37 changed files with 12 additions and 781 deletions
--- a/ansible/environments/laptop/host_vars/odowork
+++ b/ansible/environments/laptop/host_vars/odowork
@ -1,36 +0,0 @@
 os_flavor: "linux"
 hostname: odowork
 etc_hosts: {}
 users:
  talexander:
    initialize: true
    uid: 11235
    gid: 1000
    groups:
      - name: wheel
      - name: users
      - name: docker
      - name: libvirt
      - name: uucp
    authorized_keys:
      - yubikey
      - main_fido
      - backup_fido
    gitconfig: "gitconfig_work"
 zfs_snapshot_datasets:
  - path: zroot/linux/archwork/be
 install_graphics: true
 graphics_driver: "amd"
 pgp_key: "gpg_work.asc"
 build_user:
  name: talexander
  group: talexander
 # wireguard_directory: odowork
 # enabled_wireguard: []
 cputype: "amd"
 hwpstate: true
 cores: 16
 sway_conf_files:
  - rofimoji
 docker_storage_driver: overlay2 # alternatively zfs
 docker_zfs_dataset: zroot/linux/archwork/docker
--- a/ansible/environments/laptop/hosts
+++ b/ansible/environments/laptop/hosts
@ -1,4 +1,3 @@
 [gui]
 odolinux ansible_connection=local ansible_host=127.0.0.1
 odofreebsd ansible_connection=local ansible_host=127.0.0.1
 odowork ansible_connection=local ansible_host=127.0.0.1
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@ -117,7 +117,7 @@
    - users
    - public_dns
- hosts: odolinux:odofreebsd:odowork
+- hosts: odolinux:odofreebsd
  vars:
    ansible_become: True
  roles:
@ -144,9 +144,3 @@
    ansible_become: True
  roles:
    - homeserver
 - hosts: odowork
  vars:
    ansible_become: True
  roles:
    - odowork
--- a/ansible/roles/base/files/gitconfig_home
+++ b/ansible/roles/base/files/gitconfig_home
@ -18,18 +18,3 @@
 	date = local
 [init]
 	defaultBranch = main
 # Use meld for `git difftool` and `git mergetool`
 [diff]
 	tool = meld
 [difftool]
 	prompt = false
 [difftool "meld"]
 	cmd = meld "$LOCAL" "$REMOTE"
 [merge]
 	tool = meld
 [mergetool "meld"]
        # Make the middle pane start with partially-merged contents:
 	cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
        # Make the middle pane start without any merge progress:
 	# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
--- a/ansible/roles/base/files/gitconfig_work
+++ b/ansible/roles/base/files/gitconfig_work
@ -1,35 +0,0 @@
 [user]
 	email = ThomasA.Alexander@hmhn.org
 	name = Tom Alexander
 	signingkey = D3A179C9A53C0EDE
 [push]
 	default = simple
 [alias]
 	lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
 	bh = log --oneline --branches=* --remotes=* --graph --decorate
 	amend = commit --amend --no-edit
 [core]
 	excludesfile = ~/.gitignore_global
 [commit]
 	gpgsign = true
 [pull]
 	rebase = true
 [log]
 	date = local
 [init]
 	defaultBranch = main
 # Use meld for `git difftool` and `git mergetool`
 [diff]
 	tool = meld
 [difftool]
 	prompt = false
 [difftool "meld"]
 	cmd = meld "$LOCAL" "$REMOTE"
 [merge]
 	tool = meld
 [mergetool "meld"]
        # Make the middle pane start with partially-merged contents:
 	cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
        # Make the middle pane start without any merge progress:
 	# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
--- a/ansible/roles/base/tasks/common.yaml
+++ b/ansible/roles/base/tasks/common.yaml
@ -17,7 +17,6 @@
      - colordiff
      - ipcalc
      - kdiff3
      - meld
      - tcpdump
      - moreutils # for ts [%Y-%m-%d %H:%M:%.S]
      - ddrescue
--- a/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
+++ b/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
@ -74,6 +74,13 @@ function main {
    fi
 }
 function die {
    local status_code="$1"
    shift
    (>&2 echo "${@}")
    exit "$status_code"
 }
 function create_disk {
    local zfs_path="$1"
    local mount_path="$2"
--- a/ansible/roles/build/files/gpg_work.asc
+++ b/ansible/roles/build/files/gpg_work.asc
@ -1,27 +0,0 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
 0H+RsWG0LVRob21hcyBBbGV4YW5kZXIgPFRob21hc0EuQWxleGFuZGVyQGhtaG4u
 b3JnPoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAmULicsCGwMFCwkI
 BwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhFXBsUtQD9GWPdWc/nSmO0Gp7p
 DzxrieliriAnO+ZCHp31mFbMtToBAPxPYN9y4kgSiXhLiFLoRK5k5FCspksTSitg
 0CbXDE4LuDgEXZwWGhIKKwYBBAGXVQEFAQEHQK202EIAwTBuxARUygOvn+AloMJd
 ui39m+nMghn1MNo+AwEIB4h4BBgWCAAgFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsF
 Al2cFhoCGwwACgkQJ95A2bhFXBtNzAEAq5I6xPjIbb23xmhxh5cM/UJxdGedfWMy
 vF6/JtDvtPUBAPQRQn5AMwTOA+CSnliYf7ZjfVOlHscy60XWPlvXLoAJuDMEXZwW
 yhYJKwYBBAHaRw8BAQdAPyIL4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI
 9QQYFggAJgIbAhYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2
 IAQZFggAHRYhBIHmRDmWdVAusSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7e
 jJ4A/iq7N2mMhx+ovOXm1REoASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZ
 Luka/KVB/etkkJvDzvaTtiQQQG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/
 EZ3/d8wxfA9E3Fb/1mt4c2ZrNnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/
 duA4lwsLuDMEXZwXARYJKwYBBAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+
 UiQb8x0k1z2DmTKIfgQYFggAJgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJl
 C4ZwBQkLMdZgAAoJECfeQNm4RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SB
 PG4VvrCzXrmlAP46wUjIRpkMrTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2c
 FygSCisGAQQBl1UBBQEBB0AO0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWI
 EgMBCAeIfgQYFggAJgIbDBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkL
 MdY5AAoJECfeQNm4RVwbXscA/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcW
 d5t8APwIwcuFVZZA3yayhIxi3aqYpMRxpn2t6Nswax1MIM8DBQ==
 =0HtE
 -----END PGP PUBLIC KEY BLOCK-----
--- a/ansible/roles/build/tasks/linux.yaml
+++ b/ansible/roles/build/tasks/linux.yaml
@ -39,7 +39,7 @@
 - name: Trust my signing key
  command: pacman-key -a -
  args:
-    stdin: "{{ lookup('file', pgp_key|default('gpg.asc')) }}"
+    stdin: "{{ lookup('file', 'gpg.asc') }}"
  when: '"B848159363C2877917954BE127DE40D9B8455C1B" not in pacmankeys.stdout'
  register: my_key_imported
--- a/ansible/roles/firefox/defaults/main.yaml
+++ b/ansible/roles/firefox/defaults/main.yaml
@ -11,4 +11,3 @@ firefox_config:
  browser.newtabpage.activity-stream.showSponsoredTopSites: false
  browser.newtabpage.activity-stream.feeds.section.topstories: false
  browser.newtabpage.pinned: "[]"
  browser.newtabpage.activity-stream.section.highlights.includePocket: false
--- a/ansible/roles/gpg/files/gpg_work.asc
+++ b/ansible/roles/gpg/files/gpg_work.asc
@ -1,27 +0,0 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
 0H+RsWG0LVRob21hcyBBbGV4YW5kZXIgPFRob21hc0EuQWxleGFuZGVyQGhtaG4u
 b3JnPoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAmULicsCGwMFCwkI
 BwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhFXBsUtQD9GWPdWc/nSmO0Gp7p
 DzxrieliriAnO+ZCHp31mFbMtToBAPxPYN9y4kgSiXhLiFLoRK5k5FCspksTSitg
 0CbXDE4LuDgEXZwWGhIKKwYBBAGXVQEFAQEHQK202EIAwTBuxARUygOvn+AloMJd
 ui39m+nMghn1MNo+AwEIB4h4BBgWCAAgFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsF
 Al2cFhoCGwwACgkQJ95A2bhFXBtNzAEAq5I6xPjIbb23xmhxh5cM/UJxdGedfWMy
 vF6/JtDvtPUBAPQRQn5AMwTOA+CSnliYf7ZjfVOlHscy60XWPlvXLoAJuDMEXZwW
 yhYJKwYBBAHaRw8BAQdAPyIL4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI
 9QQYFggAJgIbAhYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2
 IAQZFggAHRYhBIHmRDmWdVAusSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7e
 jJ4A/iq7N2mMhx+ovOXm1REoASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZ
 Luka/KVB/etkkJvDzvaTtiQQQG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/
 EZ3/d8wxfA9E3Fb/1mt4c2ZrNnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/
 duA4lwsLuDMEXZwXARYJKwYBBAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+
 UiQb8x0k1z2DmTKIfgQYFggAJgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJl
 C4ZwBQkLMdZgAAoJECfeQNm4RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SB
 PG4VvrCzXrmlAP46wUjIRpkMrTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2c
 FygSCisGAQQBl1UBBQEBB0AO0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWI
 EgMBCAeIfgQYFggAJgIbDBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkL
 MdY5AAoJECfeQNm4RVwbXscA/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcW
 d5t8APwIwcuFVZZA3yayhIxi3aqYpMRxpn2t6Nswax1MIM8DBQ==
 =0HtE
 -----END PGP PUBLIC KEY BLOCK-----
--- a/ansible/roles/gpg/tasks/peruser.yaml
+++ b/ansible/roles/gpg/tasks/peruser.yaml
@ -43,7 +43,7 @@
  command: gpg --import
  when: '"cv25519/B0B50C7FDDE009E5" not in gpgkeys.stdout'
  args:
-    stdin: "{{ lookup('file', pgp_key|default('gpg.asc')) }}"
+    stdin: "{{ lookup('file', 'gpg.asc') }}"
 - import_tasks: tasks/peruser_freebsd.yaml
  when: 'os_flavor == "freebsd"'
--- a/ansible/roles/hosts/tasks/common.yaml
+++ b/ansible/roles/hosts/tasks/common.yaml
@ -1,19 +1,10 @@
 - name: Set the /etc/hosts
  when: hostname is undefined or item.key != hostname
  ansible.builtin.lineinfile:
    path: /etc/hosts
    regexp: '^{{ item.key | regex_escape() }}\s+'
    line: "{{ item.key }}		{{ item.value | join(' ') }}"
  loop: "{{ etc_hosts | dict2items }}"
 # Without an entry for the local hostname, firefox takes multiple minutes to launch.
 - name: Set the /etc/hosts
  when: hostname is defined
  ansible.builtin.lineinfile:
    path: /etc/hosts
    regexp: '\s+{{ hostname | regex_escape() }}\s*$'
    line: "127.0.0.1		{{ hostname }}"
 - import_tasks: tasks/freebsd.yaml
  when: 'os_flavor == "freebsd"'
--- a/ansible/roles/network/files/main.conf
+++ b/ansible/roles/network/files/main.conf
@ -7,5 +7,5 @@ NameResolvingService=systemd
 EnableNetworkConfiguration=True
 # route_priority_offset=300
-# [Scan]
+[Scan]
-# DisablePeriodicScan=true
+DisablePeriodicScan=true
--- a/ansible/roles/odowork/tasks/common.yaml
+++ b/ansible/roles/odowork/tasks/common.yaml
@ -1,55 +0,0 @@
 # - name: Create directories
 #   file:
 #     name: "{{ item }}"
 #     state: directory
 #     mode: 0755
 #     owner: root
 #     group: wheel
 #   loop:
 #     - /foo/bar
 # - name: Install scripts
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ item.dest }}"
 #     mode: 0755
 #     owner: root
 #     group: wheel
 #   loop:
 #     - src: foo.bash
 #       dest: /usr/local/bin/foo
 # - name: Install Configuration
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ item.dest }}"
 #     mode: 0600
 #     owner: root
 #     group: wheel
 #   loop:
 #     - src: foo.conf
 #       dest: /usr/local/etc/foo.conf
 # - name: Clone Source
 #   git:
 #     repo: "https://foo.bar/baz.git"
 #     dest: /foo/bar
 #     version: "v1.0.2"
 #     force: true
 #   diff: false
 - import_tasks: tasks/freebsd.yaml
  when: 'os_flavor == "freebsd"'
 - import_tasks: tasks/linux.yaml
  when: 'os_flavor == "linux"'
 - include_tasks:
    file: tasks/peruser.yaml
    apply:
      become: yes
      become_user: "{{ initialize_user }}"
  when: users is defined
  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
  loop_control:
    loop_var: initialize_user
--- a/ansible/roles/odowork/tasks/freebsd.yaml
+++ b/ansible/roles/odowork/tasks/freebsd.yaml
@ -1,5 +0,0 @@
 # - name: Install packages
 #   package:
 #     name:
 #       - foo
 #     state: present
--- a/ansible/roles/odowork/tasks/linux.yaml
+++ b/ansible/roles/odowork/tasks/linux.yaml
@ -1,5 +0,0 @@
 - name: Install packages
  package:
    name:
      - python-numpy # Increases the speed of iap tunnels
    state: present
--- a/ansible/roles/odowork/tasks/main.yaml
+++ b/ansible/roles/odowork/tasks/main.yaml
@ -1,2 +0,0 @@
 - import_tasks: tasks/common.yaml
  # when: foo is defined
--- a/ansible/roles/odowork/tasks/peruser.yaml
+++ b/ansible/roles/odowork/tasks/peruser.yaml
@ -1,29 +0,0 @@
 - include_role:
    name: per_user
 # - name: Create directories
 #   file:
 #     name: "{{ account_homedir.stdout }}/{{ item }}"
 #     state: directory
 #     mode: 0700
 #     owner: "{{ account_name.stdout }}"
 #     group: "{{ group_name.stdout }}"
 #   loop:
 #     - ".config/foo"
 # - name: Copy files
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
 #     mode: 0600
 #     owner: "{{ account_name.stdout }}"
 #     group: "{{ group_name.stdout }}"
 #   loop:
 #     - src: foo.conf
 #       dest: .config/foo/foo.conf
 - import_tasks: tasks/peruser_freebsd.yaml
  when: 'os_flavor == "freebsd"'
 - import_tasks: tasks/peruser_linux.yaml
  when: 'os_flavor == "linux"'
--- a/ansible/roles/odowork/tasks/peruser_freebsd.yaml
+++ b/ansible/roles/odowork/tasks/peruser_freebsd.yaml
--- a/ansible/roles/odowork/tasks/peruser_linux.yaml
+++ b/ansible/roles/odowork/tasks/peruser_linux.yaml
--- a/ansible/roles/sway/defaults/main.yaml
+++ b/ansible/roles/sway/defaults/main.yaml
@ -10,4 +10,3 @@ default_sway_conf_files:
  - disable_focus_follows_mouse
  - lockscreen
  - logout
  - force_focus
--- a/ansible/roles/sway/files/sway_config_files/force_focus.conf
+++ b/ansible/roles/sway/files/sway_config_files/force_focus.conf
@ -1,4 +0,0 @@
 mode "force focus" {
    bindsym $mod+Shift+Escape fullscreen; mode "default"
 }
 bindsym $mod+Shift+f fullscreen; mode "force focus"
--- a/ansible/run.bash
+++ b/ansible/run.bash
@ -22,8 +22,6 @@ elif [ "$target" = "odolinux" ]; then
    ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odolinux "${@}"
 elif [ "$target" = "odofreebsd" ]; then
    ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odofreebsd "${@}"
 elif [ "$target" = "odowork" ]; then
    ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odowork "${@}"
 elif [ "$target" = "jail_nat_dhcp" ]; then
    ansible-playbook -v -i environments/jail playbook.yaml --diff --limit nat_dhcp "${@}"
 elif [ "$target" = "jail_homeserver_nat_dhcp" ]; then
--- a/router/boot_loader.conf
+++ b/router/boot_loader.conf
@ -1,6 +0,0 @@
 security.bsd.allow_destructive_dtrace=0
 cryptodev_load="YES"
 zfs_load="YES"
 vmm_load="YES"
 pptdevs="1/0/0 2/0/0 3/0/0 4/0/0 5/0/0 7/0/0"
 autoboot_delay="0"
--- a/router/etc_rc.conf
+++ b/router/etc_rc.conf
@ -1,16 +0,0 @@
 clear_tmp_enable="YES"
 syslogd_flags="-ss"
 hostname="turtle"
 #ifconfig_bridgeif="DHCP"
 #ifconfig_bridgeif_ipv6="inet6 accept_rtadv"
 wlans_rtwn0="wlan0"
 ifconfig_wlan0="WPA DHCP"
 ifconfig_wlan0_ipv6="inet6 accept_rtadv"
 create_args_wlan0="country US regdomain FCC"
 sshd_enable="YES"
 ntpd_enable="YES"
 ntpd_sync_on_start="YES"
 moused_nondefault_enable="NO"
 # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
 dumpdev="NO"
 zfs_enable="YES"
--- a/router/launch_opnsense.bash
+++ b/router/launch_opnsense.bash
@ -1,168 +0,0 @@
 #!/usr/local/bin/bash
 #
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : ${CD:=""}
 : ${VNC_ENABLE:="NO"}
 : ${VNC_LISTEN:="127.0.0.1:5900"}
 : ${PID_FILE:="/var/run/opnsense.pid"}
 ############## Setup #########################
 function cleanup {
    for vm in "${vms[@]}"; do
        log "Destroying bhyve vm $vm"
        bhyvectl "--vm=$vm" --destroy
        log "Destroyed bhyve vm $vm"
    done
 }
 vms=()
 for sig in EXIT INT QUIT HUP TERM; do
  trap "set +e; sleep 10; cleanup" "$sig"
 done
 function die {
    local status_code="$1"
    shift
    (>&2 echo "${@}")
    exit "$status_code"
 }
 function log {
    (>&2 echo "${@}")
 }
 ############## Program #########################
 function main {
    start_vm
 }
 function start_vm {
    local name="opnsense"
    # -H release the CPU when guest issues HLT instruction. Otherwise 100% of core will be consumed.
         # -s 3,ahci-cd,/vm/.iso/archlinux-2023.04.01-x86_64.iso \
             # -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080,wait \
            # -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080 \
    # TODO: Look into using nmdm instead of stdio for serial console
    if [ -n "$CD" ]; then
        additional_args+=("-s" "5,ahci-cd,$CD")
    fi
    if [ "$VNC_ENABLE" = "YES" ]; then
        additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=1920,h=1080")
    fi
    local bridge_name="bridge_vm"
    local host_interface_name="bridgeif"
    assert_bridge "$host_interface_name" "$bridge_name"
    local mac_address
    mac_address=$(calculate_mac_address "$name")
    local bridge_link_name
    bridge_link_name=$(detect_available_link "${bridge_name}")
    additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
    vms+=("$name")
    while true; do
        set -x
        set +e
        bhyve \
            -D \
            -c 6 \
            -m 8G \
            -H \
            -s 0,hostbridge \
            -s "4,nvme,/dev/zvol/zroot/vm/opnsense/disk0" \
            -S \
            -s 7,passthru,1/0/0 \
            -s 8,passthru,2/0/0 \
            -s 9,passthru,3/0/0 \
            -s 10,passthru,4/0/0 \
            -s 11,passthru,5/0/0 \
            -s 12,passthru,7/0/0 \
            -s 30,xhci,tablet \
            -s 31,lpc -l com1,stdio \
            -l "bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,/vm/opnsense/BHYVE_UEFI_VARS.fd" \
            "${additional_args[@]}" \
            "$name"
        # local bhyvepid=$!
        # echo "$bhyvepid" > "$PID_FILE"
        # wait $bhyvepid
        local exit_code=$?
        set +x
        set -e
        if [ $exit_code -eq 0 ]; then
            echo "Rebooting."
            sleep 5
        elif [ $exit_code -eq 1 ]; then
            echo "Powered off."
            break
        elif [ $exit_code -eq 2 ]; then
            echo "Halted."
            break
        elif [ $exit_code -eq 3 ]; then
            echo "Triple fault."
            break
        elif [ $exit_code -eq 4 ]; then
            echo "Exited due to an error."
            break
        fi
    done
 }
 function ng_exists {
    ngctl status "${1}" >/dev/null 2>&1
 }
 function assert_bridge {
    local host_interface_name="$1"
    local bridge_name="$2"
    # local ip_range="$3"
    if ! ng_exists "${bridge_name}:"; then
        ngctl -d -f - <<EOF
 mkpeer . eiface hook ether
 name .:hook $host_interface_name
 EOF
        ngctl -d -f - <<EOF
 mkpeer ${host_interface_name}: bridge ether link0
 name ${host_interface_name}:ether $bridge_name
 EOF
        ifconfig "$(ngctl msg "${host_interface_name}:" getifname | grep Args | cut -d '"' -f 2)" name "${host_interface_name}" up
        dhclient "${host_interface_name}"
        # (set +e; service netif start wlan0) &
    fi
 }
 function detect_available_link {
    local bridge_name="$1"
    local linknum=1
    while true; do
        local link_name="link${linknum}"
        if ! ng_exists "${bridge_name}:${link_name}"; then
            echo "$link_name"
            return
        fi
        linknum=$((linknum + 1))
        if [ "$linknum" -gt 90 ]; then
            (>&2 echo "No available links on bridge $bridge_name")
            exit 1
        fi
    done
 }
 function calculate_mac_address {
    local name="$1"
    local source
    source=$(md5 -r -s "$name" | awk '{print $1}')
    echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
 }
 main "${@}"
--- a/router/launch_unifi.bash
+++ b/router/launch_unifi.bash
@ -1,149 +0,0 @@
 #!/usr/local/bin/bash
 #
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : ${CD:=""}
 : ${VNC_ENABLE:="NO"}
 : ${VNC_LISTEN:="127.0.0.1:5900"}
 : ${PID_FILE:="/var/run/unifi.pid"}
 ############## Setup #########################
 function cleanup {
    for vm in "${vms[@]}"; do
        log "Destroying bhyve vm $vm"
        bhyvectl "--vm=$vm" --destroy
        log "Destroyed bhyve vm $vm"
    done
 }
 vms=()
 for sig in EXIT INT QUIT HUP TERM; do
  trap "set +e; sleep 10; cleanup" "$sig"
 done
 function die {
    local status_code="$1"
    shift
    (>&2 echo "${@}")
    exit "$status_code"
 }
 function log {
    (>&2 echo "${@}")
 }
 ############## Program #########################
 function main {
    start_vm
 }
 function start_vm {
    local name="unifi"
    # -H release the CPU when guest issues HLT instruction. Otherwise 100% of core will be consumed.
         # -s 3,ahci-cd,/vm/.iso/archlinux-2023.04.01-x86_64.iso \
             # -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080,wait \
            # -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080 \
    # TODO: Look into using nmdm instead of stdio for serial console
    if [ -n "$CD" ]; then
        additional_args+=("-s" "5,ahci-cd,$CD")
    fi
    if [ "$VNC_ENABLE" = "YES" ]; then
        additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=1920,h=1080")
    fi
    local bridge_name="bridge_vm"
    wait_for_bridge "$bridge_name"
    local mac_address
    mac_address=$(calculate_mac_address "$name")
    local bridge_link_name
    bridge_link_name=$(detect_available_link "${bridge_name}")
    additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
    vms+=("$name")
    while true; do
        set -x
        set +e
        bhyve \
            -D \
            -c 1 \
            -m 2G \
            -H \
            -s 0,hostbridge \
            -s "4,nvme,/dev/zvol/zroot/vm/unifi/disk0" \
            -s 30,xhci,tablet \
            -s 31,lpc -l com1,stdio \
            -l "bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,/vm/unifi/BHYVE_UEFI_VARS.fd" \
            "${additional_args[@]}" \
            "$name"
        # local bhyvepid=$!
        # echo "$bhyvepid" > "$PID_FILE"
        # wait $bhyvepid
        local exit_code=$?
        set +x
        set -e
        if [ $exit_code -eq 0 ]; then
            echo "Rebooting."
            sleep 5
        elif [ $exit_code -eq 1 ]; then
            echo "Powered off."
            break
        elif [ $exit_code -eq 2 ]; then
            echo "Halted."
            break
        elif [ $exit_code -eq 3 ]; then
            echo "Triple fault."
            break
        elif [ $exit_code -eq 4 ]; then
            echo "Exited due to an error."
            break
        fi
    done
 }
 function ng_exists {
    ngctl status "${1}" >/dev/null 2>&1
 }
 function wait_for_bridge {
    local bridge_name="$1"
    while ! ng_exists "${bridge_name}:"; do
        echo "${bridge_name} does not yet exist, sleeping."
        sleep 10
    done
 }
 function detect_available_link {
    local bridge_name="$1"
    local linknum=1
    while true; do
        local link_name="link${linknum}"
        if ! ng_exists "${bridge_name}:${link_name}"; then
            echo "$link_name"
            return
        fi
        linknum=$((linknum + 1))
        if [ "$linknum" -gt 90 ]; then
            (>&2 echo "No available links on bridge $bridge_name")
            exit 1
        fi
    done
 }
 function calculate_mac_address {
    local name="$1"
    local source
    source=$(md5 -r -s "$name" | awk '{print $1}')
    echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
 }
 main "${@}"
--- a/router/opnsense_rc.bash
+++ b/router/opnsense_rc.bash
@ -1,47 +0,0 @@
 #!/bin/sh
 #
 # REQUIRE: FILESYSTEMS kld
 # PROVIDE: opnsense
 # BEFORE: netif
 . /etc/rc.subr
 name=opnsense
 rcvar=${name}_enable
 start_cmd="${name}_start"
 stop_cmd="${name}_stop"
 status_cmd="${name}_status"
 load_rc_config $name
 tmux_name="opnsense"
 opnsense_start() {
    # /usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=YES VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /home/talexander/launch_opnsense.bash"
    /usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=NO VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /home/talexander/launch_opnsense.bash"
 }
 opnsense_status() {
    if /usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null; then
 	echo "$tmux_name is running."
    else
 	echo "$tmux_name is not running."
 	return 1
    fi
 }
 opnsense_stop() {
    /usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null && (
        /usr/local/bin/tmux kill-session -t $tmux_name
        sleep 10
        bhyvectl --vm=opnsense --destroy
        # kill `cat /var/run/opnsense.pid`
    )
    opnsense_wait_for_end
 }
 opnsense_wait_for_end() {
    while /usr/local/bin/tmux has-session -t $tmux_name 2>dev/null; do
        sleep 1
    done
 }
 run_rc_command "$1"
--- a/router/reboot
+++ b/router/reboot
@ -1,8 +0,0 @@
 #!/usr/bin/env bash
 #
 : ${PID:="95762"}
 : ${TMUX_NAME:="opnsense"}
 doas kill "$PID"
 while doas tmux has-session -t "$TMUX_NAME" 2>/dev/null; do sleep 1; done
 doas shutdown -r now
--- a/router/reload
+++ b/router/reload
@ -1,9 +0,0 @@
 #!/usr/bin/env bash
 #
 : ${PID:="19711"}
 : ${TMUX_NAME:="opnsense"}
 doas kill "$PID"
 while doas tmux has-session -t "$TMUX_NAME" 2>/dev/null; do sleep 1; done
 sleep 1
 doas service opnsense start
--- a/router/rollback
+++ b/router/rollback
@ -1,10 +0,0 @@
 #!/usr/bin/env bash
 #
 : ${PID:="37880"}
 : ${SNAPSHOT:="zroot/vm/opnsense/disk0@20240108_00_initial_working_state"}
 : ${TMUX_NAME:="opnsense"}
 doas kill "$PID"
 while doas tmux has-session -t "$TMUX_NAME" 2>/dev/null; do sleep 1; done
 doas zfs rollback -r "$SNAPSHOT"
 doas service opnsense start
--- a/router/snapshot
+++ b/router/snapshot
@ -1,10 +0,0 @@
 #!/usr/bin/env bash
 #
 : ${PID:="74229"}
 : ${SNAPSHOT:="zroot/vm/opnsense/disk0@20240108_02_configured"}
 : ${TMUX_NAME:="opnsense"}
 doas kill "$PID"
 while doas tmux has-session -t "$TMUX_NAME" 2>/dev/null; do sleep 1; done
 doas zfs snapshot -r "$SNAPSHOT"
 doas service opnsense start
--- a/router/unifi/docker-compose/docker-compose.yaml
+++ b/router/unifi/docker-compose/docker-compose.yaml
@ -1,42 +0,0 @@
 # docker-compose up -d
 ---
 version: "2.1"
 services:
  unifi-network-application:
    image: lscr.io/linuxserver/unifi-network-application:latest
    container_name: unifi-network-application
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - MONGO_USER=unifi
      - MONGO_PASS=unifipw
      - MONGO_HOST=unifi-db
      - MONGO_PORT=27017
      - MONGO_DBNAME=unifi
      - MEM_LIMIT=1024 #optional
      - MEM_STARTUP=1024 #optional
      - MONGO_TLS= #optional
      - MONGO_AUTHSOURCE= #optional
    volumes:
      - /data/unifi:/config
    ports:
      - 80:8080
      - 443:8443
      - 8443:8443
      - 3478:3478/udp
      - 10001:10001/udp
      - 8080:8080
      - 1900:1900/udp #optional
      - 8843:8843 #optional
      - 8880:8880 #optional
      - 6789:6789 #optional
      - 5514:5514/udp #optional
    restart: unless-stopped
  unifi-db:
    image: mongo:7.0.5
    container_name: unifi-db
    volumes:
      - /data/mongodb:/data/db
      - ./init_mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
    restart: unless-stopped
--- a/router/unifi/docker-compose/init_mongo.js
+++ b/router/unifi/docker-compose/init_mongo.js
@ -1,2 +0,0 @@
 db.getSiblingDB("unifi").createUser({user: "unifi", pwd: "unifipw", roles: [{role: "dbOwner", db: "unifi"}]});
 db.getSiblingDB("unifi_stat").createUser({user: "unifi", pwd: "unifipw", roles: [{role: "dbOwner", db: "MONGO_DBNAME_stat"}]});
--- a/router/unifi_rc.bash
+++ b/router/unifi_rc.bash
@ -1,47 +0,0 @@
 #!/bin/sh
 #
 # REQUIRE: FILESYSTEMS kld
 # PROVIDE: unifi
 # BEFORE: netif
 . /etc/rc.subr
 name=opnsense
 rcvar=${name}_enable
 start_cmd="${name}_start"
 stop_cmd="${name}_stop"
 status_cmd="${name}_status"
 load_rc_config $name
 tmux_name="unifi"
 opnsense_start() {
    # /usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=YES VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /home/talexander/launch_opnsense.bash"
    /usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=NO VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /home/talexander/launch_unifi.bash"
 }
 opnsense_status() {
    if /usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null; then
 	echo "$tmux_name is running."
    else
 	echo "$tmux_name is not running."
 	return 1
    fi
 }
 opnsense_stop() {
    /usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null && (
        /usr/local/bin/tmux kill-session -t $tmux_name
        sleep 10
        bhyvectl --vm=unifi --destroy
        # kill `cat /var/run/opnsense.pid`
    )
    opnsense_wait_for_end
 }
 opnsense_wait_for_end() {
    while /usr/local/bin/tmux has-session -t $tmux_name 2>dev/null; do
        sleep 1
    done
 }
 run_rc_command "$1"
--- a/router/unifi_vm_efibootmgr
+++ b/router/unifi_vm_efibootmgr
@ -1 +0,0 @@
 efibootmgr --create --disk /dev/nvme0n1p1 --label "Arch Linux" --loader /vmlinuz-linux-lts --unicode 'rw root=/dev/disk/by-partlabel/Arch rw initrd=\initramfs-linux-lts.img console=ttyS0,115200n8'
		`@ -1,2 +0,0 @@`
			`- import_tasks: tasks/common.yaml`
			`# when: foo is defined`
		`@ -1,2 +0,0 @@`
			`db.getSiblingDB("unifi").createUser({user: "unifi", pwd: "unifipw", roles: [{role: "dbOwner", db: "unifi"}]});`
			`db.getSiblingDB("unifi_stat").createUser({user: "unifi", pwd: "unifipw", roles: [{role: "dbOwner", db: "MONGO_DBNAME_stat"}]});`
		`@ -1 +0,0 @@`
			`efibootmgr --create --disk /dev/nvme0n1p1 --label "Arch Linux" --loader /vmlinuz-linux-lts --unicode 'rw root=/dev/disk/by-partlabel/Arch rw initrd=\initramfs-linux-lts.img console=ttyS0,115200n8'`