talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:pixelbook
Branches Tags
talexander:main talexander:kubernetes talexander:nix talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
...
compare: talexander:63a966947b6e330fa6e2d475a33869990eb8d032
Branches Tags
talexander:kubernetes talexander:nix talexander:mt7927 talexander:main talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

85 Commits
pixelbook ... 63a966947b

Author SHA1 Message Date
Tom Alexander
63a966947b Add pkgbase_diff script. 2024-07-04 14:44:32 -04:00
Tom Alexander
fb679924bc Enable ipv6 privacy extensions and build ipfw for dummynet. 2024-07-04 01:31:07 -04:00
Tom Alexander
fb90c63d84 Enable quic and add CUSTOM kernel. 2024-07-04 00:45:54 -04:00
Tom Alexander
9e107d4a75 Add bastion and certificate jails. 2024-07-03 20:50:51 -04:00
Tom Alexander
566b7dfd0b Add sftp jail. 2024-07-01 19:58:00 -04:00
Tom Alexander
0363a462a0 Support launching old dagger. 2024-06-30 17:16:14 -04:00
Tom Alexander
f09844c03c Use latest packages in jails. 2024-06-30 17:16:13 -04:00
Tom Alexander
2042719a3c Upgrade to FreeBSD 14.1 2024-06-30 00:56:32 -04:00
Tom Alexander
9dc43479aa Add sftp jail. 2024-06-29 23:32:36 -04:00
Tom Alexander
62e70554be Migrate to abbreviated jail folder structure. 2024-06-29 16:58:47 -04:00
Tom Alexander
bc29fd5428 Update disk label settings. 2024-06-29 14:31:08 -04:00
Tom Alexander
b9620382a7 Disable tmux mouse. 2024-06-28 11:08:05 -04:00
Tom Alexander
67b777c432 Add whois. 2024-06-26 21:22:15 -04:00
Tom Alexander
8cc24f4923 Enable diskid in FreeBSD. 2024-06-25 17:43:17 -04:00
Tom Alexander
96e09db1dd Add support for hardware video decoding in FreeBSD. 2024-06-25 17:33:16 -04:00
Tom Alexander
8288039264 Remove amd_pstate=passive, install nvtop on Linux, force-enable hardware decoding in firefox. 
The fan was spinning up a bunch so I am going to go back to amd_pstate=active.
 2024-06-24 22:04:03 -04:00
Tom Alexander
5d0fdd341a Install terraform. 2024-06-23 18:26:54 -04:00
Tom Alexander
b0a2086b6c Add support for urlsafe base64 in decode_jwt. 2024-06-21 19:23:08 -04:00
Tom Alexander
78ea5dc244 Add a workaround for framework 13 firmware bug causing 100% usage on a single core. 
ref: https://community.frame.work/t/tracking-amd-small-group-of-kworkers-keeping-cpu-0-busy-after-suspend-resume-cycle-s/45002
 2024-06-20 19:31:49 -04:00
Tom Alexander
d3c397acf0 Add decode_jwt script, install kubeswitch on linux, unfreeze firefox version on linux, disable more bits of currentznver4 FreeBSD build, install terminfo-db, and remove build configs from old version of poudboot. 2024-06-19 19:29:14 -04:00
Tom Alexander
5823ca90f1 Add xml formatting to emacs. 2024-06-03 18:59:16 -04:00
Tom Alexander
c36568462f Add support for clangd for c languages in emacs. 2024-06-02 12:09:45 -04:00
Tom Alexander
e469ed8b9a Add power saving settings. 2024-06-02 11:33:08 -04:00
Tom Alexander
967f7dac16 Fix temperature waybar on Linux. 2024-05-20 19:17:48 -04:00
Tom Alexander
38d255f0ab Set up multiple sound server options for FreeBSD. 2024-05-18 09:52:18 -04:00
Tom Alexander
f44074ebe7 Only scrub when plugged in on Linux, and TCP optimization. 2024-05-16 21:20:30 -04:00
Tom Alexander
ee0fe7eca6 Use group root for /etc/localtime on Linux. 
Arch Linux kept changing the group to root, so this change is to avoid unexpected "changed" entries in the ansible diff.
 2024-05-12 23:23:09 -04:00
Tom Alexander
c7610fe917 Build jack. 2024-05-10 18:51:17 -04:00
Tom Alexander
5fa7f918a1 Refresh clock on the minute instead of every 10 seconds. 2024-05-07 08:52:34 -04:00
Tom Alexander
a2bdb93d5e Switch FreeBSD back to the package-based rust-analyzer. 2024-05-05 22:19:27 -04:00
Tom Alexander
5a763d422a Switch to rust implementation of poudboot. 2024-05-05 22:19:27 -04:00
Tom Alexander
44fd819705 Add radeontop to FreeBSD. 2024-05-05 11:19:03 -04:00
Tom Alexander
faa9b7bb62 Switch to the FreeBSD built-in lockf instead of the package flock. 2024-05-04 12:23:56 -04:00
Tom Alexander
06fb8db40a Disable sndio in firefox. 2024-04-30 21:34:52 -04:00
Tom Alexander
a97b503f8e Add support for noise suppression on Linux using rnnoise. 
This uses: https://github.com/werman/noise-suppression-for-voice .
 2024-04-29 10:47:28 -04:00
Tom Alexander
c650b9626f Disable pulseaudio in firefox. 2024-04-28 16:28:55 -04:00
Tom Alexander
a7fe423583 Update for FreeBSD on AMD Framework laptop. 2024-04-28 15:08:36 -04:00
Tom Alexander
32eca75f4e Set up home server. 2024-04-22 17:23:20 -04:00
Tom Alexander
f1b3e3a81f Set MTU on wireguard configs. 2024-04-19 17:56:07 -04:00
Tom Alexander
736e83a465 Use wayland for vscode. 2024-04-12 19:06:00 -04:00
Tom Alexander
c2b8ab05b1 Move to new cargo credentials path. 2024-04-11 21:36:49 -04:00
Tom Alexander
8b4a5e0847 Move cleaning to a global position. 2024-04-11 20:20:49 -04:00
Tom Alexander
ef18e94ff8 Add a poudriere build for the home server. 2024-04-11 19:57:02 -04:00
Tom Alexander
6d198d290d Enable vulkan for sway on linux. 2024-04-06 22:09:23 -04:00
Tom Alexander
df81196035 Add script to delete pipeline runs from tekton. 2024-04-06 11:29:38 -04:00
Tom Alexander
08454740d6 Merge branch 'pkgbase' 2024-04-06 11:01:02 -04:00
Tom Alexander
a66eff79e2 Set up poudriere to build pkgbase. 2024-04-06 11:00:20 -04:00
Tom Alexander
8385b036a6 Add terraform format-on-save for vscode. 2024-02-06 17:57:20 -05:00
Tom Alexander
ed7d4ab4e6 Run emacs garbage collection when idle. 
This is to hopefully avoid running garbage collection while I am actively interacting with emacs, which should theoretically result in a smoother experience.
 2024-01-26 21:21:09 -05:00
Tom Alexander
574a2d0ce7 Update vscode config. 2024-01-25 10:15:25 -05:00
Tom Alexander
1024f37691 Enable inlay hints for typescript. 2024-01-21 17:00:25 -05:00
Tom Alexander
724a8ca394 Fix ansible playbook on FreeBSD. 2024-01-21 15:58:18 -05:00
Tom Alexander
6b3bdab18b Configure vscode. 2024-01-18 22:43:56 -05:00
Tom Alexander
4d620a33b7 Add closed source vscode. 2024-01-18 22:12:08 -05:00
Tom Alexander
e3e78b3eb5 Add a force focus mode to sway. 2024-01-10 22:21:11 -05:00
Tom Alexander
3706eda8f3 Use meld for git merges. 2024-01-10 22:20:30 -05:00
Tom Alexander
6fc16362ba Use docker compose for unifi controller. 2024-01-09 19:11:39 -05:00
Tom Alexander
a04b52ec72 Add a unifi vm. 2024-01-09 17:31:12 -05:00
Tom Alexander
460a614cf7 Set up the router manually. 2024-01-08 23:14:23 -05:00
Tom Alexander
3e0de0e87a Add a work-specific role. 2024-01-07 14:43:10 -05:00
Tom Alexander
80a3f2291c Add a separate pgp key for work. 2024-01-02 12:29:39 -05:00
Tom Alexander
6e13ac355a Add a work machine to ansible. 2023-12-31 22:21:28 -05:00
Tom Alexander
60e440b0c6 Migrate alacritty to toml config. 2023-12-28 12:50:05 -05:00
Tom Alexander
06fc236f0a Add a python role. 2023-12-25 15:26:42 -05:00
Tom Alexander
1cad73e68f Add the launch keyboard layout file. 
This file is not installed by ansible but it is something I should preserve for configuring the keyboard.
 2023-12-25 11:22:06 -05:00
Tom Alexander
a1ab3327ee Add wasm role. 2023-12-24 12:54:16 -05:00
Tom Alexander
86ecfd1c54 Run prettier on save to format css files. 2023-12-23 06:13:49 -05:00
Tom Alexander
cd58cbb520 Set up the CSS language server. 2023-12-22 21:45:38 -05:00
Tom Alexander
7dc1a22e6b Force the screen brightness level on the framework laptop in Linux. 
Ever since enabling adaptive brightness manager, my brightness is far lower on reboot. I suspect it is saving the actual brightness instead of the set brightness. This works around the issue by forcing the brightness back to my desired level.
 2023-12-22 21:43:53 -05:00
Tom Alexander
b3ee528c18 Merge branch 'epp_amd' 2023-12-19 09:22:56 -05:00
Tom Alexander
9ac2605912 Also set the platform profile for AMD. 
The platform profile sets power settings for the EC/system but not the CPU.
 2023-12-19 08:51:25 -05:00
Tom Alexander
c87ac216a9 Set the energy performance preference for AMD. 2023-12-18 20:08:06 -05:00
Tom Alexander
94b379c717 Fix conditional to not use jinja templating. 2023-12-17 12:33:30 -05:00
Tom Alexander
661b8534a8 Add auto-revert mode. 2023-12-17 11:51:41 -05:00
Tom Alexander
f42d4c469b Update rust. 2023-12-08 15:30:37 -05:00
Tom Alexander
ebde072f2c Install radeontop on AMD graphics. 2023-12-08 13:05:32 -05:00
Tom Alexander
a7fe6ff42d Update Linux framework laptop for AMD board. 
Unfortunately, FreeBSD does not seem to boot so it is not being updated in this commit.
 2023-12-07 17:45:18 -05:00
Tom Alexander
9d54609a12 TEMP change to use mainline kernel instead of LTS for AMD board. 2023-12-07 16:57:56 -05:00
Tom Alexander
0146c631ae Trust additional zfs signing key. 2023-12-07 16:57:56 -05:00
Tom Alexander
86a89be678 Add pipewire jack replacement. 2023-12-07 16:57:56 -05:00
Tom Alexander
644b0f2e00 Add devfs rules for homeserver. 2023-12-07 16:57:56 -05:00
Tom Alexander
4b62c9b4de Add a script to decrypt and mount disks on the home server. 2023-12-07 16:57:56 -05:00
Tom Alexander
0732a82171 Updates for FreeBSD 14. 2023-12-07 16:57:56 -05:00
Tom Alexander
e80cdcabdb Add restaurant_health_rating. 2023-12-07 16:57:56 -05:00
Tom Alexander
05e06d1615 Remove extra subkey from linux build key. 2023-12-07 16:57:55 -05:00
317 changed files with 5041 additions and 1670 deletions
Expand all files Collapse all files

2
.gitattributes vendored
View File

@@ -1,3 +1,5 @@
cargo_credentials.toml filter=git-crypt diff=git-crypt
**/wireguard_configs/** filter=git-crypt diff=git-crypt
*.key filter=git-crypt diff=git-crypt
credentials filter=git-crypt diff=git-crypt
htpasswd filter=git-crypt diff=git-crypt

3
ansible/environments/colo/host_vars/mrmanager
View File

@@ -15,12 +15,13 @@ pflog_conf:
- name: 0
dev: pflog0
cputype: "amd"
hwpstate: true
etc_hosts: {}
wireguard_directory: mrmanager
enabled_wireguard:
- colo
jail_zfs_dataset: zdata/jail
jail_zfs_dataset_mountpoint: /jail/main
jail_zfs_dataset_mountpoint: /jail
jail_canmount: "on"
jail_list:
- name: nat_dhcp

52
ansible/environments/home/host_vars/homeserver
View File

@@ -1,7 +1,27 @@
os_flavor: "freebsd"
custom_repo: "https://freebsdpkg.fizz.buzz/repo/14broadwell-default-computer"
pkgbase_url: "https://freebsdpkg.fizz.buzz/pkgbase/14broadwell-repo/FreeBSD:14:amd64/latest"
zfs_snapshot_datasets:
- path: zroot/freebsd/computer/be
- path: zmass/encrypted/vm
users:
talexander:
initialize: true
uid: 11235
gid: 11235
groups:
- name: wheel
- name: video
- name: u2f
- name: operator # To be able to shutdown without root
- name: webcamd
gid: 145
authorized_keys:
- yubikey
- main_fido
- backup_fido
- homeassistant
gitconfig: "gitconfig_home"
sshd_enabled: true
sshd_conf: "sshd_config"
pf_config: "homeserver_pf.conf"
@@ -11,15 +31,11 @@ pflog_conf:
network_rc: "homeserver_network.conf"
rc_conf: "homeserver_rc.conf"
loader_conf: "homeserver_loader.conf"
netgraph_config: "setup_netgraph_homeserver"
cputype: "intel"
cpu_opt: broadwell
hwpstate: false
build_user:
name: talexander
group: talexander
devfs_rules: "homeserver_devfs.rules"
jail_zfs_dataset: zmass/encrypted/jails
jail_zfs_dataset_mountpoint: /jail/main
jail_zfs_dataset_mountpoint: /jail
jail_canmount: "on"
jail_bemount: "on"
jail_list:
@@ -34,12 +50,26 @@ jail_list:
- name: dagger
conf:
src: dagger
- name: mumble
- name: olddagger
conf:
src: mumble
persist:
- name: mumbledb
mount: /var/db/murmur
src: olddagger
- name: sftp
conf:
src: sftp
fstab: sftp_fstab
- name: bastion
conf:
src: bastion
fstab: fstab_bastion
- name: certificate
conf:
src: certificate
# - name: mumble
# conf:
# src: mumble
# persist:
# - name: mumbledb
# mount: /var/db/murmur
bhyve_dataset: zmass/encrypted/vm
bhyve_list: []
bhyve_canmount: "on"

1
ansible/environments/jail/host_vars/bastion Normal file
View File

@@ -0,0 +1 @@
os_flavor: freebsd

1
ansible/environments/jail/host_vars/certificate Normal file
View File

@@ -0,0 +1 @@
os_flavor: freebsd

6
ansible/environments/jail/host_vars/sftp Normal file
View File

@@ -0,0 +1,6 @@
os_flavor: "freebsd"
users:
nochainstounlock:
initialize: true
uid: 11235
gid: 11235

5
ansible/environments/jail/hosts
View File

@@ -1,7 +1,10 @@
[jail]
nat_dhcp ansible_connection=jail
homeserver_nat_dhcp ansible_ssh_host=nat_dhcp@172.16.16.2 ansible_connection=sshjail
homeserver_nat_dhcp ansible_ssh_host=nat_dhcp@homeserver ansible_connection=sshjail
mrmanager_nat_dhcp ansible_ssh_host=nat_dhcp@10.217.2.1 ansible_connection=sshjail
nat_dhcp@172.16.16.2 ansible_connection=sshjail
admin_git ansible_ssh_host=admin_git@10.217.2.1 ansible_connection=sshjail
public_dns ansible_ssh_host=public_dns@10.217.2.1 ansible_connection=sshjail
sftp ansible_ssh_host=sftp@homeserver ansible_connection=sshjail
bastion ansible_ssh_host=bastion@homeserver ansible_connection=sshjail
certificate ansible_ssh_host=certificate@homeserver ansible_connection=sshjail

25
ansible/environments/laptop/group_vars/all
View File

@@ -1,3 +1,28 @@
timezone: "America/New_York"
install_bluetooth: true
emacs_flavor: "full"
ssh_hosts:
- name: poudriere
proxy_jump: talexander@mrmanager
host_name: 10.215.1.203
- name: controller0
proxy_jump: talexander@mrmanager
host_name: 10.215.1.204
- name: controller1
proxy_jump: talexander@mrmanager
host_name: 10.215.1.205
- name: controller2
proxy_jump: talexander@mrmanager
host_name: 10.215.1.206
- name: worker0
proxy_jump: talexander@mrmanager
host_name: 10.215.1.207
- name: worker1
proxy_jump: talexander@mrmanager
host_name: 10.215.1.208
- name: worker2
proxy_jump: talexander@mrmanager
host_name: 10.215.1.209
- name: brianai
proxy_jump: talexander@mrmanager
host_name: 10.215.1.215

35
ansible/environments/laptop/host_vars/odofreebsd
View File

@@ -1,25 +1,23 @@
os_flavor: "freebsd"
custom_repo: 13amd64-default-framework
custom_repo: "https://freebsdpkg.fizz.buzz/repo/currentznver4-default-framework"
pkgbase_url: "https://freebsdpkg.fizz.buzz/pkgbase/currentznver4-repo/FreeBSD:15:amd64/latest"
zfs_snapshot_datasets:
- path: zroot/freebsd/release/be/default
- path: zroot/freebsd/current/be/default
sshd_enabled: true
sshd_conf: "sshd_config"
pf_config: "odofreebsd_pf.conf"
pflog_conf:
- name: 0
dev: pflog0
#pf_config: "odofreebsd_pf.conf"
#pflog_conf:
# - name: 0
# dev: pflog0
network_rc: "odofreebsd_network.conf"
rc_conf: "odofreebsd_rc.conf"
loader_conf: "odofreebsd_loader.conf"
install_graphics: true
graphics_driver: "intel"
cputype: "intel"
cpu_opt: tigerlake
graphics_driver: "amd"
cputype: "amd"
hwpstate: true
cores: 8
build_user:
name: talexander
group: talexander
cores: 16
sound_system: "oss"
users:
talexander:
initialize: true
@@ -31,6 +29,8 @@ users:
- name: u2f
- name: operator # To be able to shutdown without root
- name: webcamd
gid: 145
- name: realtime
authorized_keys:
- yubikey
- main_fido
@@ -38,16 +38,17 @@ users:
- homeassistant
gitconfig: "gitconfig_home"
devfs_rules: "odo_devfs.rules"
jail_zfs_dataset: zroot/freebsd/release/jails
jail_zfs_dataset_mountpoint: /jail/main
jail_zfs_dataset: zroot/freebsd/current/jails
jail_zfs_dataset_mountpoint: /jail
jail_list:
- name: nat_dhcp
enabled: true
conf:
src: nat_dhcp
bhyve_dataset: zroot/freebsd/release/vm
bhyve_dataset: zroot/freebsd/current/vm
bhyve_list: []
efi_dev: /dev/gpt/EFI
# efi_dev: /dev/gpt/EFI
efi_dev: /dev/diskid/DISK-SJB7N717610407Q0Hp1
sway_conf_files:
- launch_gpg
wireguard_directory: odo

8
ansible/environments/laptop/host_vars/odolinux
View File

@@ -16,12 +16,13 @@ users:
- backup_fido
- homeassistant
gitconfig: "gitconfig_home"
periodic_scrub_pools: [zroot]
zfs_snapshot_datasets:
# - zroot/linux/archmain/home
- path: zroot/linux/archmain/be
- path: zroot/data/bridge/family_disks
install_graphics: true
graphics_driver: "intel"
graphics_driver: "amd"
build_user:
name: talexander
group: talexander
@@ -30,10 +31,9 @@ enabled_wireguard:
- wgh
- drmario
- colo
cputype: "intel"
cputype: "amd"
hwpstate: true
cores: 8
cores: 16
sway_conf_files:
- rofimoji
docker_storage_driver: overlay2 # alternatively zfs
docker_zfs_dataset: zroot/linux/archmain/docker

37
ansible/environments/laptop/host_vars/odowork Normal file
View File

@@ -0,0 +1,37 @@
os_flavor: "linux"
hostname: odowork
etc_hosts: {}
users:
talexander:
initialize: true
uid: 11235
gid: 1000
groups:
- name: wheel
- name: users
- name: docker
- name: libvirt
- name: uucp
authorized_keys:
- yubikey
- main_fido
- backup_fido
gitconfig: "gitconfig_work"
periodic_scrub_pools: [zroot]
zfs_snapshot_datasets:
- path: zroot/linux/archwork/be
install_graphics: true
graphics_driver: "amd"
pgp_key: "gpg_work.asc"
build_user:
name: talexander
group: talexander
# wireguard_directory: odowork
# enabled_wireguard: []
cputype: "amd"
hwpstate: true
cores: 16
sway_conf_files:
- rofimoji
docker_storage_driver: overlay2 # alternatively zfs
closed_source_vscode: true

1
ansible/environments/laptop/hosts
View File

@@ -1,3 +1,4 @@
[gui]
odolinux ansible_connection=local ansible_host=127.0.0.1
odofreebsd ansible_connection=local ansible_host=127.0.0.1
odowork ansible_connection=local ansible_host=127.0.0.1

5
ansible/environments/vm/host_vars/freebsdupdatemrmanager
View File

@@ -1,5 +0,0 @@
os_flavor: "freebsd"
cpu_opt: tigerlake
build_user:
name: root
group: wheel

34
ansible/environments/vm/host_vars/poudrieremrmanager
View File

@@ -1,13 +1,29 @@
os_flavor: "freebsd"
custom_repo: "file:///usr/local/poudriere/data/packages/currentznver4-default-framework"
pkgbase_url: "file:///usr/local/poudriere/data/images/currentznver4-repo/FreeBSD:15:amd64/latest"
poudriere_builds:
- jail: 13amd64
ports: default
set: framework
version: 13.2-RELEASE
# - jail: current
# - jail: 13amd64
# ports: default
# set: framework
# version: CURRENT
# revision: af01b4722577903f91acc44f01bdcb8cdb2d65ad
# kernel: CUSTOM
# branch: main
# version: 13.2-RELEASE
- jail: currentznver4
ports: default
set: framework
version: CURRENT
# revision: 66d37dbedfbf2dc94ccf49e6983c3652d5909b91
kernel: CUSTOM
branch: main
srcconf: currentznver4_src.conf
# - jail: 14broadwell
# ports: default
# set: computer
# version: 14.0-RELEASE
# kernel: GENERIC
# srcconf: 14broadwell_src.conf
- jail: 14broadwell
ports: default
set: computer
version: CURRENT
kernel: CUSTOM
branch: releng/14.1
srcconf: 14broadwell_src.conf

5
ansible/environments/vm/hosts
View File

@@ -1,13 +1,8 @@
[vm]
poudriereodo ansible_user=builder ansible_host=10.213.177.12
poudrieremrmanager ansible_user=root ansible_host=poudriere
freebsdupdatemrmanager ansible_user=root ansible_host=freebsdupdate
#
# Put in ~/.ssh/config
# Host poudriere
# ProxyJump talexander@mrmanager
# HostName 10.215.1.203
#
# Host freebsdupdate
# ProxyJump talexander@mrmanager
# HostName 10.215.1.213

41
ansible/playbook.yaml
View File

@@ -42,9 +42,9 @@
- ansible
- wireguard
- portshaker
- poudriere
- android
- latex
- python
- pyenv
- webcam
- docker
@@ -52,6 +52,9 @@
- javascript
- launch_keyboard
- lvfs
- restaurant_health_rating
- wasm
- noise_suppression
- hosts: nat_dhcp:homeserver_nat_dhcp:mrmanager_nat_dhcp
vars:
@@ -65,10 +68,11 @@
roles:
- sudo # for poudboot script
- fstab
- package_manager
- termcap
- portshaker
- poudriere
- poudrierenginx
- freebsd_update_server
- hosts: mrmanager
vars:
@@ -114,24 +118,39 @@
- users
- public_dns
- hosts: odolinux:odofreebsd
- hosts: odolinux:odofreebsd:odowork
vars:
ansible_become: True
roles:
- framework_laptop
- hosts: odofreebsd
- hosts: homeserver
vars:
ansible_become: True
roles:
- freebsd_update_server
- homeserver
- hosts: freebsdupdatemrmanager
- hosts: odowork
vars:
ansible_become: True
roles:
- sudo # for poudboot script
- doas
- fstab
- build
- freebsd_update_server
- odowork
- hosts: sftp
vars:
ansible_become: True
roles:
- users
- sftp
- hosts: bastion
vars:
ansible_become: True
roles:
- jail_bastion
- hosts: certificate
vars:
ansible_become: True
roles:
- jail_certificate

44
ansible/roles/alacritty/files/alacritty.toml Normal file
View File

@@ -0,0 +1,44 @@
[colors]
draw_bold_text_with_bright_colors = true
indexed_colors = []
[colors.bright]
black = "0x666666"
blue = "0x7aa6da"
cyan = "0x54ced6"
green = "0x9ec400"
magenta = "0xb77ee0"
red = "0xff3334"
white = "0xffffff"
yellow = "0xe7c547"
[colors.normal]
black = "0x000000"
blue = "0x7aa6da"
cyan = "0x70c0ba"
green = "0xb9ca4a"
magenta = "0xc397d8"
red = "0xd54e53"
white = "0xeaeaea"
yellow = "0xe6c547"
[colors.primary]
background = "0x000000"
foreground = "0xeaeaea"
[font]
size = 11.0
[[hints.enabled]]
command = "xdg-open"
post_processing = true
regex = "(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\u0000-\u001F\u007F-Ÿ<>\"\\s{-}\\^⟨⟩`]+"
[hints.enabled.mouse]
enabled = false
mods = "None"
[scrolling]
history = 10000
# Lines moved per scroll.
multiplier = 3

103
ansible/roles/alacritty/files/alacritty.yml
View File

@@ -1,103 +0,0 @@
# If `true`, bold text is drawn using the bright color variants.
draw_bold_text_with_bright_colors: true
colors:
# Default colors
primary:
background: "0x000000"
foreground: "0xeaeaea"
# Bright and dim foreground colors
#
# The dimmed foreground color is calculated automatically if it is not present.
# If the bright foreground color is not set, or `draw_bold_text_with_bright_colors`
# is `false`, the normal foreground color will be used.
#dim_foreground: '0x9a9a9a'
#bright_foreground: '0xffffff'
# Cursor colors
#
# Colors which should be used to draw the terminal cursor. If these are unset,
# the cursor color will be the inverse of the cell color.
#cursor:
# text: '0x000000'
# cursor: '0xffffff'
# Selection colors
#
# Colors which should be used to draw the selection area. If selection
# background is unset, selection color will be the inverse of the cell colors.
# If only text is unset the cell text color will remain the same.
#selection:
# text: '0xeaeaea'
# background: '0x404040'
# Normal colors
normal:
black: "0x000000"
red: "0xd54e53"
green: "0xb9ca4a"
yellow: "0xe6c547"
blue: "0x7aa6da"
magenta: "0xc397d8"
cyan: "0x70c0ba"
white: "0xeaeaea"
# Bright colors
bright:
black: "0x666666"
red: "0xff3334"
green: "0x9ec400"
yellow: "0xe7c547"
blue: "0x7aa6da"
magenta: "0xb77ee0"
cyan: "0x54ced6"
white: "0xffffff"
# Dim colors
#
# If the dim colors are not set, they will be calculated automatically based
# on the `normal` colors.
#dim:
# black: '0x000000'
# red: '0x8c3336'
# green: '0x7a8530'
# yellow: '0x97822e'
# blue: '0x506d8f'
# magenta: '0x80638e'
# cyan: '0x497e7a'
# white: '0x9a9a9a'
# Indexed Colors
#
# The indexed colors include all colors from 16 to 256.
# When these are not set, they're filled with sensible defaults.
#
# Example:
# `- { index: 16, color: '0xff00ff' }`
#
indexed_colors: []
scrolling:
# Maximum number of lines in the scrollback buffer.
# Specifying '0' will disable scrolling.
history: 10000
# Number of lines the viewport will move for every line scrolled when
# scrollback is enabled (history > 0).
multiplier: 3
font:
size: 11.0
hints:
enabled:
# Disable opening links when clicked
- regex:
"(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)\
[^\u0000-\u001F\u007F-\u009F<>\"\\s{-}\\^⟨⟩`]+"
command: xdg-open
post_processing: true
mouse:
enabled: false
mods: None

4
ansible/roles/alacritty/tasks/peruser.yaml
View File

@@ -19,8 +19,8 @@
owner: "{{ account_name.stdout }}"
group: "{{ group_name.stdout }}"
loop:
- src: alacritty.yml
dest: .config/alacritty/alacritty.yml
- src: alacritty.toml
dest: .config/alacritty/alacritty.toml
- import_tasks: tasks/peruser_freebsd.yaml
when: 'os_flavor == "freebsd"'

2
ansible/roles/android/tasks/linux.yaml
View File

@@ -19,4 +19,6 @@
name:
- gvfs
- gvfs-mtp
- android-udev # Access android over USB without root.
- android-tools # For fastboot to flash phones.
state: present

2
ansible/roles/ansible/tasks/freebsd.yaml
View File

@@ -1,6 +1,6 @@
- name: Install packages
package:
name:
- py39-ansible
- py311-ansible
- ansible-sshjail
state: present

1
ansible/roles/autofs/files/auto_master
View File

@@ -1,4 +1,3 @@
# $FreeBSD$
#
# Automounter master map, see auto_master(5) for details.
#

24
ansible/roles/base/files/alacritty.termcap
View File

@@ -1,24 +0,0 @@
# Reconstructed via infocmp from file: /usr/share/terminfo/a/alacritty
# (untranslatable capabilities removed to fit entry within 1023 bytes)
# (sgr removed to fit entry within 1023 bytes)
# (acsc removed to fit entry within 1023 bytes)
# (terminfo-only capabilities suppressed to fit entry within 1023 bytes)
alacritty|alacritty terminal emulator:\
:am:bs:hs:mi:ms:xn:\
:co#80:it#8:li#24:\
:AL=\E[%dL:DC=\E[%dP:DL=\E[%dM:DO=\E[%dB:IC=\E[%d@:\
:K2=\EOE:LE=\E[%dD:RI=\E[%dC:SF=\E[%dS:SR=\E[%dT:\
:UP=\E[%dA:ae=\E(B:al=\E[L:as=\E(0:bl=^G:bt=\E[Z:cd=\E[J:\
:ce=\E[K:cl=\E[H\E[2J:cm=\E[%i%d;%dH:cr=\r:\
:cs=\E[%i%d;%dr:ct=\E[3g:dc=\E[P:dl=\E[M:do=\n:\
:ds=\E]2;\007:ec=\E[%dX:ei=\E[4l:fs=^G:ho=\E[H:im=\E[4h:\
:is=\E[!p\E[?3;4l\E[4l\E>:k1=\EOP:k2=\EOQ:k3=\EOR:\
:k4=\EOS:k5=\E[15~:k6=\E[17~:k7=\E[18~:k8=\E[19~:\
:k9=\E[20~:kD=\E[3~:kI=\E[2~:kN=\E[6~:kP=\E[5~:kb=\177:\
:kd=\EOB:ke=\E[?1l\E>:kh=\EOH:kl=\EOD:kr=\EOC:\
:ks=\E[?1h\E=:ku=\EOA:le=^H:mb=\E[5m:md=\E[1m:me=\E[0m:\
:mh=\E[2m:mm=\E[?1034h:mo=\E[?1034l:mr=\E[7m:nd=\E[C:\
:rc=\E8:sc=\E7:se=\E[27m:sf=\n:so=\E[7m:sr=\EM:st=\EH:ta=^I:\
:te=\E[?1049l\E[23;0;0t:ti=\E[?1049h\E[22;0;0t:\
:ts=\E]2;:ue=\E[24m:up=\E[A:us=\E[4m:vb=\E[?5h\E[?5l:\
:ve=\E[?12l\E[?25h:vi=\E[?25l:vs=\E[?12;25h:

1
ansible/roles/base/files/cleartmp_rc.conf Normal file
View File

@@ -0,0 +1 @@
clear_tmp_enable="YES"

8
ansible/roles/base/files/decode_jwt.bash Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
# Decode the contents of a JWT
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec jq -R 'split(".") | .[0],.[1] | gsub("-"; "+") | gsub("_"; "/") | gsub("%3D"; "=")| @base64d | fromjson'

8
ansible/roles/base/files/disk_labels_loader.conf
View File

@@ -1,8 +1,12 @@
# Disabling both of these will make /dev/gpt/* populated
# Populates the /dev/diskid
kern.geom.label.disk_ident.enable="1"
# Populates /dev/gpt but only if kern.geom.label.disk_ident.enable is disabled.
#
# This uses gpt partition labels which you can set with:
#
# gpart modify -l EFI -i 1 nvd0
# kern.geom.label.disk_ident.enable="0"
# kern.geom.label.gptid.enable="1"

15
ansible/roles/base/files/gitconfig_home
View File

@@ -18,3 +18,18 @@
date = local
[init]
defaultBranch = main
# Use meld for `git difftool` and `git mergetool`
[diff]
tool = meld
[difftool]
prompt = false
[difftool "meld"]
cmd = meld "$LOCAL" "$REMOTE"
[merge]
tool = meld
[mergetool "meld"]
# Make the middle pane start with partially-merged contents:
cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
# Make the middle pane start without any merge progress:
# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"

37
ansible/roles/base/files/gitconfig_work Normal file
View File

@@ -0,0 +1,37 @@
[user]
email = ThomasA.Alexander@hmhn.org
name = Tom Alexander
signingkey = D3A179C9A53C0EDE
[push]
default = simple
[alias]
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit
[core]
excludesfile = ~/.gitignore_global
[commit]
gpgsign = true
[pull]
rebase = true
[log]
date = local
[init]
defaultBranch = main
# Use meld for `git difftool` and `git mergetool`
[diff]
tool = meld
[difftool]
prompt = false
[difftool "meld"]
cmd = meld "$LOCAL" "$REMOTE"
[merge]
tool = meld
[mergetool "meld"]
# Make the middle pane start with partially-merged contents:
cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
# Make the middle pane start without any merge progress:
# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
[includeIf "gitdir:/bridge/"]
path = /bridge/git/machine_setup/ansible/roles/base/files/gitconfig_home

5
ansible/roles/base/files/gitignore_global
View File

@@ -1,3 +1,8 @@
.idea
.python-version
# Emacs per-directory settings
.dir-locals.el
# C/C++ Language Server compile commands
compile_commands.json

2
ansible/roles/base/files/homeserver_loader.conf
View File

@@ -1,5 +1,3 @@
security.bsd.allow_destructive_dtrace=0
kern.geom.label.disk_ident.enable="0"
kern.geom.label.gptid.enable="0"
cryptodev_load="YES"
zfs_load="YES"

3
ansible/roles/base/files/login.conf
View File

@@ -7,7 +7,6 @@
# This file controls resource limits, accounting limits and
# default user environment settings.
#
# $FreeBSD$
#
# Default settings effectively disable resource limits, see the
@@ -33,7 +32,7 @@ default:\
:cputime=unlimited:\
:datasize=unlimited:\
:stacksize=unlimited:\
:memorylocked=64K:\
:memorylocked=128M:\
:memoryuse=unlimited:\
:filesize=unlimited:\
:coredumpsize=unlimited:\

3
ansible/roles/base/files/odofreebsd_loader.conf
View File

@@ -1,6 +1,3 @@
security.bsd.allow_destructive_dtrace=0
kern.geom.label.disk_ident.enable="0"
kern.geom.label.gptid.enable="0"
cryptodev_load="YES"
zfs_load="YES"

2
ansible/roles/base/files/odofreebsd_rc.conf
View File

@@ -1,8 +1,6 @@
clear_tmp_enable="YES"
syslogd_flags="-ss"
sendmail_enable="NONE"
hostname="odo"
sshd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
zfs_enable="YES"

2
ansible/roles/base/files/tmux.conf
View File

@@ -1,4 +1,4 @@
set-option -g mouse on
# set-option -g mouse on
set-option -g history-limit 20000
# set -g @plugin 'tmux-plugins/tmux-yank'
# Emacs style

1
ansible/roles/base/meta/main.yaml
View File

@@ -1,2 +1,3 @@
dependencies:
- fstab
- termcap

18
ansible/roles/base/tasks/common.yaml
View File

@@ -16,20 +16,18 @@
- wget
- colordiff
- ipcalc
- kdiff3
- tcpdump
- moreutils # for ts [%Y-%m-%d %H:%M:%.S]
- ddrescue
state: present
- name: Set timezone
file:
src: "/usr/share/zoneinfo/{{ timezone|default('UTC') }}"
dest: /etc/localtime
owner: root
# TODO: Arch Linux is changing the group to root instead of wheel. Maybe make this a variable?
group: wheel
state: link
- name: Install packages
when: install_graphics
package:
name:
- kdiff3
- meld
state: present
- name: Install scripts
copy:
@@ -49,6 +47,8 @@
dest: /usr/local/bin/cleanup_temporary_files
- src: git_fix_author.bash
dest: /usr/local/bin/git_fix_author
- src: decode_jwt.bash
dest: /usr/local/bin/decode_jwt
- import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"'

38
ansible/roles/base/tasks/freebsd.yaml
View File

@@ -1,3 +1,11 @@
- name: Set timezone
file:
src: "/usr/share/zoneinfo/{{ timezone|default('UTC') }}"
dest: /etc/localtime
owner: root
group: wheel
state: link
- name: Install packages
package:
name:
@@ -7,27 +15,15 @@
- rust-coreutils
state: present
- name: See if the alacritty termcap has been added
lineinfile:
name: /usr/share/misc/termcap
regexp: |-
^alacritty\|
state: absent
check_mode: yes
changed_when: false
register: alacritty_cap
- name: Append alacritty termcap info
blockinfile:
path: /usr/share/misc/termcap
block: "{{ lookup('file', 'alacritty.termcap') }}"
marker: "# {mark} ANSIBLE MANAGED BLOCK alacritty"
when: not alacritty_cap.found
register: wrote_alacritty_cap
- name: Update cap_mkdb
command: cap_mkdb /usr/share/misc/termcap
when: wrote_alacritty_cap.changed
- name: Install service configuration
copy:
src: "files/{{ item }}_rc.conf"
dest: "/etc/rc.conf.d/{{ item }}"
mode: 0644
owner: root
group: wheel
loop:
- cleartmp
- name: Install login.conf
copy:

49
ansible/roles/base/tasks/linux.yaml
View File

@@ -1,3 +1,11 @@
- name: Set timezone
file:
src: "/usr/share/zoneinfo/{{ timezone|default('UTC') }}"
dest: /etc/localtime
owner: root
group: root
state: link
- name: Install packages
package:
name:
@@ -8,6 +16,8 @@
- man-db
- uutils-coreutils
- usbutils # for lsusb
- bolt
- whois
state: present
- name: Start pkgfile update service
@@ -17,17 +27,6 @@
daemon_reload: yes
enabled: yes
# Of questionable value since I don't use swap on my machines
- name: Configure sysctls for swap
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
state: present
sysctl_file: /etc/sysctl.d/swap.conf
loop:
- name: vm.swappiness
value: 10
- name: Install scripts
copy:
src: "files/{{ item.src }}"
@@ -40,3 +39,31 @@
dest: /usr/local/bin/mount_disk_image
- src: watch_linux
dest: /usr/local/bin/ww
- name: Configure sysctls
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
state: present
sysctl_file: /etc/sysctl.d/{{ item.file }}
loop:
# Of questionable value since I don't use swap on my machines
- name: vm.swappiness
value: 10
file: swap.conf
# Enable TCP packetization-layer PMTUD when an ICMP black hole is detected.
- name: net.ipv4.tcp_mtu_probing
value: 1
file: tcp.conf
# Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
- name: net.ipv4.tcp_congestion_control
value: bbr
file: tcp.conf
# Don't do a slow start after a connection has been idle for a single RTO.
- name: net.ipv4.tcp_slow_start_after_idle
value: 0
file: tcp.conf
# 3x time to accumulate filesystem changes before flushing to disk.
- name: vm.dirty_writeback_centisecs
value: 1500
file: power.conf

7
ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
View File

@@ -74,13 +74,6 @@ function main {
fi
}
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function create_disk {
local zfs_path="$1"
local mount_path="$2"

2
ansible/roles/build/defaults/main.yaml
View File

@@ -1,2 +0,0 @@
# freebsd_version: "releng/13.2"
freebsd_version: "9c80d66ec1b4c5b9ac7aaf5b0fdbb1628d49c181"

6
ansible/roles/build/files/CUSTOM
View File

@@ -1,6 +0,0 @@
include GENERIC-NODEBUG
# Disable Intel SD/MMC controller for reading eMMC
nodevice sdhci
ident CUSTOM

12
ansible/roles/build/files/aurutils-nuke Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
# If something is very wrong in pacman, this removes the keyring and the entire custom repo, then sets up pacman's keyring again. Running the ansible playbook is necessary to get the custom repo added.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
doas rm -rf /var/cache/pacman/custom/ /etc/pacman.d/conf.d/aurutils.conf
doas rm -rf /etc/pacman.d/gnupg
doas pacman-key --init
doas pacman-key --populate archlinux
doas pacman -S archlinux-keyring

26
ansible/roles/build/files/find_packages_that_installed_kernel_modules.bash
View File

@@ -1,26 +0,0 @@
#!/usr/bin/env bash
#
# List installed packages that install a kernel module.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${PORTSDIR:="/usr/ports"}
function main {
if [ "$#" -ne 0 ]; then
(>&2 echo "This script takes no positional parameters.")
exit 1
fi
local module
doas find / -type f -name '*.ko' | sort | while read module; do
local provides=$(pkg provides "$module")
if [ -n "$provides" ]; then
package_name=$(grep 'Name : ' <<<"$provides" | sed 's/Name : //g')
# module_file=$(grep 'Filename: ' <<<"$provides" | sed 's/Filename: //g')
echo "$package_name"
fi
done
}
main "${@}"

36
ansible/roles/build/files/find_popular_ports_options.bash
View File

@@ -1,36 +0,0 @@
#!/usr/bin/env bash
#
# Find which port options appear the most in ports.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${PORTSDIR:="/usr/ports"}
function main {
if [ "$#" -ne 0 ]; then
(>&2 echo "This script takes no positional parameters.")
exit 1
fi
local folder
find_port_folders | while read folder; do
set +e
dump_port_options "$folder"
set -e
done | sort | uniq -c | sort -nr
}
function find_port_folders {
local mf
find "$PORTSDIR" -type f -name Makefile -mindepth 3 -maxdepth 3 | sort | while read mf; do
dirname "$mf"
done
}
function dump_port_options {
local folder="$1"
local portopts=$(make -C "$folder" -V OPTIONS_DEFINE)
echo "$portopts" | grep -oE --line-buffered '[^ ]*'
}
main "${@}"

41
ansible/roles/build/files/find_ports_containing_option.bash
View File

@@ -1,41 +0,0 @@
#!/usr/bin/env bash
#
# List ports containing an option matching the first parameter to the script.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${PORTSDIR:="/usr/ports"}
function main {
if [ "$#" -ne 1 ]; then
(>&2 echo "Pass exactly 1 option name to this script.")
exit 1
fi
local find_option_name=$1
local folder
find_port_folders | while read folder; do
set +e
dump_port_options "$folder" | grep -qE "^${find_option_name}$"
has_opt=$?;
set -e
if [ $has_opt -eq 0 ]; then
echo "$folder"
fi
done
}
function find_port_folders {
local mf
find "$PORTSDIR" -type f -name Makefile -mindepth 3 -maxdepth 3 | sort | while read mf; do
dirname "$mf"
done
}
function dump_port_options {
local folder="$1"
local portopts=$(make -C "$folder" -V OPTIONS_DEFINE)
echo "$portopts" | grep -oE --line-buffered '[^ ]*'
}
main "${@}"

20
ansible/roles/build/files/freebsd_update_step1
View File

@@ -1,20 +0,0 @@
#!/usr/bin/env bash
#
# Build and installs whatever is in /usr/src. Run step 1, reboot, then step 2.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cores=$(sysctl -n hw.ncpu)
if sudo etcupdate status | grep -qE '^ C '; then
>&2 echo 'Conflicts remain in etcupdate. Run `etcupdate resolve` to fix them first.'
exit 1
fi
cd /usr/src
make -j "$cores" clean
make -j "$cores" buildworld buildkernel
sudo make installkernel
echo "FreeBSD update step 1 done. Please reboot."

19
ansible/roles/build/files/freebsd_update_step2
View File

@@ -1,19 +0,0 @@
#!/usr/bin/env bash
#
# Build and installs whatever is in /usr/src. Run step 1, reboot, then step 2.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
sudo etcupdate -p
cd /usr/src
sudo make installworld
sudo etcupdate -B
if sudo etcupdate status | grep -qE '^ C '; then
>&2 echo 'Conflicts in etcupdate. Run `etcupdate resolve` to fix them first.'
exit 1
fi
echo "FreeBSD update step 2 done. Please reboot."

53
ansible/roles/build/files/gpg.asc
View File

@@ -1,34 +1,27 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
0H+RsWG0HVRvbSBBbGV4YW5kZXIgPHRvbUBmaXp6LmJ1eno+iJAEExYIADgWIQS4
SBWTY8KHeReVS+En3kDZuEVcGwUCXZwWGgIbAwULCQgHAgYVCAkKCwIEFgIDAQIe
AQIXgAAKCRAn3kDZuEVcG9glAQDX3Bzaz9sQpycc40LeLxSKQsWplfJigfr8wWOg
C15TywEAqkTtCrTNsltdZERLMre7qnv/6RSo54OW0C4pdN7UUAa0HlRvbSBBbGV4
YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A
2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhF
XBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0CuU4m1/MA+gPDKME7syEt
JsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB9Ub20gQWxleGFuZGVyIDx0b21AaGFy
bW9uaWMuYWk+iJAEExYIADgWIQS4SBWTY8KHeReVS+En3kDZuEVcGwUCX7D5RAIb
AwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAn3kDZuEVcGzjDAP9pM1ScstOk
ti+oRAsNSk8qsjIsCT9O5voDS0Q7plWlcwD/btKVFO9tPLsXhyvdB+NSwueVs7TA
kRVjlW3hktpefg24OARdnBYaEgorBgEEAZdVAQUBAQdArbTYQgDBMG7EBFTKA6+f
4CWgwl26Lf2b6cyCGfUw2j4DAQgHiHgEGBYIACAWIQS4SBWTY8KHeReVS+En3kDZ
uEVcGwUCXZwWGgIbDAAKCRAn3kDZuEVcG03MAQCrkjrE+MhtvbfGaHGHlwz9QnF0
Z519YzK8Xr8m0O+09QEA9BFCfkAzBM4D4JKeWJh/tmN9U6UexzLrRdY+W9cugAm4
MwRdnBbKFgkrBgEEAdpHDwEBB0A/IgvgQaDhPkk72raSlUPLZaMyJfPedlfBhbgY
uhNiSIj1BBgWCAAmAhsCFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+hYFCQe4
fcwAgXYgBBkWCAAdFiEEgeZEOZZ1UC6xJRa606F5yaU8Dt4FAl2cFsoACgkQ06F5
yaU8Dt6MngD+Krs3aYyHH6i85ebVESgBI8XeXhgACM4exepw+0UcoYkBAKK4DvV3
oJD6o1ku6Rr8pUH962SQm8PO9pO2JBBAb6ADCRAn3kDZuEVcG9uAAP43vUsbe24/
6tjEezAW0a4L2E1u4HNU8t53lolngs1kswEAy1HBdYEMR9TovX/kMeBHLcz1J2pM
VRSV0JnJhj5eZwa4MwRdnBcBFgkrBgEEAdpHDwEBB0BrvpOZa4q6JHVuc1XUVQTq
hDgLwD5SJBvzHSTXPYOZMoh+BBgWCAAmAhsgFiEEuEgVk2PCh3kXlUvhJ95A2bhF
XBsFAl+w+hYFCQe4fZUACgkQJ95A2bhFXBs3NgEA3SFYTgRVstidfoEpEZV4DdSL
kXaOwN3Eyba4UniClyMA/2CCxQt24vu19TyvUtOXWCp9Zi8SyIqoeiXQ4ZmhhnQO
uDgEXZwXKBIKKwYBBAGXVQEFAQEHQA7S3cFTEu6iROopVyF4UBl3hQrEAbOc9CW+
xXKFZYgSAwEIB4h+BBgWCAAmAhsMFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w
+hcFCQe4fW4ACgkQJ95A2bhFXBtUXAEAyEJCUNVSJ7qvQv5IXuwbYTX2Mh7JU3+F
GJHO7AWBXCQA/2aLAi9kYmz9ba770XYwTeBZIv9Y6UIwIwVmFdYHC/EM
=a/z4
0H+RsWG0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE
uEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwEC
HgECF4AACgkQJ95A2bhFXBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0C
uU4m1/MA+gPDKME7syEtJsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB1Ub20gQWxl
eGFuZGVyIDx0b21AZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A
2bhFXBsFAl2cFhoCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQJ95A2bhF
XBvYJQEA19wc2s/bEKcnHONC3i8UikLFqZXyYoH6/MFjoAteU8sBAKpE7Qq0zbJb
XWRESzK3u6p7/+kUqOeDltAuKXTe1FAGuDMEXZwWyhYJKwYBBAHaRw8BAQdAPyIL
4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI9QQYFggAJgIbAhYhBLhIFZNj
wod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2IAQZFggAHRYhBIHmRDmWdVAu
sSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7ejJ4A/iq7N2mMhx+ovOXm1REo
ASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZLuka/KVB/etkkJvDzvaTtiQQ
QG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/EZ3/d8wxfA9E3Fb/1mt4c2Zr
NnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/duA4lwsLuDMEXZwXARYJKwYB
BAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+UiQb8x0k1z2DmTKIfgQYFggA
JgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdZgAAoJECfeQNm4
RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SBPG4VvrCzXrmlAP46wUjIRpkM
rTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2cFygSCisGAQQBl1UBBQEBB0AO
0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWIEgMBCAeIfgQYFggAJgIbDBYh
BLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdY5AAoJECfeQNm4RVwbXscA
/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcWd5t8APwIwcuFVZZA3yayhIxi
3aqYpMRxpn2t6Nswax1MIM8DBQ==
=dzEV
-----END PGP PUBLIC KEY BLOCK-----

27
ansible/roles/build/files/gpg_work.asc Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
0H+RsWG0LVRob21hcyBBbGV4YW5kZXIgPFRob21hc0EuQWxleGFuZGVyQGhtaG4u
b3JnPoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAmULicsCGwMFCwkI
BwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhFXBsUtQD9GWPdWc/nSmO0Gp7p
DzxrieliriAnO+ZCHp31mFbMtToBAPxPYN9y4kgSiXhLiFLoRK5k5FCspksTSitg
0CbXDE4LuDgEXZwWGhIKKwYBBAGXVQEFAQEHQK202EIAwTBuxARUygOvn+AloMJd
ui39m+nMghn1MNo+AwEIB4h4BBgWCAAgFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsF
Al2cFhoCGwwACgkQJ95A2bhFXBtNzAEAq5I6xPjIbb23xmhxh5cM/UJxdGedfWMy
vF6/JtDvtPUBAPQRQn5AMwTOA+CSnliYf7ZjfVOlHscy60XWPlvXLoAJuDMEXZwW
yhYJKwYBBAHaRw8BAQdAPyIL4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI
9QQYFggAJgIbAhYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2
IAQZFggAHRYhBIHmRDmWdVAusSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7e
jJ4A/iq7N2mMhx+ovOXm1REoASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZ
Luka/KVB/etkkJvDzvaTtiQQQG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/
EZ3/d8wxfA9E3Fb/1mt4c2ZrNnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/
duA4lwsLuDMEXZwXARYJKwYBBAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+
UiQb8x0k1z2DmTKIfgQYFggAJgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJl
C4ZwBQkLMdZgAAoJECfeQNm4RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SB
PG4VvrCzXrmlAP46wUjIRpkMrTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2c
FygSCisGAQQBl1UBBQEBB0AO0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWI
EgMBCAeIfgQYFggAJgIbDBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkL
MdY5AAoJECfeQNm4RVwbXscA/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcW
d5t8APwIwcuFVZZA3yayhIxi3aqYpMRxpn2t6Nswax1MIM8DBQ==
=0HtE
-----END PGP PUBLIC KEY BLOCK-----

0
ansible/roles/build/files/pacman-custom.conf → ansible/roles/build/files/pacman-x86_64.conf
View File

100
ansible/roles/build/tasks/freebsd.yaml
View File

@@ -1,100 +0,0 @@
- name: Install packages
package:
name:
- git
state: present
- name: Create directories
file:
name: "{{ item }}"
state: directory
mode: 0755
owner: "{{ build_user.name }}"
group: "{{ build_user.group }}"
loop:
- "/usr/src"
# - "/usr/ports"
- "/usr/obj"
- name: chown the FreeBSD source
file:
name: "{{ item }}"
state: directory
owner: "{{ build_user.name }}"
group: "{{ build_user.group }}"
recurse: true
loop:
- "/usr/src"
- name: Clone FreeBSD Source
git:
repo: "https://git.FreeBSD.org/src.git"
dest: /usr/src
version: "{{ freebsd_version }}"
force: true
become: true
become_user: "{{ build_user.name }}"
diff: false
# - name: Clone Ports Tree
# git:
# repo: "https://git.FreeBSD.org/ports.git"
# dest: /usr/ports
# version: "main"
# force: true
# update: false
# become: true
# become_user: "{{ build_user.name }}"
# diff: false
- name: Install Configuration
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0644
owner: root
group: wheel
loop:
- src: make.conf
dest: /etc/make.conf
- name: Install Configuration
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0644
owner: "{{ build_user.name }}"
group: "{{ build_user.group }}"
loop:
- src: CUSTOM
dest: /usr/src/sys/amd64/conf/CUSTOM
- name: Install Configuration
template:
src: "templates/{{ item.src }}.j2"
dest: "{{ item.dest }}"
mode: 0644
owner: root
group: wheel
loop:
- src: src.conf
dest: /etc/src.conf
- name: Install scripts
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0700
owner: "{{ build_user.name }}"
group: "{{ build_user.group }}"
loop:
- src: freebsd_update_step1
dest: /usr/local/bin/freebsd_update_step1
- src: freebsd_update_step2
dest: /usr/local/bin/freebsd_update_step2
- src: find_popular_ports_options.bash
dest: /usr/local/bin/find_popular_ports_options
- src: find_ports_containing_option.bash
dest: /usr/local/bin/find_ports_containing_option
- src: find_packages_that_installed_kernel_modules.bash
dest: /usr/local/bin/find_packages_that_installed_kernel_modules

16
ansible/roles/build/tasks/linux.yaml
View File

@@ -39,7 +39,7 @@
- name: Trust my signing key
command: pacman-key -a -
args:
stdin: "{{ lookup('file', 'gpg.asc') }}"
stdin: "{{ lookup('file', pgp_key|default('gpg.asc')) }}"
when: '"B848159363C2877917954BE127DE40D9B8455C1B" not in pacmankeys.stdout'
register: my_key_imported
@@ -89,13 +89,21 @@
loop:
- src: aurutils.conf
dest: /etc/pacman.d/conf.d/
- src: pacman-custom.conf
- src: pacman-x86_64.conf
dest: /etc/aurutils/
- src: makepkg.conf # TODO: Is this needed or can I use the default from devtools?
dest: /etc/aurutils/
- name: chown the custom package db
file:
path: "{{ item }}"
owner: "{{ build_user.name }}"
recurse: true
loop:
- /var/cache/pacman/custom/
- name: Create custom repo db
command: repo-add --sign /var/cache/pacman/custom/custom.db.tar
command: repo-add --new --sign /var/cache/pacman/custom/custom.db.tar "/home/{{ build_user.name }}/.config/ansible_deploy/aurutils/aurutils-*-any.pkg.tar.*"
become: true
become_user: "{{ build_user.name }}"
args:
@@ -111,6 +119,8 @@
loop:
- src: aurutils-purge
dest: /usr/local/bin/aurutils-purge
- src: aurutils-nuke
dest: /usr/local/bin/aurutils-nuke
- src: aurutils-sync
dest: /usr/local/bin/aurutils-sync
- src: aurutils-update-devel-packages

35
ansible/roles/build/templates/src.conf.j2
View File

@@ -1,35 +0,0 @@
{% if cpu_opt is defined and cpu_opt %}
CPUTYPE?={{ cpu_opt }}
{% endif %}
KERNCONF=CUSTOM
WITH_MALLOC_PRODUCTION=YES
WITHOUT_LLVM_ASSERTIONS=YES
WITH_REPRODUCIBLE_BUILD=YES
PORTS_MODULES+=graphics/drm-kmod
PORTS_MODULES+=graphics/gpu-firmware-intel-kmod
PORTS_MODULES+=net/wireguard-kmod
# Would be fun to experiment with:
# WITHOUT_SOURCELESS=YES
# WITHOUT_GAMES=YES
# WITHOUT_KERBEROS=YES
# WITHOUT_LEGACY_CONSOLE=YES
# WITHOUT_LIB32=YES
# WITHOUT_LOADER_GELI=YES
# WITHOUT_MLX5TOOL=YES
# WITHOUT_NDIS=YES
# WITHOUT_OFED=YES
# WITHOUT_PPP=YES
# WITH_SORT_THREADS=YES
# WITHOUT_TALK=YES
# WITHOUT_TCSH=YES
# Questionable Optimizations
WITHOUT_FLOPPY=YES
WITHOUT_HTML=YES
WITHOUT_IPFW=YES
WITHOUT_IPFILTER=YES
WITHOUT_LLVM_TARGET_ALL=YES
# Commented out because maybe I want email alerts for failing disks
# WITHOUT_MAIL=YES

29
ansible/roles/cpu/files/cpu_set_perf_perc_linux_amd Normal file
View File

@@ -0,0 +1,29 @@
#!/usr/bin/env bash
#
# Tell hardware p-states whether to maximize CPU performance (100) or
# energy efficiency (0).
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
perc=$1
if [ "$perc" -gt 80 ]; then
echo performance | tee /sys/firmware/acpi/platform_profile
elif [ "$perc" -ge 20 ]; then
echo balanced | tee /sys/firmware/acpi/platform_profile
else
echo low-power | tee /sys/firmware/acpi/platform_profile
fi
if [ "$perc" -ge 80 ]; then
echo "performance" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
elif [ "$perc" -ge 60 ]; then
echo "balance_performance" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
elif [ "$perc" -ge 40 ]; then
echo "default" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
elif [ "$perc" -ge 20 ]; then
echo "balance_power" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
else
echo "power" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
fi

0
ansible/roles/cpu/files/cpu_set_perf_perc_linux → ansible/roles/cpu/files/cpu_set_perf_perc_linux_intel
View File

0
ansible/roles/cpu/files/percorespeedshift_loader.conf → ansible/roles/cpu/files/per_core_hwpstate_loader.conf
View File

2
ansible/roles/cpu/files/platform_profile_tmpfiles.conf Normal file
View File

@@ -0,0 +1,2 @@
# Favor energy efficiency for platform profile (EC / system, not CPU)
w- /sys/firmware/acpi/platform_profile - - - - low-power

11
ansible/roles/cpu/tasks/freebsd_amd.yaml
View File

@@ -27,3 +27,14 @@
group: wheel
loop:
- aesni
- name: Install loader.conf
when: hwpstate is defined and hwpstate
copy:
src: "files/{{ item }}_loader.conf"
dest: "/boot/loader.conf.d/{{ item }}.conf"
mode: 0644
owner: root
group: wheel
loop:
- per_core_hwpstate

2
ansible/roles/cpu/tasks/freebsd_intel.yaml
View File

@@ -78,4 +78,4 @@
owner: root
group: wheel
loop:
- percorespeedshift
- per_core_hwpstate

40
ansible/roles/cpu/tasks/linux_amd.yaml Normal file
View File

@@ -0,0 +1,40 @@
- name: Install packages
package:
name:
- powertop
state: present
- name: Favor energy efficiency for hardware p-states
when: hwpstate is defined and hwpstate and cores is defined
template:
src: "templates/{{ item.src }}.j2"
dest: "{{ item.dest }}"
mode: 0644
owner: root
group: wheel
loop:
- src: energy_performance_preference.conf
dest: /etc/tmpfiles.d/energy_performance_preference.conf
- name: Install tmpfiles.d configuration
when: hwpstate is defined and hwpstate and cores is defined
copy:
src: "files/{{ item }}_tmpfiles.conf"
dest: "/etc/tmpfiles.d/{{ item }}.conf"
mode: 0644
owner: root
group: wheel
loop:
- platform_profile
- name: Install scripts
when: hwpstate is defined and hwpstate
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0755
owner: root
group: wheel
loop:
- src: cpu_set_perf_perc_linux_amd
dest: /usr/local/bin/cpu_set_perf_perc

4
ansible/roles/cpu/tasks/linux_intel.yaml
View File

@@ -19,7 +19,7 @@
template:
src: "templates/{{ item.src }}.j2"
dest: "{{ item.dest }}"
mode: 0755
mode: 0644
owner: root
group: wheel
loop:
@@ -35,5 +35,5 @@
owner: root
group: wheel
loop:
- src: cpu_set_perf_perc_linux
- src: cpu_set_perf_perc_linux_intel
dest: /usr/local/bin/cpu_set_perf_perc

2
ansible/roles/cpu/templates/energy_performance_preference.conf.j2
View File

@@ -1,4 +1,4 @@
# Favor energy efficiency for Speed Shift
# Favor energy efficiency for hardware p-states
{% for core in range(0, cores, 1) %}
w- /sys/devices/system/cpu/cpufreq/policy{{core}}/energy_performance_preference - - - - power
{% endfor %}

19
ansible/roles/devfs/files/homeserver_devfs.rules Normal file
View File

@@ -0,0 +1,19 @@
# [localrules=10]
# add path 'input/*' mode 0660 group video
# add path 'usb/*' mode 0660 group usb
[tajailwg=13]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path 'bpf*' unhide
add path pf unhide
add path pflog unhide
add path pfsynv unhide
add path 'tun*' unhide
[tajaildhcp=14]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path 'bpf*' unhide

4
ansible/roles/emacs/files/early-init.el
View File

@@ -1,6 +1,6 @@
(setq gc-cons-threshold 100000000) ;; Increase garbage collection threshold for performance (default 800000)
(setq gc-cons-threshold (* 128 1024 1024)) ;; Increase garbage collection threshold for performance (default 800000)
;; Increase amount of data read from processes, default 4k
(when (>= emacs-major-version 27)
(when (version<= "27.0" emacs-version)
(setq read-process-output-max (* 1024 1024)) ;; 1mb
)

16
ansible/roles/emacs/files/elisp/base.el
View File

@@ -36,6 +36,8 @@
;; Don't pop up a small window at the bottom of emacs at launch.
inhibit-startup-screen t
inhibit-startup-message t
;; Don't show the list of buffers when opening many files.
inhibit-startup-buffer-menu t
;; Give the scratch buffer a clean slate.
initial-major-mode 'fundamental-mode
initial-scratch-message nil
@@ -75,4 +77,18 @@
;; Delete trailing whitespace before save
(add-hook 'before-save-hook 'delete-trailing-whitespace)
;; If the underlying file changes, reload it automatically. This is useful for moving around in git without confusing language servers.
(setopt auto-revert-avoid-polling t)
(setopt auto-revert-interval 5)
(setopt auto-revert-check-vc-info t)
(global-auto-revert-mode)
;;;;; Performance
;; Run garbage collect when emacs is idle
(run-with-idle-timer 5 t (lambda () (garbage-collect)))
(add-function :after after-focus-change-function
(lambda ()
(unless (frame-focus-state)
(garbage-collect))))
(provide 'base)

1
ansible/roles/emacs/files/elisp/common-lsp.el
View File

@@ -38,6 +38,7 @@
:hook (eglot-managed-mode . company-mode)
:config
(setq company-backends '((company-capf)))
(setq company-idle-delay 0) ;; Default 0.2
)
;; (use-package company-box

49
ansible/roles/emacs/files/elisp/lang-c.el Normal file
View File

@@ -0,0 +1,49 @@
(require 'common-lsp)
(require 'util-tree-sitter)
(defun locate-compile-commands-file ()
"See if compile_commands.json exists."
;; This can be generated by prefixing the make command with `intercept-build15 --append`
(let ((compile-commands-file (locate-dominating-file (buffer-file-name) "compile_commands.json")))
compile-commands-file
)
)
(defun activate-c-eglot ()
"Activate eglot for the c family of languages."
(when (locate-compile-commands-file)
(eglot-ensure)
(defclass my/eglot-c (eglot-lsp-server) ()
:documentation
"Own eglot server class.")
(add-to-list 'eglot-server-programs
'(c-ts-mode . (my/eglot-c "/usr/local/bin/clangd15")))
(add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
)
)
(use-package c-mode
:mode (
("\\.c\\'" . c-ts-mode)
("\\.h\\'" . c-or-c++-ts-mode)
)
:commands (c-mode c-ts-mode)
:pin manual
:ensure nil
:hook (
(c-ts-mode . (lambda ()
(activate-c-eglot)
))
)
:init
(add-to-list 'major-mode-remap-alist '(c-mode . c-ts-mode))
(add-to-list 'major-mode-remap-alist '(c++-mode . c++-ts-mode))
(add-to-list 'major-mode-remap-alist '(c-or-c++-mode . c-or-c++-ts-mode))
(add-to-list 'treesit-language-source-alist '(c "https://github.com/tree-sitter/tree-sitter-c"))
(add-to-list 'treesit-language-source-alist '(cpp "https://github.com/tree-sitter/tree-sitter-cpp"))
(unless (treesit-ready-p 'c) (treesit-install-language-grammar 'c))
(unless (treesit-ready-p 'cpp) (treesit-install-language-grammar 'cpp))
)
(provide 'lang-c)

72
ansible/roles/emacs/files/elisp/lang-javascript.el
View File

@@ -23,6 +23,52 @@
(run-command-on-buffer "jq" "--monochrome-output" ".")
)
(defun configure-typescript-language-server ()
"Configures the typescript language server."
(when-linux
;; Either initializationOptions or workspace/didChangeConfiguration works.
(setq eglot-workspace-configuration
(list (cons ':typescript '(:inlayHints (:includeInlayParameterNameHints
"all"
:includeInlayParameterNameHintsWhenArgumentMatchesName
t
:includeInlayFunctionParameterTypeHints
t
:includeInlayVariableTypeHints
t
:includeInlayVariableTypeHintsWhenTypeMatchesName
t
:includeInlayPRopertyDeclarationTypeHints
t
:includeInlayFunctionLikeReturnTypeHints
t
:includeInlayEnumMemberValueHints
t)))))
(eglot-ensure)
;; (defclass my/eglot-typescript (eglot-lsp-server) ()
;; :documentation
;; "Own eglot server class.")
;; (add-to-list 'eglot-server-programs
;; '((js-mode js-ts-mode tsx-ts-mode typescript-ts-mode typescript-mode) . (my/eglot-typescript "typescript-language-server" "--stdio" :initializationOptions (:preferences (:includeInlayParameterNameHints
;; "all"
;; :includeInlayParameterNameHintsWhenArgumentMatchesName
;; t
;; :includeInlayFunctionParameterTypeHints
;; t
;; :includeInlayVariableTypeHints
;; t
;; :includeInlayVariableTypeHintsWhenTypeMatchesName
;; t
;; :includeInlayPRopertyDeclarationTypeHints
;; t
;; :includeInlayFunctionLikeReturnTypeHints
;; t
;; :includeInlayEnumMemberValueHints
;; t)))))
)
)
(use-package tsx-ts-mode
:ensure nil
:pin manual
@@ -33,7 +79,7 @@
:hook (
(tsx-ts-mode . (lambda ()
(when-linux
(eglot-ensure)
(configure-typescript-language-server)
)
))
)
@@ -52,9 +98,7 @@
:commands (typescript-ts-mode)
:hook (
(typescript-ts-mode . (lambda ()
(when-linux
(eglot-ensure)
)
(configure-typescript-language-server)
))
)
:init
@@ -81,6 +125,12 @@
(unless (treesit-ready-p 'javascript) (treesit-install-language-grammar 'javascript))
)
(defun prettier-fmt ()
"Run prettier."
(run-command-on-buffer "prettier" "--stdin-filepath" buffer-file-name)
)
(use-package css-ts-mode
:ensure nil
:pin manual
@@ -88,9 +138,23 @@
("\\.css\\'" . css-ts-mode)
)
:commands (css-ts-mode)
:custom (css-indent-offset 2)
:init
(add-to-list 'treesit-language-source-alist '(css "https://github.com/tree-sitter/tree-sitter-css"))
(unless (treesit-ready-p 'css) (treesit-install-language-grammar 'css))
:hook (
(css-ts-mode . (lambda ()
(eglot-ensure)
(defclass my/eglot-css (eglot-lsp-server) ()
:documentation
"Own eglot server class.")
(add-to-list 'eglot-server-programs
'(css-ts-mode . (my/eglot-css "vscode-css-language-server" "--stdio")))
;; (add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
(add-hook 'before-save-hook 'prettier-fmt nil 'local)
))
)
)

12
ansible/roles/emacs/files/elisp/lang-python.el
View File

@@ -57,6 +57,7 @@
:pin manual
:hook (
(python-ts-mode . (lambda ()
(when-linux
(when (executable-find "poetry")
(add-poetry-venv-to-path)
(let ((venv (locate-venv-poetry))) (when venv
@@ -64,10 +65,19 @@
(list (cons ':python (list ':venvPath venv ':pythonPath (concat venv "/bin/python")))))
))
)
(when-linux
(eglot-ensure)
)
;; (when-freebsd
;; (eglot-ensure)
;; (defclass my/eglot-pylyzer (eglot-lsp-server) ()
;; :documentation
;; "Own eglot server class.")
;; (add-to-list 'eglot-server-programs
;; '(python-ts-mode . (my/eglot-pylyzer "pylyzer" "--server")))
;; )
(add-hook 'before-save-hook 'python-fmt nil 'local)
))
)

2
ansible/roles/emacs/files/elisp/lang-rust.el
View File

@@ -57,7 +57,7 @@
:init
(add-to-list 'major-mode-remap-alist '(rust-mode . rust-ts-mode))
(add-to-list 'treesit-language-source-alist '(rust "https://github.com/tree-sitter/tree-sitter-rust"))
(unless (treesit-ready-p 'yaml) (treesit-install-language-grammar 'rust))
(unless (treesit-ready-p 'rust) (treesit-install-language-grammar 'rust))
:config
;; Add keybindings for interacting with Cargo
(use-package cargo

17
ansible/roles/emacs/files/elisp/lang-xml.el Normal file
View File

@@ -0,0 +1,17 @@
(defun xml-fmt ()
"Run xmllint --format."
(run-command-on-buffer "xmllint" "--format" "-")
)
(use-package nxml-mode
:commands (nxml-mode)
:pin manual
:ensure nil
:hook (
(nxml-mode . (lambda ()
(add-hook 'before-save-hook 'xml-fmt nil 'local)
))
)
)
(provide 'lang-xml)

2
ansible/roles/emacs/files/elisp/util-vertico.el
View File

@@ -21,7 +21,7 @@
(vertico-count 20)
)
;; Create an ivy-like experience when selecting files.
;; Create an ido/ivy-like experience when selecting files.
(use-package vertico-directory
:after vertico
:ensure nil

4
ansible/roles/emacs/files/init.el
View File

@@ -32,4 +32,8 @@
(require 'lang-dockerfile)
(require 'lang-c)
(require 'lang-xml)
(load-directory autoload-directory)

4
ansible/roles/emacs/meta/main.yaml
View File

@@ -3,3 +3,7 @@ dependencies:
- fonts
- role: rust
when: 'emacs_flavor == "full"'
- role: python
when: 'emacs_flavor == "full"'
- role: terraform
when: 'emacs_flavor == "full"'

1
ansible/roles/emacs/tasks/common.yaml
View File

@@ -3,6 +3,7 @@
package:
name:
- aspell
- graphviz # used for exporting graphviz dot charts from org-mode
state: present
- name: Install scripts

17
ansible/roles/emacs/tasks/freebsd.yaml
View File

@@ -1,28 +1,35 @@
- name: Install packages
when: install_graphics
package:
name:
- emacs
state: present
- name: Install packages
when: not install_graphics
package:
name:
- emacs-nox
state: present
- name: Install packages
when: 'emacs_flavor == "full"'
package:
name:
- py39-pygments
- py311-pygments
- inkscape # to support SVGs in LaTeX
# - prettier # typescript formatting
- aspell
- en-aspell
- unzip # for extracting mspyls
- py39-isort
- py39-black
- py311-isort
- py311-black
- zip # for odt export from org-mode
- gnuplot # used for exporting graphs from org-mode
- graphviz # used for exporting graphviz dot charts from org-mode
# - pyright
- sqlite3 # for sqlite code blocks in org-mode
# - terraform-ls # Terraform language server
- py39-ptvsd
- py311-ptvsd
- hs-ShellCheck
# - gopls
state: present

1
ansible/roles/emacs/tasks/linux.yaml
View File

@@ -14,6 +14,7 @@
- gopls
- typescript-language-server
- shellcheck
- vscode-css-languageserver
state: present
- name: Create directories

2
ansible/roles/firefox/defaults/main.yaml
View File

@@ -1,5 +1,6 @@
firefox_config:
# identity.sync.tokenserver.uri: "https://ffsync.fizz.buzz/token/1.0/sync/1.5"
media.hardware-video-decoding.force-enabled: true
media.ffmpeg.vaapi.enabled: true
doh-rollout.doorhanger-decision: "UIDisabled"
dom.security.https_only_mode: true
@@ -11,3 +12,4 @@ firefox_config:
browser.newtabpage.activity-stream.showSponsoredTopSites: false
browser.newtabpage.activity-stream.feeds.section.topstories: false
browser.newtabpage.pinned: "[]"
browser.newtabpage.activity-stream.section.highlights.includePocket: false

27
ansible/roles/firewall/files/homeserver_pf.conf
View File

@@ -17,16 +17,34 @@ unifi_ports = "{ 8443 3478 10001 8080 1900 8843 8880 6789 5514 }"
# options
set skip on lo
# queueing
# altq on wlan0 cbq queue { def, stuff }
# queue def cbq(default borrow)
# queue stuff bandwidth 8Mb cbq { dagger }
# queue dagger cbq(borrow)
# redirections
nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 172.16.0.1 port 53
# cloak
nat pass on $ext_if inet from 10.215.2.0/24 to !10.215.2.0/24 -> (wlan0)
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.2.1 port 53 -> 1.1.1.1 port 53
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.2.1 port 53 -> 172.16.0.1 port 53
rdr pass on $ext_if inet proto tcp from $not_restricted_nat_v4 to any port 8081 -> 10.215.2.2 port 8081
nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8081 -> 10.215.2.1
# bastion
rdr pass on $ext_if inet proto tcp from { any, !10.215.1.0/24, !10.215.2.0/24 } to any port 8081 -> 10.215.1.217 port 443
nat pass on jail_nat proto {tcp, udp} from any to 10.215.1.217 port 443 -> 10.215.1.1
nat pass on restricted_nat proto {tcp, udp} from 10.215.1.217/32 to 10.215.2.2 port 8081 -> 10.215.2.1
# cloak -> olddagger
rdr pass on $ext_if inet proto tcp from $not_restricted_nat_v4 to any port 8082 -> 10.215.2.2 port 8082
nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8082 -> 10.215.2.1
# -> sftp
# TODO: Limit bandwidth for sftp
rdr pass on $ext_if inet proto tcp from $not_jail_nat_v4 to any port 8022 -> 10.215.1.216 port 22
nat pass on jail_nat proto {tcp, udp} from any to 10.215.1.216 port 22 -> 10.215.1.1
# Forward ports for unifi controller
# rdr pass on $ext_if inet proto tcp from any to any port 65022 -> 10.213.177.8 port 22
@@ -42,6 +60,7 @@ pass out on jail_nat from $jail_nat_v4
pass out on jail_nat proto {udp, tcp} from any to 10.215.1.202 port $unifi_ports
pass out on restricted_nat proto {udp, tcp} from any to 10.215.2.2 port 8081
# TODO: limit bandwidth for dagger here
pass in on restricted_nat proto {udp, tcp} from any to any port { 53 51820 }
# We pass on the interfaces listed in allow rather than skipping on

16
ansible/roles/firewall/files/odofreebsd_pf.conf
View File

@@ -5,7 +5,7 @@ not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
dns_redirect = "{ 10.193.223.1 10.213.177.1 10.215.1.1 }"
dhcp = "{ bootpc, bootps }"
allow = "{ wgf wgh drmario colo }"
#allow = "{ wgf wgh drmario colo }"
tcp_pass_in = "{ 22 }"
udp_pass_in = "{ 53 51820 }"
@@ -16,8 +16,8 @@ udp_pass_in = "{ 53 51820 }"
set skip on lo
# redirections
nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53
#nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
#rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53
# Redirect jaeger ports to virtual machine.
# nat pass on lo inet from 127.0.0.0/24 to 127.0.0.0/24 port {6831 6832 16686 14268} -> (jail_nat)
@@ -27,19 +27,19 @@ rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1
block log all
pass out on $ext_if
pass in on jail_nat
#pass in on jail_nat
# Allow traffic from my machine to the jails/virtual machines
pass out on jail_nat from $jail_nat_v4
#pass out on jail_nat from $jail_nat_v4
# We pass on the interfaces listed in allow rather than skipping on
# them because changes to pass rules will update when running a
# `service pf reload` but interfaces that we `skip` will not update (I
# forget if its from adding, removing, or both. TODO: test to figure
# it out). Also skipped interfaces are not subject to nat/rdr rules.
pass quick on $allow
#pass quick on $allow
pass on $ext_if proto icmp all
pass on $ext_if proto icmp6 all
pass in on $ext_if proto tcp to any port $tcp_pass_in
pass in on $ext_if proto udp to any port $udp_pass_in
#pass in on $ext_if proto tcp to any port $tcp_pass_in
#pass in on $ext_if proto udp to any port $udp_pass_in

2
ansible/roles/fonts/tasks/freebsd.yaml
View File

@@ -1,7 +1,7 @@
- name: Install packages
package:
name:
- sourcecodepro-ttf
- source-code-pro-ttf
- source-sans-ttf
- cascadia-code
- noto

2
ansible/roles/framework_laptop/files/disable_sp5100_watchdog_modprobe.conf Normal file
View File

@@ -0,0 +1,2 @@
# Disable the hardware watchdog inside AMD 700 chipset series for power savings.
blacklist sp5100_tco

10
ansible/roles/framework_laptop/files/gpe10-boot.service Normal file
View File

@@ -0,0 +1,10 @@
[Unit]
Description=Disable gpe10 interrupt on boot
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/sh -c "echo disable > /sys/firmware/acpi/interrupts/gpe10"
[Install]
WantedBy=multi-user.target

13
ansible/roles/framework_laptop/files/gpe10-sleep.service Normal file
View File

@@ -0,0 +1,13 @@
[Unit]
Description=Enable gpe10 interrupt for sleep
Before=sleep.target
StopWhenUnneeded=true
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/sh -c "echo enable > /sys/firmware/acpi/interrupts/gpe10"
ExecStop=/bin/sh -c "echo disable > /sys/firmware/acpi/interrupts/gpe10"
[Install]
WantedBy=sleep.target

5
ansible/roles/framework_laptop/files/iwlwifi_modprobe.conf Normal file
View File

@@ -0,0 +1,5 @@
options iwlwifi power_save=1
options iwlwifi uapsd_disable=0
options iwlmvm power_scheme=3

2
ansible/roles/framework_laptop/files/screen_brightness_tmpfiles.conf Normal file
View File

@@ -0,0 +1,2 @@
# Set screen brightness. Ever since enabling adaptive brightness management, my brightness ends up sinking lower on re-boots (I suspect it is saving the actual brightness rather than the set brightness). This forces the brightness back to the level I prefer.
w- /sys/class/backlight/amdgpu_bl0/brightness - - - - 85

2
ansible/roles/framework_laptop/files/snd_hda_intel_modprobe.conf Normal file
View File

@@ -0,0 +1,2 @@
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1

58
ansible/roles/framework_laptop/tasks/linux.yaml
View File

@@ -7,3 +7,61 @@
daemon_reload: yes
loop:
- systemd-udev-settle.service
- name: Install tmpfiles.d configuration
when: hwpstate is defined and hwpstate and cores is defined
copy:
src: "files/{{ item }}_tmpfiles.conf"
dest: "/etc/tmpfiles.d/{{ item }}.conf"
mode: 0644
owner: root
group: wheel
loop:
- screen_brightness
- name: Install module config
copy:
src: "files/{{ item }}_modprobe.conf"
dest: "/etc/modprobe.d/{{ item }}.conf"
mode: 0644
owner: root
group: wheel
loop:
- iwlwifi
- snd_hda_intel
- disable_sp5100_watchdog
- name: Configure kernel command line
zfs:
name: "zroot/linux"
state: present
extra_zfs_properties:
# amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction.
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
# amd_pstate=passive :: Fully automated hardware pstate control.
# amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
"org.zfsbootmenu:commandline": "rw quiet amdgpu.abmlevel=3 pcie_aspm=force pcie_aspm.policy=powersupersave nowatchdog"
- name: Install Configuration
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0600
owner: root
group: wheel
loop:
- src: gpe10-boot.service
dest: /etc/systemd/system/gpe10-boot.service
- src: gpe10-sleep.service
dest: /etc/systemd/system/gpe10-sleep.service
- name: Enable services
systemd:
enabled: yes
name: "{{ item }}"
daemon_reload: yes
loop:
- gpe10-boot.service
- gpe10-sleep.service

130
ansible/roles/freebsd_update_server/files/build_release.bash
View File

@@ -1,130 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${DATA_DIRECTORY:="/usr/local/share/freebsdupdate"}
: ${STAGE_FILE:="${DATA_DIRECTORY}/stage"}
: ${RELEASE_DIRECTORY:="${DATA_DIRECTORY}/release"}
: ${LOG_DIRECTORY:="${DATA_DIRECTORY}/logs"}
: ${PORTS_TREE:="/usr/ports"}
: ${PORTS_REPO:="https://git.FreeBSD.org/ports.git"}
############## Setup #########################
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function log {
(>&2 echo "${@}")
}
############## Program #########################
function main {
assert_directories
local stage=""
if [ -e "$STAGE_FILE" ]; then
local stage=$(cat "$STAGE_FILE")
fi
if [ "$stage" = "selfbuild" ]; then
log_cmd stage_selfbuild
elif [ "$stage" = "selfinstallworld" ]; then
log_cmd stage_selfinstallworld
elif [ "$stage" = "selfconflictcheck" ]; then
log_cmd stage_selfconflictcheck
elif [ "$stage" = "releasebuild" ]; then
log_cmd stage_releasebuild
elif [ "$stage" = "done" ]; then
log_cmd stage_done
else
die 1 "Unhandled stage: \"$stage\"."
fi
}
function log_cmd {
"${@}" |& tee "$LOG_DIRECTORY/$(date +%Y%m%d-%s).log"
}
function self_conflict_check {
if etcupdate status | grep -qE '^ C '; then
die 1 'Conflicts remain in etcupdate. Run `etcupdate resolve` to fix them first.'
fi
}
function assert_directories {
for d in "$DATA_DIRECTORY" "$RELEASE_DIRECTORY" "$LOG_DIRECTORY"; do
if [ ! -e "$d" ]; then
mkdir -p "$d"
fi
done
}
function update_ports_tree {
if [ ! -e "$PORTS_TREE" ]; then
mkdir -p $PORTS_TREE
git -C $PORTS_TREE init --initial-branch=main
git -C $PORTS_TREE remote add origin $PORTS_REPO
fi
git -C $PORTS_TREE fetch origin main # 'refs/heads/main'
git -C $PORTS_TREE checkout FETCH_HEAD
}
function set_stage {
echo "${@}" > "$STAGE_FILE"
}
function stage_selfbuild {
self_conflict_check
assert_directories
update_ports_tree
SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src clean
SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src buildworld buildkernel
SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src installkernel
set_stage "selfinstallworld"
/sbin/shutdown -r now
}
function stage_selfinstallworld {
etcupdate -p
SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src installworld
etcupdate -B
set_stage "selfconflictcheck"
stage_selfconflictcheck
}
function stage_selfconflictcheck {
self_conflict_check
set_stage "releasebuild"
/sbin/shutdown -r now
}
function stage_releasebuild {
local today=$(date +%Y%m%d)
local target_directory="${RELEASE_DIRECTORY}/${today}"
if [ -e "$target_directory" ]; then
die 1 "The release directory $target_directory already exists. Exiting."
fi
SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src clean
make -C /usr/src buildworld buildkernel
make -C /usr/src/release obj
make -C /usr/src/release release
mkdir -p "$target_directory"
make -C /usr/src/release install DESTDIR="$target_directory"
set_stage "done"
}
function stage_done {
log "Everything is done."
}
main "${@}"

120
ansible/roles/freebsd_update_server/files/release.conf
View File

@@ -1,120 +0,0 @@
#!/bin/sh
#
## Redefine environment variables here to override prototypes
## defined in release.sh.
#load_chroot_env() { }
#load_target_env() { }
#buildenv_setup() { }
## Set the directory within which the release will be built.
CHROOTDIR="/scratch"
## Do not explicitly require the devel/git port to be installed.
#NOGIT=1
## Set the version control system host.
GITROOT="https://git.freebsd.org/"
GITSRC="src.git"
GITPORTS="ports.git"
## Set the src/, ports/, and doc/ branches or tags.
#SRCBRANCH="stable/13"
SRCBRANCH="main"
PORTBRANCH="main"
## Sample configuration for using git from ports.
#GITCMD="/usr/local/bin/git clone -q --branch main"
## Set to override the default target architecture.
#TARGET="amd64"
#TARGET_ARCH="amd64"
#KERNEL="GENERIC"
KERNEL="GENERIC-NODEBUG"
## Multiple kernels may be set.
#KERNEL="GENERIC XENHVM"
## Set to specify a custom make.conf and/or src.conf
#MAKE_CONF="/etc/local/make.conf"
MAKE_CONF="/etc/make.conf"
#SRC_CONF="/etc/local/src.conf"
SRC_CONF="/etc/src.conf"
## Set to use make(1) flags.
#MAKE_FLAGS="-s"
## Set to use world- and kernel-specific make(1) flags.
#WORLD_FLAGS="-j $(sysctl -n hw.ncpu)"
#KERNEL_FLAGS="-j $(( $(( $(sysctl -n hw.ncpu) + 1 )) / 2 ))"
## Set miscellaneous 'make release' settings.
#NOPORTS=
#NOSRC=
#WITH_DVD=
#WITH_COMPRESSED_IMAGES=
## Set to '1' to disable multi-threaded xz(1) compression.
#XZ_THREADS=0
## Set when building embedded images.
#EMBEDDEDBUILD=
## Set to a list of ports required to build embedded system-on-chip
## images, such as sysutils/u-boot-rpi.
#EMBEDDEDPORTS=
## Set to the hardware platform of the target userland. This value
## is passed to make(1) to set the TARGET (value of uname -m) to cross
## build.
#EMBEDDED_TARGET=
## Set to the machine processor architecture of the target userland.
## This value is passed to make(1) to set the TARGET_ARCH (value of uname -p)
## to cross build.
#EMBEDDED_TARGET_ARCH=
## Set to skip the chroot environment buildworld/installworld/distribution
## step if it is expected the build environment will exist via alternate
## means.
#CHROOTBUILD_SKIP=
## Set to a non-empty value skip checkout or update of /usr/src in
## the chroot. This is intended for use when /usr/src already exists.
#SRC_UPDATE_SKIP=
## Set to a non-empty value skip checkout or update of /usr/ports in
## the chroot. This is intended for use when /usr/ports already exists.
#PORTS_UPDATE_SKIP=
## Set to pass additional flags to make(1) for the build chroot setup, such
## as TARGET/TARGET_ARCH.
#CHROOT_MAKEENV=
## Set to a non-empty value to build virtual machine images as part of the
## release build.
#WITH_VMIMAGES=
## Set to a non-empty value to compress virtual machine images with xz(1)
## as part of the release build.
#WITH_COMPRESSED_VMIMAGES=
## If WITH_VMIMAGES is set to a non-empty value, this is the name of the
## file to use for the installed userland/kernel.
#VMBASE="vm"
## If WITH_VMIMAGES is set to a non-empty value, this is the size of the
## virtual machine disk filesystem. Valid size values are described in
## the makefs(8) manual page.
#VMSIZE="20g"
## If WITH_VMIMAGES is set to a non-empty value, this is a list of disk
## image formats to create. Valid values are listed in the mkimg(1)
## manual page, as well as 'mkimg --formats' output.
#VMFORMATS="vhdf vmdk qcow2 raw"
## Set to a non-empty value to build virtual machine images for various
## cloud providers as part of the release build.
#WITH_CLOUDWARE=
## If WITH_CLOUDWARE is set to a non-empty value, this is a list of providers
## to create disk images.
#CLOUDWARE="EC2 GCE VAGRANT-VIRTUALBOX VAGRANT-VMWARE"

5
ansible/roles/freebsd_update_server/tasks/common.yaml
View File

@@ -1,5 +0,0 @@
- import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd" and build_user is defined'
- import_tasks: tasks/linux.yaml
when: 'os_flavor == "linux"'

50
ansible/roles/freebsd_update_server/tasks/freebsd.yaml
View File

@@ -1,50 +0,0 @@
- name: Install packages
package:
name:
- git
- tmux # For convenience
- htop # For convenience
- bash
state: present
- name: Create directories
file:
name: "{{ item }}"
state: directory
mode: 0755
owner: "{{ build_user.name }}"
group: "{{ build_user.group }}"
loop:
- /opt/freebsd_update_server
- name: Clone freebsd-update-build
git:
repo: "https://github.com/freebsd/freebsd-update-build.git"
dest: /opt/freebsd_update_server/freebsd-update-build
version: "28bb3ae7de9c1332fe8a366fb154a5b9faf37f49"
force: true
become: true
become_user: "{{ build_user.name }}"
diff: false
- name: Install Configuration
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0600
owner: "{{ build_user.name }}"
group: "{{ build_user.group }}"
loop:
- src: release.conf
dest: /opt/freebsd_update_server/release.conf
- name: Install scripts
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0755
owner: root
group: wheel
loop:
- src: build_release.bash
dest: /usr/local/bin/build_release

14
ansible/roles/google_cloud_sdk/files/google_logging_link.py Executable file
View File

@@ -0,0 +1,14 @@
#!/usr/bin/env python
#
# Generate a link to google cloud logging by passing in a logging query.
import sys
import urllib.parse
def main():
query = "\n".join([line.strip() for line in sys.stdin.readlines()])
query = urllib.parse.quote(query)
query = query + "?project=project-id-here"
print(query)
if __name__ == "__main__":
main()

11
ansible/roles/google_cloud_sdk/tasks/common.yaml
View File

@@ -1,3 +1,14 @@
- name: Install scripts
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0755
owner: root
group: wheel
loop:
- src: google_logging_link.py
dest: /usr/local/bin/google_logging_link
- import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"'

27
ansible/roles/gpg/files/gpg_work.asc Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
0H+RsWG0LVRob21hcyBBbGV4YW5kZXIgPFRob21hc0EuQWxleGFuZGVyQGhtaG4u
b3JnPoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAmULicsCGwMFCwkI
BwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhFXBsUtQD9GWPdWc/nSmO0Gp7p
DzxrieliriAnO+ZCHp31mFbMtToBAPxPYN9y4kgSiXhLiFLoRK5k5FCspksTSitg
0CbXDE4LuDgEXZwWGhIKKwYBBAGXVQEFAQEHQK202EIAwTBuxARUygOvn+AloMJd
ui39m+nMghn1MNo+AwEIB4h4BBgWCAAgFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsF
Al2cFhoCGwwACgkQJ95A2bhFXBtNzAEAq5I6xPjIbb23xmhxh5cM/UJxdGedfWMy
vF6/JtDvtPUBAPQRQn5AMwTOA+CSnliYf7ZjfVOlHscy60XWPlvXLoAJuDMEXZwW
yhYJKwYBBAHaRw8BAQdAPyIL4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI
9QQYFggAJgIbAhYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2
IAQZFggAHRYhBIHmRDmWdVAusSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7e
jJ4A/iq7N2mMhx+ovOXm1REoASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZ
Luka/KVB/etkkJvDzvaTtiQQQG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/
EZ3/d8wxfA9E3Fb/1mt4c2ZrNnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/
duA4lwsLuDMEXZwXARYJKwYBBAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+
UiQb8x0k1z2DmTKIfgQYFggAJgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJl
C4ZwBQkLMdZgAAoJECfeQNm4RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SB
PG4VvrCzXrmlAP46wUjIRpkMrTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2c
FygSCisGAQQBl1UBBQEBB0AO0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWI
EgMBCAeIfgQYFggAJgIbDBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkL
MdY5AAoJECfeQNm4RVwbXscA/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcW
d5t8APwIwcuFVZZA3yayhIxi3aqYpMRxpn2t6Nswax1MIM8DBQ==
=0HtE
-----END PGP PUBLIC KEY BLOCK-----

2
ansible/roles/gpg/tasks/peruser.yaml
View File

@@ -43,7 +43,7 @@
command: gpg --import
when: '"cv25519/B0B50C7FDDE009E5" not in gpgkeys.stdout'
args:
stdin: "{{ lookup('file', 'gpg.asc') }}"
stdin: "{{ lookup('file', pgp_key|default('gpg.asc')) }}"
- import_tasks: tasks/peruser_freebsd.yaml
when: 'os_flavor == "freebsd"'

1
ansible/roles/graphics/files/amd_adaptive_backlight_management_loader.conf Normal file
View File

@@ -0,0 +1 @@
hw.amdgpu.abmlevel=3

1
ansible/roles/graphics/files/amd_kld_rc.conf Normal file
View File

@@ -0,0 +1 @@
kld_list="/boot/modules/amdgpu.ko"

33
ansible/roles/graphics/tasks/freebsd_amd.yaml Normal file
View File

@@ -0,0 +1,33 @@
- name: Install packages
package:
name:
- drm-kmod
- vulkan-loader
- libva-utils # for vainfo
- vdpauinfo # for vdpauinfo
- libvdpau-va-gl # vdpau support
- mesa-gallium-va # Accelerated video decoding
- mesa-gallium-vdpau # Accelerated video decoding
- radeontop
- vulkan-tools # For vulkaninfo
state: present
- name: Install loader.conf
copy:
src: "files/{{ item }}_loader.conf"
dest: "/boot/loader.conf.d/{{ item }}.conf"
mode: 0644
owner: root
group: wheel
loop:
- amd_adaptive_backlight_management
- name: Install service configuration
copy:
src: "files/amd_{{ item }}_rc.conf"
dest: "/etc/rc.conf.d/{{ item }}"
mode: 0644
owner: root
group: wheel
loop:
- kld

21
ansible/roles/graphics/tasks/linux_amd.yaml Normal file
View File

@@ -0,0 +1,21 @@
# TODO: Should I enable APM?
- name: Install packages
package:
name:
- linux-firmware # Arch wiki claims this is needed to boot
- mesa
- lib32-mesa
- vulkan-radeon
- lib32-vulkan-radeon
- libva-mesa-driver # Accelerated video decoding
- lib32-libva-mesa-driver # Accelerated video decoding
- mesa-vdpau # Accelerated video decoding
- lib32-mesa-vdpau # Accelerated video decoding
- vulkan-icd-loader
- lib32-vulkan-icd-loader
- libva-utils # for vainfo
- vdpauinfo # for vdpauinfo
- vulkan-tools # For vulkaninfo
- radeontop
- nvtop
state: present

Some files were not shown because too many files have changed in this diff Show More