Compare commits
No commits in common. "c2f1a0db1c833829a3e0229728897a6b3e414cf9" and "e9e6e141d28175dd5201b9ce26490d0dfe348531" have entirely different histories.
c2f1a0db1c
...
e9e6e141d2
@ -77,17 +77,8 @@ jail_list:
|
|||||||
# - name: mumbledb
|
# - name: mumbledb
|
||||||
# mount: /var/db/murmur
|
# mount: /var/db/murmur
|
||||||
bhyve_dataset: zmass/encrypted/vm
|
bhyve_dataset: zmass/encrypted/vm
|
||||||
# Disable mounting bhyve dataset so it doesn't hide the unencrypted linfi vm
|
bhyve_canmount: "on"
|
||||||
bhyve_canmount: "off"
|
|
||||||
bhyve_mountpoint: "none"
|
|
||||||
bhyve_bemount: "on"
|
bhyve_bemount: "on"
|
||||||
wireguard_directory: homeserver
|
wireguard_directory: homeserver
|
||||||
enabled_wireguard:
|
enabled_wireguard:
|
||||||
- wgh
|
- wgh
|
||||||
linfi:
|
|
||||||
enabled: true
|
|
||||||
zfs_dataset: zmass/unencrypted/vm/linfi
|
|
||||||
zfs_mountpoint: /vm/linfi
|
|
||||||
driver_blocklist: "ath if_ath if_ath_pci ath_hal"
|
|
||||||
pci_blocklist: "6/0/0"
|
|
||||||
amd: false
|
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
[headless]
|
[headless]
|
||||||
homeserver ansible_user=talexander ansible_host=homeserver
|
homeserver ansible_user=talexander ansible_host=10.216.1.1
|
||||||
|
@ -59,10 +59,3 @@ enabled_wireguard:
|
|||||||
- wgh
|
- wgh
|
||||||
- drmario
|
- drmario
|
||||||
- colo
|
- colo
|
||||||
linfi:
|
|
||||||
enabled: true
|
|
||||||
zfs_dataset: zroot/freebsd/current/vm/linfi
|
|
||||||
zfs_mountpoint: /vm/linfi
|
|
||||||
driver_blocklist: "if_iwm if_iwlwifi"
|
|
||||||
pci_blocklist: "1/0/0"
|
|
||||||
amd: true
|
|
||||||
|
@ -133,7 +133,6 @@
|
|||||||
vars:
|
vars:
|
||||||
ansible_become: True
|
ansible_become: True
|
||||||
roles:
|
roles:
|
||||||
- linfi
|
|
||||||
- homeserver
|
- homeserver
|
||||||
|
|
||||||
- hosts: odowork
|
- hosts: odowork
|
||||||
|
@ -3,7 +3,6 @@
|
|||||||
name:
|
name:
|
||||||
- docker
|
- docker
|
||||||
- docker-compose
|
- docker-compose
|
||||||
- docker-buildx
|
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Create docker zfs dataset
|
- name: Create docker zfs dataset
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
ext_if = "{ igb0 igb1 ix0 ix1 linfi_host }"
|
ext_if = "{ igb0 igb1 ix0 ix1 wlan0 }"
|
||||||
not_ext_if = "{ !igb0 !igb1 !ix0 !ix1 !linfi_host }"
|
not_ext_if = "{ !igb0 !igb1 !ix0 !ix1 !wlan0 }"
|
||||||
jail_nat_v4 = "{ 10.215.1.0/24 }"
|
jail_nat_v4 = "{ 10.215.1.0/24 }"
|
||||||
not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
|
not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
|
||||||
restricted_nat_v4 = "{ 10.215.2.0/24 }"
|
restricted_nat_v4 = "{ 10.215.2.0/24 }"
|
||||||
@ -19,17 +19,17 @@ unifi_ports = "{ 8443 3478 10001 8080 1900 8843 8880 6789 5514 }"
|
|||||||
set skip on lo
|
set skip on lo
|
||||||
|
|
||||||
# queueing
|
# queueing
|
||||||
# altq on linfi_host cbq queue { def, stuff }
|
# altq on wlan0 cbq queue { def, stuff }
|
||||||
# queue def cbq(default borrow)
|
# queue def cbq(default borrow)
|
||||||
# queue stuff bandwidth 8Mb cbq { dagger }
|
# queue stuff bandwidth 8Mb cbq { dagger }
|
||||||
# queue dagger cbq(borrow)
|
# queue dagger cbq(borrow)
|
||||||
|
|
||||||
# redirections
|
# redirections
|
||||||
nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (linfi_host)
|
nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
|
||||||
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 172.16.0.1 port 53
|
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 172.16.0.1 port 53
|
||||||
|
|
||||||
# cloak
|
# cloak
|
||||||
nat pass on $ext_if inet from 10.215.2.0/24 to !10.215.2.0/24 -> (linfi_host)
|
nat pass on $ext_if inet from 10.215.2.0/24 to !10.215.2.0/24 -> (wlan0)
|
||||||
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.2.1 port 53 -> 172.16.0.1 port 53
|
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.2.1 port 53 -> 172.16.0.1 port 53
|
||||||
|
|
||||||
# bastion
|
# bastion
|
||||||
|
@ -1 +0,0 @@
|
|||||||
options cfg80211 ieee80211_regdom=US
|
|
@ -30,7 +30,6 @@
|
|||||||
- iwlwifi
|
- iwlwifi
|
||||||
- snd_hda_intel
|
- snd_hda_intel
|
||||||
- disable_sp5100_watchdog
|
- disable_sp5100_watchdog
|
||||||
- wifi_us
|
|
||||||
|
|
||||||
- name: Configure kernel command line
|
- name: Configure kernel command line
|
||||||
zfs:
|
zfs:
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
#
|
|
||||||
set -euo pipefail
|
|
||||||
IFS=$'\n\t'
|
|
||||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
|
||||||
|
|
||||||
kubectl get pipelinerun --all-namespaces -o go-template='{{range .items}}{{.metadata.namespace}}/{{.metadata.name}}{{"\n"}}{{end}}' | while read p; do namespace=$(cut -d '/' -f 1 <<<"$p"); name=$(cut -d '/' -f 2 <<<"$p"); kubectl patch pipelinerun -n "$namespace" "$name" -p '{"metadata":{"finalizers":null}}' --type=merge; done
|
|
@ -1,7 +0,0 @@
|
|||||||
# linfi:
|
|
||||||
# enabled: true
|
|
||||||
# zfs_dataset: zroot/freebsd/current/vm/linfi
|
|
||||||
# zfs_mountpoint: /vm/linfi
|
|
||||||
# driver_blocklist: "if_iwm if_iwlwifi"
|
|
||||||
# pci_blocklist: "1/0/0"
|
|
||||||
# amd: true
|
|
2
ansible/roles/linfi/files/devmatch_rc.conf
Normal file
2
ansible/roles/linfi/files/devmatch_rc.conf
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
devmatch_enable="YES"
|
||||||
|
devmatch_blocklist="if_iwm if_iwlwifi"
|
@ -32,7 +32,6 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
|||||||
: ${VNC_LISTEN:="127.0.0.1:5900"}
|
: ${VNC_LISTEN:="127.0.0.1:5900"}
|
||||||
: ${VNC_WIDTH:="1920"}
|
: ${VNC_WIDTH:="1920"}
|
||||||
: ${VNC_HEIGHT:="1080"}
|
: ${VNC_HEIGHT:="1080"}
|
||||||
: ${PASSTHROUGH:="1/0/0"}
|
|
||||||
|
|
||||||
if [ "$VERBOSE" = "YES" ]; then
|
if [ "$VERBOSE" = "YES" ]; then
|
||||||
set -x
|
set -x
|
||||||
@ -143,7 +142,7 @@ function start_vm {
|
|||||||
-s 0,hostbridge \
|
-s 0,hostbridge \
|
||||||
-s "4,nvme,/dev/zvol/${zfs_path}/disk0" \
|
-s "4,nvme,/dev/zvol/${zfs_path}/disk0" \
|
||||||
-S \
|
-S \
|
||||||
-s "7,passthru,${PASSTHROUGH}" \
|
-s 7,passthru,1/0/0 \
|
||||||
-s 30,xhci,tablet \
|
-s 30,xhci,tablet \
|
||||||
-s 31,lpc -l com1,stdio \
|
-s 31,lpc -l com1,stdio \
|
||||||
-l "bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,${mount_path}/BHYVE_UEFI_VARS.fd" \
|
-l "bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,${mount_path}/BHYVE_UEFI_VARS.fd" \
|
||||||
|
@ -14,7 +14,7 @@ load_rc_config $name
|
|||||||
tmux_name="linfi"
|
tmux_name="linfi"
|
||||||
|
|
||||||
linfi_start() {
|
linfi_start() {
|
||||||
/usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env PASSTHROUGH='{{ linfi.pci_blocklist }}' /usr/local/bin/bash /usr/local/bin/launch_linfi start linfi {{ linfi.zfs_dataset }} {{ linfi.zfs_mountpoint }}"
|
/usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=YES VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /usr/local/bin/launch_linfi start linfi zroot/freebsd/current/vm/linfi /vm/linfi"
|
||||||
# /vm/.iso/alpine-extended-3.20.3-x86_64.iso
|
# /vm/.iso/alpine-extended-3.20.3-x86_64.iso
|
||||||
}
|
}
|
||||||
|
|
3
ansible/roles/linfi/files/linfi_loader.conf
Normal file
3
ansible/roles/linfi/files/linfi_loader.conf
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
vmm_load="YES"
|
||||||
|
pptdevs="1/0/0"
|
||||||
|
hw.vmm.amdvi.enable="1"
|
@ -1,6 +1,6 @@
|
|||||||
- name: Install loader.conf
|
- name: Install loader.conf
|
||||||
template:
|
copy:
|
||||||
src: "templates/{{ item }}_loader.conf.j2"
|
src: "files/{{ item }}_loader.conf"
|
||||||
dest: "/boot/loader.conf.d/{{ item }}.conf"
|
dest: "/boot/loader.conf.d/{{ item }}.conf"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
owner: root
|
owner: root
|
||||||
@ -20,8 +20,8 @@
|
|||||||
dest: /usr/local/bin/launch_linfi
|
dest: /usr/local/bin/launch_linfi
|
||||||
|
|
||||||
- name: Install rc script
|
- name: Install rc script
|
||||||
template:
|
copy:
|
||||||
src: "templates/{{ item.src }}.j2"
|
src: "files/{{ item.src }}"
|
||||||
dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}"
|
dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: wheel
|
group: wheel
|
||||||
@ -38,13 +38,4 @@
|
|||||||
group: wheel
|
group: wheel
|
||||||
loop:
|
loop:
|
||||||
- linfi
|
- linfi
|
||||||
|
|
||||||
- name: Install service configuration
|
|
||||||
template:
|
|
||||||
src: "templates/{{ item }}_rc.conf.j2"
|
|
||||||
dest: "/etc/rc.conf.d/{{ item }}"
|
|
||||||
mode: 0644
|
|
||||||
owner: root
|
|
||||||
group: wheel
|
|
||||||
loop:
|
|
||||||
- devmatch
|
- devmatch
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
- import_tasks: tasks/common.yaml
|
- import_tasks: tasks/common.yaml
|
||||||
when: linfi is defined and linfi.enabled
|
# when: foo is defined
|
||||||
|
@ -1,2 +0,0 @@
|
|||||||
devmatch_enable="YES"
|
|
||||||
devmatch_blocklist="{{ linfi.driver_blocklist }}"
|
|
@ -1,5 +0,0 @@
|
|||||||
vmm_load="YES"
|
|
||||||
pptdevs="{{ linfi.pci_blocklist }}"
|
|
||||||
{% if linfi.amd %}
|
|
||||||
hw.vmm.amdvi.enable="1"
|
|
||||||
{% endif %}
|
|
@ -1,4 +1,4 @@
|
|||||||
# wlans_ath0="wlan0"
|
wlans_ath0="wlan0"
|
||||||
# ifconfig_wlan0="WPA DHCP"
|
ifconfig_wlan0="WPA DHCP"
|
||||||
# ifconfig_wlan0_ipv6="inet6 accept_rtadv"
|
ifconfig_wlan0_ipv6="inet6 accept_rtadv"
|
||||||
# ipv6_cpe_wanif="wlan0"
|
ipv6_cpe_wanif="wlan0"
|
||||||
|
Loading…
Reference in New Issue
Block a user