Disable CPU power consumption settings.

The pixelbook seems oddly slow. Disabling this to see if it helps.
Enable the wireguard configs.
2023-11-26 09:31:47 -05:00 · 2023-11-26 09:31:47 -05:00 · 2023-11-26 09:31:47 -05:00 · 2023-11-26 09:31:46 -05:00 · 2023-11-26 09:31:46 -05:00 · 2023-11-26 09:31:46 -05:00
77 changed files with 1072 additions and 107 deletions
--- a/ansible/environments/home/host_vars/homeserver
+++ b/ansible/environments/home/host_vars/homeserver
@@ -18,6 +18,7 @@ hwpstate: false
 build_user:
  name: talexander
  group: talexander
+devfs_rules: "homeserver_devfs.rules"
 jail_zfs_dataset: zmass/encrypted/jails
 jail_zfs_dataset_mountpoint: /jail/main
 jail_canmount: "on"
--- a/ansible/environments/laptop/host_vars/odofreebsd
+++ b/ansible/environments/laptop/host_vars/odofreebsd
@@ -14,9 +14,9 @@ loader_conf: "odofreebsd_loader.conf"
 install_graphics: true
 graphics_driver: "intel"
 cputype: "intel"
-cpu_opt: tigerlake
+cpu_opt: skylake
 hwpstate: true
-cores: 8
+cores: 4
 build_user:
  name: talexander
  group: talexander
--- a/ansible/environments/laptop/host_vars/odolinux
+++ b/ansible/environments/laptop/host_vars/odolinux
@@ -32,8 +32,8 @@ enabled_wireguard:
  - colo
 cputype: "intel"
 hwpstate: true
-cores: 8
+cores: 4
 sway_conf_files:
  - rofimoji
-docker_storage_driver: zfs # alternatively overlay2
+docker_storage_driver: overlay2 # alternatively zfs
 docker_zfs_dataset: zroot/linux/archmain/docker
--- a/ansible/environments/laptop/host_vars/pixellinux
+++ b/ansible/environments/laptop/host_vars/pixellinux
@@ -0,0 +1,35 @@
+os_flavor: "linux"
+users:
+  talexander:
+    initialize: true
+    uid: 11235
+    gid: 1000
+    groups:
+      - name: wheel
+      - name: users
+      - name: docker
+      - name: libvirt
+      - name: uucp
+    authorized_keys:
+      - yubikey
+      - main_fido
+      - backup_fido
+      - homeassistant
+    gitconfig: "gitconfig_home"
+zfs_snapshot_datasets:
+  - path: zroot/linux/archmain/be
+install_graphics: true
+graphics_driver: "intel"
+build_user:
+  name: talexander
+  group: talexander
+wireguard_directory: pixel
+enabled_wireguard:
+ - wgh
+cputype: "intel"
+hwpstate: true
+cores: 4
+sway_conf_files:
+  - rofimoji
+docker_storage_driver: overlay2 # alternatively zfs
+docker_zfs_dataset: zroot/linux/archmain/docker
--- a/ansible/environments/laptop/hosts
+++ b/ansible/environments/laptop/hosts
@@ -1,3 +1,4 @@
 [gui]
 odolinux ansible_connection=local ansible_host=127.0.0.1
 odofreebsd ansible_connection=local ansible_host=127.0.0.1
+pixellinux ansible_connection=local ansible_host=127.0.0.1
--- a/ansible/environments/vm/host_vars/freebsdupdatemrmanager
+++ b/ansible/environments/vm/host_vars/freebsdupdatemrmanager
@@ -0,0 +1,5 @@
+os_flavor: "freebsd"
+cpu_opt: skylake
+build_user:
+  name: root
+  group: wheel
--- a/ansible/environments/vm/hosts
+++ b/ansible/environments/vm/hosts
@@ -1,9 +1,13 @@
 [vm]
 poudriereodo ansible_user=builder ansible_host=10.213.177.12
 poudrieremrmanager ansible_user=root ansible_host=poudriere
+freebsdupdatemrmanager ansible_user=root ansible_host=freebsdupdate
 #
 # Put in ~/.ssh/config
 #    Host poudriere
 #       ProxyJump talexander@mrmanager
 #       HostName 10.215.1.203
 #
+#    Host freebsdupdate
+#       ProxyJump talexander@mrmanager
+#       HostName 10.215.1.213
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@@ -52,6 +52,7 @@
    - javascript
    - launch_keyboard
    - lvfs
+    - restaurant_health_rating

 - hosts: nat_dhcp:homeserver_nat_dhcp:mrmanager_nat_dhcp
  vars:
@@ -68,6 +69,7 @@
    - portshaker
    - poudriere
    - poudrierenginx
+    - freebsd_update_server

 - hosts: mrmanager
  vars:
@@ -118,3 +120,31 @@
    ansible_become: True
  roles:
    - framework_laptop
+
+- hosts: pixellinux
+  vars:
+    ansible_become: True
+  roles:
+    - pixelbook
+
+- hosts: odofreebsd
+  vars:
+    ansible_become: True
+  roles:
+    - freebsd_update_server
+
+- hosts: freebsdupdatemrmanager
+  vars:
+    ansible_become: True
+  roles:
+    - sudo # for poudboot script
+    - doas
+    - fstab
+    - build
+    - freebsd_update_server
+
+- hosts: homeserver
+  vars:
+    ansible_become: True
+  roles:
+    - homeserver
--- a/ansible/roles/autofs/files/auto_master
+++ b/ansible/roles/autofs/files/auto_master
@@ -1,4 +1,3 @@
-# $FreeBSD$
 #
 # Automounter master map, see auto_master(5) for details.
 #
--- a/ansible/roles/base/files/login.conf
+++ b/ansible/roles/base/files/login.conf
@@ -7,7 +7,6 @@
 # This file controls resource limits, accounting limits and
 # default user environment settings.
 #
-# $FreeBSD$
 #

 # Default settings effectively disable resource limits, see the
--- a/ansible/roles/blank/tasks/common.yaml
+++ b/ansible/roles/blank/tasks/common.yaml
@@ -1,3 +1,43 @@
+# - name: Create directories
+#   file:
+#     name: "{{ item }}"
+#     state: directory
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - /foo/bar
+
+# - name: Install scripts
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.bash
+#       dest: /usr/local/bin/foo
+
+# - name: Install Configuration
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0600
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.conf
+#       dest: /usr/local/etc/foo.conf
+
+# - name: Clone Source
+#   git:
+#     repo: "https://foo.bar/baz.git"
+#     dest: /foo/bar
+#     version: "v1.0.2"
+#     force: true
+#   diff: false
+
 - import_tasks: tasks/freebsd.yaml
  when: 'os_flavor == "freebsd"'

--- a/ansible/roles/blank/tasks/linux.yaml
+++ b/ansible/roles/blank/tasks/linux.yaml
@@ -13,7 +13,7 @@
 #     name: []
 #     state: present
 #     update_cache: true
-    
+
 # - name: Install packages
 #   package:
 #     name:
--- a/ansible/roles/build/defaults/main.yaml
+++ b/ansible/roles/build/defaults/main.yaml
@@ -1 +1,2 @@
-freebsd_version: "releng/13.2"
+# freebsd_version: "releng/13.2"
+freebsd_version: "9c80d66ec1b4c5b9ac7aaf5b0fdbb1628d49c181"
--- a/ansible/roles/build/files/gpg.asc
+++ b/ansible/roles/build/files/gpg.asc
@@ -1,34 +1,27 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----

 mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
-0H+RsWG0HVRvbSBBbGV4YW5kZXIgPHRvbUBmaXp6LmJ1eno+iJAEExYIADgWIQS4
-SBWTY8KHeReVS+En3kDZuEVcGwUCXZwWGgIbAwULCQgHAgYVCAkKCwIEFgIDAQIe
-AQIXgAAKCRAn3kDZuEVcG9glAQDX3Bzaz9sQpycc40LeLxSKQsWplfJigfr8wWOg
-C15TywEAqkTtCrTNsltdZERLMre7qnv/6RSo54OW0C4pdN7UUAa0HlRvbSBBbGV4
-YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A
-2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhF
-XBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0CuU4m1/MA+gPDKME7syEt
-JsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB9Ub20gQWxleGFuZGVyIDx0b21AaGFy
-bW9uaWMuYWk+iJAEExYIADgWIQS4SBWTY8KHeReVS+En3kDZuEVcGwUCX7D5RAIb
-AwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAn3kDZuEVcGzjDAP9pM1ScstOk
-ti+oRAsNSk8qsjIsCT9O5voDS0Q7plWlcwD/btKVFO9tPLsXhyvdB+NSwueVs7TA
-kRVjlW3hktpefg24OARdnBYaEgorBgEEAZdVAQUBAQdArbTYQgDBMG7EBFTKA6+f
-4CWgwl26Lf2b6cyCGfUw2j4DAQgHiHgEGBYIACAWIQS4SBWTY8KHeReVS+En3kDZ
-uEVcGwUCXZwWGgIbDAAKCRAn3kDZuEVcG03MAQCrkjrE+MhtvbfGaHGHlwz9QnF0
-Z519YzK8Xr8m0O+09QEA9BFCfkAzBM4D4JKeWJh/tmN9U6UexzLrRdY+W9cugAm4
-MwRdnBbKFgkrBgEEAdpHDwEBB0A/IgvgQaDhPkk72raSlUPLZaMyJfPedlfBhbgY
-uhNiSIj1BBgWCAAmAhsCFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+hYFCQe4
-fcwAgXYgBBkWCAAdFiEEgeZEOZZ1UC6xJRa606F5yaU8Dt4FAl2cFsoACgkQ06F5
-yaU8Dt6MngD+Krs3aYyHH6i85ebVESgBI8XeXhgACM4exepw+0UcoYkBAKK4DvV3
-oJD6o1ku6Rr8pUH962SQm8PO9pO2JBBAb6ADCRAn3kDZuEVcG9uAAP43vUsbe24/
-6tjEezAW0a4L2E1u4HNU8t53lolngs1kswEAy1HBdYEMR9TovX/kMeBHLcz1J2pM
-VRSV0JnJhj5eZwa4MwRdnBcBFgkrBgEEAdpHDwEBB0BrvpOZa4q6JHVuc1XUVQTq
-hDgLwD5SJBvzHSTXPYOZMoh+BBgWCAAmAhsgFiEEuEgVk2PCh3kXlUvhJ95A2bhF
-XBsFAl+w+hYFCQe4fZUACgkQJ95A2bhFXBs3NgEA3SFYTgRVstidfoEpEZV4DdSL
-kXaOwN3Eyba4UniClyMA/2CCxQt24vu19TyvUtOXWCp9Zi8SyIqoeiXQ4ZmhhnQO
-uDgEXZwXKBIKKwYBBAGXVQEFAQEHQA7S3cFTEu6iROopVyF4UBl3hQrEAbOc9CW+
-xXKFZYgSAwEIB4h+BBgWCAAmAhsMFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w
-+hcFCQe4fW4ACgkQJ95A2bhFXBtUXAEAyEJCUNVSJ7qvQv5IXuwbYTX2Mh7JU3+F
-GJHO7AWBXCQA/2aLAi9kYmz9ba770XYwTeBZIv9Y6UIwIwVmFdYHC/EM
-=a/z4
+0H+RsWG0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE
+uEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwEC
+HgECF4AACgkQJ95A2bhFXBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0C
+uU4m1/MA+gPDKME7syEtJsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB1Ub20gQWxl
+eGFuZGVyIDx0b21AZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A
+2bhFXBsFAl2cFhoCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQJ95A2bhF
+XBvYJQEA19wc2s/bEKcnHONC3i8UikLFqZXyYoH6/MFjoAteU8sBAKpE7Qq0zbJb
+XWRESzK3u6p7/+kUqOeDltAuKXTe1FAGuDMEXZwWyhYJKwYBBAHaRw8BAQdAPyIL
+4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI9QQYFggAJgIbAhYhBLhIFZNj
+wod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2IAQZFggAHRYhBIHmRDmWdVAu
+sSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7ejJ4A/iq7N2mMhx+ovOXm1REo
+ASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZLuka/KVB/etkkJvDzvaTtiQQ
+QG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/EZ3/d8wxfA9E3Fb/1mt4c2Zr
+NnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/duA4lwsLuDMEXZwXARYJKwYB
+BAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+UiQb8x0k1z2DmTKIfgQYFggA
+JgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdZgAAoJECfeQNm4
+RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SBPG4VvrCzXrmlAP46wUjIRpkM
+rTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2cFygSCisGAQQBl1UBBQEBB0AO
+0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWIEgMBCAeIfgQYFggAJgIbDBYh
+BLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdY5AAoJECfeQNm4RVwbXscA
+/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcWd5t8APwIwcuFVZZA3yayhIxi
+3aqYpMRxpn2t6Nswax1MIM8DBQ==
+=dzEV
 -----END PGP PUBLIC KEY BLOCK-----
--- a/ansible/roles/build/meta/main.yaml
+++ b/ansible/roles/build/meta/main.yaml
@@ -1,3 +1,5 @@
 dependencies:
-  - users
-  - gpg
+  - role: users
+    when: 'os_flavor == "linux"'
+  - role: gpg
+    when: 'os_flavor == "linux"'
--- a/ansible/roles/build/tasks/common.yaml
+++ b/ansible/roles/build/tasks/common.yaml
@@ -3,12 +3,3 @@

 - import_tasks: tasks/linux.yaml
  when: 'os_flavor == "linux"'
-
- include_tasks:
-    file: tasks/peruser.yaml
-    apply:
-      become: yes
-      become_user: "{{ initialize_user }}"
-  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
-  loop_control:
-    loop_var: initialize_user
--- a/ansible/roles/build/tasks/linux.yaml
+++ b/ansible/roles/build/tasks/linux.yaml
@@ -99,7 +99,7 @@
  become: true
  become_user: "{{ build_user.name }}"
  args:
-    creates: /var/cache/pacman/custom/custom.db.tar
+    creates: /var/cache/pacman/custom/custom.db.tar.sig

 - name: Install scripts
  copy:
--- a/ansible/roles/build/templates/src.conf.j2
+++ b/ansible/roles/build/templates/src.conf.j2
@@ -5,12 +5,12 @@ KERNCONF=CUSTOM
 WITH_MALLOC_PRODUCTION=YES
 WITHOUT_LLVM_ASSERTIONS=YES
 WITH_REPRODUCIBLE_BUILD=YES
-PORTS_MODULES+=graphics/drm-510-kmod
-NO_SHARED=YES
+PORTS_MODULES+=graphics/drm-kmod
+PORTS_MODULES+=graphics/gpu-firmware-intel-kmod
+PORTS_MODULES+=net/wireguard-kmod

 # Would be fun to experiment with:
 # WITHOUT_SOURCELESS=YES
-# WITHOUT_SHARED_TOOLCHAIN=YES
 # WITHOUT_GAMES=YES
 # WITHOUT_KERBEROS=YES
 # WITHOUT_LEGACY_CONSOLE=YES
--- a/ansible/roles/cpu/files/cpu_set_perf_perc_freebsd
+++ b/ansible/roles/cpu/files/cpu_set_perf_perc_freebsd
@@ -7,6 +7,12 @@ IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

 perc=$1
+if [ "$perc" -gt 100 ]; then
+    perc=100
+fi
+if [ "$perc" -lt 0 ]; then
+    perc=0
+fi
 epp=$((100 - perc))

 sysctl -N dev.hwpstate_intel | grep -E 'dev.hwpstate_intel.[0-9]+.epp' | while read var; do
--- a/ansible/roles/cpu/tasks/linux_intel.yaml
+++ b/ansible/roles/cpu/tasks/linux_intel.yaml
@@ -4,27 +4,27 @@
      - powertop
    state: present

- name: Install tmpfiles.d configuration
-  copy:
-    src: "files/{{ item }}_tmpfiles.conf"
-    dest: "/etc/tmpfiles.d/{{ item }}.conf"
-    mode: 0644
-    owner: root
-    group: wheel
-  loop:
-    - disable_turboboost
+# - name: Install tmpfiles.d configuration
+#   copy:
+#     src: "files/{{ item }}_tmpfiles.conf"
+#     dest: "/etc/tmpfiles.d/{{ item }}.conf"
+#     mode: 0644
+#     owner: root
+#     group: wheel
+#   loop:
+#     - disable_turboboost

- name: Favor energy efficiency for Speed Shift
-  when: hwpstate is defined and hwpstate and cores is defined
-  template:
-    src: "templates/{{ item.src }}.j2"
-    dest: "{{ item.dest }}"
-    mode: 0755
-    owner: root
-    group: wheel
-  loop:
-    - src: energy_performance_preference.conf
-      dest: /etc/tmpfiles.d/energy_performance_preference.conf
+# - name: Favor energy efficiency for Speed Shift
+#   when: hwpstate is defined and hwpstate and cores is defined
+#   template:
+#     src: "templates/{{ item.src }}.j2"
+#     dest: "{{ item.dest }}"
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: energy_performance_preference.conf
+#       dest: /etc/tmpfiles.d/energy_performance_preference.conf

 - name: Install scripts
  when: hwpstate is defined and hwpstate
--- a/ansible/roles/devfs/files/homeserver_devfs.rules
+++ b/ansible/roles/devfs/files/homeserver_devfs.rules
@@ -0,0 +1,19 @@
+# [localrules=10]
+# add path 'input/*' mode 0660 group video
+# add path 'usb/*' mode 0660 group usb
+
+[tajailwg=13]
+add include $devfsrules_hide_all
+add include $devfsrules_unhide_basic
+add include $devfsrules_unhide_login
+add path 'bpf*' unhide
+add path pf unhide
+add path pflog unhide
+add path pfsynv unhide
+add path 'tun*' unhide
+
+[tajaildhcp=14]
+add include $devfsrules_hide_all
+add include $devfsrules_unhide_basic
+add include $devfsrules_unhide_login
+add path 'bpf*' unhide
--- a/ansible/roles/emacs/files/elisp/lang-javascript.el
+++ b/ansible/roles/emacs/files/elisp/lang-javascript.el
@@ -94,20 +94,20 @@
  )


-;; (use-package web-mode
-;;   :mode (("\\.dust\\'" . web-mode)
-;;          )
-;;   :config
-;;   (setq web-mode-markup-indent-offset 2)
-;;   (setq web-mode-enable-current-element-highlight t)
-;;   )
+(use-package web-mode
+  :mode (("\\.dust\\'" . dust-mode)
+         )
+  :config
+  (setq web-mode-markup-indent-offset 2)
+  (setq web-mode-enable-current-element-highlight t)
+  )

-;; ;; Define a custom mode for dust so that org-mode handle #+BEGIN_SRC dust blocks
-;; (define-derived-mode dust-mode web-mode "WebDust"
-;;   "Major mode for editing dust templates in web-mode."
-;;   (web-mode)
-;;   (web-mode-set-engine "dust")
-;;   ;; (setq web-mode-content-type "html")
-;;   )
+;; Define a custom mode for dust so that org-mode handle #+BEGIN_SRC dust blocks
+(define-derived-mode dust-mode web-mode "WebDust"
+  "Major mode for editing dust templates in web-mode."
+  (web-mode)
+  (web-mode-set-engine "dust")
+  ;; (setq web-mode-content-type "html")
+  )

 (provide 'lang-javascript)
--- a/ansible/roles/freebsd_update_server/files/build_release.bash
+++ b/ansible/roles/freebsd_update_server/files/build_release.bash
@@ -0,0 +1,130 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+: ${DATA_DIRECTORY:="/usr/local/share/freebsdupdate"}
+: ${STAGE_FILE:="${DATA_DIRECTORY}/stage"}
+: ${RELEASE_DIRECTORY:="${DATA_DIRECTORY}/release"}
+: ${LOG_DIRECTORY:="${DATA_DIRECTORY}/logs"}
+: ${PORTS_TREE:="/usr/ports"}
+: ${PORTS_REPO:="https://git.FreeBSD.org/ports.git"}
+
+############## Setup #########################
+
+function die {
+    local status_code="$1"
+    shift
+    (>&2 echo "${@}")
+    exit "$status_code"
+}
+
+function log {
+    (>&2 echo "${@}")
+}
+
+############## Program #########################
+
+function main {
+    assert_directories
+
+    local stage=""
+    if [ -e "$STAGE_FILE" ]; then
+        local stage=$(cat "$STAGE_FILE")
+    fi
+    if [ "$stage" = "selfbuild" ]; then
+        log_cmd stage_selfbuild
+    elif [ "$stage" = "selfinstallworld" ]; then
+        log_cmd stage_selfinstallworld
+    elif [ "$stage" = "selfconflictcheck" ]; then
+        log_cmd stage_selfconflictcheck
+    elif [ "$stage" = "releasebuild" ]; then
+        log_cmd stage_releasebuild
+    elif [ "$stage" = "done" ]; then
+        log_cmd stage_done
+    else
+        die 1 "Unhandled stage: \"$stage\"."
+    fi
+}
+
+function log_cmd {
+    "${@}" |& tee "$LOG_DIRECTORY/$(date +%Y%m%d-%s).log"
+}
+
+function self_conflict_check {
+    if etcupdate status | grep -qE '^  C '; then
+        die 1 'Conflicts remain in etcupdate. Run `etcupdate resolve` to fix them first.'
+    fi
+}
+
+function assert_directories {
+    for d in "$DATA_DIRECTORY" "$RELEASE_DIRECTORY" "$LOG_DIRECTORY"; do
+        if [ ! -e "$d" ]; then
+            mkdir -p "$d"
+        fi
+    done
+}
+
+function update_ports_tree {
+    if [ ! -e "$PORTS_TREE" ]; then
+        mkdir -p $PORTS_TREE
+        git -C $PORTS_TREE init --initial-branch=main
+        git -C $PORTS_TREE remote add origin $PORTS_REPO
+    fi
+    git -C $PORTS_TREE fetch origin main # 'refs/heads/main'
+    git -C $PORTS_TREE checkout FETCH_HEAD
+}
+
+function set_stage {
+    echo "${@}" > "$STAGE_FILE"
+}
+
+function stage_selfbuild {
+    self_conflict_check
+    assert_directories
+    update_ports_tree
+
+    SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src clean
+    SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src buildworld buildkernel
+    SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src installkernel
+
+    set_stage "selfinstallworld"
+    /sbin/shutdown -r now
+}
+
+function stage_selfinstallworld {
+    etcupdate -p
+    SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src installworld
+    etcupdate -B
+
+    set_stage "selfconflictcheck"
+    stage_selfconflictcheck
+}
+
+function stage_selfconflictcheck {
+    self_conflict_check
+    set_stage "releasebuild"
+    /sbin/shutdown -r now
+}
+
+function stage_releasebuild {
+    local today=$(date +%Y%m%d)
+    local target_directory="${RELEASE_DIRECTORY}/${today}"
+    if [ -e "$target_directory" ]; then
+        die 1 "The release directory $target_directory already exists. Exiting."
+    fi
+    SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src clean
+    make -C /usr/src buildworld buildkernel
+    make -C /usr/src/release obj
+    make -C /usr/src/release release
+    mkdir -p "$target_directory"
+    make -C /usr/src/release install DESTDIR="$target_directory"
+    set_stage "done"
+}
+
+function stage_done {
+    log "Everything is done."
+}
+
+main "${@}"
--- a/ansible/roles/freebsd_update_server/files/release.conf
+++ b/ansible/roles/freebsd_update_server/files/release.conf
@@ -0,0 +1,120 @@
+#!/bin/sh
+#
+
+## Redefine environment variables here to override prototypes
+## defined in release.sh.
+#load_chroot_env() { }
+#load_target_env() { }
+#buildenv_setup() { }
+
+## Set the directory within which the release will be built.
+CHROOTDIR="/scratch"
+
+## Do not explicitly require the devel/git port to be installed.
+#NOGIT=1
+## Set the version control system host.
+GITROOT="https://git.freebsd.org/"
+GITSRC="src.git"
+GITPORTS="ports.git"
+
+## Set the src/, ports/, and doc/ branches or tags.
+#SRCBRANCH="stable/13"
+SRCBRANCH="main"
+PORTBRANCH="main"
+
+## Sample configuration for using git from ports.
+#GITCMD="/usr/local/bin/git clone -q --branch main"
+
+## Set to override the default target architecture.
+#TARGET="amd64"
+#TARGET_ARCH="amd64"
+#KERNEL="GENERIC"
+KERNEL="GENERIC-NODEBUG"
+## Multiple kernels may be set.
+#KERNEL="GENERIC XENHVM"
+
+## Set to specify a custom make.conf and/or src.conf
+#MAKE_CONF="/etc/local/make.conf"
+MAKE_CONF="/etc/make.conf"
+#SRC_CONF="/etc/local/src.conf"
+SRC_CONF="/etc/src.conf"
+
+## Set to use make(1) flags.
+#MAKE_FLAGS="-s"
+
+## Set to use world- and kernel-specific make(1) flags.
+#WORLD_FLAGS="-j $(sysctl -n hw.ncpu)"
+#KERNEL_FLAGS="-j $(( $(( $(sysctl -n hw.ncpu) + 1 )) / 2 ))"
+
+## Set miscellaneous 'make release' settings.
+#NOPORTS=
+#NOSRC=
+#WITH_DVD=
+#WITH_COMPRESSED_IMAGES=
+
+## Set to '1' to disable multi-threaded xz(1) compression.
+#XZ_THREADS=0
+
+## Set when building embedded images.
+#EMBEDDEDBUILD=
+
+## Set to a list of ports required to build embedded system-on-chip
+## images, such as sysutils/u-boot-rpi.
+#EMBEDDEDPORTS=
+
+## Set to the hardware platform of the target userland.  This value
+## is passed to make(1) to set the TARGET (value of uname -m) to cross
+## build.
+#EMBEDDED_TARGET=
+
+## Set to the machine processor architecture of the target userland.
+## This value is passed to make(1) to set the TARGET_ARCH (value of uname -p)
+## to cross build.
+#EMBEDDED_TARGET_ARCH=
+
+## Set to skip the chroot environment buildworld/installworld/distribution
+## step if it is expected the build environment will exist via alternate
+## means.
+#CHROOTBUILD_SKIP=
+
+## Set to a non-empty value skip checkout or update of /usr/src in
+## the chroot.  This is intended for use when /usr/src already exists.
+#SRC_UPDATE_SKIP=
+
+## Set to a non-empty value skip checkout or update of /usr/ports in
+## the chroot.  This is intended for use when /usr/ports already exists.
+#PORTS_UPDATE_SKIP=
+
+## Set to pass additional flags to make(1) for the build chroot setup, such
+## as TARGET/TARGET_ARCH.
+#CHROOT_MAKEENV=
+
+## Set to a non-empty value to build virtual machine images as part of the
+## release build.
+#WITH_VMIMAGES=
+
+## Set to a non-empty value to compress virtual machine images with xz(1)
+## as part of the release build.
+#WITH_COMPRESSED_VMIMAGES=
+
+## If WITH_VMIMAGES is set to a non-empty value, this is the name of the
+## file to use for the installed userland/kernel.
+#VMBASE="vm"
+
+## If WITH_VMIMAGES is set to a non-empty value, this is the size of the
+## virtual machine disk filesystem.  Valid size values are described in
+## the makefs(8) manual page.
+#VMSIZE="20g"
+
+## If WITH_VMIMAGES is set to a non-empty value, this is a list of disk
+## image formats to create.  Valid values are listed in the mkimg(1)
+## manual page, as well as 'mkimg --formats' output.
+#VMFORMATS="vhdf vmdk qcow2 raw"
+
+## Set to a non-empty value to build virtual machine images for various
+## cloud providers as part of the release build.
+#WITH_CLOUDWARE=
+
+## If WITH_CLOUDWARE is set to a non-empty value, this is a list of providers
+## to create disk images.
+#CLOUDWARE="EC2 GCE VAGRANT-VIRTUALBOX VAGRANT-VMWARE"
--- a/ansible/roles/freebsd_update_server/tasks/common.yaml
+++ b/ansible/roles/freebsd_update_server/tasks/common.yaml
@@ -0,0 +1,5 @@
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd" and build_user is defined'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
--- a/ansible/roles/freebsd_update_server/tasks/freebsd.yaml
+++ b/ansible/roles/freebsd_update_server/tasks/freebsd.yaml
@@ -0,0 +1,50 @@
+- name: Install packages
+  package:
+    name:
+      - git
+      - tmux # For convenience
+      - htop # For convenience
+      - bash
+    state: present
+
+- name: Create directories
+  file:
+    name: "{{ item }}"
+    state: directory
+    mode: 0755
+    owner: "{{ build_user.name }}"
+    group: "{{ build_user.group }}"
+  loop:
+    - /opt/freebsd_update_server
+
+- name: Clone freebsd-update-build
+  git:
+    repo: "https://github.com/freebsd/freebsd-update-build.git"
+    dest: /opt/freebsd_update_server/freebsd-update-build
+    version: "28bb3ae7de9c1332fe8a366fb154a5b9faf37f49"
+    force: true
+  become: true
+  become_user: "{{ build_user.name }}"
+  diff: false
+
+- name: Install Configuration
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0600
+    owner: "{{ build_user.name }}"
+    group: "{{ build_user.group }}"
+  loop:
+    - src: release.conf
+      dest: /opt/freebsd_update_server/release.conf
+
+- name: Install scripts
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0755
+    owner: root
+    group: wheel
+  loop:
+    - src: build_release.bash
+      dest: /usr/local/bin/build_release
--- a/ansible/roles/freebsd_update_server/tasks/linux.yaml
+++ b/ansible/roles/freebsd_update_server/tasks/linux.yaml
@@ -0,0 +1,29 @@
+# - name: Build aur packages
+#   register: buildaur
+#   become_user: "{{ build_user.name }}"
+#   command: "aurutils-sync --no-view {{ item }}"
+#   args:
+#     creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
+#   loop:
+#     - foo
+
+# - name: Update cache
+#   when: buildaur.changed
+#   pacman:
+#     name: []
+#     state: present
+#     update_cache: true
+    
+# - name: Install packages
+#   package:
+#     name:
+#       - foo
+#     state: present
+
+# - name: Enable services
+#   systemd:
+#     enabled: yes
+#     name: "{{ item }}"
+#     daemon_reload: yes
+#   loop:
+#     - foo.service
--- a/ansible/roles/freebsd_update_server/tasks/main.yaml
+++ b/ansible/roles/freebsd_update_server/tasks/main.yaml
@@ -0,0 +1,2 @@
+- import_tasks: tasks/common.yaml
+  # when: foo is defined
--- a/ansible/roles/fstab/tasks/common.yaml
+++ b/ansible/roles/fstab/tasks/common.yaml
@@ -3,13 +3,3 @@

 - import_tasks: tasks/linux.yaml
  when: 'os_flavor == "linux"'
-
- include_tasks:
-    file: tasks/peruser.yaml
-    apply:
-      become: yes
-      become_user: "{{ initialize_user }}"
-  when: users is defined
-  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
-  loop_control:
-    loop_var: initialize_user
--- a/ansible/roles/google_cloud_sdk/tasks/linux.yaml
+++ b/ansible/roles/google_cloud_sdk/tasks/linux.yaml
@@ -5,7 +5,7 @@
  args:
    creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
  loop:
-    - google-cloud-sdk
+    - google-cloud-cli

 - name: Update cache
  when: buildaur.changed
@@ -13,9 +13,9 @@
    name: []
    state: present
    update_cache: true
-    
+
 - name: Install packages
  package:
    name:
-      - google-cloud-sdk
+      - google-cloud-cli
    state: present
--- a/ansible/roles/gpg/templates/gpg-agent.conf.j2
+++ b/ansible/roles/gpg/templates/gpg-agent.conf.j2
@@ -4,3 +4,6 @@ use-standard-socket
 default-cache-ttl 600
 max-cache-ttl 7200
 display :0
+{% if install_graphics and os_flavor == "freebsd" %}
+pinentry-program /usr/local/bin/pinentry-qt5
+{% endif %}
--- a/ansible/roles/graphics/files/intel_hw_accel_video_loader.conf
+++ b/ansible/roles/graphics/files/intel_hw_accel_video_loader.conf
@@ -0,0 +1,2 @@
+#enable_guc=2
+#hw.i915kms.enable_guc=2
--- a/ansible/roles/graphics/tasks/freebsd_intel.yaml
+++ b/ansible/roles/graphics/tasks/freebsd_intel.yaml
@@ -29,6 +29,7 @@
    group: wheel
  loop:
    - intel_power
+    - intel_hw_accel_video

 - name: Install service configuration
  copy:
--- a/ansible/roles/homeserver/files/decrypt_disks.bash
+++ b/ansible/roles/homeserver/files/decrypt_disks.bash
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+#
+# Decrypt and mount the disks after a fresh reboot.
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+zfs load-key -r zmass/encrypted
+zfs mount -a
+service bemount start
--- a/ansible/roles/homeserver/tasks/common.yaml
+++ b/ansible/roles/homeserver/tasks/common.yaml
@@ -0,0 +1,55 @@
+# - name: Create directories
+#   file:
+#     name: "{{ item }}"
+#     state: directory
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - /foo/bar
+
+# - name: Install scripts
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.bash
+#       dest: /usr/local/bin/foo
+
+# - name: Install Configuration
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0600
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.conf
+#       dest: /usr/local/etc/foo.conf
+
+# - name: Clone Source
+#   git:
+#     repo: "https://foo.bar/baz.git"
+#     dest: /foo/bar
+#     version: "v1.0.2"
+#     force: true
+#   diff: false
+
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  when: users is defined
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user
--- a/ansible/roles/homeserver/tasks/freebsd.yaml
+++ b/ansible/roles/homeserver/tasks/freebsd.yaml
@@ -0,0 +1,10 @@
+- name: Install scripts
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0755
+    owner: root
+    group: wheel
+  loop:
+    - src: decrypt_disks.bash
+      dest: /usr/local/bin/decrypt_disks
--- a/ansible/roles/homeserver/tasks/linux.yaml
+++ b/ansible/roles/homeserver/tasks/linux.yaml
@@ -0,0 +1,29 @@
+# - name: Build aur packages
+#   register: buildaur
+#   become_user: "{{ build_user.name }}"
+#   command: "aurutils-sync --no-view {{ item }}"
+#   args:
+#     creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
+#   loop:
+#     - foo
+
+# - name: Update cache
+#   when: buildaur.changed
+#   pacman:
+#     name: []
+#     state: present
+#     update_cache: true
+
+# - name: Install packages
+#   package:
+#     name:
+#       - foo
+#     state: present
+
+# - name: Enable services
+#   systemd:
+#     enabled: yes
+#     name: "{{ item }}"
+#     daemon_reload: yes
+#   loop:
+#     - foo.service
--- a/ansible/roles/homeserver/tasks/main.yaml
+++ b/ansible/roles/homeserver/tasks/main.yaml
@@ -0,0 +1,2 @@
+- import_tasks: tasks/common.yaml
+  # when: foo is defined
--- a/ansible/roles/homeserver/tasks/peruser.yaml
+++ b/ansible/roles/homeserver/tasks/peruser.yaml
--- a/ansible/roles/homeserver/tasks/peruser_freebsd.yaml
+++ b/ansible/roles/homeserver/tasks/peruser_freebsd.yaml
--- a/ansible/roles/homeserver/tasks/peruser_linux.yaml
+++ b/ansible/roles/homeserver/tasks/peruser_linux.yaml
--- a/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf
+++ b/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf
@@ -78,6 +78,11 @@
                        // brianai
                        "hw-address": "06:a6:dc:59:78:12",
                        "ip-address": "10.215.1.215"
+                    },
+                    {
+                        // freebsdupdate
+                        "hw-address": "06:14:5c:92:3d:5b",
+                        "ip-address": "10.215.1.213"
                    }
                ]
            }
--- a/ansible/roles/javascript/tasks/linux.yaml
+++ b/ansible/roles/javascript/tasks/linux.yaml
@@ -1,3 +1,19 @@
+- name: Build aur packages
+  register: buildaur
+  become_user: "{{ build_user.name }}"
+  command: "aurutils-sync --no-view {{ item }}"
+  args:
+    creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
+  loop:
+    - nvm
+
+- name: Update cache
+  when: buildaur.changed
+  pacman:
+    name: []
+    state: present
+    update_cache: true
+
 - name: Install packages
  package:
    name:
--- a/ansible/roles/media/tasks/linux.yaml
+++ b/ansible/roles/media/tasks/linux.yaml
@@ -1,5 +1,5 @@
 - name: Install packages
  package:
    name:
-      - youtube-dl
+      - yt-dlp
    state: present
--- a/ansible/roles/network/files/odofreebsd_network.conf
+++ b/ansible/roles/network/files/odofreebsd_network.conf
@@ -1,3 +1,4 @@
-wlans_ath0="wlan0"
+#wlans_ath0="wlan0"
+wlans_iwm0="wlan0"
 ifconfig_wlan0="WPA DHCP"
 ifconfig_wlan0_ipv6="inet6 accept_rtadv"
--- a/ansible/roles/pixelbook/files/61-eve-keyboard.hwdb
+++ b/ansible/roles/pixelbook/files/61-eve-keyboard.hwdb
@@ -0,0 +1,4 @@
+evdev:atkbd:dmi:bvn*:bvr*:bd*:svnGoogle:pnEve:pvr*
+ KEYBOARD_KEY_5d=delete
+ KEYBOARD_KEY_d8=leftmeta
+ KEYBOARD_KEY_db=capslock
--- a/ansible/roles/pixelbook/files/9d71-GOOGLE-EVEMAX-0-tplg.bin
+++ b/ansible/roles/pixelbook/files/9d71-GOOGLE-EVEMAX-0-tplg.bin
--- a/ansible/roles/pixelbook/files/HiFi.conf
+++ b/ansible/roles/pixelbook/files/HiFi.conf
@@ -0,0 +1,129 @@
+SectionVerb {
+        EnableSequence [
+                cdev "hw:kblr55145663max"
+
+                cset "name='codec1_out mo hs_pb_in mi Switch' on"
+                cset "name='Left DAI Sel Mux' Left"
+                cset "name='Right DAI Sel Mux' Right"
+                cset "name='Left Speaker Volume' 3"
+                cset "name='Right Speaker Volume' 3"
+                cset "name='Left Digital Volume' 60"
+                cset "name='Right Digital Volume' 60"
+                cset "name='Left Spk Switch' on"
+                cset "name='Right Spk Switch' on"
+                cset "name='Left Boost Output Voltage' 0"
+                cset "name='Right Boost Output Voltage' 0"
+                cset "name='Left Current Limit' 7"
+                cset "name='Right Current Limit' 7"
+                cset "name='Headphone Playback Volume' 16"
+                cset "name='Headset Mic Switch' off"
+                cset "name='DMIC Switch' on"
+                cset "name='STO1 ADC MIXL ADC1 Switch' on"
+                cset "name='Pin5-Port0 Mux' 2"
+                cset "name='Pin5-Port1 Mux' 2"
+                cset "name='Pin5-Port2 Mux' 2"
+                cset "name='Pin6-Port0 Mux' 1"
+                cset "name='Pin6-Port1 Mux' 1"
+                cset "name='Pin6-Port2 Mux' 1"
+                cset "name='Pin7-Port0 Mux' 3"
+                cset "name='Pin7-Port1 Mux' 3"
+                cset "name='Pin7-Port2 Mux' 3"
+                cset "name='ADC Capture Volume' 35"
+                cset "name='ADC1 Capture Volume' 55"
+                cset "name='ADC2 Capture Volume' 55"
+                cset "name='DAC L Mux' STO DAC MIXL"
+                cset "name='DAC R Mux' STO DAC MIXR"
+                cset "name='STO1 DAC MIXL DAC L Switch' on"
+                cset "name='STO1 DAC MIXR DAC R Switch' on"
+                cset-tlv "name='spk_pb_in dsm 0 dsm_params params' /opt/google/dsm/dsmparam.bin"
+        ]
+}
+
+SectionDevice."Speaker" {
+	Comment "Speaker"
+
+	Value {
+		PlaybackPCM "hw:kblr55145663max,0"
+		DspName "speaker_eq"
+	}
+}
+
+SectionDevice."Headphones" {
+        Comment "Headphones"
+
+        Value {
+                PlaybackPCM "hw:kblr55145663max,2"
+                MixerName "DAC"
+                JackDev "kbl-r5514-5663-max Headset Jack"
+
+        }
+
+        EnableSequence [
+                cset "name='Headphone Jack Switch' on"
+        ]
+
+        DisableSequence [
+                cset "name='Headphone Jack Switch' off"
+        ]
+}
+
+SectionDevice."Internal Mic" {
+	Comment "Internal Microphone"
+
+	Value {
+		CapturePCM "hw:kblr55145663max,4"
+		CaptureChannelMap "2 3 0 1 -1 -1 -1 -1 -1 -1 -1"
+		MixerName "ADC2"
+		DefaultNodeGain "2700"
+		CaptureChannels "4"
+	}
+
+	EnableSequence [
+		cset "name='Sto1 ADC MIXL DMIC Switch' on"
+		cset "name='Sto1 ADC MIXR DMIC Switch' on"
+		cset "name='Sto2 ADC MIXL DMIC Switch' on"
+		cset "name='Sto2 ADC MIXR DMIC Switch' on"
+	]
+
+	DisableSequence [
+		cset "name='Sto1 ADC MIXL DMIC Switch' off"
+		cset "name='Sto1 ADC MIXR DMIC Switch' off"
+		cset "name='Sto2 ADC MIXL DMIC Switch' off"
+		cset "name='Sto2 ADC MIXR DMIC Switch' off"
+	]
+}
+
+SectionDevice."Mic" {
+	Comment "Headset Microphone"
+
+	Value {
+		CapturePCM "hw:kblr55145663max,1"
+		JackDev "kbl-r5514-5663-max Headset Jack"
+	}
+
+	EnableSequence [
+		cset "name='Headset Mic Switch' on"
+	]
+
+	DisableSequence [
+		cset "name='Headset Mic Switch' off"
+	]
+}
+
+SectionDevice."HDMI1" {
+	Comment "HDMI 1"
+
+        Value {
+                PlaybackPCM "hw:kblr55145663max,6"
+                JackDev "kbl-r5514-5663-max HDMI/DP,pcm=6 Jack"
+        }
+}
+
+SectionDevice."HDMI2" {
+	Comment "HDMI 2"
+
+        Value {
+                PlaybackPCM "hw:kblr55145663max,7"
+                JackDev "kbl-r5514-5663-max HDMI/DP,pcm=7 Jack"
+        }
+}
--- a/ansible/roles/pixelbook/files/dsmparam.bin
+++ b/ansible/roles/pixelbook/files/dsmparam.bin
--- a/ansible/roles/pixelbook/files/dsp_fw_C75061F3-F2B2-4DCC-8F9F-82ABB4131E66.bin
+++ b/ansible/roles/pixelbook/files/dsp_fw_C75061F3-F2B2-4DCC-8F9F-82ABB4131E66.bin
--- a/ansible/roles/pixelbook/files/dsp_lib_dsm_core_spt_release.bin
+++ b/ansible/roles/pixelbook/files/dsp_lib_dsm_core_spt_release.bin
--- a/ansible/roles/pixelbook/files/kbl-r5514-5663-.conf
+++ b/ansible/roles/pixelbook/files/kbl-r5514-5663-.conf
@@ -0,0 +1,6 @@
+Syntax 3
+
+SectionUseCase."HiFi" {
+	File "HiFi.conf"
+	Comment "Default"
+}
--- a/ansible/roles/pixelbook/files/pixelbook_keyboard_backlight_tmpfiles.conf
+++ b/ansible/roles/pixelbook/files/pixelbook_keyboard_backlight_tmpfiles.conf
@@ -0,0 +1,2 @@
+# Enable the pixelbook keyboard backlight. This seems to persist without needing the tmpfiles.d entry but it is here for clean installs of the machine.
+w- /sys/class/leds/chromeos::kbd_backlight/brightness - - - - 100
--- a/ansible/roles/pixelbook/tasks/common.yaml
+++ b/ansible/roles/pixelbook/tasks/common.yaml
@@ -0,0 +1,55 @@
+# - name: Create directories
+#   file:
+#     name: "{{ item }}"
+#     state: directory
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - /foo/bar
+
+# - name: Install scripts
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.bash
+#       dest: /usr/local/bin/foo
+
+# - name: Install Configuration
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0600
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.conf
+#       dest: /usr/local/etc/foo.conf
+
+# - name: Clone Source
+#   git:
+#     repo: "https://foo.bar/baz.git"
+#     dest: /foo/bar
+#     version: "v1.0.2"
+#     force: true
+#   diff: false
+
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  when: users is defined
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user
--- a/ansible/roles/pixelbook/tasks/freebsd.yaml
+++ b/ansible/roles/pixelbook/tasks/freebsd.yaml
@@ -0,0 +1,5 @@
+# - name: Install packages
+#   package:
+#     name:
+#       - foo
+#     state: present
--- a/ansible/roles/pixelbook/tasks/linux.yaml
+++ b/ansible/roles/pixelbook/tasks/linux.yaml
@@ -0,0 +1,57 @@
+# Audio firmware from instructions at https://wiki.gentoo.org/wiki/Google_Pixelbook_(2017)#Audio
+
+- name: Create directories
+  file:
+    name: "{{ item }}"
+    state: directory
+    mode: 0755
+    owner: root
+    group: wheel
+  loop:
+    - /opt/google/dsm
+    - /usr/share/alsa/ucm2/Intel/kbl-r5514-5663-
+    - /usr/share/alsa/ucm2/conf.d/kbl-r5514-5663-
+
+- name: Install tmpfiles.d configuration
+  copy:
+    src: "files/{{ item }}_tmpfiles.conf"
+    dest: "/etc/tmpfiles.d/{{ item }}.conf"
+    mode: 0644
+    owner: root
+    group: wheel
+  loop:
+    - pixelbook_keyboard_backlight
+
+- name: Install Configuration
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0600
+    owner: root
+    group: wheel
+  loop:
+    - src: 61-eve-keyboard.hwdb
+      dest: /etc/udev/hwdb.d/61-eve-keyboard.hwdb
+    - src: 9d71-GOOGLE-EVEMAX-0-tplg.bin
+      dest: /lib/firmware/9d71-GOOGLE-EVEMAX-0-tplg.bin
+    - src: dsp_lib_dsm_core_spt_release.bin
+      dest: /lib/firmware/dsp_lib_dsm_core_spt_release.bin
+    - src: dsp_fw_C75061F3-F2B2-4DCC-8F9F-82ABB4131E66.bin
+      dest: /lib/firmware/intel/dsp_fw_C75061F3-F2B2-4DCC-8F9F-82ABB4131E66.bin
+    - src: dsmparam.bin
+      dest: /opt/google/dsm/dsmparam.bin
+    - src: HiFi.conf
+      dest: /usr/share/alsa/ucm2/Intel/kbl-r5514-5663-/HiFi.conf
+    - src: kbl-r5514-5663-.conf
+      dest: /usr/share/alsa/ucm2/Intel/kbl-r5514-5663-/kbl-r5514-5663-.conf
+
+- name: Create symlinks
+  file:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: wheel
+    state: link
+  loop:
+    - src: /usr/share/alsa/ucm2/Intel/kbl-r5514-5663-/kbl-r5514-5663-.conf
+      dest: /usr/share/alsa/ucm2/conf.d/kbl-r5514-5663-/kbl-r5514-5663-.conf
--- a/ansible/roles/pixelbook/tasks/main.yaml
+++ b/ansible/roles/pixelbook/tasks/main.yaml
@@ -0,0 +1,2 @@
+- import_tasks: tasks/common.yaml
+  # when: foo is defined
--- a/ansible/roles/pixelbook/tasks/peruser.yaml
+++ b/ansible/roles/pixelbook/tasks/peruser.yaml
--- a/ansible/roles/pixelbook/tasks/peruser_freebsd.yaml
+++ b/ansible/roles/pixelbook/tasks/peruser_freebsd.yaml
--- a/ansible/roles/pixelbook/tasks/peruser_linux.yaml
+++ b/ansible/roles/pixelbook/tasks/peruser_linux.yaml
--- a/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-make.conf
+++ b/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-make.conf
@@ -4,7 +4,7 @@
 #
 # Example from bottom of /usr/share/examples/etc/make.conf
 .if ${.CURDIR:N*/lang/gcc48*} && ${.CURDIR:N*/lang/gcc10*} && ${.CURDIR:N*/devel/qt6-base*}
-CPUTYPE?=tigerlake
+CPUTYPE?=skylake
 # CPUTYPE?=x86-64-v4
 .endif

--- a/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-pkglist
+++ b/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-pkglist
@@ -20,6 +20,7 @@ dns/coredns
 editors/emacs
 editors/mg
 ftp/wget
+graphics/ImageMagick
 graphics/drm-kmod
 graphics/evince
 graphics/gimp
--- a/ansible/roles/restaurant_health_rating/tasks/common.yaml
+++ b/ansible/roles/restaurant_health_rating/tasks/common.yaml
@@ -0,0 +1,55 @@
+# - name: Create directories
+#   file:
+#     name: "{{ item }}"
+#     state: directory
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - /foo/bar
+
+# - name: Install scripts
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.bash
+#       dest: /usr/local/bin/foo
+
+# - name: Install Configuration
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0600
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.conf
+#       dest: /usr/local/etc/foo.conf
+
+# - name: Clone Source
+#   git:
+#     repo: "https://foo.bar/baz.git"
+#     dest: /foo/bar
+#     version: "v1.0.2"
+#     force: true
+#   diff: false
+
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  when: users is defined
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user
--- a/ansible/roles/restaurant_health_rating/tasks/freebsd.yaml
+++ b/ansible/roles/restaurant_health_rating/tasks/freebsd.yaml
@@ -0,0 +1,5 @@
+- name: Install packages
+  package:
+    name:
+      - ImageMagick7
+    state: present
--- a/ansible/roles/restaurant_health_rating/tasks/linux.yaml
+++ b/ansible/roles/restaurant_health_rating/tasks/linux.yaml
@@ -0,0 +1,6 @@
+- name: Install packages
+  package:
+    name:
+      - imagemagick
+      - web-ext
+    state: present
--- a/ansible/roles/restaurant_health_rating/tasks/main.yaml
+++ b/ansible/roles/restaurant_health_rating/tasks/main.yaml
@@ -0,0 +1,2 @@
+- import_tasks: tasks/common.yaml
+  # when: foo is defined
--- a/ansible/roles/restaurant_health_rating/tasks/peruser.yaml
+++ b/ansible/roles/restaurant_health_rating/tasks/peruser.yaml
@@ -0,0 +1,29 @@
+- include_role:
+    name: per_user
+
+# - name: Create directories
+#   file:
+#     name: "{{ account_homedir.stdout }}/{{ item }}"
+#     state: directory
+#     mode: 0700
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - ".config/foo"
+
+# - name: Copy files
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+#     mode: 0600
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - src: foo.conf
+#       dest: .config/foo/foo.conf
+
+- import_tasks: tasks/peruser_freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/peruser_linux.yaml
+  when: 'os_flavor == "linux"'
--- a/ansible/roles/restaurant_health_rating/tasks/peruser_freebsd.yaml
+++ b/ansible/roles/restaurant_health_rating/tasks/peruser_freebsd.yaml
--- a/ansible/roles/restaurant_health_rating/tasks/peruser_linux.yaml
+++ b/ansible/roles/restaurant_health_rating/tasks/peruser_linux.yaml
--- a/ansible/roles/rust/tasks/linux.yaml
+++ b/ansible/roles/rust/tasks/linux.yaml
@@ -5,4 +5,5 @@
      - lldb # for lldb-vscode
      - musl # for building static binaries
      - rust-analyzer
+      - cargo-semver-checks
    state: present
--- a/ansible/roles/sound/tasks/linux.yaml
+++ b/ansible/roles/sound/tasks/linux.yaml
@@ -13,7 +13,7 @@
 #     name: []
 #     state: present
 #     update_cache: true
-    
+
 - name: Install packages
  package:
    name:
@@ -21,4 +21,6 @@
      - pipewire-pulse
      - wireplumber
      - pavucontrol
+      - pipewire-jack
+      - lib32-pipewire-jack
    state: present
--- a/ansible/roles/sshd/files/sshd_config
+++ b/ansible/roles/sshd/files/sshd_config
@@ -89,7 +89,7 @@ KbdInteractiveAuthentication no
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
-#X11Forwarding yes
+#X11Forwarding no
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PermitTTY yes
@@ -106,7 +106,7 @@ KbdInteractiveAuthentication no
 #PermitTunnel no
 #ChrootDirectory none
 #UseBlacklist no
-#VersionAddendum FreeBSD-20230316
+#VersionAddendum FreeBSD-20231004

 # no default banner path
 #Banner none
--- a/ansible/roles/sway/tasks/linux.yaml
+++ b/ansible/roles/sway/tasks/linux.yaml
@@ -5,7 +5,6 @@
  args:
    creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
  loop:
-    - wev
    - wlvncc-git
    - wl-screenrec-git

--- a/ansible/roles/wireguard/files/wireguard_configs/pixel/wgf.conf
+++ b/ansible/roles/wireguard/files/wireguard_configs/pixel/wgf.conf
--- a/ansible/roles/wireguard/files/wireguard_configs/pixel/wgh.conf
+++ b/ansible/roles/wireguard/files/wireguard_configs/pixel/wgh.conf
--- a/ansible/roles/zfs/tasks/linux.yaml
+++ b/ansible/roles/zfs/tasks/linux.yaml
@@ -4,6 +4,21 @@
      - linux-lts-headers
    state: present

+- name: Check trusted gpg keys
+  become_user: "{{ build_user.name }}"
+  command: gpg --list-public-keys --keyid-format LONG
+  register: gpgkeys
+  changed_when: false
+  check_mode: no
+
+- name: Trust ZFS key
+  when: "item not in gpgkeys.stdout"
+  become_user: "{{ build_user.name }}"
+  command: "gpg --recv-key '{{ item }}'"
+  loop:
+    - "0AB9E991C6AF658B"
+    - "6AD860EED4598027"
+
 - name: Build aur packages
  register: buildaur
  become_user: "{{ build_user.name }}"
--- a/ansible/run.bash
+++ b/ansible/run.bash
@@ -22,6 +22,8 @@ elif [ "$target" = "odolinux" ]; then
    ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odolinux "${@}"
 elif [ "$target" = "odofreebsd" ]; then
    ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odofreebsd "${@}"
+elif [ "$target" = "pixellinux" ]; then
+    ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit pixellinux "${@}"
 elif [ "$target" = "jail_nat_dhcp" ]; then
    ansible-playbook -v -i environments/jail playbook.yaml --diff --limit nat_dhcp "${@}"
 elif [ "$target" = "jail_homeserver_nat_dhcp" ]; then
@@ -38,6 +40,8 @@ elif [ "$target" = "jail_admin_git" ]; then
    ansible-playbook -v -i environments/jail playbook.yaml --diff --limit admin_git "${@}"
 elif [ "$target" = "jail_public_dns" ]; then
    ansible-playbook -v -i environments/jail playbook.yaml --diff --limit public_dns "${@}"
+elif [ "$target" = "vm_freebsdupdatemrmanager" ]; then
+    ansible-playbook -v -i environments/vm playbook.yaml --diff --limit freebsdupdatemrmanager "${@}"
 else
    die 1 "Unrecognized target"
 fi
Author	SHA1	Message	Date
Tom Alexander	06de3fb0ac	Disable CPU power consumption settings. The pixelbook seems oddly slow. Disabling this to see if it helps.	2023-11-26 09:31:47 -05:00
Tom Alexander	eaa05e13d0	Enable the wireguard configs.	2023-11-26 09:31:47 -05:00
Tom Alexander	98f6ca10ff	Add wireguard configs for pixelbook.	2023-11-26 09:31:47 -05:00
Tom Alexander	675652044f	Add support for audio.	2023-11-26 09:31:46 -05:00
Tom Alexander	c901defbf3	Add the pixelbook.	2023-11-26 09:31:46 -05:00
Tom Alexander	8bf7b7d489	Trust additional zfs signing key.	2023-11-26 09:31:46 -05:00
Tom Alexander	6e772f1137	Add pipewire jack replacement.	2023-11-26 09:31:46 -05:00
Tom Alexander	d7f99659f1	Add devfs rules for homeserver.	2023-11-24 10:25:16 -05:00
Tom Alexander	023e362896	Add a script to decrypt and mount disks on the home server.	2023-11-18 14:55:19 -05:00
Tom Alexander	c66327a31f	Updates for FreeBSD 14.	2023-11-18 11:02:46 -05:00
Tom Alexander	423d057abd	Add restaurant_health_rating.	2023-11-18 11:02:46 -05:00
Tom Alexander	6061f61c16	Remove extra subkey from linux build key.	2023-11-16 12:35:15 -05:00
Tom Alexander	f6bc39a7fb	TEMP changes for running on NUC.	2023-11-14 15:05:16 -05:00
Tom Alexander	68e84fdd77	Add node version manager (nvm) and minor fixes.	2023-11-14 15:05:16 -05:00
Tom Alexander	48bdb12e77	Change package name for google cloud sdk on linux.	2023-10-26 21:14:41 -04:00
Tom Alexander	ec72d20455	Fix building ZFS on linux.	2023-10-26 21:14:41 -04:00
Tom Alexander	7f47b1ca1b	Enable web-mode for dust files.	2023-10-24 00:59:47 -04:00
Tom Alexander	5fcb37591c	Add guard rails to the cpu_set_perf_perc script for FreeBSD.	2023-10-23 20:10:58 -04:00
Tom Alexander	3f0b8162b8	Add cargo-semver-checks to linux.	2023-10-18 12:53:33 -04:00
Tom Alexander	b90ec542de	Switch to overlay2 for docker. The latest OpenZFS supports overlay2 on top of ZFS which works much better than the zfs storage driver for docker.	2023-10-18 09:43:58 -04:00
Tom Alexander	16b7a200de	Merge branch 'custom_freebsd'	2023-10-18 09:18:54 -04:00
Tom Alexander	e3e7de8eb1	The SHARED_TOOLCHAIN option was removed in FreeBSD 14.	2023-10-16 19:52:37 -04:00
Tom Alexander	51e5917e43	Remove MODULES_WITH_WORLD.	2023-10-16 19:52:37 -04:00
Tom Alexander	2d260dec90	Update the FreeBSD version.	2023-10-16 19:52:37 -04:00
Tom Alexander	72a8d6f615	Build the ports modules with world instead of just with the kernel. I'm hoping this fixes an issue where the chroot for building the ports only contains the kernel files and therefore lacks /bin/sh.	2023-10-16 19:52:37 -04:00
Tom Alexander	34ffd5c100	Build FreeBSD for tigerlake on freebsdupdate. I think I need to move to specifying separate src.conf files for each build but I am going to get this working in a simple setup first.	2023-10-16 19:52:37 -04:00
Tom Alexander	da36f1b3d8	Update build_release script to update the virtual machine OS.	2023-10-16 19:52:37 -04:00
Tom Alexander	1c922c2234	Set up a separate FreeBSD update VM. It seems to compile the ports kernel modules into the OS, I need to be running the same kernel version as I am building, so I am putting it into its own VM.	2023-10-16 19:52:36 -04:00
Tom Alexander	d56132618a	Enable guc for hw accelerated encoding for wl-screenrec.	2023-10-16 19:52:36 -04:00
Tom Alexander	575d4360f1	Build current instead of 13.2.	2023-10-16 19:52:36 -04:00
Tom Alexander	e7328f2865	Use /etc/make.conf and /etc/src.conf.	2023-10-16 19:52:36 -04:00
Tom Alexander	6be5ad6b3d	Add a manual implementation of building a release.	2023-10-16 19:52:36 -04:00
Tom Alexander	44d3cc61f5	Add release.conf.	2023-10-16 19:52:36 -04:00
Tom Alexander	d20ce1e4d4	TEMP: Add the freebsd_update_server role to odofreebsd for development.	2023-10-16 19:52:36 -04:00
Tom Alexander	7ecf2ef1b1	Check out the freebsd-update-build git repo.	2023-10-16 19:52:35 -04:00
Tom Alexander	fccb2312da	Start an ansible role for running a custom freebsd-update server.	2023-10-16 19:52:35 -04:00
Tom Alexander	112cba2b8c	Add more ports to be built along with the kernel.	2023-10-16 19:52:35 -04:00
Tom Alexander	1a017cfac7	Add more task templates to the blank role.	2023-10-16 19:52:35 -04:00