ansible/roles/build/meta/main.yaml

@@ -1,3 +1,5 @@
 dependencies:
-  - users
-  - gpg
+  - role: users
+    when: 'os_flavor == "linux"'
+  - role: gpg
+    when: 'os_flavor == "linux"'

ansible/roles/build/tasks/common.yaml

@@ -3,12 +3,3 @@
 
 - import_tasks: tasks/linux.yaml
   when: 'os_flavor == "linux"'
-
-- include_tasks:
-    file: tasks/peruser.yaml
-    apply:
-      become: yes
-      become_user: "{{ initialize_user }}"
-  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
-  loop_control:
-    loop_var: initialize_user

ansible/roles/build/tasks/peruser.yaml

@@ -1,29 +0,0 @@
-- include_role:
-    name: per_user
-
-# - name: Create directories
-#   file:
-#     name: "{{ account_homedir.stdout }}/{{ item }}"
-#     state: directory
-#     mode: 0700
-#     owner: "{{ account_name.stdout }}"
-#     group: "{{ group_name.stdout }}"
-#   loop:
-#     - ".config/foo"
-
-# - name: Copy files
-#   copy:
-#     src: "files/{{ item.src }}"
-#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
-#     mode: 0600
-#     owner: "{{ account_name.stdout }}"
-#     group: "{{ group_name.stdout }}"
-#   loop:
-#     - src: foo.conf
-#       dest: .config/foo/foo.conf
-
-- import_tasks: tasks/peruser_freebsd.yaml
-  when: 'os_flavor == "freebsd"'
-
-- import_tasks: tasks/peruser_linux.yaml
-  when: 'os_flavor == "linux"'

ansible/roles/build/templates/src.conf.j2

@@ -5,12 +5,12 @@ KERNCONF=CUSTOM
 WITH_MALLOC_PRODUCTION=YES
 WITHOUT_LLVM_ASSERTIONS=YES
 WITH_REPRODUCIBLE_BUILD=YES
-PORTS_MODULES+=graphics/drm-510-kmod
-NO_SHARED=YES
+PORTS_MODULES+=graphics/drm-kmod
+PORTS_MODULES+=graphics/gpu-firmware-intel-kmod
+PORTS_MODULES+=net/wireguard-kmod
 
 # Would be fun to experiment with:
 # WITHOUT_SOURCELESS=YES
-# WITHOUT_SHARED_TOOLCHAIN=YES
 # WITHOUT_GAMES=YES
 # WITHOUT_KERBEROS=YES
 # WITHOUT_LEGACY_CONSOLE=YES

ansible/roles/freebsd_update_server/files/build_release.bash

@@ -0,0 +1,130 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+: ${DATA_DIRECTORY:="/usr/local/share/freebsdupdate"}
+: ${STAGE_FILE:="${DATA_DIRECTORY}/stage"}
+: ${RELEASE_DIRECTORY:="${DATA_DIRECTORY}/release"}
+: ${LOG_DIRECTORY:="${DATA_DIRECTORY}/logs"}
+: ${PORTS_TREE:="/usr/ports"}
+: ${PORTS_REPO:="https://git.FreeBSD.org/ports.git"}
+
+############## Setup #########################
+
+function die {
+    local status_code="$1"
+    shift
+    (>&2 echo "${@}")
+    exit "$status_code"
+}
+
+function log {
+    (>&2 echo "${@}")
+}
+
+############## Program #########################
+
+function main {
+    assert_directories
+
+    local stage=""
+    if [ -e "$STAGE_FILE" ]; then
+        local stage=$(cat "$STAGE_FILE")
+    fi
+    if [ "$stage" = "selfbuild" ]; then
+        log_cmd stage_selfbuild
+    elif [ "$stage" = "selfinstallworld" ]; then
+        log_cmd stage_selfinstallworld
+    elif [ "$stage" = "selfconflictcheck" ]; then
+        log_cmd stage_selfconflictcheck
+    elif [ "$stage" = "releasebuild" ]; then
+        log_cmd stage_releasebuild
+    elif [ "$stage" = "done" ]; then
+        log_cmd stage_done
+    else
+        die 1 "Unhandled stage: \"$stage\"."
+    fi
+}
+
+function log_cmd {
+    "${@}" |& tee "$LOG_DIRECTORY/$(date +%Y%m%d-%s).log"
+}
+
+function self_conflict_check {
+    if etcupdate status | grep -qE '^  C '; then
+        die 1 'Conflicts remain in etcupdate. Run `etcupdate resolve` to fix them first.'
+    fi
+}
+
+function assert_directories {
+    for d in "$DATA_DIRECTORY" "$RELEASE_DIRECTORY" "$LOG_DIRECTORY"; do
+        if [ ! -e "$d" ]; then
+            mkdir -p "$d"
+        fi
+    done
+}
+
+function update_ports_tree {
+    if [ ! -e "$PORTS_TREE" ]; then
+        mkdir -p $PORTS_TREE
+        git -C $PORTS_TREE init --initial-branch=main
+        git -C $PORTS_TREE remote add origin $PORTS_REPO
+    fi
+    git -C $PORTS_TREE fetch origin main # 'refs/heads/main'
+    git -C $PORTS_TREE checkout FETCH_HEAD
+}
+
+function set_stage {
+    echo "${@}" > "$STAGE_FILE"
+}
+
+function stage_selfbuild {
+    self_conflict_check
+    assert_directories
+    update_ports_tree
+
+    SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src clean
+    SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src buildworld buildkernel
+    SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src installkernel
+
+    set_stage "selfinstallworld"
+    /sbin/shutdown -r now
+}
+
+function stage_selfinstallworld {
+    etcupdate -p
+    SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src installworld
+    etcupdate -B
+
+    set_stage "selfconflictcheck"
+    stage_selfconflictcheck
+}
+
+function stage_selfconflictcheck {
+    self_conflict_check
+    set_stage "releasebuild"
+    /sbin/shutdown -r now
+}
+
+function stage_releasebuild {
+    local today=$(date +%Y%m%d)
+    local target_directory="${RELEASE_DIRECTORY}/${today}"
+    if [ -e "$target_directory" ]; then
+        die 1 "The release directory $target_directory already exists. Exiting."
+    fi
+    SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src clean
+    make -C /usr/src buildworld buildkernel
+    make -C /usr/src/release obj
+    make -C /usr/src/release release
+    mkdir -p "$target_directory"
+    make -C /usr/src/release install DESTDIR="$target_directory"
+    set_stage "done"
+}
+
+function stage_done {
+    log "Everything is done."
+}
+
+main "${@}"

ansible/roles/freebsd_update_server/files/release.conf

@@ -0,0 +1,120 @@
+#!/bin/sh
+#
+
+## Redefine environment variables here to override prototypes
+## defined in release.sh.
+#load_chroot_env() { }
+#load_target_env() { }
+#buildenv_setup() { }
+
+## Set the directory within which the release will be built.
+CHROOTDIR="/scratch"
+
+## Do not explicitly require the devel/git port to be installed.
+#NOGIT=1
+## Set the version control system host.
+GITROOT="https://git.freebsd.org/"
+GITSRC="src.git"
+GITPORTS="ports.git"
+
+## Set the src/, ports/, and doc/ branches or tags.
+#SRCBRANCH="stable/13"
+SRCBRANCH="main"
+PORTBRANCH="main"
+
+## Sample configuration for using git from ports.
+#GITCMD="/usr/local/bin/git clone -q --branch main"
+
+## Set to override the default target architecture.
+#TARGET="amd64"
+#TARGET_ARCH="amd64"
+#KERNEL="GENERIC"
+KERNEL="GENERIC-NODEBUG"
+## Multiple kernels may be set.
+#KERNEL="GENERIC XENHVM"
+
+## Set to specify a custom make.conf and/or src.conf
+#MAKE_CONF="/etc/local/make.conf"
+MAKE_CONF="/etc/make.conf"
+#SRC_CONF="/etc/local/src.conf"
+SRC_CONF="/etc/src.conf"
+
+## Set to use make(1) flags.
+#MAKE_FLAGS="-s"
+
+## Set to use world- and kernel-specific make(1) flags.
+#WORLD_FLAGS="-j $(sysctl -n hw.ncpu)"
+#KERNEL_FLAGS="-j $(( $(( $(sysctl -n hw.ncpu) + 1 )) / 2 ))"
+
+## Set miscellaneous 'make release' settings.
+#NOPORTS=
+#NOSRC=
+#WITH_DVD=
+#WITH_COMPRESSED_IMAGES=
+
+## Set to '1' to disable multi-threaded xz(1) compression.
+#XZ_THREADS=0
+
+## Set when building embedded images.
+#EMBEDDEDBUILD=
+
+## Set to a list of ports required to build embedded system-on-chip
+## images, such as sysutils/u-boot-rpi.
+#EMBEDDEDPORTS=
+
+## Set to the hardware platform of the target userland.  This value
+## is passed to make(1) to set the TARGET (value of uname -m) to cross
+## build.
+#EMBEDDED_TARGET=
+
+## Set to the machine processor architecture of the target userland.
+## This value is passed to make(1) to set the TARGET_ARCH (value of uname -p)
+## to cross build.
+#EMBEDDED_TARGET_ARCH=
+
+## Set to skip the chroot environment buildworld/installworld/distribution
+## step if it is expected the build environment will exist via alternate
+## means.
+#CHROOTBUILD_SKIP=
+
+## Set to a non-empty value skip checkout or update of /usr/src in
+## the chroot.  This is intended for use when /usr/src already exists.
+#SRC_UPDATE_SKIP=
+
+## Set to a non-empty value skip checkout or update of /usr/ports in
+## the chroot.  This is intended for use when /usr/ports already exists.
+#PORTS_UPDATE_SKIP=
+
+## Set to pass additional flags to make(1) for the build chroot setup, such
+## as TARGET/TARGET_ARCH.
+#CHROOT_MAKEENV=
+
+## Set to a non-empty value to build virtual machine images as part of the
+## release build.
+#WITH_VMIMAGES=
+
+## Set to a non-empty value to compress virtual machine images with xz(1)
+## as part of the release build.
+#WITH_COMPRESSED_VMIMAGES=
+
+## If WITH_VMIMAGES is set to a non-empty value, this is the name of the
+## file to use for the installed userland/kernel.
+#VMBASE="vm"
+
+## If WITH_VMIMAGES is set to a non-empty value, this is the size of the
+## virtual machine disk filesystem.  Valid size values are described in
+## the makefs(8) manual page.
+#VMSIZE="20g"
+
+## If WITH_VMIMAGES is set to a non-empty value, this is a list of disk
+## image formats to create.  Valid values are listed in the mkimg(1)
+## manual page, as well as 'mkimg --formats' output.
+#VMFORMATS="vhdf vmdk qcow2 raw"
+
+## Set to a non-empty value to build virtual machine images for various
+## cloud providers as part of the release build.
+#WITH_CLOUDWARE=
+
+## If WITH_CLOUDWARE is set to a non-empty value, this is a list of providers
+## to create disk images.
+#CLOUDWARE="EC2 GCE VAGRANT-VIRTUALBOX VAGRANT-VMWARE"

ansible/roles/freebsd_update_server/tasks/common.yaml

@@ -0,0 +1,5 @@
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd" and build_user is defined'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'

ansible/roles/freebsd_update_server/tasks/freebsd.yaml

@@ -0,0 +1,50 @@
+- name: Install packages
+  package:
+    name:
+      - git
+      - tmux # For convenience
+      - htop # For convenience
+      - bash
+    state: present
+
+- name: Create directories
+  file:
+    name: "{{ item }}"
+    state: directory
+    mode: 0755
+    owner: "{{ build_user.name }}"
+    group: "{{ build_user.group }}"
+  loop:
+    - /opt/freebsd_update_server
+
+- name: Clone freebsd-update-build
+  git:
+    repo: "https://github.com/freebsd/freebsd-update-build.git"
+    dest: /opt/freebsd_update_server/freebsd-update-build
+    version: "28bb3ae7de9c1332fe8a366fb154a5b9faf37f49"
+    force: true
+  become: true
+  become_user: "{{ build_user.name }}"
+  diff: false
+
+- name: Install Configuration
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0600
+    owner: "{{ build_user.name }}"
+    group: "{{ build_user.group }}"
+  loop:
+    - src: release.conf
+      dest: /opt/freebsd_update_server/release.conf
+
+- name: Install scripts
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0755
+    owner: root
+    group: wheel
+  loop:
+    - src: build_release.bash
+      dest: /usr/local/bin/build_release

ansible/roles/freebsd_update_server/tasks/linux.yaml

@@ -0,0 +1,29 @@
+# - name: Build aur packages
+#   register: buildaur
+#   become_user: "{{ build_user.name }}"
+#   command: "aurutils-sync --no-view {{ item }}"
+#   args:
+#     creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
+#   loop:
+#     - foo
+
+# - name: Update cache
+#   when: buildaur.changed
+#   pacman:
+#     name: []
+#     state: present
+#     update_cache: true
+    
+# - name: Install packages
+#   package:
+#     name:
+#       - foo
+#     state: present
+
+# - name: Enable services
+#   systemd:
+#     enabled: yes
+#     name: "{{ item }}"
+#     daemon_reload: yes
+#   loop:
+#     - foo.service

ansible/roles/freebsd_update_server/tasks/main.yaml

@@ -0,0 +1,2 @@
+- import_tasks: tasks/common.yaml
+  # when: foo is defined

ansible/roles/fstab/tasks/common.yaml

@@ -3,13 +3,3 @@
 
 - import_tasks: tasks/linux.yaml
   when: 'os_flavor == "linux"'
-
-- include_tasks:
-    file: tasks/peruser.yaml
-    apply:
-      become: yes
-      become_user: "{{ initialize_user }}"
-  when: users is defined
-  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
-  loop_control:
-    loop_var: initialize_user

ansible/roles/fstab/tasks/peruser.yaml

@@ -1,29 +0,0 @@
-- include_role:
-    name: per_user
-
-# - name: Create directories
-#   file:
-#     name: "{{ account_homedir.stdout }}/{{ item }}"
-#     state: directory
-#     mode: 0700
-#     owner: "{{ account_name.stdout }}"
-#     group: "{{ group_name.stdout }}"
-#   loop:
-#     - ".config/foo"
-
-# - name: Copy files
-#   copy:
-#     src: "files/{{ item.src }}"
-#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
-#     mode: 0600
-#     owner: "{{ account_name.stdout }}"
-#     group: "{{ group_name.stdout }}"
-#   loop:
-#     - src: foo.conf
-#       dest: .config/foo/foo.conf
-
-- import_tasks: tasks/peruser_freebsd.yaml
-  when: 'os_flavor == "freebsd"'
-
-- import_tasks: tasks/peruser_linux.yaml
-  when: 'os_flavor == "linux"'

ansible/roles/graphics/files/intel_hw_accel_video_loader.conf

@@ -0,0 +1,2 @@
+#enable_guc=2
+#hw.i915kms.enable_guc=2

ansible/roles/graphics/tasks/freebsd_intel.yaml

@@ -29,6 +29,7 @@
     group: wheel
   loop:
     - intel_power
+    - intel_hw_accel_video
 
 - name: Install service configuration
   copy:

ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf

@@ -78,6 +78,11 @@
                         // brianai
                         "hw-address": "06:a6:dc:59:78:12",
                         "ip-address": "10.215.1.215"
+                    },
+                    {
+                        // freebsdupdate
+                        "hw-address": "06:14:5c:92:3d:5b",
+                        "ip-address": "10.215.1.213"
                     }
                 ]
             }

ansible/run.bash

@@ -38,6 +38,8 @@ elif [ "$target" = "jail_admin_git" ]; then
     ansible-playbook -v -i environments/jail playbook.yaml --diff --limit admin_git "${@}"
 elif [ "$target" = "jail_public_dns" ]; then
     ansible-playbook -v -i environments/jail playbook.yaml --diff --limit public_dns "${@}"
+elif [ "$target" = "vm_freebsdupdatemrmanager" ]; then
+    ansible-playbook -v -i environments/vm playbook.yaml --diff --limit freebsdupdatemrmanager "${@}"
 else
     die 1 "Unrecognized target"
 fi