talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:main
Branches Tags
talexander:main
talexander:nix
talexander:upstream_amd_debug_tools
talexander:install_files_mixin
talexander:starship
talexander:pixelbook
..
compare: talexander:pixelbook
Branches Tags
talexander:nix
talexander:main
talexander:upstream_amd_debug_tools
talexander:install_files_mixin
talexander:starship
talexander:pixelbook

13 Commits
main ... pixelbook

Author SHA1 Message Date
Tom Alexander
06de3fb0ac
Disable CPU power consumption settings. 
The pixelbook seems oddly slow. Disabling this to see if it helps.
 2023-11-26 09:31:47 -05:00
Tom Alexander
eaa05e13d0
Enable the wireguard configs. 2023-11-26 09:31:47 -05:00
Tom Alexander
98f6ca10ff
Add wireguard configs for pixelbook. 2023-11-26 09:31:47 -05:00
Tom Alexander
675652044f
Add support for audio. 2023-11-26 09:31:46 -05:00
Tom Alexander
c901defbf3
Add the pixelbook. 2023-11-26 09:31:46 -05:00
Tom Alexander
8bf7b7d489
Trust additional zfs signing key. 2023-11-26 09:31:46 -05:00
Tom Alexander
6e772f1137
Add pipewire jack replacement. 2023-11-26 09:31:46 -05:00
Tom Alexander
d7f99659f1
Add devfs rules for homeserver. 2023-11-24 10:25:16 -05:00
Tom Alexander
023e362896
Add a script to decrypt and mount disks on the home server. 2023-11-18 14:55:19 -05:00
Tom Alexander
c66327a31f
Updates for FreeBSD 14. 2023-11-18 11:02:46 -05:00
Tom Alexander
423d057abd
Add restaurant_health_rating. 2023-11-18 11:02:46 -05:00
Tom Alexander
6061f61c16
Remove extra subkey from linux build key. 2023-11-16 12:35:15 -05:00
Tom Alexander
f6bc39a7fb
TEMP changes for running on NUC. 2023-11-14 15:05:16 -05:00
432 changed files with 2079 additions and 9036 deletions
Show Stats Expand all files Collapse all files

2
.gitattributes vendored
View File

@ -1,5 +1,3 @@
cargo_credentials.toml filter=git-crypt diff=git-crypt cargo_credentials.toml filter=git-crypt diff=git-crypt
**/wireguard_configs/** filter=git-crypt diff=git-crypt **/wireguard_configs/** filter=git-crypt diff=git-crypt
*.key filter=git-crypt diff=git-crypt *.key filter=git-crypt diff=git-crypt
credentials filter=git-crypt diff=git-crypt
htpasswd filter=git-crypt diff=git-crypt

9
ansible/environments/colo/host_vars/mrmanager
View File

@ -14,16 +14,13 @@ pf_config: "mrmanager_pf.conf"
pflog_conf: pflog_conf:
- name: 0 - name: 0
dev: pflog0 dev: pflog0
- name: 1
dev: pflog1
cputype: "amd" cputype: "amd"
hwpstate: true
etc_hosts: {} etc_hosts: {}
wireguard_directory: mrmanager wireguard_directory: mrmanager
enabled_wireguard: enabled_wireguard:
- colo - colo
jail_zfs_dataset: zdata/jail jail_zfs_dataset: zdata/jail
jail_zfs_dataset_mountpoint: /jail jail_zfs_dataset_mountpoint: /jail/main
jail_canmount: "on" jail_canmount: "on"
jail_list: jail_list:
- name: nat_dhcp - name: nat_dhcp
@ -38,10 +35,6 @@ jail_list:
enabled: true enabled: true
conf: conf:
src: public_dns src: public_dns
- name: rg
enabled: true
conf:
src: rg
bhyve_dataset: zdata/vm bhyve_dataset: zdata/vm
bhyve_canmount: "on" bhyve_canmount: "on"
# efi_dev: /dev/gpt/EFI # efi_dev: /dev/gpt/EFI

69
ansible/environments/home/host_vars/homeserver
View File

@ -1,32 +1,9 @@
os_flavor: "freebsd" os_flavor: "freebsd"
custom_repo: "https://freebsdpkg.fizz.buzz/repo/14broadwell-default-computer"
pkgbase_url: "https://freebsdpkg.fizz.buzz/pkgbase/14broadwell-repo/FreeBSD:14:amd64/latest"
zfs_snapshot_datasets: zfs_snapshot_datasets:
- path: zroot/freebsd/computer/be - path: zroot/freebsd/computer/be
- path: zmass/encrypted/vm - path: zmass/encrypted/vm
- path: zmass/encrypted/data
users:
talexander:
initialize: true
uid: 11235
gid: 11235
groups:
- name: wheel
- name: video
- name: u2f
- name: operator # To be able to shutdown without root
- name: webcamd
gid: 145
authorized_keys:
- yubikey
- main_fido
- backup_fido
- homeassistant
gitconfig: "gitconfig_home"
sshd_enabled: true sshd_enabled: true
sshd_conf: "sshd_config" sshd_conf: "sshd_config"
prefer_ipv6: true
dummynet_config: "dnctl.conf"
pf_config: "homeserver_pf.conf" pf_config: "homeserver_pf.conf"
pflog_conf: pflog_conf:
- name: 0 - name: 0
@ -34,11 +11,16 @@ pflog_conf:
network_rc: "homeserver_network.conf" network_rc: "homeserver_network.conf"
rc_conf: "homeserver_rc.conf" rc_conf: "homeserver_rc.conf"
loader_conf: "homeserver_loader.conf" loader_conf: "homeserver_loader.conf"
netgraph_config: "setup_netgraph_homeserver"
cputype: "intel" cputype: "intel"
cpu_opt: broadwell
hwpstate: false hwpstate: false
build_user:
name: talexander
group: talexander
devfs_rules: "homeserver_devfs.rules" devfs_rules: "homeserver_devfs.rules"
jail_zfs_dataset: zmass/encrypted/jails jail_zfs_dataset: zmass/encrypted/jails
jail_zfs_dataset_mountpoint: /jail jail_zfs_dataset_mountpoint: /jail/main
jail_canmount: "on" jail_canmount: "on"
jail_bemount: "on" jail_bemount: "on"
jail_list: jail_list:
@ -53,41 +35,16 @@ jail_list:
- name: dagger - name: dagger
conf: conf:
src: dagger src: dagger
- name: olddagger - name: mumble
conf: conf:
src: olddagger src: mumble
- name: sftp persist:
conf: - name: mumbledb
src: sftp mount: /var/db/murmur
fstab: sftp_fstab
- name: bastion
conf:
src: bastion
fstab: fstab_bastion
- name: certificate
conf:
src: certificate
- name: momlaptop
conf:
src: momlaptop
# - name: mumble
# conf:
# src: mumble
# persist:
# - name: mumbledb
# mount: /var/db/murmur
bhyve_dataset: zmass/encrypted/vm bhyve_dataset: zmass/encrypted/vm
# Disable mounting bhyve dataset so it doesn't hide the unencrypted linfi vm bhyve_list: []
bhyve_canmount: "off" bhyve_canmount: "on"
bhyve_mountpoint: "none"
bhyve_bemount: "on" bhyve_bemount: "on"
wireguard_directory: homeserver wireguard_directory: homeserver
enabled_wireguard: enabled_wireguard:
- wgh - wgh
linfi:
enabled: true
zfs_dataset: zmass/unencrypted/vm/linfi
zfs_mountpoint: /vm/linfi
driver_blocklist: "ath if_ath if_ath_pci ath_hal if_iwm if_iwlwifi"
pci_blocklist: "6/0/0"
amd: false

2
ansible/environments/home/hosts
View File

@ -1,2 +1,2 @@
[headless] [headless]
homeserver ansible_user=talexander ansible_host=homeserver homeserver ansible_user=talexander ansible_host=10.216.1.1

1
ansible/environments/jail/host_vars/bastion
View File

@ -1 +0,0 @@
os_flavor: freebsd

1
ansible/environments/jail/host_vars/certificate
View File

@ -1 +0,0 @@
os_flavor: freebsd

1
ansible/environments/jail/host_vars/momlaptop
View File

@ -1 +0,0 @@
os_flavor: freebsd

6
ansible/environments/jail/host_vars/sftp
View File

@ -1,6 +0,0 @@
os_flavor: "freebsd"
users:
nochainstounlock:
initialize: true
uid: 11235
gid: 11235

6
ansible/environments/jail/hosts
View File

@ -1,11 +1,7 @@
[jail] [jail]
nat_dhcp ansible_connection=jail nat_dhcp ansible_connection=jail
homeserver_nat_dhcp ansible_ssh_host=nat_dhcp@homeserver ansible_connection=sshjail homeserver_nat_dhcp ansible_ssh_host=nat_dhcp@172.16.16.2 ansible_connection=sshjail
mrmanager_nat_dhcp ansible_ssh_host=nat_dhcp@10.217.2.1 ansible_connection=sshjail mrmanager_nat_dhcp ansible_ssh_host=nat_dhcp@10.217.2.1 ansible_connection=sshjail
nat_dhcp@172.16.16.2 ansible_connection=sshjail nat_dhcp@172.16.16.2 ansible_connection=sshjail
admin_git ansible_ssh_host=admin_git@10.217.2.1 ansible_connection=sshjail admin_git ansible_ssh_host=admin_git@10.217.2.1 ansible_connection=sshjail
public_dns ansible_ssh_host=public_dns@10.217.2.1 ansible_connection=sshjail public_dns ansible_ssh_host=public_dns@10.217.2.1 ansible_connection=sshjail
sftp ansible_ssh_host=sftp@homeserver ansible_connection=sshjail
bastion ansible_ssh_host=bastion@homeserver ansible_connection=sshjail
certificate ansible_ssh_host=certificate@homeserver ansible_connection=sshjail
momlaptop ansible_ssh_host=momlaptop@homeserver ansible_connection=sshjail

25
ansible/environments/laptop/group_vars/all
View File

@ -1,28 +1,3 @@
timezone: "America/New_York" timezone: "America/New_York"
install_bluetooth: true install_bluetooth: true
emacs_flavor: "full" emacs_flavor: "full"
ssh_hosts:
- name: poudriere
proxy_jump: talexander@mrmanager
host_name: 10.215.1.203
- name: controller0
proxy_jump: talexander@mrmanager
host_name: 10.215.1.204
- name: controller1
proxy_jump: talexander@mrmanager
host_name: 10.215.1.205
- name: controller2
proxy_jump: talexander@mrmanager
host_name: 10.215.1.206
- name: worker0
proxy_jump: talexander@mrmanager
host_name: 10.215.1.207
- name: worker1
proxy_jump: talexander@mrmanager
host_name: 10.215.1.208
- name: worker2
proxy_jump: talexander@mrmanager
host_name: 10.215.1.209
- name: brianai
proxy_jump: talexander@mrmanager
host_name: 10.215.1.215

43
ansible/environments/laptop/host_vars/odofreebsd
View File

@ -1,25 +1,25 @@
os_flavor: "freebsd" os_flavor: "freebsd"
custom_repo: "https://freebsdpkg.fizz.buzz/repo/currentznver4-default-framework" custom_repo: 13amd64-default-framework
pkgbase_url: "https://freebsdpkg.fizz.buzz/pkgbase/currentznver4-repo/FreeBSD:15:amd64/latest"
zfs_snapshot_datasets: zfs_snapshot_datasets:
- path: zroot/freebsd/current/be/default - path: zroot/freebsd/release/be/default
sshd_enabled: true sshd_enabled: true
sshd_conf: "sshd_config" sshd_conf: "sshd_config"
pf_config: "odofreebsd_pf.conf" pf_config: "odofreebsd_pf.conf"
pflog_conf: pflog_conf:
- name: 0 - name: 0
dev: pflog0 dev: pflog0
prefer_ipv6: true
dummynet_config: "dnctl.conf"
network_rc: "odofreebsd_network.conf" network_rc: "odofreebsd_network.conf"
rc_conf: "odofreebsd_rc.conf" rc_conf: "odofreebsd_rc.conf"
loader_conf: "odofreebsd_loader.conf" loader_conf: "odofreebsd_loader.conf"
install_graphics: true install_graphics: true
graphics_driver: "amd" graphics_driver: "intel"
cputype: "amd" cputype: "intel"
cpu_opt: skylake
hwpstate: true hwpstate: true
cores: 16 cores: 4
sound_system: "oss" build_user:
name: talexander
group: talexander
users: users:
talexander: talexander:
initialize: true initialize: true
@ -31,8 +31,6 @@ users:
- name: u2f - name: u2f
- name: operator # To be able to shutdown without root - name: operator # To be able to shutdown without root
- name: webcamd - name: webcamd
gid: 145
- name: realtime
authorized_keys: authorized_keys:
- yubikey - yubikey
- main_fido - main_fido
@ -40,18 +38,16 @@ users:
- homeassistant - homeassistant
gitconfig: "gitconfig_home" gitconfig: "gitconfig_home"
devfs_rules: "odo_devfs.rules" devfs_rules: "odo_devfs.rules"
jail_zfs_dataset: zroot/freebsd/current/jails jail_zfs_dataset: zroot/freebsd/release/jails
jail_zfs_dataset_mountpoint: /jail jail_zfs_dataset_mountpoint: /jail/main
jail_canmount: "on"
jail_list: jail_list:
- name: nat_dhcp - name: nat_dhcp
enabled: true enabled: true
conf: conf:
src: nat_dhcp src: nat_dhcp
bhyve_dataset: zroot/freebsd/current/vm bhyve_dataset: zroot/freebsd/release/vm
bhyve_bemount: off bhyve_list: []
# efi_dev: /dev/gpt/EFI efi_dev: /dev/gpt/EFI
efi_dev: /dev/diskid/DISK-SJB7N717610407Q0Hp1
sway_conf_files: sway_conf_files:
- launch_gpg - launch_gpg
wireguard_directory: odo wireguard_directory: odo
@ -59,10 +55,3 @@ enabled_wireguard:
- wgh - wgh
- drmario - drmario
- colo - colo
linfi:
enabled: true
zfs_dataset: zroot/freebsd/current/vm/linfi
zfs_mountpoint: /vm/linfi
driver_blocklist: "if_iwm if_iwlwifi"
pci_blocklist: "1/0/0"
amd: true

8
ansible/environments/laptop/host_vars/odolinux
View File

@ -16,13 +16,12 @@ users:
- backup_fido - backup_fido
- homeassistant - homeassistant
gitconfig: "gitconfig_home" gitconfig: "gitconfig_home"
periodic_scrub_pools: [zroot]
zfs_snapshot_datasets: zfs_snapshot_datasets:
# - zroot/linux/archmain/home # - zroot/linux/archmain/home
- path: zroot/linux/archmain/be - path: zroot/linux/archmain/be
- path: zroot/data/bridge/family_disks - path: zroot/data/bridge/family_disks
install_graphics: true install_graphics: true
graphics_driver: "amd" graphics_driver: "intel"
build_user: build_user:
name: talexander name: talexander
group: talexander group: talexander
@ -31,9 +30,10 @@ enabled_wireguard:
- wgh - wgh
- drmario - drmario
- colo - colo
cputype: "amd" cputype: "intel"
hwpstate: true hwpstate: true
cores: 16 cores: 4
sway_conf_files: sway_conf_files:
- rofimoji - rofimoji
docker_storage_driver: overlay2 # alternatively zfs docker_storage_driver: overlay2 # alternatively zfs
docker_zfs_dataset: zroot/linux/archmain/docker

22
ansible/environments/laptop/host_vars/odowork → ansible/environments/laptop/host_vars/pixellinux
View File

@ -1,6 +1,4 @@
os_flavor: "linux" os_flavor: "linux"
hostname: odowork
etc_hosts: {}
users: users:
talexander: talexander:
initialize: true initialize: true
@ -16,22 +14,22 @@ users:
- yubikey - yubikey
- main_fido - main_fido
- backup_fido - backup_fido
gitconfig: "gitconfig_work" - homeassistant
periodic_scrub_pools: [zroot] gitconfig: "gitconfig_home"
zfs_snapshot_datasets: zfs_snapshot_datasets:
- path: zroot/linux/archwork/be - path: zroot/linux/archmain/be
install_graphics: true install_graphics: true
graphics_driver: "amd" graphics_driver: "intel"
pgp_key: "gpg_work.asc"
build_user: build_user:
name: talexander name: talexander
group: talexander group: talexander
# wireguard_directory: odowork wireguard_directory: pixel
# enabled_wireguard: [] enabled_wireguard:
cputype: "amd" - wgh
cputype: "intel"
hwpstate: true hwpstate: true
cores: 16 cores: 4
sway_conf_files: sway_conf_files:
- rofimoji - rofimoji
docker_storage_driver: overlay2 # alternatively zfs docker_storage_driver: overlay2 # alternatively zfs
closed_source_vscode: true docker_zfs_dataset: zroot/linux/archmain/docker

2
ansible/environments/laptop/hosts
View File

@ -1,4 +1,4 @@
[gui] [gui]
odolinux ansible_connection=local ansible_host=127.0.0.1 odolinux ansible_connection=local ansible_host=127.0.0.1
odofreebsd ansible_connection=local ansible_host=127.0.0.1 odofreebsd ansible_connection=local ansible_host=127.0.0.1
odowork ansible_connection=local ansible_host=127.0.0.1 pixellinux ansible_connection=local ansible_host=127.0.0.1

5
ansible/environments/vm/host_vars/freebsdupdatemrmanager Normal file
View File

@ -0,0 +1,5 @@
os_flavor: "freebsd"
cpu_opt: skylake
build_user:
name: root
group: wheel

33
ansible/environments/vm/host_vars/poudrieremrmanager
View File

@ -1,30 +1,13 @@
os_flavor: "freebsd" os_flavor: "freebsd"
sshd_enabled: true
custom_repo: "file:///usr/local/poudriere/data/packages/currentznver4-default-framework"
pkgbase_url: "file:///usr/local/poudriere/data/images/currentznver4-repo/FreeBSD:15:amd64/latest"
poudriere_builds: poudriere_builds:
# - jail: 13amd64 - jail: 13amd64
# ports: default
# set: framework
# version: 13.2-RELEASE
- jail: currentznver4
ports: default ports: default
set: framework set: framework
version: CURRENT version: 13.2-RELEASE
# revision: 66d37dbedfbf2dc94ccf49e6983c3652d5909b91 # - jail: current
kernel: CUSTOM
branch: main
srcconf: currentznver4_src.conf
# - jail: 14broadwell
# ports: default # ports: default
# set: computer # set: framework
# version: 14.0-RELEASE # version: CURRENT
# kernel: GENERIC # revision: af01b4722577903f91acc44f01bdcb8cdb2d65ad
# srcconf: 14broadwell_src.conf # kernel: CUSTOM
- jail: 14broadwell # branch: main
ports: default
set: computer
version: CURRENT
kernel: CUSTOM
branch: releng/14.1
srcconf: 14broadwell_src.conf

5
ansible/environments/vm/hosts
View File

@ -1,8 +1,13 @@
[vm] [vm]
poudriereodo ansible_user=builder ansible_host=10.213.177.12 poudriereodo ansible_user=builder ansible_host=10.213.177.12
poudrieremrmanager ansible_user=root ansible_host=poudriere poudrieremrmanager ansible_user=root ansible_host=poudriere
freebsdupdatemrmanager ansible_user=root ansible_host=freebsdupdate
# #
# Put in ~/.ssh/config # Put in ~/.ssh/config
# Host poudriere # Host poudriere
# ProxyJump talexander@mrmanager # ProxyJump talexander@mrmanager
# HostName 10.215.1.203 # HostName 10.215.1.203
#
# Host freebsdupdate
# ProxyJump talexander@mrmanager
# HostName 10.215.1.213

70
ansible/playbook.yaml
View File

@ -27,7 +27,6 @@
- sway - sway
- emacs - emacs
- firefox - firefox
- chromium
- devfs - devfs
- ssh_client - ssh_client
- sshfs - sshfs
@ -43,9 +42,9 @@
- ansible - ansible
- wireguard - wireguard
- portshaker - portshaker
- poudriere
- android - android
- latex - latex
- python
- pyenv - pyenv
- webcam - webcam
- docker - docker
@ -53,9 +52,7 @@
- javascript - javascript
- launch_keyboard - launch_keyboard
- lvfs - lvfs
# - restaurant_health_rating - restaurant_health_rating
- wasm
- noise_suppression
- hosts: nat_dhcp:homeserver_nat_dhcp:mrmanager_nat_dhcp - hosts: nat_dhcp:homeserver_nat_dhcp:mrmanager_nat_dhcp
vars: vars:
@ -68,15 +65,11 @@
ansible_become: True ansible_become: True
roles: roles:
- sudo # for poudboot script - sudo # for poudboot script
- doas
- fstab - fstab
- package_manager
- zsh
- termcap
- sshd
- portshaker - portshaker
- poudriere - poudriere
- poudrierenginx - poudrierenginx
- freebsd_update_server
- hosts: mrmanager - hosts: mrmanager
vars: vars:
@ -122,47 +115,36 @@
- users - users
- public_dns - public_dns
- hosts: odolinux:odofreebsd:odowork - hosts: odolinux:odofreebsd
vars: vars:
ansible_become: True ansible_become: True
roles: roles:
- linfi
- framework_laptop - framework_laptop
- hosts: pixellinux
vars:
ansible_become: True
roles:
- pixelbook
- hosts: odofreebsd
vars:
ansible_become: True
roles:
- freebsd_update_server
- hosts: freebsdupdatemrmanager
vars:
ansible_become: True
roles:
- sudo # for poudboot script
- doas
- fstab
- build
- freebsd_update_server
- hosts: homeserver - hosts: homeserver
vars: vars:
ansible_become: True ansible_become: True
roles: roles:
- linfi
- homeserver - homeserver
- hosts: odowork
vars:
ansible_become: True
roles:
- odowork
- hosts: sftp
vars:
ansible_become: True
roles:
- users
- sftp
- hosts: bastion
vars:
ansible_become: True
roles:
- jail_bastion
- hosts: certificate
vars:
ansible_become: True
roles:
- jail_certificate
- hosts: momlaptop
vars:
ansible_become: True
roles:
- jail_momlaptop

44
ansible/roles/alacritty/files/alacritty.toml
View File

@ -1,44 +0,0 @@
[colors]
draw_bold_text_with_bright_colors = true
indexed_colors = []
[colors.bright]
black = "0x666666"
blue = "0x7aa6da"
cyan = "0x54ced6"
green = "0x9ec400"
magenta = "0xb77ee0"
red = "0xff3334"
white = "0xffffff"
yellow = "0xe7c547"
[colors.normal]
black = "0x000000"
blue = "0x7aa6da"
cyan = "0x70c0ba"
green = "0xb9ca4a"
magenta = "0xc397d8"
red = "0xd54e53"
white = "0xeaeaea"
yellow = "0xe6c547"
[colors.primary]
background = "0x000000"
foreground = "0xeaeaea"
[font]
size = 11.0
[[hints.enabled]]
command = "xdg-open"
post_processing = true
regex = "(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\u0000-\u001F\u007F-Ÿ<>\"\\s{-}\\^⟨⟩`]+"
[hints.enabled.mouse]
enabled = false
mods = "None"
[scrolling]
history = 10000
# Lines moved per scroll.
multiplier = 3

103
ansible/roles/alacritty/files/alacritty.yml Normal file
View File

@ -0,0 +1,103 @@
# If `true`, bold text is drawn using the bright color variants.
draw_bold_text_with_bright_colors: true
colors:
# Default colors
primary:
background: "0x000000"
foreground: "0xeaeaea"
# Bright and dim foreground colors
#
# The dimmed foreground color is calculated automatically if it is not present.
# If the bright foreground color is not set, or `draw_bold_text_with_bright_colors`
# is `false`, the normal foreground color will be used.
#dim_foreground: '0x9a9a9a'
#bright_foreground: '0xffffff'
# Cursor colors
#
# Colors which should be used to draw the terminal cursor. If these are unset,
# the cursor color will be the inverse of the cell color.
#cursor:
# text: '0x000000'
# cursor: '0xffffff'
# Selection colors
#
# Colors which should be used to draw the selection area. If selection
# background is unset, selection color will be the inverse of the cell colors.
# If only text is unset the cell text color will remain the same.
#selection:
# text: '0xeaeaea'
# background: '0x404040'
# Normal colors
normal:
black: "0x000000"
red: "0xd54e53"
green: "0xb9ca4a"
yellow: "0xe6c547"
blue: "0x7aa6da"
magenta: "0xc397d8"
cyan: "0x70c0ba"
white: "0xeaeaea"
# Bright colors
bright:
black: "0x666666"
red: "0xff3334"
green: "0x9ec400"
yellow: "0xe7c547"
blue: "0x7aa6da"
magenta: "0xb77ee0"
cyan: "0x54ced6"
white: "0xffffff"
# Dim colors
#
# If the dim colors are not set, they will be calculated automatically based
# on the `normal` colors.
#dim:
# black: '0x000000'
# red: '0x8c3336'
# green: '0x7a8530'
# yellow: '0x97822e'
# blue: '0x506d8f'
# magenta: '0x80638e'
# cyan: '0x497e7a'
# white: '0x9a9a9a'
# Indexed Colors
#
# The indexed colors include all colors from 16 to 256.
# When these are not set, they're filled with sensible defaults.
#
# Example:
# `- { index: 16, color: '0xff00ff' }`
#
indexed_colors: []
scrolling:
# Maximum number of lines in the scrollback buffer.
# Specifying '0' will disable scrolling.
history: 10000
# Number of lines the viewport will move for every line scrolled when
# scrollback is enabled (history > 0).
multiplier: 3
font:
size: 11.0
hints:
enabled:
# Disable opening links when clicked
- regex:
"(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)\
[^\u0000-\u001F\u007F-\u009F<>\"\\s{-}\\^⟨⟩`]+"
command: xdg-open
post_processing: true
mouse:
enabled: false
mods: None

4
ansible/roles/alacritty/tasks/peruser.yaml
View File

@ -19,8 +19,8 @@
owner: "{{ account_name.stdout }}" owner: "{{ account_name.stdout }}"
group: "{{ group_name.stdout }}" group: "{{ group_name.stdout }}"
loop: loop:
- src: alacritty.toml - src: alacritty.yml
dest: .config/alacritty/alacritty.toml dest: .config/alacritty/alacritty.yml
- import_tasks: tasks/peruser_freebsd.yaml - import_tasks: tasks/peruser_freebsd.yaml
when: 'os_flavor == "freebsd"' when: 'os_flavor == "freebsd"'

4
ansible/roles/android/tasks/linux.yaml
View File

@ -13,12 +13,10 @@
# name: [] # name: []
# state: present # state: present
# update_cache: true # update_cache: true
- name: Install packages - name: Install packages
package: package:
name: name:
- gvfs - gvfs
- gvfs-mtp - gvfs-mtp
- android-udev # Access android over USB without root.
- android-tools # For fastboot to flash phones.
state: present state: present

2
ansible/roles/ansible/tasks/freebsd.yaml
View File

@ -1,6 +1,6 @@
- name: Install packages - name: Install packages
package: package:
name: name:
- py311-ansible - py39-ansible
- ansible-sshjail - ansible-sshjail
state: present state: present

24
ansible/roles/base/files/alacritty.termcap Normal file
View File

@ -0,0 +1,24 @@
# Reconstructed via infocmp from file: /usr/share/terminfo/a/alacritty
# (untranslatable capabilities removed to fit entry within 1023 bytes)
# (sgr removed to fit entry within 1023 bytes)
# (acsc removed to fit entry within 1023 bytes)
# (terminfo-only capabilities suppressed to fit entry within 1023 bytes)
alacritty|alacritty terminal emulator:\
:am:bs:hs:mi:ms:xn:\
:co#80:it#8:li#24:\
:AL=\E[%dL:DC=\E[%dP:DL=\E[%dM:DO=\E[%dB:IC=\E[%d@:\
:K2=\EOE:LE=\E[%dD:RI=\E[%dC:SF=\E[%dS:SR=\E[%dT:\
:UP=\E[%dA:ae=\E(B:al=\E[L:as=\E(0:bl=^G:bt=\E[Z:cd=\E[J:\
:ce=\E[K:cl=\E[H\E[2J:cm=\E[%i%d;%dH:cr=\r:\
:cs=\E[%i%d;%dr:ct=\E[3g:dc=\E[P:dl=\E[M:do=\n:\
:ds=\E]2;\007:ec=\E[%dX:ei=\E[4l:fs=^G:ho=\E[H:im=\E[4h:\
:is=\E[!p\E[?3;4l\E[4l\E>:k1=\EOP:k2=\EOQ:k3=\EOR:\
:k4=\EOS:k5=\E[15~:k6=\E[17~:k7=\E[18~:k8=\E[19~:\
:k9=\E[20~:kD=\E[3~:kI=\E[2~:kN=\E[6~:kP=\E[5~:kb=\177:\
:kd=\EOB:ke=\E[?1l\E>:kh=\EOH:kl=\EOD:kr=\EOC:\
:ks=\E[?1h\E=:ku=\EOA:le=^H:mb=\E[5m:md=\E[1m:me=\E[0m:\
:mh=\E[2m:mm=\E[?1034h:mo=\E[?1034l:mr=\E[7m:nd=\E[C:\
:rc=\E8:sc=\E7:se=\E[27m:sf=\n:so=\E[7m:sr=\EM:st=\EH:ta=^I:\
:te=\E[?1049l\E[23;0;0t:ti=\E[?1049h\E[22;0;0t:\
:ts=\E]2;:ue=\E[24m:up=\E[A:us=\E[4m:vb=\E[?5h\E[?5l:\
:ve=\E[?12l\E[?25h:vi=\E[?25l:vs=\E[?12;25h:

1
ansible/roles/base/files/bbr_loader.conf
View File

@ -1 +0,0 @@
tcp_bbr_load="YES"

1
ansible/roles/base/files/cleartmp_rc.conf
View File

@ -1 +0,0 @@
clear_tmp_enable="YES"

8
ansible/roles/base/files/decode_jwt.bash
View File

@ -1,8 +0,0 @@
#!/usr/bin/env bash
#
# Decode the contents of a JWT
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec jq -R 'split(".") | .[0],.[1] | gsub("-"; "+") | gsub("_"; "/") | gsub("%3D"; "=")| @base64d | fromjson'

8
ansible/roles/base/files/disk_labels_loader.conf
View File

@ -1,12 +1,8 @@
# Populates the /dev/diskid # Disabling both of these will make /dev/gpt/* populated
kern.geom.label.disk_ident.enable="1"
# Populates /dev/gpt but only if kern.geom.label.disk_ident.enable is disabled.
# #
# This uses gpt partition labels which you can set with: # This uses gpt partition labels which you can set with:
# #
# gpart modify -l EFI -i 1 nvd0 # gpart modify -l EFI -i 1 nvd0
# kern.geom.label.disk_ident.enable="0"
# kern.geom.label.gptid.enable="1" # kern.geom.label.gptid.enable="1"

38
ansible/roles/base/files/gitconfig_home
View File

@ -1,54 +1,20 @@
[user] [user]
email = tom@fizz.buzz email = tom@fizz.buzz
name = Tom Alexander name = Tom Alexander
signingkey = 36C99E8B3C39D85F signingkey = D3A179C9A53C0EDE
[push] [push]
default = simple # (default since 2.0) default = simple
[alias] [alias]
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]
gpgsign = true gpgsign = true
verbose = true
[pull] [pull]
rebase = true rebase = true
[log] [log]
date = local date = local
[init] [init]
defaultBranch = main defaultBranch = main
[diff]
tool = meld # Use meld for `git difftool` and `git mergetool`
algorithm = histogram
colorMoved = plain
mnemonicPrefix = true
renames = true
[difftool]
prompt = false
[difftool "meld"]
cmd = meld "$LOCAL" "$REMOTE"
[merge]
tool = meld
conflictStyle = zdiff3
[mergetool "meld"]
# Make the middle pane start with partially-merged contents:
cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
# Make the middle pane start without any merge progress:
# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
[column]
ui = auto
[branch]
sort = -committerdate
[tag]
sort = version:refname
[fetch]
prune = true
pruneTags = true
all = true
[rebase]
autoSquash = true
autoStash = true
updateRefs = false

58
ansible/roles/base/files/gitconfig_work
View File

@ -1,58 +0,0 @@
[user]
email = ThomasA.Alexander@hmhn.org
name = Tom Alexander
signingkey = 36C99E8B3C39D85F
[push]
default = simple # (default since 2.0)
[alias]
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core]
excludesfile = ~/.gitignore_global
[commit]
gpgsign = true
verbose = true
[pull]
rebase = true
[log]
date = local
[init]
defaultBranch = main
[diff]
tool = meld # Use meld for `git difftool` and `git mergetool`
algorithm = histogram
colorMoved = plain
mnemonicPrefix = true
renames = true
[difftool]
prompt = false
[difftool "meld"]
cmd = meld "$LOCAL" "$REMOTE"
[merge]
tool = meld
conflictStyle = zdiff3
[mergetool "meld"]
# Make the middle pane start with partially-merged contents:
cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
# Make the middle pane start without any merge progress:
# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
[includeIf "gitdir:/bridge/"]
path = /bridge/git/machine_setup/ansible/roles/base/files/gitconfig_home
[includeIf "gitdir:/persist/"]
path = /bridge/git/machine_setup/ansible/roles/base/files/gitconfig_home
[column]
ui = auto
[branch]
sort = -committerdate
[tag]
sort = version:refname
[fetch]
prune = true
pruneTags = true
all = true
[rebase]
autoSquash = true
autoStash = true
updateRefs = false

5
ansible/roles/base/files/gitignore_global
View File

@ -1,8 +1,3 @@
.idea .idea
.python-version .python-version
# Emacs per-directory settings
.dir-locals.el .dir-locals.el
# C/C++ Language Server compile commands
compile_commands.json

2
ansible/roles/base/files/homeserver_loader.conf
View File

@ -1,3 +1,5 @@
security.bsd.allow_destructive_dtrace=0 security.bsd.allow_destructive_dtrace=0
kern.geom.label.disk_ident.enable="0"
kern.geom.label.gptid.enable="0"
cryptodev_load="YES" cryptodev_load="YES"
zfs_load="YES" zfs_load="YES"

3
ansible/roles/base/files/login.conf
View File

@ -32,7 +32,7 @@ default:\
:cputime=unlimited:\ :cputime=unlimited:\
:datasize=unlimited:\ :datasize=unlimited:\
:stacksize=unlimited:\ :stacksize=unlimited:\
:memorylocked=128M:\ :memorylocked=64K:\
:memoryuse=unlimited:\ :memoryuse=unlimited:\
:filesize=unlimited:\ :filesize=unlimited:\
:coredumpsize=unlimited:\ :coredumpsize=unlimited:\
@ -44,7 +44,6 @@ default:\
:pseudoterminals=unlimited:\ :pseudoterminals=unlimited:\
:kqueues=unlimited:\ :kqueues=unlimited:\
:umtxp=unlimited:\ :umtxp=unlimited:\
:pipebuf=unlimited:\
:priority=0:\ :priority=0:\
:ignoretime@:\ :ignoretime@:\
:umask=022:\ :umask=022:\

3
ansible/roles/base/files/odofreebsd_loader.conf
View File

@ -1,3 +1,6 @@
security.bsd.allow_destructive_dtrace=0 security.bsd.allow_destructive_dtrace=0
kern.geom.label.disk_ident.enable="0"
kern.geom.label.gptid.enable="0"
cryptodev_load="YES" cryptodev_load="YES"
zfs_load="YES" zfs_load="YES"

2
ansible/roles/base/files/odofreebsd_rc.conf
View File

@ -1,6 +1,8 @@
clear_tmp_enable="YES"
syslogd_flags="-ss" syslogd_flags="-ss"
sendmail_enable="NONE" sendmail_enable="NONE"
hostname="odo" hostname="odo"
sshd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO" dumpdev="NO"
zfs_enable="YES" zfs_enable="YES"

2
ansible/roles/base/files/tmux.conf
View File

@ -1,4 +1,4 @@
# set-option -g mouse on set-option -g mouse on
set-option -g history-limit 20000 set-option -g history-limit 20000
# set -g @plugin 'tmux-plugins/tmux-yank' # set -g @plugin 'tmux-plugins/tmux-yank'
# Emacs style # Emacs style

2
ansible/roles/base/files/watch_freebsd
View File

@ -10,7 +10,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
function cleanup { function cleanup {
switch_to_main_screen switch_to_main_screen
} }
for sig in EXIT; do for sig in EXIT INT QUIT HUP TERM; do
trap "set +e; cleanup; exit" "$sig" trap "set +e; cleanup; exit" "$sig"
done done

1
ansible/roles/base/meta/main.yaml
View File

@ -1,3 +1,2 @@
dependencies: dependencies:
- fstab - fstab
- termcap

19
ansible/roles/base/tasks/common.yaml
View File

@ -16,19 +16,20 @@
- wget - wget
- colordiff - colordiff
- ipcalc - ipcalc
- kdiff3
- tcpdump - tcpdump
- moreutils # for ts [%Y-%m-%d %H:%M:%.S] - moreutils # for ts [%Y-%m-%d %H:%M:%.S]
- ddrescue - ddrescue
- dmidecode
state: present state: present
- name: Install packages - name: Set timezone
when: install_graphics file:
package: src: "/usr/share/zoneinfo/{{ timezone|default('UTC') }}"
name: dest: /etc/localtime
- kdiff3 owner: root
- meld # TODO: Arch Linux is changing the group to root instead of wheel. Maybe make this a variable?
state: present group: wheel
state: link
- name: Install scripts - name: Install scripts
copy: copy:
@ -48,8 +49,6 @@
dest: /usr/local/bin/cleanup_temporary_files dest: /usr/local/bin/cleanup_temporary_files
- src: git_fix_author.bash - src: git_fix_author.bash
dest: /usr/local/bin/git_fix_author dest: /usr/local/bin/git_fix_author
- src: decode_jwt.bash
dest: /usr/local/bin/decode_jwt
- import_tasks: tasks/freebsd.yaml - import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"' when: 'os_flavor == "freebsd"'

113
ansible/roles/base/tasks/freebsd.yaml
View File

@ -1,11 +1,3 @@
- name: Set timezone
file:
src: "/usr/share/zoneinfo/{{ timezone|default('UTC') }}"
dest: /etc/localtime
owner: root
group: wheel
state: link
- name: Install packages - name: Install packages
package: package:
name: name:
@ -13,18 +5,29 @@
- gsed - gsed
- gmake - gmake
- rust-coreutils - rust-coreutils
- shuf
state: present state: present
- name: Install service configuration - name: See if the alacritty termcap has been added
copy: lineinfile:
src: "files/{{ item }}_rc.conf" name: /usr/share/misc/termcap
dest: "/etc/rc.conf.d/{{ item }}" regexp: |-
mode: 0644 ^alacritty\|
owner: root state: absent
group: wheel check_mode: yes
loop: changed_when: false
- cleartmp register: alacritty_cap
- name: Append alacritty termcap info
blockinfile:
path: /usr/share/misc/termcap
block: "{{ lookup('file', 'alacritty.termcap') }}"
marker: "# {mark} ANSIBLE MANAGED BLOCK alacritty"
when: not alacritty_cap.found
register: wrote_alacritty_cap
- name: Update cap_mkdb
command: cap_mkdb /usr/share/misc/termcap
when: wrote_alacritty_cap.changed
- name: Install login.conf - name: Install login.conf
copy: copy:
@ -39,6 +42,18 @@
command: cap_mkdb /etc/login.conf command: cap_mkdb /etc/login.conf
when: login_config.changed when: login_config.changed
- name: Enable periodic scrub
community.general.sysrc:
name: daily_scrub_zfs_enable
value: "YES"
path: /etc/periodic.conf.local
- name: Set scrub interval
community.general.sysrc:
name: daily_scrub_zfs_default_threshold
value: "7"
path: /etc/periodic.conf.local
- name: Install loader.conf - name: Install loader.conf
copy: copy:
src: "{{loader_conf}}" src: "{{loader_conf}}"
@ -108,65 +123,3 @@
group: wheel group: wheel
loop: loop:
- disk_labels - disk_labels
- name: Configure sysctls
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
state: present
reload: false
sysctl_file: "/etc/sysctl.conf.local"
loop:
# Adjust ttl
- name: net.inet.ip.ttl
value: 65
- name: net.inet6.ip6.hlim
value: 65
- name: Log periodic output instead of getting it as mail
blockinfile:
path: "/etc/periodic.conf.local"
marker: "# {mark} ANSIBLE MANAGED BLOCK log"
# create: true
mode: 0644
owner: root
group: wheel
block: |
daily_output=/var/log/daily.log
weekly_output=/var/log/weekly.log
monthly_output=/var/log/monthly.log
- name: Enable periodic zfs scrub
when: install_zfs
blockinfile:
path: "/etc/periodic.conf.local"
marker: "# {mark} ANSIBLE MANAGED BLOCK zfs"
# create: true
mode: 0644
owner: root
group: wheel
block: |
daily_scrub_zfs_enable="YES"
daily_scrub_zfs_default_threshold="7"
# Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
- name: Install loader.conf
copy:
src: "files/{{ item }}_loader.conf"
dest: "/boot/loader.conf.d/{{ item }}.conf"
mode: 0644
owner: root
group: wheel
loop:
- bbr
- name: Configure sysctls
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
state: present
reload: false
sysctl_file: "/etc/sysctl.conf.local"
loop:
- name: net.inet.tcp.functions_default
value: "bbr"

59
ansible/roles/base/tasks/linux.yaml
View File

@ -1,11 +1,3 @@
- name: Set timezone
file:
src: "/usr/share/zoneinfo/{{ timezone|default('UTC') }}"
dest: /etc/localtime
owner: root
group: root
state: link
- name: Install packages - name: Install packages
package: package:
name: name:
@ -16,8 +8,6 @@
- man-db - man-db
- uutils-coreutils - uutils-coreutils
- usbutils # for lsusb - usbutils # for lsusb
- bolt
- whois
state: present state: present
- name: Start pkgfile update service - name: Start pkgfile update service
@ -27,6 +17,17 @@
daemon_reload: yes daemon_reload: yes
enabled: yes enabled: yes
# Of questionable value since I don't use swap on my machines
- name: Configure sysctls for swap
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
state: present
sysctl_file: /etc/sysctl.d/swap.conf
loop:
- name: vm.swappiness
value: 10
- name: Install scripts - name: Install scripts
copy: copy:
src: "files/{{ item.src }}" src: "files/{{ item.src }}"
@ -39,41 +40,3 @@
dest: /usr/local/bin/mount_disk_image dest: /usr/local/bin/mount_disk_image
- src: watch_linux - src: watch_linux
dest: /usr/local/bin/ww dest: /usr/local/bin/ww
- name: Configure sysctls
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
state: present
sysctl_file: /etc/sysctl.d/{{ item.file }}
loop:
# Of questionable value since I don't use swap on my machines
- name: vm.swappiness
value: 10
file: swap.conf
# Enable TCP packetization-layer PMTUD when an ICMP black hole is detected.
- name: net.ipv4.tcp_mtu_probing
value: 1
file: tcp.conf
# Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
- name: net.ipv4.tcp_congestion_control
value: bbr
file: tcp.conf
# Don't do a slow start after a connection has been idle for a single RTO.
- name: net.ipv4.tcp_slow_start_after_idle
value: 0
file: tcp.conf
# 3x time to accumulate filesystem changes before flushing to disk.
- name: vm.dirty_writeback_centisecs
value: 1500
file: power.conf
# Adjust ttl
- name: net.ipv4.ip_default_ttl
value: 65
file: ttl.conf
- name: net.ipv6.conf.all.hop_limit
value: 65
file: ttl.conf
- name: net.ipv6.conf.default.hop_limit
value: 65
file: ttl.conf

1
ansible/roles/bhyve/defaults/main.yaml
View File

@ -1 +1,2 @@
bhyve_mountpoint: "/vm" bhyve_mountpoint: "/vm"
bhyve_list: []

24
ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
View File

@ -30,8 +30,6 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${BRIDGE_NAME:="bridge_$INTERFACE_NAME"} # or bridge_raw for RAW networks : ${BRIDGE_NAME:="bridge_$INTERFACE_NAME"} # or bridge_raw for RAW networks
: ${VNC_ENABLE:="NO"} : ${VNC_ENABLE:="NO"}
: ${VNC_LISTEN:="127.0.0.1:5900"} : ${VNC_LISTEN:="127.0.0.1:5900"}
: ${VNC_WIDTH:="1920"}
: ${VNC_HEIGHT:="1080"}
if [ "$VERBOSE" = "YES" ]; then if [ "$VERBOSE" = "YES" ]; then
set -x set -x
@ -47,7 +45,7 @@ function cleanup {
done done
} }
vms=() vms=()
for sig in EXIT; do for sig in EXIT INT QUIT HUP TERM; do
trap "set +e; sleep 10; cleanup" "$sig" trap "set +e; sleep 10; cleanup" "$sig"
done done
@ -76,6 +74,13 @@ function main {
fi fi
} }
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function create_disk { function create_disk {
local zfs_path="$1" local zfs_path="$1"
local mount_path="$2" local mount_path="$2"
@ -107,8 +112,7 @@ function start_vm {
local bridge_name="$BRIDGE_NAME" local bridge_name="$BRIDGE_NAME"
local ip_range="$IP_RANGE" # for raw this value does not matter local ip_range="$IP_RANGE" # for raw this value does not matter
local mac_address local mac_address=$(calculate_mac_address "$name")
mac_address=$(calculate_mac_address "$name")
local additional_args=() local additional_args=()
@ -143,7 +147,7 @@ function start_vm {
additional_args+=("-s" "5,ahci-cd,$mount_cd") additional_args+=("-s" "5,ahci-cd,$mount_cd")
fi fi
if [ "$VNC_ENABLE" = "YES" ]; then if [ "$VNC_ENABLE" = "YES" ]; then
additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=$VNC_WIDTH,h=$VNC_HEIGHT") additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=1920,h=1080")
fi fi
vms+=("$name") vms+=("$name")
while true; do while true; do
@ -153,10 +157,7 @@ function start_vm {
-D \ -D \
-c $CPU_CORES \ -c $CPU_CORES \
-m $MEMORY \ -m $MEMORY \
-S \
-H \ -H \
-P \
-o 'rtc.use_localtime=false' \
-s 0,hostbridge \ -s 0,hostbridge \
-s "4,nvme,/dev/zvol/${zfs_path}/disk0" \ -s "4,nvme,/dev/zvol/${zfs_path}/disk0" \
-s 30,xhci,tablet \ -s 30,xhci,tablet \
@ -217,7 +218,7 @@ EOF
mkpeer ${host_interface_name}: bridge ether link0 mkpeer ${host_interface_name}: bridge ether link0
name ${host_interface_name}:ether $bridge_name name ${host_interface_name}:ether $bridge_name
EOF EOF
ifconfig "$(ngctl msg "${host_interface_name}:" getifname | grep Args | cut -d '"' -f 2)" name "${host_interface_name}" "$ip_range" up ifconfig $(ngctl msg "${host_interface_name}:" getifname | grep Args | cut -d '"' -f 2) name "${host_interface_name}" "$ip_range" up
fi fi
} }
@ -251,8 +252,7 @@ function ng_exists {
function calculate_mac_address { function calculate_mac_address {
local name="$1" local name="$1"
local source local source=$(md5 -r -s "$name" | awk '{print $1}')
source=$(md5 -r -s "$name" | awk '{print $1}')
echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}" echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
} }

464
ansible/roles/bhyve/files/bhyverc.bash
View File

@ -1,464 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# Share a host directory to the guest via 9pfs.
#
# Inside the VM run:
# mount -t virtfs -o trans=virtio sharename /some/vm/path
# mount -t 9p -o cache=mmap -o msize=512000 sharename /mnt/9p
# mount -t 9p -o trans=virtio,cache=mmap,msize=512000 bind9p /path/to/mountpoint
# bhyve_options="-s 28,virtio-9p,sharename=/"
# Enable Sound
# bhyve_options="-s 16,hda,play=/dev/dsp,rec=/dev/dsp"
# Example usage:
#
# doas bhyverc create-disk zdata/vm/poudriere /vm/poudriere 10
# doas bhyverc start poudriere zdata/vm/poudriere /vm/poudriere /vm/iso/FreeBSD-13.2-RELEASE-amd64-bootonly.iso
# doas bhyverc start poudriere zdata/vm/poudriere /vm/poudriere
: ${VERBOSE:="NO"} # or YES
if [ "$VERBOSE" = "YES" ]; then
set -x
fi
: ${CPU_CORES:="1"}
: ${MEMORY:="1G"}
: ${NETWORK:="NAT"} # or RAW or BOTH
: ${IP_RANGE:="10.215.1.1/24"} # Ignored for RAW networks
: ${INTERFACE_NAME:="jail_nat"} # or the external interface like lagg0 for RAW networks
: ${BRIDGE_NAME:="bridge_$INTERFACE_NAME"} # or bridge_raw for RAW networks
: ${VNC_ENABLE:="NO"}
: ${VNC_LISTEN:="127.0.0.1:5900"}
: ${VNC_WIDTH:="1920"}
: ${VNC_HEIGHT:="1080"}
: ${BIND9P:=""}
: ${PREVENT_OOM:="NO"}
: "${CD:=}"
: ${SHUTDOWN_TIMEOUT:="600"} # 10 minutes
############## Setup #########################
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function log {
(>&2 echo "${@}")
}
############## Program #########################
function main {
local cmd
cmd=$1
shift
if [ "$cmd" = "start" ]; then
init
start "${@}"
elif [ "$cmd" = "stop" ]; then
init
stop "${@}"
elif [ "$cmd" = "status" ]; then
init
status "${@}"
elif [ "$cmd" = "console" ]; then
init
console "${@}"
elif [ "$cmd" = "_start_body" ]; then
init
start_body "${@}"
elif [ "$cmd" = "create-disk" ]; then
create_disk "${@}"
else
(>&2 echo "Unknown command: $cmd")
exit 1
fi
}
function start {
local num_vms="$#"
if [ "$num_vms" -eq 0 ]; then
log "No VMs specified."
return 0
fi
while [ "$#" -gt 0 ]; do
local name="$1"
shift 1
log "Starting VM $name."
start_one "$name"
[ "$#" -eq 0 ] || sleep 5
done
}
function start_one {
local name="$1"
local tmux_name="$name"
/usr/local/bin/tmux new-session -d -s "$tmux_name" "$0" "_start_body" "$name"
# /usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=NO VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /home/talexander/launch_opnsense.bash"
}
function launch_pidfile {
local pidfile="$1"
shift 1
mkdir -p "$(dirname "$pidfile")"
cat > "${pidfile}" <<< "$$"
set -x
exec "${@}"
}
export -f launch_pidfile
function stop {
local num_vms="$#"
if [ "$num_vms" -eq 0 ]; then
log "No VMs specified."
return 0
fi
while [ "$#" -gt 0 ]; do
local name="$1"
shift 1
log "Stopping VM $name."
stop_one "$name"
[ "$#" -eq 0 ] || sleep 5
done
}
function stop_one {
local name="$1"
local pidfile="/run/bhyverc/${name}/pid"
if [ ! -e "$pidfile" ]; then
log "Pid file $pidfile does not exist."
return 0
fi
local bhyve_pid
bhyve_pid=$(cat "$pidfile")
if ps -p "$bhyve_pid" >/dev/null; then
# Send ACPI shutdown command
log "Sending ACPI shutdown to ${name}:${bhyve_pid}."
kill -SIGTERM "$bhyve_pid"
fi
local timeout_start timeout_end
timeout_start=$(date +%s)
while ps -p "$bhyve_pid" >/dev/null; do
timeout_end=$(date +%s)
if [ $((timeout_end-timeout_start)) -ge "$SHUTDOWN_TIMEOUT" ]; then
log "${name}:${bhyve_pid} took more than $SHUTDOWN_TIMEOUT seconds to shut down. Hard powering down."
break
fi
log "Waiting for ${name}:${bhyve_pid} to exit."
sleep 2
done
bhyvectl "--vm=$name" --destroy || true
local timeout_start timeout_end
timeout_start=$(date +%s)
while ps -p "$bhyve_pid" >/dev/null; do
timeout_end=$(date +%s)
if [ $((timeout_end-timeout_start)) -ge "$SHUTDOWN_TIMEOUT" ]; then
log "${name}:${bhyve_pid} took more than $SHUTDOWN_TIMEOUT seconds to hard power down. Giving up."
break
fi
log "Waiting for ${name}:${bhyve_pid} to hard power down."
sleep 2
done
rm -f "$pidfile"
log "Finished stopping $name."
}
function status {
local num_vms="$#"
if [ "$num_vms" -gt 0 ]; then
for name in "$@"; do
status_one "$name"
done
else
log "No VMs specified."
fi
}
function status_one {
local name="$1"
local pidfile="/run/bhyverc/${name}/pid"
if [ ! -e "$pidfile" ]; then
log "$name is not running."
return 0
fi
local bhyve_pid
bhyve_pid=$(cat "$pidfile")
if ! ps -p "$bhyve_pid" >/dev/null; then
log "$name is not running."
return 0
fi
log "$name is running as pid $bhyve_pid."
}
function console {
local num_vms="$#"
if [ "$num_vms" -gt 0 ]; then
for name in "$@"; do
log "Attaching to console of VM $name."
console_one "$name"
done
else
log "No VMs specified."
fi
}
function console_one {
local name="$1"
local tmux_name="$name"
exec tmux a -t "$tmux_name"
}
function init {
mkdir -p /run/bhyverc
}
############## Bhyve ###########################
function create_disk {
local zfs_path="$1"
local mount_path="$2"
local gigabytes="$3"
zfs create -o "mountpoint=$mount_path" "$zfs_path"
cp /usr/local/share/edk2-bhyve/BHYVE_UEFI_VARS.fd "${mount_path}/"
tee "${mount_path}/settings" <<EOF
CPU_CORES="$CPU_CORES"
MEMORY="$MEMORY"
NETWORK="$NETWORK"
IP_RANGE="$IP_RANGE"
BRIDGE_NAME="$BRIDGE_NAME"
INTERFACE_NAME="$INTERFACE_NAME"
EOF
zfs create -s "-V${gigabytes}G" -o volmode=dev -o primarycache=metadata -o secondarycache=none "$zfs_path/disk0"
}
function start_body {
local name="$1"
local zfs_path="zdata/vm/$name"
local mount_path="/vm/$name"
local mount_cd="$CD"
if [ -e "${mount_path}/settings" ]; then
source "${mount_path}/settings"
fi
local host_interface_name="$INTERFACE_NAME" # for raw, external interface
local bridge_name="$BRIDGE_NAME"
local ip_range="$IP_RANGE" # for raw this value does not matter
local mac_address
mac_address=$(calculate_mac_address "$name")
if [ "$PREVENT_OOM" = "YES" ]; then
protect -d -i -p "$$"
fi
local additional_args=()
if [ "$NETWORK" = "NAT" ]; then
assert_bridge "$host_interface_name" "$bridge_name" "$ip_range"
local bridge_link_name=$(detect_available_link "${bridge_name}")
additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
elif [ "$NETWORK" = "RAW" ]; then
assert_raw "$host_interface_name" "$bridge_name"
local bridge_link_name=$(detect_available_link "${bridge_name}")
additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
elif [ "$NETWORK" = "BOTH" ]; then
assert_bridge "jail_nat" "$bridge_name" "$ip_range"
assert_raw "$host_interface_name" "bridge_raw"
local bridge_link_name=$(detect_available_link "${bridge_name}")
local raw_bridge_link_name=$(detect_available_link "bridge_raw")
local raw_mac_address=$(calculate_mac_address "${name}_raw")
additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
additional_args+=("-s" "3:0,virtio-net,netgraph,path=bridge_raw:,peerhook=${raw_bridge_link_name},mac=${raw_mac_address}")
else
die 1 "Unrecognized NETWORK type $NETWORK"
fi
if [ -n "$BIND9P" ]; then
additional_args+=("-s" "28,virtio-9p,bind9p=${BIND9P}")
fi
# -H release the CPU when guest issues HLT instruction. Otherwise 100% of core will be consumed.
# -s 3,ahci-cd,/vm/.iso/archlinux-2023.04.01-x86_64.iso \
# -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080,wait \
# -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080 \
# TODO: Look into using nmdm instead of stdio for serial console
if [ -n "$mount_cd" ]; then
additional_args+=("-s" "5,ahci-cd,$mount_cd")
fi
if [ "$VNC_ENABLE" = "YES" ]; then
additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=$VNC_WIDTH,h=$VNC_HEIGHT")
fi
vms+=("$name")
while true; do
local pidfile="/run/bhyverc/${name}/pid"
trap "set +e; stop_one '${name}'" EXIT
local launch_cmd=()
launch_cmd+=(
launch_pidfile "$pidfile"
bhyve
-D
-c "$CPU_CORES"
-m "$MEMORY"
-S
-H
-o 'rtc.use_localtime=false'
-s "0,hostbridge"
-s "4,nvme,/dev/zvol/${zfs_path}/disk0"
-s "30,xhci,tablet"
-s "31,lpc" -l "com1,stdio"
-l "bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,${mount_path}/BHYVE_UEFI_VARS.fd"
"${additional_args[@]}"
"$name"
)
set +e
rm -f "$pidfile"
(
IFS=$' \n\t'
set -ex
bash -c "${launch_cmd[*]}"
)
local exit_code=$?
log "Exit code ${exit_code}"
set -e
if [ $exit_code -eq 0 ]; then
echo "Rebooting."
sleep 5
elif [ $exit_code -eq 1 ]; then
echo "Powered off."
break
elif [ $exit_code -eq 2 ]; then
echo "Halted."
break
elif [ $exit_code -eq 3 ]; then
echo "Triple fault."
break
elif [ $exit_code -eq 4 ]; then
echo "Exited due to an error."
break
fi
done
}
function detect_available_link {
local bridge_name="$1"
local linknum=1
while true; do
local link_name="link${linknum}"
if ! ng_exists "${bridge_name}:${link_name}"; then
echo "$link_name"
return
fi
linknum=$((linknum + 1))
if [ "$linknum" -gt 90 ]; then
(>&2 echo "No available links on bridge $bridge_name")
exit 1
fi
done
}
function assert_bridge {
local host_interface_name="$1"
local bridge_name="$2"
local ip_range="$3"
if ! ng_exists "${bridge_name}:"; then
ngctl -d -f - <<EOF
mkpeer . eiface hook ether
name .:hook $host_interface_name
EOF
ngctl -d -f - <<EOF
mkpeer ${host_interface_name}: bridge ether link0
name ${host_interface_name}:ether $bridge_name
EOF
ifconfig "$(ngctl msg "${host_interface_name}:" getifname | grep Args | cut -d '"' -f 2)" name "${host_interface_name}" "$ip_range" up
fi
}
function assert_raw {
local extif="$1"
local bridge_name="$2"
kldload -n ng_bridge ng_eiface ng_ether
if ! ng_exists "${bridge_name}:"; then
ngctlcat <<EOF
# Create a bridge.
mkpeer $extif: bridge lower link0
# Assign a name to the bridge.
name $extif:lower ${bridge_name}
# Since the host is also using $extif, we need to connect the upper hook also. Otherwise we will lose connectivity.
connect $extif: ${bridge_name}: upper link1
# Enable promiscuous mode so the host ethernet adapter accepts packets for all addresses
msg $extif: setpromisc 1
# Do not overwrite source address on packets
msg $extif: setautosrc 0
EOF
fi
}
function ng_exists {
ngctl status "${1}" >/dev/null 2>&1
}
function calculate_mac_address {
local name="$1"
local source
source=$(md5 -r -s "$name" | awk '{print $1}')
echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
}
function find_available_port {
local start_port="$1"
local port="$start_port"
while true; do
sockstat -P tcp -p 443
port=$((port + 1))
done
}
function ngctlcat {
if [ "$VERBOSE" = "YES" ]; then
tee /dev/tty | ngctl -d -f -
else
ngctl -d -f -
fi
}
main "${@}"

37
ansible/roles/bhyve/files/bhyverc.sh
View File

@ -1,37 +0,0 @@
#!/bin/sh
#
# REQUIRE: LOGIN FILESYSTEMS
# PROVIDE: bhyverc
# KEYWORD: shutdown
. /etc/rc.subr
name=bhyverc
rcvar=${name}_enable
start_cmd="${name}_start"
stop_cmd="${name}_stop"
status_cmd="${name}_status"
console_cmd="${name}_console"
extra_commands="console"
load_rc_config $name
bhyverc_start() {
export PATH="$PATH:/usr/local/bin"
exec /usr/local/bin/bhyverc start "${@}"
}
bhyverc_status() {
export PATH="$PATH:/usr/local/bin"
exec /usr/local/bin/bhyverc status "${@}"
}
bhyverc_stop() {
export PATH="$PATH:/usr/local/bin"
exec /usr/local/bin/bhyverc stop "${@}"
}
bhyverc_console() {
export PATH="$PATH:/usr/local/bin"
exec /usr/local/bin/bhyverc console "${@}"
}
run_rc_command "$@"

19
ansible/roles/bhyve/tasks/freebsd.yaml
View File

@ -22,25 +22,6 @@
loop: loop:
- src: bhyve_netgraph_bridge.bash - src: bhyve_netgraph_bridge.bash
dest: /usr/local/bin/bhyve_netgraph_bridge dest: /usr/local/bin/bhyve_netgraph_bridge
- src: bhyverc.bash
dest: /usr/local/bin/bhyverc
- name: Install rc script
copy:
src: "files/{{ item.src }}"
dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}"
owner: root
group: wheel
mode: 0755
loop:
- src: bhyverc.sh
dest: bhyverc
- name: Enable bhyverc
community.general.sysrc:
name: bhyverc_enable
value: "YES"
path: /etc/rc.conf.d/bhyverc
- name: Create zfs dataset - name: Create zfs dataset
zfs: zfs:

2
ansible/roles/build/defaults/main.yaml Normal file
View File

@ -0,0 +1,2 @@
# freebsd_version: "releng/13.2"
freebsd_version: "9c80d66ec1b4c5b9ac7aaf5b0fdbb1628d49c181"

6
ansible/roles/build/files/CUSTOM Normal file
View File

@ -0,0 +1,6 @@
include GENERIC-NODEBUG
# Disable Intel SD/MMC controller for reading eMMC
nodevice sdhci
ident CUSTOM

12
ansible/roles/build/files/aurutils-nuke
View File

@ -1,12 +0,0 @@
#!/usr/bin/env bash
#
# If something is very wrong in pacman, this removes the keyring and the entire custom repo, then sets up pacman's keyring again. Running the ansible playbook is necessary to get the custom repo added.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
doas rm -rf /var/cache/pacman/custom/ /etc/pacman.d/conf.d/aurutils.conf
doas rm -rf /etc/pacman.d/gnupg
doas pacman-key --init
doas pacman-key --populate archlinux
doas pacman -S archlinux-keyring

2
ansible/roles/build/files/aurutils-sync
View File

@ -5,4 +5,4 @@ set -euo pipefail
IFS=$'\n\t' IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
GPGKEY=4278299FB84F6875 exec aur sync --makepkg-conf /etc/aurutils/makepkg.conf -c --sign "$@" GPGKEY=27DE40D9B8455C1B exec aur sync --makepkg-conf /etc/aurutils/makepkg.conf -c --sign "$@"

26
ansible/roles/build/files/find_packages_that_installed_kernel_modules.bash Executable file
View File

@ -0,0 +1,26 @@
#!/usr/bin/env bash
#
# List installed packages that install a kernel module.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${PORTSDIR:="/usr/ports"}
function main {
if [ "$#" -ne 0 ]; then
(>&2 echo "This script takes no positional parameters.")
exit 1
fi
local module
doas find / -type f -name '*.ko' | sort | while read module; do
local provides=$(pkg provides "$module")
if [ -n "$provides" ]; then
package_name=$(grep 'Name : ' <<<"$provides" | sed 's/Name : //g')
# module_file=$(grep 'Filename: ' <<<"$provides" | sed 's/Filename: //g')
echo "$package_name"
fi
done
}
main "${@}"

36
ansible/roles/build/files/find_popular_ports_options.bash Executable file
View File

@ -0,0 +1,36 @@
#!/usr/bin/env bash
#
# Find which port options appear the most in ports.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${PORTSDIR:="/usr/ports"}
function main {
if [ "$#" -ne 0 ]; then
(>&2 echo "This script takes no positional parameters.")
exit 1
fi
local folder
find_port_folders | while read folder; do
set +e
dump_port_options "$folder"
set -e
done | sort | uniq -c | sort -nr
}
function find_port_folders {
local mf
find "$PORTSDIR" -type f -name Makefile -mindepth 3 -maxdepth 3 | sort | while read mf; do
dirname "$mf"
done
}
function dump_port_options {
local folder="$1"
local portopts=$(make -C "$folder" -V OPTIONS_DEFINE)
echo "$portopts" | grep -oE --line-buffered '[^ ]*'
}
main "${@}"

41
ansible/roles/build/files/find_ports_containing_option.bash Executable file
View File

@ -0,0 +1,41 @@
#!/usr/bin/env bash
#
# List ports containing an option matching the first parameter to the script.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${PORTSDIR:="/usr/ports"}
function main {
if [ "$#" -ne 1 ]; then
(>&2 echo "Pass exactly 1 option name to this script.")
exit 1
fi
local find_option_name=$1
local folder
find_port_folders | while read folder; do
set +e
dump_port_options "$folder" | grep -qE "^${find_option_name}$"
has_opt=$?;
set -e
if [ $has_opt -eq 0 ]; then
echo "$folder"
fi
done
}
function find_port_folders {
local mf
find "$PORTSDIR" -type f -name Makefile -mindepth 3 -maxdepth 3 | sort | while read mf; do
dirname "$mf"
done
}
function dump_port_options {
local folder="$1"
local portopts=$(make -C "$folder" -V OPTIONS_DEFINE)
echo "$portopts" | grep -oE --line-buffered '[^ ]*'
}
main "${@}"

20
ansible/roles/build/files/freebsd_update_step1 Normal file
View File

@ -0,0 +1,20 @@
#!/usr/bin/env bash
#
# Build and installs whatever is in /usr/src. Run step 1, reboot, then step 2.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cores=$(sysctl -n hw.ncpu)
if sudo etcupdate status | grep -qE '^ C '; then
>&2 echo 'Conflicts remain in etcupdate. Run `etcupdate resolve` to fix them first.'
exit 1
fi
cd /usr/src
make -j "$cores" clean
make -j "$cores" buildworld buildkernel
sudo make installkernel
echo "FreeBSD update step 1 done. Please reboot."

19
ansible/roles/build/files/freebsd_update_step2 Normal file
View File

@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
# Build and installs whatever is in /usr/src. Run step 1, reboot, then step 2.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
sudo etcupdate -p
cd /usr/src
sudo make installworld
sudo etcupdate -B
if sudo etcupdate status | grep -qE '^ C '; then
>&2 echo 'Conflicts in etcupdate. Run `etcupdate resolve` to fix them first.'
exit 1
fi
echo "FreeBSD update step 2 done. Please reboot."

48
ansible/roles/build/files/gpg.asc
View File

@ -1,27 +1,27 @@
-----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEaNLjzBYJKwYBBAHaRw8BAQdAoegj6iXzJgxBkW8LyRS8ANRzp0LqyFbW1kRr mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
Z4VtVRK0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE 0H+RsWG0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE
0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS7GoCGwEFCwkIBwIGFQoJCAsCBBYCAwEC uEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwEC
HgECF4AACgkQQngpn7hPaHXNRAEAxOHPULwbf/FIzS7spmdSYrcCX/foaB78rpCT HgECF4AACgkQJ95A2bhFXBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0C
/MzDPvMBANy0PcseR1ZxoHZDcAsYDa0CSCrO6oLwPFriVss3RA0GtB1Ub20gQWxl uU4m1/MA+gPDKME7syEtJsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB1Ub20gQWxl
eGFuZGVyIDx0b21AZml6ei5idXp6PoiTBBMWCAA7AhsBBQsJCAcCBhUKCQgLAgQW eGFuZGVyIDx0b21AZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A
AgMBAh4BAheAFiEE0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS7MkCGQEACgkQQngp 2bhFXBsFAl2cFhoCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQJ95A2bhF
n7hPaHX9fQEA4ngwEKr0nlKxH5bQV9u/EJeI3wbSgBjlnyTQuI79AB4BAO6+frGt XBvYJQEA19wc2s/bEKcnHONC3i8UikLFqZXyYoH6/MFjoAteU8sBAKpE7Qq0zbJb
8S+p6qFZ4ufqyGPfklxPeOJLSYk0PLKVNMcHuDMEaNLm8xYJKwYBBAHaRw8BAQdA XWRESzK3u6p7/+kUqOeDltAuKXTe1FAGuDMEXZwWyhYJKwYBBAHaRw8BAQdAPyIL
HDhppS6yD8j1Bb/i6ku16uQ3qhshDNA9cOQeMxBae9aI9QQYFggAJhYhBNJyyNYW 4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI9QQYFggAJgIbAhYhBLhIFZNj
fyaFlGdmb0J4KZ+4T2h1BQJo0ubzAhsCBQkDwmcAAIEJEEJ4KZ+4T2h1diAEGRYI wod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2IAQZFggAHRYhBIHmRDmWdVAu
AB0WIQS9v3ap15pUELURqaY2yZ6LPDnYXwUCaNLm8wAKCRA2yZ6LPDnYXyaNAPsF sSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7ejJ4A/iq7N2mMhx+ovOXm1REo
gR37jEqfgEByVsoKY6bB82T79o9d4FQe1iPsURyuLwD/fkQyV3NwGjysxkoZqYmK ASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZLuka/KVB/etkkJvDzvaTtiQQ
mXJYqtWRBTe2G2UUkm6E/QafHwD+IbkCZ6sGTcexsqzex5x6U8TOvbdVS4dKjSf1 QG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/EZ3/d8wxfA9E3Fb/1mt4c2Zr
nVRGxvwBAPiIJsXWVuwmskWMDpcaW/qgQ8hOEuq7/vlkZDGOnMgOuDgEaNLnDBIK NnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/duA4lwsLuDMEXZwXARYJKwYB
KwYBBAGXVQEFAQEHQBcOCDGnrRwv51c5B7QVLMkLC2UKUzPPrahLZHT3RWhmAwEI BAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+UiQb8x0k1z2DmTKIfgQYFggA
B4h+BBgWCAAmFiEE0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS5wwCGwwFCQPCZwAA JgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdZgAAoJECfeQNm4
CgkQQngpn7hPaHUZIAD/ZwQ9sLIwuO5qPFAAkqcaNyt68O6WkD8sKaq1r/TPviAA RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SBPG4VvrCzXrmlAP46wUjIRpkM
/j92d7cRUIkJtS8odRYlK51r9eMeTGh2npaO+j3VKCgBuDMEaNLnJRYJKwYBBAHa rTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2cFygSCisGAQQBl1UBBQEBB0AO
Rw8BAQdAPT7jOLbozd5hacityJHniQ6UbHN+AJcb6jh5rXOnOuSIfgQYFggAJhYh 0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWIEgMBCAeIfgQYFggAJgIbDBYh
BNJyyNYWfyaFlGdmb0J4KZ+4T2h1BQJo0uclAhsgBQkDwmcAAAoJEEJ4KZ+4T2h1 BLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdY5AAoJECfeQNm4RVwbXscA
rREA/3QE6suVUDl4OS2tCi4z2fh/7kjt29I3IFo+/B0AOumgAP0ao8FGqJyFC8YA /A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcWd5t8APwIwcuFVZZA3yayhIxi
7V6T4qrXHbhlqTeofGhQ+iu7HqZVCw== 3aqYpMRxpn2t6Nswax1MIM8DBQ==
=OfDR =dzEV
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----

27
ansible/roles/build/files/gpg_work.asc
View File

@ -1,27 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEaNLjzBYJKwYBBAHaRw8BAQdAoegj6iXzJgxBkW8LyRS8ANRzp0LqyFbW1kRr
Z4VtVRK0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE
0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS7GoCGwEFCwkIBwIGFQoJCAsCBBYCAwEC
HgECF4AACgkQQngpn7hPaHXNRAEAxOHPULwbf/FIzS7spmdSYrcCX/foaB78rpCT
/MzDPvMBANy0PcseR1ZxoHZDcAsYDa0CSCrO6oLwPFriVss3RA0GtB1Ub20gQWxl
eGFuZGVyIDx0b21AZml6ei5idXp6PoiTBBMWCAA7AhsBBQsJCAcCBhUKCQgLAgQW
AgMBAh4BAheAFiEE0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS7MkCGQEACgkQQngp
n7hPaHX9fQEA4ngwEKr0nlKxH5bQV9u/EJeI3wbSgBjlnyTQuI79AB4BAO6+frGt
8S+p6qFZ4ufqyGPfklxPeOJLSYk0PLKVNMcHuDMEaNLm8xYJKwYBBAHaRw8BAQdA
HDhppS6yD8j1Bb/i6ku16uQ3qhshDNA9cOQeMxBae9aI9QQYFggAJhYhBNJyyNYW
fyaFlGdmb0J4KZ+4T2h1BQJo0ubzAhsCBQkDwmcAAIEJEEJ4KZ+4T2h1diAEGRYI
AB0WIQS9v3ap15pUELURqaY2yZ6LPDnYXwUCaNLm8wAKCRA2yZ6LPDnYXyaNAPsF
gR37jEqfgEByVsoKY6bB82T79o9d4FQe1iPsURyuLwD/fkQyV3NwGjysxkoZqYmK
mXJYqtWRBTe2G2UUkm6E/QafHwD+IbkCZ6sGTcexsqzex5x6U8TOvbdVS4dKjSf1
nVRGxvwBAPiIJsXWVuwmskWMDpcaW/qgQ8hOEuq7/vlkZDGOnMgOuDgEaNLnDBIK
KwYBBAGXVQEFAQEHQBcOCDGnrRwv51c5B7QVLMkLC2UKUzPPrahLZHT3RWhmAwEI
B4h+BBgWCAAmFiEE0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS5wwCGwwFCQPCZwAA
CgkQQngpn7hPaHUZIAD/ZwQ9sLIwuO5qPFAAkqcaNyt68O6WkD8sKaq1r/TPviAA
/j92d7cRUIkJtS8odRYlK51r9eMeTGh2npaO+j3VKCgBuDMEaNLnJRYJKwYBBAHa
Rw8BAQdAPT7jOLbozd5hacityJHniQ6UbHN+AJcb6jh5rXOnOuSIfgQYFggAJhYh
BNJyyNYWfyaFlGdmb0J4KZ+4T2h1BQJo0uclAhsgBQkDwmcAAAoJEEJ4KZ+4T2h1
rREA/3QE6suVUDl4OS2tCi4z2fh/7kjt29I3IFo+/B0AOumgAP0ao8FGqJyFC8YA
7V6T4qrXHbhlqTeofGhQ+iu7HqZVCw==
=OfDR
-----END PGP PUBLIC KEY BLOCK-----

0
ansible/roles/chromium/tasks/peruser_freebsd.yaml → ansible/roles/build/files/make.conf
View File

0
ansible/roles/build/files/pacman-x86_64.conf → ansible/roles/build/files/pacman-custom.conf
View File

100
ansible/roles/build/tasks/freebsd.yaml
View File

@ -0,0 +1,100 @@
- name: Install packages
package:
name:
- git
state: present
- name: Create directories
file:
name: "{{ item }}"
state: directory
mode: 0755
owner: "{{ build_user.name }}"
group: "{{ build_user.group }}"
loop:
- "/usr/src"
# - "/usr/ports"
- "/usr/obj"
- name: chown the FreeBSD source
file:
name: "{{ item }}"
state: directory
owner: "{{ build_user.name }}"
group: "{{ build_user.group }}"
recurse: true
loop:
- "/usr/src"
- name: Clone FreeBSD Source
git:
repo: "https://git.FreeBSD.org/src.git"
dest: /usr/src
version: "{{ freebsd_version }}"
force: true
become: true
become_user: "{{ build_user.name }}"
diff: false
# - name: Clone Ports Tree
# git:
# repo: "https://git.FreeBSD.org/ports.git"
# dest: /usr/ports
# version: "main"
# force: true
# update: false
# become: true
# become_user: "{{ build_user.name }}"
# diff: false
- name: Install Configuration
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0644
owner: root
group: wheel
loop:
- src: make.conf
dest: /etc/make.conf
- name: Install Configuration
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0644
owner: "{{ build_user.name }}"
group: "{{ build_user.group }}"
loop:
- src: CUSTOM
dest: /usr/src/sys/amd64/conf/CUSTOM
- name: Install Configuration
template:
src: "templates/{{ item.src }}.j2"
dest: "{{ item.dest }}"
mode: 0644
owner: root
group: wheel
loop:
- src: src.conf
dest: /etc/src.conf
- name: Install scripts
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0700
owner: "{{ build_user.name }}"
group: "{{ build_user.group }}"
loop:
- src: freebsd_update_step1
dest: /usr/local/bin/freebsd_update_step1
- src: freebsd_update_step2
dest: /usr/local/bin/freebsd_update_step2
- src: find_popular_ports_options.bash
dest: /usr/local/bin/find_popular_ports_options
- src: find_ports_containing_option.bash
dest: /usr/local/bin/find_ports_containing_option
- src: find_packages_that_installed_kernel_modules.bash
dest: /usr/local/bin/find_packages_that_installed_kernel_modules

21
ansible/roles/build/tasks/linux.yaml
View File

@ -39,12 +39,12 @@
- name: Trust my signing key - name: Trust my signing key
command: pacman-key -a - command: pacman-key -a -
args: args:
stdin: "{{ lookup('file', pgp_key|default('gpg.asc')) }}" stdin: "{{ lookup('file', 'gpg.asc') }}"
when: '"D272C8D6167F26859467666F4278299FB84F6875" not in pacmankeys.stdout' when: '"B848159363C2877917954BE127DE40D9B8455C1B" not in pacmankeys.stdout'
register: my_key_imported register: my_key_imported
- name: Sign my signing key - name: Sign my signing key
command: pacman-key --lsign-key "D272C8D6167F26859467666F4278299FB84F6875" command: pacman-key --lsign-key "B848159363C2877917954BE127DE40D9B8455C1B"
when: my_key_imported.changed when: my_key_imported.changed
- name: Build the aurutils package - name: Build the aurutils package
@ -89,22 +89,13 @@
loop: loop:
- src: aurutils.conf - src: aurutils.conf
dest: /etc/pacman.d/conf.d/ dest: /etc/pacman.d/conf.d/
- src: pacman-x86_64.conf - src: pacman-custom.conf
dest: /etc/aurutils/ dest: /etc/aurutils/
- src: makepkg.conf # TODO: Is this needed or can I use the default from devtools? - src: makepkg.conf # TODO: Is this needed or can I use the default from devtools?
dest: /etc/aurutils/ dest: /etc/aurutils/
- name: chown the custom package db
file:
path: "{{ item }}"
owner: "{{ build_user.name }}"
recurse: true
loop:
- /var/cache/pacman/custom/
- name: Create custom repo db - name: Create custom repo db
# shell: repo-add --new --sign /var/cache/pacman/custom/custom.db.tar "/home/{{ build_user.name }}/.config/ansible_deploy/aurutils/aurutils-*-any.pkg.tar.*" command: repo-add --sign /var/cache/pacman/custom/custom.db.tar
command: repo-add --new --sign /var/cache/pacman/custom/custom.db.tar
become: true become: true
become_user: "{{ build_user.name }}" become_user: "{{ build_user.name }}"
args: args:
@ -120,8 +111,6 @@
loop: loop:
- src: aurutils-purge - src: aurutils-purge
dest: /usr/local/bin/aurutils-purge dest: /usr/local/bin/aurutils-purge
- src: aurutils-nuke
dest: /usr/local/bin/aurutils-nuke
- src: aurutils-sync - src: aurutils-sync
dest: /usr/local/bin/aurutils-sync dest: /usr/local/bin/aurutils-sync
- src: aurutils-update-devel-packages - src: aurutils-update-devel-packages

35
ansible/roles/build/templates/src.conf.j2 Normal file
View File

@ -0,0 +1,35 @@
{% if cpu_opt is defined and cpu_opt %}
CPUTYPE?={{ cpu_opt }}
{% endif %}
KERNCONF=CUSTOM
WITH_MALLOC_PRODUCTION=YES
WITHOUT_LLVM_ASSERTIONS=YES
WITH_REPRODUCIBLE_BUILD=YES
PORTS_MODULES+=graphics/drm-kmod
PORTS_MODULES+=graphics/gpu-firmware-intel-kmod
PORTS_MODULES+=net/wireguard-kmod
# Would be fun to experiment with:
# WITHOUT_SOURCELESS=YES
# WITHOUT_GAMES=YES
# WITHOUT_KERBEROS=YES
# WITHOUT_LEGACY_CONSOLE=YES
# WITHOUT_LIB32=YES
# WITHOUT_LOADER_GELI=YES
# WITHOUT_MLX5TOOL=YES
# WITHOUT_NDIS=YES
# WITHOUT_OFED=YES
# WITHOUT_PPP=YES
# WITH_SORT_THREADS=YES
# WITHOUT_TALK=YES
# WITHOUT_TCSH=YES
# Questionable Optimizations
WITHOUT_FLOPPY=YES
WITHOUT_HTML=YES
WITHOUT_IPFW=YES
WITHOUT_IPFILTER=YES
WITHOUT_LLVM_TARGET_ALL=YES
# Commented out because maybe I want email alerts for failing disks
# WITHOUT_MAIL=YES

2
ansible/roles/chromium/files/chromium-flags.conf
View File

@ -1,2 +0,0 @@
--ozone-platform-hint=auto
--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,AcceleratedVideoEncoder

7
ansible/roles/chromium/tasks/linux.yaml
View File

@ -1,7 +0,0 @@
# Check chrome://gpu/ to confirm hardware video decoding and vulkan rendering is working.
- name: Install packages
package:
name:
- chromium
state: present

2
ansible/roles/chromium/tasks/main.yaml
View File

@ -1,2 +0,0 @@
- import_tasks: tasks/common.yaml
when: install_graphics

10
ansible/roles/chromium/tasks/peruser_linux.yaml
View File

@ -1,10 +0,0 @@
- name: Copy files
copy:
src: "files/{{ item.src }}"
dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
mode: 0600
owner: "{{ account_name.stdout }}"
group: "{{ group_name.stdout }}"
loop:
- src: chromium-flags.conf
dest: .config/chromium-flags.conf

0
ansible/roles/cpu/files/cpu_set_perf_perc_linux_intel → ansible/roles/cpu/files/cpu_set_perf_perc_linux
View File

29
ansible/roles/cpu/files/cpu_set_perf_perc_linux_amd
View File

@ -1,29 +0,0 @@
#!/usr/bin/env bash
#
# Tell hardware p-states whether to maximize CPU performance (100) or
# energy efficiency (0).
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
perc=$1
if [ "$perc" -gt 80 ]; then
echo performance | tee /sys/firmware/acpi/platform_profile
elif [ "$perc" -ge 20 ]; then
echo balanced | tee /sys/firmware/acpi/platform_profile
else
echo low-power | tee /sys/firmware/acpi/platform_profile
fi
if [ "$perc" -ge 80 ]; then
echo "performance" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
elif [ "$perc" -ge 60 ]; then
echo "balance_performance" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
elif [ "$perc" -ge 40 ]; then
echo "default" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
elif [ "$perc" -ge 20 ]; then
echo "balance_power" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
else
echo "power" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
fi

0
ansible/roles/cpu/files/per_core_hwpstate_loader.conf → ansible/roles/cpu/files/percorespeedshift_loader.conf
View File

2
ansible/roles/cpu/files/platform_profile_tmpfiles.conf
View File

@ -1,2 +0,0 @@
# Favor energy efficiency for platform profile (EC / system, not CPU)
w- /sys/firmware/acpi/platform_profile - - - - low-power

11
ansible/roles/cpu/tasks/freebsd_amd.yaml
View File

@ -27,14 +27,3 @@
group: wheel group: wheel
loop: loop:
- aesni - aesni
- name: Install loader.conf
when: hwpstate is defined and hwpstate
copy:
src: "files/{{ item }}_loader.conf"
dest: "/boot/loader.conf.d/{{ item }}.conf"
mode: 0644
owner: root
group: wheel
loop:
- per_core_hwpstate

2
ansible/roles/cpu/tasks/freebsd_intel.yaml
View File

@ -78,4 +78,4 @@
owner: root owner: root
group: wheel group: wheel
loop: loop:
- per_core_hwpstate - percorespeedshift

40
ansible/roles/cpu/tasks/linux_amd.yaml
View File

@ -1,40 +0,0 @@
- name: Install packages
package:
name:
- powertop
state: present
- name: Favor energy efficiency for hardware p-states
when: hwpstate is defined and hwpstate and cores is defined
template:
src: "templates/{{ item.src }}.j2"
dest: "{{ item.dest }}"
mode: 0644
owner: root
group: wheel
loop:
- src: energy_performance_preference.conf
dest: /etc/tmpfiles.d/energy_performance_preference.conf
- name: Install tmpfiles.d configuration
when: hwpstate is defined and hwpstate and cores is defined
copy:
src: "files/{{ item }}_tmpfiles.conf"
dest: "/etc/tmpfiles.d/{{ item }}.conf"
mode: 0644
owner: root
group: wheel
loop:
- platform_profile
- name: Install scripts
when: hwpstate is defined and hwpstate
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0755
owner: root
group: wheel
loop:
- src: cpu_set_perf_perc_linux_amd
dest: /usr/local/bin/cpu_set_perf_perc

42
ansible/roles/cpu/tasks/linux_intel.yaml
View File

@ -4,27 +4,27 @@
- powertop - powertop
state: present state: present
- name: Install tmpfiles.d configuration # - name: Install tmpfiles.d configuration
copy: # copy:
src: "files/{{ item }}_tmpfiles.conf" # src: "files/{{ item }}_tmpfiles.conf"
dest: "/etc/tmpfiles.d/{{ item }}.conf" # dest: "/etc/tmpfiles.d/{{ item }}.conf"
mode: 0644 # mode: 0644
owner: root # owner: root
group: wheel # group: wheel
loop: # loop:
- disable_turboboost # - disable_turboboost
- name: Favor energy efficiency for Speed Shift # - name: Favor energy efficiency for Speed Shift
when: hwpstate is defined and hwpstate and cores is defined # when: hwpstate is defined and hwpstate and cores is defined
template: # template:
src: "templates/{{ item.src }}.j2" # src: "templates/{{ item.src }}.j2"
dest: "{{ item.dest }}" # dest: "{{ item.dest }}"
mode: 0644 # mode: 0755
owner: root # owner: root
group: wheel # group: wheel
loop: # loop:
- src: energy_performance_preference.conf # - src: energy_performance_preference.conf
dest: /etc/tmpfiles.d/energy_performance_preference.conf # dest: /etc/tmpfiles.d/energy_performance_preference.conf
- name: Install scripts - name: Install scripts
when: hwpstate is defined and hwpstate when: hwpstate is defined and hwpstate
@ -35,5 +35,5 @@
owner: root owner: root
group: wheel group: wheel
loop: loop:
- src: cpu_set_perf_perc_linux_intel - src: cpu_set_perf_perc_linux
dest: /usr/local/bin/cpu_set_perf_perc dest: /usr/local/bin/cpu_set_perf_perc

2
ansible/roles/cpu/templates/energy_performance_preference.conf.j2
View File

@ -1,4 +1,4 @@
# Favor energy efficiency for hardware p-states # Favor energy efficiency for Speed Shift
{% for core in range(0, cores, 1) %} {% for core in range(0, cores, 1) %}
w- /sys/devices/system/cpu/cpufreq/policy{{core}}/energy_performance_preference - - - - power w- /sys/devices/system/cpu/cpufreq/policy{{core}}/energy_performance_preference - - - - power
{% endfor %} {% endfor %}

6
ansible/roles/devfs/files/homeserver_devfs.rules
View File

@ -17,9 +17,3 @@ add include $devfsrules_hide_all
add include $devfsrules_unhide_basic add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login add include $devfsrules_unhide_login
add path 'bpf*' unhide add path 'bpf*' unhide
[tajailrand=15]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path urandom unhide

2
ansible/roles/docker/tasks/linux.yaml
View File

@ -2,8 +2,6 @@
package: package:
name: name:
- docker - docker
- docker-compose
- docker-buildx
state: present state: present
- name: Create docker zfs dataset - name: Create docker zfs dataset

2
ansible/roles/dummynet/files/dnctl.conf
View File

@ -1,2 +0,0 @@
pipe 1 config bw 100KByte/s
pipe 2 config

28
ansible/roles/dummynet/files/dummynet
View File

@ -1,28 +0,0 @@
#!/bin/sh
#
#
# PROVIDE: dummynet
# BEFORE: pf ipfw
# KEYWORD: nojailvnet
. /etc/rc.subr
name="dummynet"
desc="Dummynet packet queuing and scheduling"
rcvar="${name}_enable"
load_rc_config $name
start_cmd="${name}_start"
required_files="$dummynet_rules"
required_modules="dummynet"
dummynet_start()
{
startmsg -n "Enabling ${name}"
cat "$dnctl_rules" | while read l; do
dnctl $l
done
startmsg '.'
}
run_rc_command $*

2
ansible/roles/dummynet/files/dummynet_rc.conf
View File

@ -1,2 +0,0 @@
dummynet_enable="YES"
dummynet_rules="/etc/dnctl.conf"

55
ansible/roles/dummynet/tasks/common.yaml
View File

@ -1,55 +0,0 @@
# - name: Create directories
# file:
# name: "{{ item }}"
# state: directory
# mode: 0755
# owner: root
# group: wheel
# loop:
# - /foo/bar
# - name: Install scripts
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ item.dest }}"
# mode: 0755
# owner: root
# group: wheel
# loop:
# - src: foo.bash
# dest: /usr/local/bin/foo
# - name: Install Configuration
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ item.dest }}"
# mode: 0600
# owner: root
# group: wheel
# loop:
# - src: foo.conf
# dest: /usr/local/etc/foo.conf
# - name: Clone Source
# git:
# repo: "https://foo.bar/baz.git"
# dest: /foo/bar
# version: "v1.0.2"
# force: true
# diff: false
- import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"'
- import_tasks: tasks/linux.yaml
when: 'os_flavor == "linux"'
- include_tasks:
file: tasks/peruser.yaml
apply:
become: yes
become_user: "{{ initialize_user }}"
when: users is defined
loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
loop_control:
loop_var: initialize_user

30
ansible/roles/dummynet/tasks/freebsd.yaml
View File

@ -1,30 +0,0 @@
- name: Install Configuration
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0600
owner: root
group: wheel
loop:
- src: "{{ dummynet_config }}"
dest: /etc/dnctl.conf
- name: Install rc script
copy:
src: "files/{{ item.src }}"
dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}"
owner: root
group: wheel
mode: 0755
loop:
- src: dummynet
- name: Install service configuration
copy:
src: "files/{{ item }}_rc.conf"
dest: "/etc/rc.conf.d/{{ item }}"
mode: 0644
owner: root
group: wheel
loop:
- dummynet

29
ansible/roles/dummynet/tasks/linux.yaml
View File

@ -1,29 +0,0 @@
# - name: Build aur packages
# register: buildaur
# become_user: "{{ build_user.name }}"
# command: "aurutils-sync --no-view {{ item }}"
# args:
# creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
# loop:
# - foo
# - name: Update cache
# when: buildaur.changed
# pacman:
# name: []
# state: present
# update_cache: true
# - name: Install packages
# package:
# name:
# - foo
# state: present
# - name: Enable services
# systemd:
# enabled: yes
# name: "{{ item }}"
# daemon_reload: yes
# loop:
# - foo.service

2
ansible/roles/dummynet/tasks/main.yaml
View File

@ -1,2 +0,0 @@
- import_tasks: tasks/common.yaml
when: (dummynet_config is defined and os_flavor == "freebsd") or (os_flavor == "linux")

6
ansible/roles/emacs/files/early-init.el
View File

@ -1,7 +1,7 @@
(setq gc-cons-threshold (* 128 1024 1024)) ;; 128MiB Increase garbage collection threshold for performance (default 800000) (setq gc-cons-threshold 100000000) ;; Increase garbage collection threshold for performance (default 800000)
;; Increase amount of data read from processes, default 4k ;; Increase amount of data read from processes, default 4k
(when (version<= "27.0" emacs-version) (when (>= emacs-major-version 27)
(setq read-process-output-max (* 10 1024 1024)) ;; 10MiB (setq read-process-output-max (* 1024 1024)) ;; 1mb
) )
;; Suppress warnings ;; Suppress warnings

14
ansible/roles/emacs/files/elisp/base-extensions.el
View File

@ -51,27 +51,17 @@
;; Persist history over Emacs restarts. Vertico sorts by history position. ;; Persist history over Emacs restarts. Vertico sorts by history position.
(use-package savehist (use-package savehist
;; This is an emacs built-in but we're pulling the latest version ;; This is an emacs built-in but we're pulling the latest version
:pin gnu
:config :config
(savehist-mode)) (savehist-mode))
(use-package which-key (use-package which-key
:pin gnu
:diminish :diminish
:config :config
(which-key-mode)) (which-key-mode))
(use-package windmove (use-package windmove
;; This is an emacs built-in but we're pulling the latest version :config
:pin gnu (windmove-default-keybindings))
:bind
(
("S-<up>" . windmove-up)
("S-<right>" . windmove-right)
("S-<down>" . windmove-down)
("S-<left>" . windmove-left)
)
)
(setq tramp-default-method "ssh") (setq tramp-default-method "ssh")

19
ansible/roles/emacs/files/elisp/base.el
View File

@ -36,8 +36,6 @@
;; Don't pop up a small window at the bottom of emacs at launch. ;; Don't pop up a small window at the bottom of emacs at launch.
inhibit-startup-screen t inhibit-startup-screen t
inhibit-startup-message t inhibit-startup-message t
;; Don't show the list of buffers when opening many files.
inhibit-startup-buffer-menu t
;; Give the scratch buffer a clean slate. ;; Give the scratch buffer a clean slate.
initial-major-mode 'fundamental-mode initial-major-mode 'fundamental-mode
initial-scratch-message nil initial-scratch-message nil
@ -63,9 +61,6 @@
show-trailing-whitespace t show-trailing-whitespace t
;; Remove the line when killing it with ctrl-k ;; Remove the line when killing it with ctrl-k
kill-whole-line t kill-whole-line t
;; Show the current project in the mode line
project-mode-line t
) )
;; (setq-default fringes-outside-margins t) ;; (setq-default fringes-outside-margins t)
@ -80,18 +75,4 @@
;; Delete trailing whitespace before save ;; Delete trailing whitespace before save
(add-hook 'before-save-hook 'delete-trailing-whitespace) (add-hook 'before-save-hook 'delete-trailing-whitespace)
;; If the underlying file changes, reload it automatically. This is useful for moving around in git without confusing language servers.
(setopt auto-revert-avoid-polling t)
(setopt auto-revert-interval 5)
(setopt auto-revert-check-vc-info t)
(global-auto-revert-mode)
;;;;; Performance
;; Run garbage collect when emacs is idle
(run-with-idle-timer 5 t (lambda () (garbage-collect)))
(add-function :after after-focus-change-function
(lambda ()
(unless (frame-focus-state)
(garbage-collect))))
(provide 'base) (provide 'base)

1
ansible/roles/emacs/files/elisp/common-lsp.el
View File

@ -38,7 +38,6 @@
:hook (eglot-managed-mode . company-mode) :hook (eglot-managed-mode . company-mode)
:config :config
(setq company-backends '((company-capf))) (setq company-backends '((company-capf)))
(setq company-idle-delay 0) ;; Default 0.2
) )
;; (use-package company-box ;; (use-package company-box

49
ansible/roles/emacs/files/elisp/lang-c.el
View File

@ -1,49 +0,0 @@
(require 'common-lsp)
(require 'util-tree-sitter)
(defun locate-compile-commands-file ()
"See if compile_commands.json exists."
;; This can be generated by prefixing the make command with `intercept-build15 --append`
(let ((compile-commands-file (locate-dominating-file (buffer-file-name) "compile_commands.json")))
compile-commands-file
)
)
(defun activate-c-eglot ()
"Activate eglot for the c family of languages."
(when (locate-compile-commands-file)
(eglot-ensure)
(defclass my/eglot-c (eglot-lsp-server) ()
:documentation
"Own eglot server class.")
(add-to-list 'eglot-server-programs
'(c-ts-mode . (my/eglot-c "/usr/local/bin/clangd15")))
(add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
)
)
(use-package c-mode
:mode (
("\\.c\\'" . c-ts-mode)
("\\.h\\'" . c-or-c++-ts-mode)
)
:commands (c-mode c-ts-mode)
:pin manual
:ensure nil
:hook (
(c-ts-mode . (lambda ()
(activate-c-eglot)
))
)
:init
(add-to-list 'major-mode-remap-alist '(c-mode . c-ts-mode))
(add-to-list 'major-mode-remap-alist '(c++-mode . c++-ts-mode))
(add-to-list 'major-mode-remap-alist '(c-or-c++-mode . c-or-c++-ts-mode))
(add-to-list 'treesit-language-source-alist '(c "https://github.com/tree-sitter/tree-sitter-c"))
(add-to-list 'treesit-language-source-alist '(cpp "https://github.com/tree-sitter/tree-sitter-cpp"))
(unless (treesit-ready-p 'c) (treesit-install-language-grammar 'c))
(unless (treesit-ready-p 'cpp) (treesit-install-language-grammar 'cpp))
)
(provide 'lang-c)

18
ansible/roles/emacs/files/elisp/lang-cmake.el
View File

@ -1,18 +0,0 @@
(require 'common-lsp)
(use-package cmake-mode
:commands cmake-mode
:hook (
(cmake-mode . (lambda ()
(eglot-ensure)
(defclass my/eglot-cmake (eglot-lsp-server) ()
:documentation
"Own eglot server class.")
(add-to-list 'eglot-server-programs
'(cmake-mode . (my/eglot-cmake "cmake-language-server")))
))
)
)
(provide 'lang-cmake)

16
ansible/roles/emacs/files/elisp/lang-d2.el
View File

@ -1,16 +0,0 @@
(defun d2-format-buffer ()
"Run prettier."
(interactive)
(run-command-on-buffer "d2" "fmt" "-")
)
(use-package d2-mode
:commands (d2-mode)
:hook (
(d2-mode . (lambda ()
;; (add-hook 'before-save-hook 'd2-format-buffer nil 'local)
))
)
)
(provide 'lang-d2)

72
ansible/roles/emacs/files/elisp/lang-javascript.el
View File

@ -23,52 +23,6 @@
(run-command-on-buffer "jq" "--monochrome-output" ".") (run-command-on-buffer "jq" "--monochrome-output" ".")
) )
(defun configure-typescript-language-server ()
"Configures the typescript language server."
(when-linux
;; Either initializationOptions or workspace/didChangeConfiguration works.
(setq eglot-workspace-configuration
(list (cons ':typescript '(:inlayHints (:includeInlayParameterNameHints
"all"
:includeInlayParameterNameHintsWhenArgumentMatchesName
t
:includeInlayFunctionParameterTypeHints
t
:includeInlayVariableTypeHints
t
:includeInlayVariableTypeHintsWhenTypeMatchesName
t
:includeInlayPRopertyDeclarationTypeHints
t
:includeInlayFunctionLikeReturnTypeHints
t
:includeInlayEnumMemberValueHints
t)))))
(eglot-ensure)
;; (defclass my/eglot-typescript (eglot-lsp-server) ()
;; :documentation
;; "Own eglot server class.")
;; (add-to-list 'eglot-server-programs
;; '((js-mode js-ts-mode tsx-ts-mode typescript-ts-mode typescript-mode) . (my/eglot-typescript "typescript-language-server" "--stdio" :initializationOptions (:preferences (:includeInlayParameterNameHints
;; "all"
;; :includeInlayParameterNameHintsWhenArgumentMatchesName
;; t
;; :includeInlayFunctionParameterTypeHints
;; t
;; :includeInlayVariableTypeHints
;; t
;; :includeInlayVariableTypeHintsWhenTypeMatchesName
;; t
;; :includeInlayPRopertyDeclarationTypeHints
;; t
;; :includeInlayFunctionLikeReturnTypeHints
;; t
;; :includeInlayEnumMemberValueHints
;; t)))))
)
)
(use-package tsx-ts-mode (use-package tsx-ts-mode
:ensure nil :ensure nil
:pin manual :pin manual
@ -79,7 +33,7 @@
:hook ( :hook (
(tsx-ts-mode . (lambda () (tsx-ts-mode . (lambda ()
(when-linux (when-linux
(configure-typescript-language-server) (eglot-ensure)
) )
)) ))
) )
@ -98,7 +52,9 @@
:commands (typescript-ts-mode) :commands (typescript-ts-mode)
:hook ( :hook (
(typescript-ts-mode . (lambda () (typescript-ts-mode . (lambda ()
(configure-typescript-language-server) (when-linux
(eglot-ensure)
)
)) ))
) )
:init :init
@ -125,12 +81,6 @@
(unless (treesit-ready-p 'javascript) (treesit-install-language-grammar 'javascript)) (unless (treesit-ready-p 'javascript) (treesit-install-language-grammar 'javascript))
) )
(defun prettier-fmt ()
"Run prettier."
(run-command-on-buffer "prettier" "--stdin-filepath" buffer-file-name)
)
(use-package css-ts-mode (use-package css-ts-mode
:ensure nil :ensure nil
:pin manual :pin manual
@ -138,23 +88,9 @@
("\\.css\\'" . css-ts-mode) ("\\.css\\'" . css-ts-mode)
) )
:commands (css-ts-mode) :commands (css-ts-mode)
:custom (css-indent-offset 2)
:init :init
(add-to-list 'treesit-language-source-alist '(css "https://github.com/tree-sitter/tree-sitter-css")) (add-to-list 'treesit-language-source-alist '(css "https://github.com/tree-sitter/tree-sitter-css"))
(unless (treesit-ready-p 'css) (treesit-install-language-grammar 'css)) (unless (treesit-ready-p 'css) (treesit-install-language-grammar 'css))
:hook (
(css-ts-mode . (lambda ()
(eglot-ensure)
(defclass my/eglot-css (eglot-lsp-server) ()
:documentation
"Own eglot server class.")
(add-to-list 'eglot-server-programs
'(css-ts-mode . (my/eglot-css "vscode-css-language-server" "--stdio")))
;; (add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
(add-hook 'before-save-hook 'prettier-fmt nil 'local)
))
)
) )

22
ansible/roles/emacs/files/elisp/lang-nix.el
View File

@ -1,22 +0,0 @@
(require 'common-lsp)
(require 'util-tree-sitter)
(use-package nix-mode
:mode (("\\.nix\\'" . nix-mode)
)
:commands nix-mode
:hook (
(nix-mode . (lambda ()
(eglot-ensure)
(defclass my/eglot-nix (eglot-lsp-server) ()
:documentation
"Own eglot server class.")
(add-to-list 'eglot-server-programs
'(nix-mode . (my/eglot-nix "nixd")))
(add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
))
)
)
(provide 'lang-nix)

19
ansible/roles/emacs/files/elisp/lang-org.el
View File

@ -1,23 +1,14 @@
(use-package org (use-package org
:ensure nil :ensure nil
:commands org-mode :commands org-mode
:bind (:map org-mode-map :bind (
("C-c l" . org-store-link) ("C-c l" . org-store-link)
("C-c a" . org-agenda) ("C-c a" . org-agenda)
("S-<up>" . org-shiftup)
("S-<right>" . org-shiftright)
("S-<down>" . org-shiftdown)
("S-<left>" . org-shiftleft)
) )
:hook ( :hook (
(org-mode . (lambda () (org-mode . (lambda ()
(org-indent-mode +1) (org-indent-mode +1)
)) ))
;; Make windmove work in Org mode:
(org-shiftup-final . windmove-up)
(org-shiftleft-final . windmove-left)
(org-shiftdown-final . windmove-down)
(org-shiftright-final . windmove-right)
) )
:config :config
(require 'org-tempo) (require 'org-tempo)
@ -45,8 +36,6 @@
;; TODO: There is an option to set the compiler, could be better than manually doing this here https://orgmode.org/manual/LaTeX_002fPDF-export-commands.html ;; TODO: There is an option to set the compiler, could be better than manually doing this here https://orgmode.org/manual/LaTeX_002fPDF-export-commands.html
;; (setq org-latex-compiler "lualatex") ;; (setq org-latex-compiler "lualatex")
;; TODO: nixos latex page recommends this line, figure out what it does / why its needed:
;; (setq org-preview-latex-default-process 'dvisvgm)
(setq org-latex-pdf-process (setq org-latex-pdf-process
'("lualatex -shell-escape -interaction nonstopmode -output-directory %o %f" '("lualatex -shell-escape -interaction nonstopmode -output-directory %o %f"
"lualatex -shell-escape -interaction nonstopmode -output-directory %o %f" "lualatex -shell-escape -interaction nonstopmode -output-directory %o %f"
@ -87,8 +76,4 @@
(use-package gnuplot) (use-package gnuplot)
(use-package graphviz-dot-mode) (use-package graphviz-dot-mode)
(use-package htmlize
;; For syntax highlighting when exporting to HTML.
)
(provide 'lang-org) (provide 'lang-org)

34
ansible/roles/emacs/files/elisp/lang-python.el
View File

@ -57,29 +57,19 @@
:pin manual :pin manual
:hook ( :hook (
(python-ts-mode . (lambda () (python-ts-mode . (lambda ()
(when-linux (when (executable-find "poetry")
(when (executable-find "poetry") (add-poetry-venv-to-path)
(add-poetry-venv-to-path) (let ((venv (locate-venv-poetry))) (when venv
(let ((venv (locate-venv-poetry))) (when venv (setq eglot-workspace-configuration
(setq eglot-workspace-configuration (list (cons ':python (list ':venvPath venv ':pythonPath (concat venv "/bin/python")))))
(list (cons ':python (list ':venvPath venv ':pythonPath (concat venv "/bin/python"))))) ))
)) )
) (when-linux
(eglot-ensure) (eglot-ensure)
) )
;; (when-freebsd (add-hook 'before-save-hook 'python-fmt nil 'local)
;; (eglot-ensure) ))
;; (defclass my/eglot-pylyzer (eglot-lsp-server) ()
;; :documentation
;; "Own eglot server class.")
;; (add-to-list 'eglot-server-programs
;; '(python-ts-mode . (my/eglot-pylyzer "pylyzer" "--server")))
;; )
(add-hook 'before-save-hook 'python-fmt nil 'local)
))
) )
:bind ((:map python-ts-mode-map ([backspace] . python-backspace)) :bind ((:map python-ts-mode-map ([backspace] . python-backspace))
) )

2
ansible/roles/emacs/files/elisp/lang-rust.el
View File

@ -57,7 +57,7 @@
:init :init
(add-to-list 'major-mode-remap-alist '(rust-mode . rust-ts-mode)) (add-to-list 'major-mode-remap-alist '(rust-mode . rust-ts-mode))
(add-to-list 'treesit-language-source-alist '(rust "https://github.com/tree-sitter/tree-sitter-rust")) (add-to-list 'treesit-language-source-alist '(rust "https://github.com/tree-sitter/tree-sitter-rust"))
(unless (treesit-ready-p 'rust) (treesit-install-language-grammar 'rust)) (unless (treesit-ready-p 'yaml) (treesit-install-language-grammar 'rust))
:config :config
;; Add keybindings for interacting with Cargo ;; Add keybindings for interacting with Cargo
(use-package cargo (use-package cargo

17
ansible/roles/emacs/files/elisp/lang-xml.el
View File

@ -1,17 +0,0 @@
(defun xml-fmt ()
"Run xmllint --format."
(run-command-on-buffer "xmllint" "--format" "-")
)
(use-package nxml-mode
:commands (nxml-mode)
:pin manual
:ensure nil
:hook (
(nxml-mode . (lambda ()
(add-hook 'before-save-hook 'xml-fmt nil 'local)
))
)
)
(provide 'lang-xml)

2
ansible/roles/emacs/files/elisp/util-tree-sitter.el
View File

@ -4,8 +4,6 @@
:commands (treesit-install-language-grammar treesit-ready-p) :commands (treesit-install-language-grammar treesit-ready-p)
:init :init
(setq treesit-language-source-alist '()) (setq treesit-language-source-alist '())
:custom
(treesit-max-buffer-size 209715200) ;; 200MiB
:config :config
;; Default to the max level of detail in treesitter highlighting. This ;; Default to the max level of detail in treesitter highlighting. This
;; can be overridden in each language's use-package call with: ;; can be overridden in each language's use-package call with:

2
ansible/roles/emacs/files/elisp/util-vertico.el
View File

@ -21,7 +21,7 @@
(vertico-count 20) (vertico-count 20)
) )
;; Create an ido/ivy-like experience when selecting files. ;; Create an ivy-like experience when selecting files.
(use-package vertico-directory (use-package vertico-directory
:after vertico :after vertico
:ensure nil :ensure nil

10
ansible/roles/emacs/files/init.el
View File

@ -32,14 +32,4 @@
(require 'lang-dockerfile) (require 'lang-dockerfile)
(require 'lang-c)
(require 'lang-xml)
(require 'lang-nix)
(require 'lang-cmake)
(require 'lang-d2)
(load-directory autoload-directory) (load-directory autoload-directory)

Some files were not shown because too many files have changed in this diff Show More