Still not working.

The latest nixpkgs does not support overriding the name so I am removing it now for compatibility.

.gitattributes

@@ -1,3 +1,5 @@
 cargo_credentials.toml filter=git-crypt diff=git-crypt
 **/wireguard_configs/** filter=git-crypt diff=git-crypt
 *.key filter=git-crypt diff=git-crypt
+credentials filter=git-crypt diff=git-crypt
+htpasswd filter=git-crypt diff=git-crypt

ansible/environments/colo/host_vars/mrmanager

@@ -15,12 +15,13 @@ pflog_conf:
   - name: 0
     dev: pflog0
 cputype: "amd"
+hwpstate: true
 etc_hosts: {}
 wireguard_directory: mrmanager
 enabled_wireguard:
   - colo
 jail_zfs_dataset: zdata/jail
-jail_zfs_dataset_mountpoint: /jail/main
+jail_zfs_dataset_mountpoint: /jail
 jail_canmount: "on"
 jail_list:
   - name: nat_dhcp

ansible/environments/home/host_vars/homeserver

@@ -1,9 +1,32 @@
 os_flavor: "freebsd"
+custom_repo: "https://freebsdpkg.fizz.buzz/repo/14broadwell-default-computer"
+pkgbase_url: "https://freebsdpkg.fizz.buzz/pkgbase/14broadwell-repo/FreeBSD:14:amd64/latest"
 zfs_snapshot_datasets:
   - path: zroot/freebsd/computer/be
   - path: zmass/encrypted/vm
+  - path: zmass/encrypted/data
+users:
+  talexander:
+    initialize: true
+    uid: 11235
+    gid: 11235
+    groups:
+      - name: wheel
+      - name: video
+      - name: u2f
+      - name: operator # To be able to shutdown without root
+      - name: webcamd
+        gid: 145
+    authorized_keys:
+      - yubikey
+      - main_fido
+      - backup_fido
+      - homeassistant
+    gitconfig: "gitconfig_home"
 sshd_enabled: true
 sshd_conf: "sshd_config"
+prefer_ipv6: true
+dummynet_config: "dnctl.conf"
 pf_config: "homeserver_pf.conf"
 pflog_conf:
   - name: 0
@@ -11,15 +34,11 @@ pflog_conf:
 network_rc: "homeserver_network.conf"
 rc_conf: "homeserver_rc.conf"
 loader_conf: "homeserver_loader.conf"
-netgraph_config: "setup_netgraph_homeserver"
 cputype: "intel"
-cpu_opt: broadwell
 hwpstate: false
-build_user:
-  name: talexander
-  group: talexander
+devfs_rules: "homeserver_devfs.rules"
 jail_zfs_dataset: zmass/encrypted/jails
-jail_zfs_dataset_mountpoint: /jail/main
+jail_zfs_dataset_mountpoint: /jail
 jail_canmount: "on"
 jail_bemount: "on"
 jail_list:
@@ -34,16 +53,41 @@ jail_list:
   - name: dagger
     conf:
       src: dagger
-  - name: mumble
+  - name: olddagger
     conf:
-      src: mumble
-    persist:
-      - name: mumbledb
-        mount: /var/db/murmur
+      src: olddagger
+  - name: sftp
+    conf:
+      src: sftp
+    fstab: sftp_fstab
+  - name: bastion
+    conf:
+      src: bastion
+    fstab: fstab_bastion
+  - name: certificate
+    conf:
+      src: certificate
+  - name: momlaptop
+    conf:
+      src: momlaptop
+  # - name: mumble
+  #   conf:
+  #     src: mumble
+  #   persist:
+  #     - name: mumbledb
+  #       mount: /var/db/murmur
 bhyve_dataset: zmass/encrypted/vm
-bhyve_list: []
-bhyve_canmount: "on"
+# Disable mounting bhyve dataset so it doesn't hide the unencrypted linfi vm
+bhyve_canmount: "off"
+bhyve_mountpoint: "none"
 bhyve_bemount: "on"
 wireguard_directory: homeserver
 enabled_wireguard:
   - wgh
+linfi:
+  enabled: true
+  zfs_dataset: zmass/unencrypted/vm/linfi
+  zfs_mountpoint: /vm/linfi
+  driver_blocklist: "ath if_ath if_ath_pci ath_hal if_iwm if_iwlwifi"
+  pci_blocklist: "6/0/0"
+  amd: false

ansible/environments/home/hosts

@@ -1,2 +1,2 @@
 [headless]
-homeserver ansible_user=talexander ansible_host=10.216.1.1
+homeserver ansible_user=talexander ansible_host=homeserver

ansible/environments/jail/host_vars/bastion

@@ -0,0 +1 @@
+os_flavor: freebsd

ansible/environments/jail/host_vars/certificate

@@ -0,0 +1 @@
+os_flavor: freebsd

ansible/environments/jail/host_vars/momlaptop

@@ -0,0 +1 @@
+os_flavor: freebsd

ansible/environments/jail/host_vars/sftp

@@ -0,0 +1,6 @@
+os_flavor: "freebsd"
+users:
+  nochainstounlock:
+    initialize: true
+    uid: 11235
+    gid: 11235

ansible/environments/jail/hosts

@@ -1,7 +1,11 @@
 [jail]
 nat_dhcp ansible_connection=jail
-homeserver_nat_dhcp ansible_ssh_host=nat_dhcp@172.16.16.2 ansible_connection=sshjail
+homeserver_nat_dhcp ansible_ssh_host=nat_dhcp@homeserver ansible_connection=sshjail
 mrmanager_nat_dhcp ansible_ssh_host=nat_dhcp@10.217.2.1 ansible_connection=sshjail
 nat_dhcp@172.16.16.2 ansible_connection=sshjail
 admin_git ansible_ssh_host=admin_git@10.217.2.1 ansible_connection=sshjail
 public_dns ansible_ssh_host=public_dns@10.217.2.1 ansible_connection=sshjail
+sftp ansible_ssh_host=sftp@homeserver ansible_connection=sshjail
+bastion ansible_ssh_host=bastion@homeserver ansible_connection=sshjail
+certificate ansible_ssh_host=certificate@homeserver ansible_connection=sshjail
+momlaptop ansible_ssh_host=momlaptop@homeserver ansible_connection=sshjail

ansible/environments/laptop/group_vars/all

@@ -1,3 +1,28 @@
 timezone: "America/New_York"
 install_bluetooth: true
 emacs_flavor: "full"
+ssh_hosts:
+  - name: poudriere
+    proxy_jump: talexander@mrmanager
+    host_name: 10.215.1.203
+  - name: controller0
+    proxy_jump: talexander@mrmanager
+    host_name: 10.215.1.204
+  - name: controller1
+    proxy_jump: talexander@mrmanager
+    host_name: 10.215.1.205
+  - name: controller2
+    proxy_jump: talexander@mrmanager
+    host_name: 10.215.1.206
+  - name: worker0
+    proxy_jump: talexander@mrmanager
+    host_name: 10.215.1.207
+  - name: worker1
+    proxy_jump: talexander@mrmanager
+    host_name: 10.215.1.208
+  - name: worker2
+    proxy_jump: talexander@mrmanager
+    host_name: 10.215.1.209
+  - name: brianai
+    proxy_jump: talexander@mrmanager
+    host_name: 10.215.1.215

ansible/environments/laptop/host_vars/odofreebsd

@@ -1,25 +1,25 @@
 os_flavor: "freebsd"
-custom_repo: 13amd64-default-framework
+custom_repo: "https://freebsdpkg.fizz.buzz/repo/currentznver4-default-framework"
+pkgbase_url: "https://freebsdpkg.fizz.buzz/pkgbase/currentznver4-repo/FreeBSD:15:amd64/latest"
 zfs_snapshot_datasets:
-  - path: zroot/freebsd/release/be/default
+  - path: zroot/freebsd/current/be/default
 sshd_enabled: true
 sshd_conf: "sshd_config"
 pf_config: "odofreebsd_pf.conf"
 pflog_conf:
-  - name: 0
-    dev: pflog0
+ - name: 0
+   dev: pflog0
+prefer_ipv6: true
+dummynet_config: "dnctl.conf"
 network_rc: "odofreebsd_network.conf"
 rc_conf: "odofreebsd_rc.conf"
 loader_conf: "odofreebsd_loader.conf"
 install_graphics: true
-graphics_driver: "intel"
-cputype: "intel"
-cpu_opt: tigerlake
+graphics_driver: "amd"
+cputype: "amd"
 hwpstate: true
-cores: 8
-build_user:
-  name: talexander
-  group: talexander
+cores: 16
+sound_system: "oss"
 users:
   talexander:
     initialize: true
@@ -31,6 +31,8 @@ users:
       - name: u2f
       - name: operator # To be able to shutdown without root
       - name: webcamd
+        gid: 145
+      - name: realtime
     authorized_keys:
       - yubikey
       - main_fido
@@ -38,16 +40,18 @@ users:
       - homeassistant
     gitconfig: "gitconfig_home"
 devfs_rules: "odo_devfs.rules"
-jail_zfs_dataset: zroot/freebsd/release/jails
-jail_zfs_dataset_mountpoint: /jail/main
+jail_zfs_dataset: zroot/freebsd/current/jails
+jail_zfs_dataset_mountpoint: /jail
+jail_canmount: "on"
 jail_list:
   - name: nat_dhcp
     enabled: true
     conf:
       src: nat_dhcp
-bhyve_dataset: zroot/freebsd/release/vm
-bhyve_list: []
-efi_dev: /dev/gpt/EFI
+bhyve_dataset: zroot/freebsd/current/vm
+bhyve_bemount: off
+# efi_dev: /dev/gpt/EFI
+efi_dev: /dev/diskid/DISK-SJB7N717610407Q0Hp1
 sway_conf_files:
   - launch_gpg
 wireguard_directory: odo
@@ -55,3 +59,10 @@ enabled_wireguard:
   - wgh
   - drmario
   - colo
+linfi:
+  enabled: true
+  zfs_dataset: zroot/freebsd/current/vm/linfi
+  zfs_mountpoint: /vm/linfi
+  driver_blocklist: "if_iwm if_iwlwifi"
+  pci_blocklist: "1/0/0"
+  amd: true

ansible/environments/laptop/host_vars/odolinux

@@ -16,12 +16,13 @@ users:
       - backup_fido
       - homeassistant
     gitconfig: "gitconfig_home"
+periodic_scrub_pools: [zroot]
 zfs_snapshot_datasets:
   # - zroot/linux/archmain/home
   - path: zroot/linux/archmain/be
   - path: zroot/data/bridge/family_disks
 install_graphics: true
-graphics_driver: "intel"
+graphics_driver: "amd"
 build_user:
   name: talexander
   group: talexander
@@ -30,10 +31,9 @@ enabled_wireguard:
   - wgh
   - drmario
   - colo
-cputype: "intel"
+cputype: "amd"
 hwpstate: true
-cores: 8
+cores: 16
 sway_conf_files:
   - rofimoji
 docker_storage_driver: overlay2 # alternatively zfs
-docker_zfs_dataset: zroot/linux/archmain/docker

ansible/environments/laptop/host_vars/odowork

@@ -0,0 +1,37 @@
+os_flavor: "linux"
+hostname: odowork
+etc_hosts: {}
+users:
+  talexander:
+    initialize: true
+    uid: 11235
+    gid: 1000
+    groups:
+      - name: wheel
+      - name: users
+      - name: docker
+      - name: libvirt
+      - name: uucp
+    authorized_keys:
+      - yubikey
+      - main_fido
+      - backup_fido
+    gitconfig: "gitconfig_work"
+periodic_scrub_pools: [zroot]
+zfs_snapshot_datasets:
+  - path: zroot/linux/archwork/be
+install_graphics: true
+graphics_driver: "amd"
+pgp_key: "gpg_work.asc"
+build_user:
+  name: talexander
+  group: talexander
+# wireguard_directory: odowork
+# enabled_wireguard: []
+cputype: "amd"
+hwpstate: true
+cores: 16
+sway_conf_files:
+  - rofimoji
+docker_storage_driver: overlay2 # alternatively zfs
+closed_source_vscode: true

ansible/environments/laptop/hosts

@@ -1,3 +1,4 @@
 [gui]
 odolinux ansible_connection=local ansible_host=127.0.0.1
 odofreebsd ansible_connection=local ansible_host=127.0.0.1
+odowork ansible_connection=local ansible_host=127.0.0.1

ansible/environments/vm/host_vars/freebsdupdatemrmanager

@@ -1,5 +0,0 @@
-os_flavor: "freebsd"
-cpu_opt: tigerlake
-build_user:
-  name: root
-  group: wheel

ansible/environments/vm/host_vars/poudrieremrmanager

@@ -1,13 +1,30 @@
 os_flavor: "freebsd"
+sshd_enabled: true
+custom_repo: "file:///usr/local/poudriere/data/packages/currentznver4-default-framework"
+pkgbase_url: "file:///usr/local/poudriere/data/images/currentznver4-repo/FreeBSD:15:amd64/latest"
 poudriere_builds:
-  - jail: 13amd64
-    ports: default
-    set: framework
-    version: 13.2-RELEASE
-  # - jail: current
+  # - jail: 13amd64
   #   ports: default
   #   set: framework
-  #   version: CURRENT
-  #   revision: af01b4722577903f91acc44f01bdcb8cdb2d65ad
-  #   kernel: CUSTOM
-  #   branch: main
+  #   version: 13.2-RELEASE
+  - jail: currentznver4
+    ports: default
+    set: framework
+    version: CURRENT
+    # revision: 66d37dbedfbf2dc94ccf49e6983c3652d5909b91
+    kernel: CUSTOM
+    branch: main
+    srcconf: currentznver4_src.conf
+  # - jail: 14broadwell
+  #   ports: default
+  #   set: computer
+  #   version: 14.0-RELEASE
+  #   kernel: GENERIC
+  #   srcconf: 14broadwell_src.conf
+  - jail: 14broadwell
+    ports: default
+    set: computer
+    version: CURRENT
+    kernel: CUSTOM
+    branch: releng/14.1
+    srcconf: 14broadwell_src.conf

ansible/environments/vm/hosts

@@ -1,13 +1,8 @@
 [vm]
 poudriereodo ansible_user=builder ansible_host=10.213.177.12
 poudrieremrmanager ansible_user=root ansible_host=poudriere
-freebsdupdatemrmanager ansible_user=root ansible_host=freebsdupdate
 #
 # Put in ~/.ssh/config
 #    Host poudriere
 #       ProxyJump talexander@mrmanager
 #       HostName 10.215.1.203
-#
-#    Host freebsdupdate
-#       ProxyJump talexander@mrmanager
-#       HostName 10.215.1.213

ansible/playbook.yaml

@@ -27,6 +27,7 @@
     - sway
     - emacs
     - firefox
+    - chromium
     - devfs
     - ssh_client
     - sshfs
@@ -42,9 +43,9 @@
     - ansible
     - wireguard
     - portshaker
-    - poudriere
     - android
     - latex
+    - python
     - pyenv
     - webcam
     - docker
@@ -52,6 +53,9 @@
     - javascript
     - launch_keyboard
     - lvfs
+    - restaurant_health_rating
+    - wasm
+    - noise_suppression
 
 - hosts: nat_dhcp:homeserver_nat_dhcp:mrmanager_nat_dhcp
   vars:
@@ -64,11 +68,15 @@
     ansible_become: True
   roles:
     - sudo # for poudboot script
+    - doas
     - fstab
+    - package_manager
+    - zsh
+    - termcap
+    - sshd
     - portshaker
     - poudriere
     - poudrierenginx
-    - freebsd_update_server
 
 - hosts: mrmanager
   vars:
@@ -114,24 +122,47 @@
     - users
     - public_dns
 
-- hosts: odolinux:odofreebsd
+- hosts: odolinux:odofreebsd:odowork
   vars:
     ansible_become: True
   roles:
+    - linfi
     - framework_laptop
 
-- hosts: odofreebsd
+- hosts: homeserver
   vars:
     ansible_become: True
   roles:
-    - freebsd_update_server
+    - linfi
+    - homeserver
 
-- hosts: freebsdupdatemrmanager
+- hosts: odowork
   vars:
     ansible_become: True
   roles:
-    - sudo # for poudboot script
-    - doas
-    - fstab
-    - build
-    - freebsd_update_server
+    - odowork
+
+- hosts: sftp
+  vars:
+    ansible_become: True
+  roles:
+    - users
+    - sftp
+
+- hosts: bastion
+  vars:
+    ansible_become: True
+  roles:
+    - jail_bastion
+
+- hosts: certificate
+  vars:
+    ansible_become: True
+  roles:
+    - jail_certificate
+
+- hosts: momlaptop
+  vars:
+    ansible_become: True
+  roles:
+    - jail_momlaptop

ansible/roles/alacritty/files/alacritty.toml

@@ -0,0 +1,44 @@
+[colors]
+draw_bold_text_with_bright_colors = true
+indexed_colors = []
+
+[colors.bright]
+black = "0x666666"
+blue = "0x7aa6da"
+cyan = "0x54ced6"
+green = "0x9ec400"
+magenta = "0xb77ee0"
+red = "0xff3334"
+white = "0xffffff"
+yellow = "0xe7c547"
+
+[colors.normal]
+black = "0x000000"
+blue = "0x7aa6da"
+cyan = "0x70c0ba"
+green = "0xb9ca4a"
+magenta = "0xc397d8"
+red = "0xd54e53"
+white = "0xeaeaea"
+yellow = "0xe6c547"
+
+[colors.primary]
+background = "0x000000"
+foreground = "0xeaeaea"
+
+[font]
+size = 11.0
+
+[[hints.enabled]]
+command = "xdg-open"
+post_processing = true
+regex = "(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\u0000-\u001F\u007F-Ÿ<>\"\\s{-}\\^⟨⟩`]+"
+
+[hints.enabled.mouse]
+enabled = false
+mods = "None"
+
+[scrolling]
+history = 10000
+# Lines moved per scroll.
+multiplier = 3

ansible/roles/alacritty/files/alacritty.yml

@@ -1,103 +0,0 @@
-# If `true`, bold text is drawn using the bright color variants.
-draw_bold_text_with_bright_colors: true
-
-colors:
-  # Default colors
-  primary:
-    background: "0x000000"
-    foreground: "0xeaeaea"
-
-    # Bright and dim foreground colors
-    #
-    # The dimmed foreground color is calculated automatically if it is not present.
-    # If the bright foreground color is not set, or `draw_bold_text_with_bright_colors`
-    # is `false`, the normal foreground color will be used.
-    #dim_foreground: '0x9a9a9a'
-    #bright_foreground: '0xffffff'
-
-  # Cursor colors
-  #
-  # Colors which should be used to draw the terminal cursor. If these are unset,
-  # the cursor color will be the inverse of the cell color.
-  #cursor:
-  #  text: '0x000000'
-  #  cursor: '0xffffff'
-
-  # Selection colors
-  #
-  # Colors which should be used to draw the selection area. If selection
-  # background is unset, selection color will be the inverse of the cell colors.
-  # If only text is unset the cell text color will remain the same.
-  #selection:
-  #  text: '0xeaeaea'
-  #  background: '0x404040'
-
-  # Normal colors
-  normal:
-    black: "0x000000"
-    red: "0xd54e53"
-    green: "0xb9ca4a"
-    yellow: "0xe6c547"
-    blue: "0x7aa6da"
-    magenta: "0xc397d8"
-    cyan: "0x70c0ba"
-    white: "0xeaeaea"
-
-  # Bright colors
-  bright:
-    black: "0x666666"
-    red: "0xff3334"
-    green: "0x9ec400"
-    yellow: "0xe7c547"
-    blue: "0x7aa6da"
-    magenta: "0xb77ee0"
-    cyan: "0x54ced6"
-    white: "0xffffff"
-
-  # Dim colors
-  #
-  # If the dim colors are not set, they will be calculated automatically based
-  # on the `normal` colors.
-  #dim:
-  #  black:   '0x000000'
-  #  red:     '0x8c3336'
-  #  green:   '0x7a8530'
-  #  yellow:  '0x97822e'
-  #  blue:    '0x506d8f'
-  #  magenta: '0x80638e'
-  #  cyan:    '0x497e7a'
-  #  white:   '0x9a9a9a'
-
-  # Indexed Colors
-  #
-  # The indexed colors include all colors from 16 to 256.
-  # When these are not set, they're filled with sensible defaults.
-  #
-  # Example:
-  #   `- { index: 16, color: '0xff00ff' }`
-  #
-  indexed_colors: []
-
-scrolling:
-  # Maximum number of lines in the scrollback buffer.
-  # Specifying '0' will disable scrolling.
-  history: 10000
-
-  # Number of lines the viewport will move for every line scrolled when
-  # scrollback is enabled (history > 0).
-  multiplier: 3
-
-font:
-  size: 11.0
-
-hints:
-  enabled:
-    # Disable opening links when clicked
-    - regex:
-        "(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)\
-        [^\u0000-\u001F\u007F-\u009F<>\"\\s{-}\\^⟨⟩`]+"
-      command: xdg-open
-      post_processing: true
-      mouse:
-        enabled: false
-        mods: None

ansible/roles/alacritty/tasks/peruser.yaml

@@ -19,8 +19,8 @@
     owner: "{{ account_name.stdout }}"
     group: "{{ group_name.stdout }}"
   loop:
-    - src: alacritty.yml
-      dest: .config/alacritty/alacritty.yml
+    - src: alacritty.toml
+      dest: .config/alacritty/alacritty.toml
 
 - import_tasks: tasks/peruser_freebsd.yaml
   when: 'os_flavor == "freebsd"'

ansible/roles/android/tasks/linux.yaml

@@ -13,10 +13,12 @@
 #     name: []
 #     state: present
 #     update_cache: true
-    
+
 - name: Install packages
   package:
     name:
       - gvfs
       - gvfs-mtp
+      - android-udev # Access android over USB without root.
+      - android-tools # For fastboot to flash phones.
     state: present

ansible/roles/ansible/tasks/freebsd.yaml

@@ -1,6 +1,6 @@
 - name: Install packages
   package:
     name:
-      - py39-ansible
+      - py311-ansible
       - ansible-sshjail
     state: present

ansible/roles/autofs/files/auto_master

@@ -1,4 +1,3 @@
-# $FreeBSD$
 #
 # Automounter master map, see auto_master(5) for details.
 #

ansible/roles/base/files/alacritty.termcap

@@ -1,24 +0,0 @@
-#	Reconstructed via infocmp from file: /usr/share/terminfo/a/alacritty
-# (untranslatable capabilities removed to fit entry within 1023 bytes)
-# (sgr removed to fit entry within 1023 bytes)
-# (acsc removed to fit entry within 1023 bytes)
-# (terminfo-only capabilities suppressed to fit entry within 1023 bytes)
-alacritty|alacritty terminal emulator:\
-	:am:bs:hs:mi:ms:xn:\
-	:co#80:it#8:li#24:\
-	:AL=\E[%dL:DC=\E[%dP:DL=\E[%dM:DO=\E[%dB:IC=\E[%d@:\
-	:K2=\EOE:LE=\E[%dD:RI=\E[%dC:SF=\E[%dS:SR=\E[%dT:\
-	:UP=\E[%dA:ae=\E(B:al=\E[L:as=\E(0:bl=^G:bt=\E[Z:cd=\E[J:\
-	:ce=\E[K:cl=\E[H\E[2J:cm=\E[%i%d;%dH:cr=\r:\
-	:cs=\E[%i%d;%dr:ct=\E[3g:dc=\E[P:dl=\E[M:do=\n:\
-	:ds=\E]2;\007:ec=\E[%dX:ei=\E[4l:fs=^G:ho=\E[H:im=\E[4h:\
-	:is=\E[!p\E[?3;4l\E[4l\E>:k1=\EOP:k2=\EOQ:k3=\EOR:\
-	:k4=\EOS:k5=\E[15~:k6=\E[17~:k7=\E[18~:k8=\E[19~:\
-	:k9=\E[20~:kD=\E[3~:kI=\E[2~:kN=\E[6~:kP=\E[5~:kb=\177:\
-	:kd=\EOB:ke=\E[?1l\E>:kh=\EOH:kl=\EOD:kr=\EOC:\
-	:ks=\E[?1h\E=:ku=\EOA:le=^H:mb=\E[5m:md=\E[1m:me=\E[0m:\
-	:mh=\E[2m:mm=\E[?1034h:mo=\E[?1034l:mr=\E[7m:nd=\E[C:\
-	:rc=\E8:sc=\E7:se=\E[27m:sf=\n:so=\E[7m:sr=\EM:st=\EH:ta=^I:\
-	:te=\E[?1049l\E[23;0;0t:ti=\E[?1049h\E[22;0;0t:\
-	:ts=\E]2;:ue=\E[24m:up=\E[A:us=\E[4m:vb=\E[?5h\E[?5l:\
-	:ve=\E[?12l\E[?25h:vi=\E[?25l:vs=\E[?12;25h:

ansible/roles/base/files/bbr_loader.conf

@@ -0,0 +1 @@
+tcp_bbr_load="YES"

ansible/roles/base/files/cleartmp_rc.conf

@@ -0,0 +1 @@
+clear_tmp_enable="YES"

ansible/roles/base/files/decode_jwt.bash

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+#
+# Decode the contents of a JWT
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec jq -R 'split(".") | .[0],.[1] | gsub("-"; "+") | gsub("_"; "/") | gsub("%3D"; "=")| @base64d | fromjson'

ansible/roles/base/files/disk_labels_loader.conf

@@ -1,8 +1,12 @@
-# Disabling both of these will make /dev/gpt/* populated
+# Populates the /dev/diskid
+kern.geom.label.disk_ident.enable="1"
+
+
+
+# Populates /dev/gpt but only if kern.geom.label.disk_ident.enable is disabled.
 #
 # This uses gpt partition labels which you can set with:
 #
 #     gpart modify -l EFI -i 1 nvd0
 
-# kern.geom.label.disk_ident.enable="0"
 # kern.geom.label.gptid.enable="1"

ansible/roles/base/files/gitconfig_home

@@ -18,3 +18,18 @@
 	date = local
 [init]
 	defaultBranch = main
+
+# Use meld for `git difftool` and `git mergetool`
+[diff]
+	tool = meld
+[difftool]
+	prompt = false
+[difftool "meld"]
+	cmd = meld "$LOCAL" "$REMOTE"
+[merge]
+	tool = meld
+[mergetool "meld"]
+        # Make the middle pane start with partially-merged contents:
+	cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
+        # Make the middle pane start without any merge progress:
+	# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"

ansible/roles/base/files/gitconfig_work

@@ -0,0 +1,37 @@
+[user]
+	email = ThomasA.Alexander@hmhn.org
+	name = Tom Alexander
+	signingkey = D3A179C9A53C0EDE
+[push]
+	default = simple
+[alias]
+	lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
+	bh = log --oneline --branches=* --remotes=* --graph --decorate
+	amend = commit --amend --no-edit
+[core]
+	excludesfile = ~/.gitignore_global
+[commit]
+	gpgsign = true
+[pull]
+	rebase = true
+[log]
+	date = local
+[init]
+	defaultBranch = main
+
+# Use meld for `git difftool` and `git mergetool`
+[diff]
+	tool = meld
+[difftool]
+	prompt = false
+[difftool "meld"]
+	cmd = meld "$LOCAL" "$REMOTE"
+[merge]
+	tool = meld
+[mergetool "meld"]
+        # Make the middle pane start with partially-merged contents:
+	cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
+        # Make the middle pane start without any merge progress:
+	# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
+[includeIf "gitdir:/bridge/"]
+	path = /bridge/git/machine_setup/ansible/roles/base/files/gitconfig_home

ansible/roles/base/files/gitignore_global

@@ -1,3 +1,8 @@
 .idea
 .python-version
+
+# Emacs per-directory settings
 .dir-locals.el
+
+# C/C++ Language Server compile commands
+compile_commands.json

ansible/roles/base/files/homeserver_loader.conf

@@ -1,5 +1,3 @@
 security.bsd.allow_destructive_dtrace=0
-kern.geom.label.disk_ident.enable="0"
-kern.geom.label.gptid.enable="0"
 cryptodev_load="YES"
 zfs_load="YES"

ansible/roles/base/files/login.conf

@@ -7,7 +7,6 @@
 # This file controls resource limits, accounting limits and
 # default user environment settings.
 #
-# $FreeBSD$
 #
 
 # Default settings effectively disable resource limits, see the
@@ -33,7 +32,7 @@ default:\
 	:cputime=unlimited:\
 	:datasize=unlimited:\
 	:stacksize=unlimited:\
-	:memorylocked=64K:\
+	:memorylocked=128M:\
 	:memoryuse=unlimited:\
 	:filesize=unlimited:\
 	:coredumpsize=unlimited:\
@@ -45,6 +44,7 @@ default:\
 	:pseudoterminals=unlimited:\
 	:kqueues=unlimited:\
 	:umtxp=unlimited:\
+	:pipebuf=unlimited:\
 	:priority=0:\
 	:ignoretime@:\
 	:umask=022:\

ansible/roles/base/files/odofreebsd_loader.conf

@@ -1,6 +1,3 @@
 security.bsd.allow_destructive_dtrace=0
-kern.geom.label.disk_ident.enable="0"
-kern.geom.label.gptid.enable="0"
 cryptodev_load="YES"
 zfs_load="YES"
-

ansible/roles/base/files/odofreebsd_rc.conf

@@ -1,8 +1,6 @@
-clear_tmp_enable="YES"
 syslogd_flags="-ss"
 sendmail_enable="NONE"
 hostname="odo"
-sshd_enable="YES"
 # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
 dumpdev="NO"
 zfs_enable="YES"

ansible/roles/base/files/tmux.conf

@@ -1,4 +1,4 @@
-set-option -g mouse on
+# set-option -g mouse on
 set-option -g history-limit 20000
 # set -g @plugin 'tmux-plugins/tmux-yank'
 # Emacs style

ansible/roles/base/files/watch_freebsd

@@ -10,7 +10,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 function cleanup {
     switch_to_main_screen
 }
-for sig in EXIT INT QUIT HUP TERM; do
+for sig in EXIT; do
   trap "set +e; cleanup; exit" "$sig"
 done
 

ansible/roles/base/meta/main.yaml

@@ -1,2 +1,3 @@
 dependencies:
   - fstab
+  - termcap

ansible/roles/base/tasks/common.yaml

@@ -16,20 +16,19 @@
       - wget
       - colordiff
       - ipcalc
-      - kdiff3
       - tcpdump
       - moreutils # for ts [%Y-%m-%d %H:%M:%.S]
       - ddrescue
+      - dmidecode
     state: present
 
-- name: Set timezone
-  file:
-    src: "/usr/share/zoneinfo/{{ timezone|default('UTC') }}"
-    dest: /etc/localtime
-    owner: root
-    # TODO: Arch Linux is changing the group to root instead of wheel. Maybe make this a variable?
-    group: wheel
-    state: link
+- name: Install packages
+  when: install_graphics
+  package:
+    name:
+      - kdiff3
+      - meld
+    state: present
 
 - name: Install scripts
   copy:
@@ -49,6 +48,8 @@
       dest: /usr/local/bin/cleanup_temporary_files
     - src: git_fix_author.bash
       dest: /usr/local/bin/git_fix_author
+    - src: decode_jwt.bash
+      dest: /usr/local/bin/decode_jwt
 
 - import_tasks: tasks/freebsd.yaml
   when: 'os_flavor == "freebsd"'

ansible/roles/base/tasks/freebsd.yaml

@@ -1,3 +1,11 @@
+- name: Set timezone
+  file:
+    src: "/usr/share/zoneinfo/{{ timezone|default('UTC') }}"
+    dest: /etc/localtime
+    owner: root
+    group: wheel
+    state: link
+
 - name: Install packages
   package:
     name:
@@ -5,29 +13,18 @@
       - gsed
       - gmake
       - rust-coreutils
+      - shuf
     state: present
 
-- name: See if the alacritty termcap has been added
-  lineinfile:
-    name: /usr/share/misc/termcap
-    regexp: |-
-      ^alacritty\|
-    state: absent
-  check_mode: yes
-  changed_when: false
-  register: alacritty_cap
-
-- name: Append alacritty termcap info
-  blockinfile:
-    path: /usr/share/misc/termcap
-    block: "{{ lookup('file', 'alacritty.termcap') }}"
-    marker: "# {mark} ANSIBLE MANAGED BLOCK alacritty"
-  when: not alacritty_cap.found
-  register: wrote_alacritty_cap
-
-- name: Update cap_mkdb
-  command: cap_mkdb /usr/share/misc/termcap
-  when: wrote_alacritty_cap.changed
+- name: Install service configuration
+  copy:
+    src: "files/{{ item }}_rc.conf"
+    dest: "/etc/rc.conf.d/{{ item }}"
+    mode: 0644
+    owner: root
+    group: wheel
+  loop:
+    - cleartmp
 
 - name: Install login.conf
   copy:
@@ -42,18 +39,6 @@
   command: cap_mkdb /etc/login.conf
   when: login_config.changed
 
-- name: Enable periodic scrub
-  community.general.sysrc:
-    name: daily_scrub_zfs_enable
-    value: "YES"
-    path: /etc/periodic.conf.local
-
-- name: Set scrub interval
-  community.general.sysrc:
-    name: daily_scrub_zfs_default_threshold
-    value: "7"
-    path: /etc/periodic.conf.local
-
 - name: Install loader.conf
   copy:
     src: "{{loader_conf}}"
@@ -123,3 +108,65 @@
     group: wheel
   loop:
     - disk_labels
+
+- name: Configure sysctls
+  sysctl:
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    state: present
+    reload: false
+    sysctl_file: "/etc/sysctl.conf.local"
+  loop:
+    # Adjust ttl
+    - name: net.inet.ip.ttl
+      value: 65
+    - name: net.inet6.ip6.hlim
+      value: 65
+
+- name: Log periodic output instead of getting it as mail
+  blockinfile:
+    path: "/etc/periodic.conf.local"
+    marker: "# {mark} ANSIBLE MANAGED BLOCK log"
+    # create: true
+    mode: 0644
+    owner: root
+    group: wheel
+    block: |
+      daily_output=/var/log/daily.log
+      weekly_output=/var/log/weekly.log
+      monthly_output=/var/log/monthly.log
+
+- name: Enable periodic zfs scrub
+  when: install_zfs
+  blockinfile:
+    path: "/etc/periodic.conf.local"
+    marker: "# {mark} ANSIBLE MANAGED BLOCK zfs"
+    # create: true
+    mode: 0644
+    owner: root
+    group: wheel
+    block: |
+      daily_scrub_zfs_enable="YES"
+      daily_scrub_zfs_default_threshold="7"
+
+# Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
+- name: Install loader.conf
+  copy:
+    src: "files/{{ item }}_loader.conf"
+    dest: "/boot/loader.conf.d/{{ item }}.conf"
+    mode: 0644
+    owner: root
+    group: wheel
+  loop:
+    - bbr
+
+- name: Configure sysctls
+  sysctl:
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    state: present
+    reload: false
+    sysctl_file: "/etc/sysctl.conf.local"
+  loop:
+    - name: net.inet.tcp.functions_default
+      value: "bbr"

ansible/roles/base/tasks/linux.yaml

@@ -1,3 +1,11 @@
+- name: Set timezone
+  file:
+    src: "/usr/share/zoneinfo/{{ timezone|default('UTC') }}"
+    dest: /etc/localtime
+    owner: root
+    group: root
+    state: link
+
 - name: Install packages
   package:
     name:
@@ -8,6 +16,8 @@
       - man-db
       - uutils-coreutils
       - usbutils # for lsusb
+      - bolt
+      - whois
     state: present
 
 - name: Start pkgfile update service
@@ -17,17 +27,6 @@
     daemon_reload: yes
     enabled: yes
 
-# Of questionable value since I don't use swap on my machines
-- name: Configure sysctls for swap
-  sysctl:
-    name: "{{ item.name }}"
-    value: "{{ item.value }}"
-    state: present
-    sysctl_file: /etc/sysctl.d/swap.conf
-  loop:
-    - name: vm.swappiness
-      value: 10
-
 - name: Install scripts
   copy:
     src: "files/{{ item.src }}"
@@ -40,3 +39,41 @@
       dest: /usr/local/bin/mount_disk_image
     - src: watch_linux
       dest: /usr/local/bin/ww
+
+- name: Configure sysctls
+  sysctl:
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    state: present
+    sysctl_file: /etc/sysctl.d/{{ item.file }}
+  loop:
+    # Of questionable value since I don't use swap on my machines
+    - name: vm.swappiness
+      value: 10
+      file: swap.conf
+    # Enable TCP packetization-layer PMTUD when an ICMP black hole is detected.
+    - name: net.ipv4.tcp_mtu_probing
+      value: 1
+      file: tcp.conf
+    # Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
+    - name: net.ipv4.tcp_congestion_control
+      value: bbr
+      file: tcp.conf
+    # Don't do a slow start after a connection has been idle for a single RTO.
+    - name: net.ipv4.tcp_slow_start_after_idle
+      value: 0
+      file: tcp.conf
+    # 3x time to accumulate filesystem changes before flushing to disk.
+    - name: vm.dirty_writeback_centisecs
+      value: 1500
+      file: power.conf
+    # Adjust ttl
+    - name: net.ipv4.ip_default_ttl
+      value: 65
+      file: ttl.conf
+    - name: net.ipv6.conf.all.hop_limit
+      value: 65
+      file: ttl.conf
+    - name: net.ipv6.conf.default.hop_limit
+      value: 65
+      file: ttl.conf

ansible/roles/bhyve/defaults/main.yaml

@@ -1,2 +1 @@
 bhyve_mountpoint: "/vm"
-bhyve_list: []

ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash

@@ -30,6 +30,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : ${BRIDGE_NAME:="bridge_$INTERFACE_NAME"} # or bridge_raw for RAW networks
 : ${VNC_ENABLE:="NO"}
 : ${VNC_LISTEN:="127.0.0.1:5900"}
+: ${VNC_WIDTH:="1920"}
+: ${VNC_HEIGHT:="1080"}
 
 if [ "$VERBOSE" = "YES" ]; then
     set -x
@@ -45,7 +47,7 @@ function cleanup {
     done
 }
 vms=()
-for sig in EXIT INT QUIT HUP TERM; do
+for sig in EXIT; do
   trap "set +e; sleep 10; cleanup" "$sig"
 done
 
@@ -74,13 +76,6 @@ function main {
     fi
 }
 
-function die {
-    local status_code="$1"
-    shift
-    (>&2 echo "${@}")
-    exit "$status_code"
-}
-
 function create_disk {
     local zfs_path="$1"
     local mount_path="$2"
@@ -112,7 +107,8 @@ function start_vm {
     local bridge_name="$BRIDGE_NAME"
     local ip_range="$IP_RANGE" # for raw this value does not matter
 
-    local mac_address=$(calculate_mac_address "$name")
+    local mac_address
+    mac_address=$(calculate_mac_address "$name")
 
     local additional_args=()
 
@@ -147,7 +143,7 @@ function start_vm {
         additional_args+=("-s" "5,ahci-cd,$mount_cd")
     fi
     if [ "$VNC_ENABLE" = "YES" ]; then
-        additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=1920,h=1080")
+        additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=$VNC_WIDTH,h=$VNC_HEIGHT")
     fi
     vms+=("$name")
     while true; do
@@ -158,6 +154,8 @@ function start_vm {
             -c $CPU_CORES \
             -m $MEMORY \
             -H \
+            -P \
+            -o 'rtc.use_localtime=false' \
             -s 0,hostbridge \
             -s "4,nvme,/dev/zvol/${zfs_path}/disk0" \
             -s 30,xhci,tablet \
@@ -252,7 +250,8 @@ function ng_exists {
 
 function calculate_mac_address {
     local name="$1"
-    local source=$(md5 -r -s "$name" | awk '{print $1}')
+    local source
+    source=$(md5 -r -s "$name" | awk '{print $1}')
     echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
 }
 

ansible/roles/blank/tasks/linux.yaml

@@ -13,7 +13,7 @@
 #     name: []
 #     state: present
 #     update_cache: true
-    
+
 # - name: Install packages
 #   package:
 #     name:

ansible/roles/build/defaults/main.yaml

@@ -1,2 +0,0 @@
-# freebsd_version: "releng/13.2"
-freebsd_version: "9c80d66ec1b4c5b9ac7aaf5b0fdbb1628d49c181"

ansible/roles/build/files/CUSTOM

@@ -1,6 +0,0 @@
-include GENERIC-NODEBUG
-
-# Disable Intel SD/MMC controller for reading eMMC
-nodevice sdhci
-
-ident   CUSTOM

ansible/roles/build/files/aurutils-nuke

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+#
+# If something is very wrong in pacman, this removes the keyring and the entire custom repo, then sets up pacman's keyring again. Running the ansible playbook is necessary to get the custom repo added.
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+doas rm -rf /var/cache/pacman/custom/ /etc/pacman.d/conf.d/aurutils.conf
+doas rm -rf /etc/pacman.d/gnupg
+doas pacman-key --init
+doas pacman-key --populate archlinux
+doas pacman -S archlinux-keyring

ansible/roles/build/files/find_packages_that_installed_kernel_modules.bash

@@ -1,26 +0,0 @@
-#!/usr/bin/env bash
-#
-# List installed packages that install a kernel module.
-set -euo pipefail
-IFS=$'\n\t'
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-: ${PORTSDIR:="/usr/ports"}
-
-function main {
-    if [ "$#" -ne 0 ]; then
-        (>&2 echo "This script takes no positional parameters.")
-        exit 1
-    fi
-    local module
-    doas find / -type f -name '*.ko' | sort | while read module; do
-        local provides=$(pkg provides "$module")
-        if [ -n "$provides" ]; then
-            package_name=$(grep 'Name    : ' <<<"$provides" | sed 's/Name    : //g')
-            # module_file=$(grep 'Filename: ' <<<"$provides" | sed 's/Filename: //g')
-            echo "$package_name"
-        fi
-    done
-}
-
-main "${@}"

ansible/roles/build/files/find_popular_ports_options.bash

@@ -1,36 +0,0 @@
-#!/usr/bin/env bash
-#
-# Find which port options appear the most in ports.
-set -euo pipefail
-IFS=$'\n\t'
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-: ${PORTSDIR:="/usr/ports"}
-
-function main {
-    if [ "$#" -ne 0 ]; then
-        (>&2 echo "This script takes no positional parameters.")
-        exit 1
-    fi
-    local folder
-    find_port_folders | while read folder; do
-        set +e
-        dump_port_options "$folder"
-        set -e
-    done | sort | uniq -c | sort -nr
-}
-
-function find_port_folders {
-    local mf
-    find "$PORTSDIR" -type f -name Makefile -mindepth 3 -maxdepth 3 | sort | while read mf; do
-        dirname "$mf"
-    done
-}
-
-function dump_port_options {
-    local folder="$1"
-    local portopts=$(make -C "$folder" -V OPTIONS_DEFINE)
-    echo "$portopts" | grep -oE --line-buffered '[^ ]*'
-}
-
-main "${@}"

ansible/roles/build/files/find_ports_containing_option.bash

@@ -1,41 +0,0 @@
-#!/usr/bin/env bash
-#
-# List ports containing an option matching the first parameter to the script.
-set -euo pipefail
-IFS=$'\n\t'
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-: ${PORTSDIR:="/usr/ports"}
-
-function main {
-    if [ "$#" -ne 1 ]; then
-        (>&2 echo "Pass exactly 1 option name to this script.")
-        exit 1
-    fi
-    local find_option_name=$1
-    local folder
-    find_port_folders | while read folder; do
-        set +e
-        dump_port_options "$folder" | grep -qE "^${find_option_name}$"
-        has_opt=$?;
-        set -e
-        if [ $has_opt -eq 0 ]; then
-            echo "$folder"
-        fi
-    done
-}
-
-function find_port_folders {
-    local mf
-    find "$PORTSDIR" -type f -name Makefile -mindepth 3 -maxdepth 3 | sort | while read mf; do
-        dirname "$mf"
-    done
-}
-
-function dump_port_options {
-    local folder="$1"
-    local portopts=$(make -C "$folder" -V OPTIONS_DEFINE)
-    echo "$portopts" | grep -oE --line-buffered '[^ ]*'
-}
-
-main "${@}"

ansible/roles/build/files/freebsd_update_step1

@@ -1,20 +0,0 @@
-#!/usr/bin/env bash
-#
-# Build and installs whatever is in /usr/src. Run step 1, reboot, then step 2.
-set -euo pipefail
-IFS=$'\n\t'
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-cores=$(sysctl -n hw.ncpu)
-
-if sudo etcupdate status | grep -qE '^  C '; then
-    >&2 echo 'Conflicts remain in etcupdate. Run `etcupdate resolve` to fix them first.'
-    exit 1
-fi
-
-cd /usr/src
-
-make -j "$cores" clean
-make -j "$cores" buildworld buildkernel
-sudo make installkernel
-
-echo "FreeBSD update step 1 done. Please reboot."

ansible/roles/build/files/freebsd_update_step2

@@ -1,19 +0,0 @@
-#!/usr/bin/env bash
-#
-# Build and installs whatever is in /usr/src. Run step 1, reboot, then step 2.
-set -euo pipefail
-IFS=$'\n\t'
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-sudo etcupdate -p
-
-cd /usr/src
-sudo make installworld
-sudo etcupdate -B
-
-if sudo etcupdate status | grep -qE '^  C '; then
-    >&2 echo 'Conflicts in etcupdate. Run `etcupdate resolve` to fix them first.'
-    exit 1
-fi
-
-echo "FreeBSD update step 2 done. Please reboot."

ansible/roles/build/files/gpg.asc

@@ -1,34 +1,27 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
-0H+RsWG0HVRvbSBBbGV4YW5kZXIgPHRvbUBmaXp6LmJ1eno+iJAEExYIADgWIQS4
-SBWTY8KHeReVS+En3kDZuEVcGwUCXZwWGgIbAwULCQgHAgYVCAkKCwIEFgIDAQIe
-AQIXgAAKCRAn3kDZuEVcG9glAQDX3Bzaz9sQpycc40LeLxSKQsWplfJigfr8wWOg
-C15TywEAqkTtCrTNsltdZERLMre7qnv/6RSo54OW0C4pdN7UUAa0HlRvbSBBbGV4
-YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A
-2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhF
-XBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0CuU4m1/MA+gPDKME7syEt
-JsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB9Ub20gQWxleGFuZGVyIDx0b21AaGFy
-bW9uaWMuYWk+iJAEExYIADgWIQS4SBWTY8KHeReVS+En3kDZuEVcGwUCX7D5RAIb
-AwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAn3kDZuEVcGzjDAP9pM1ScstOk
-ti+oRAsNSk8qsjIsCT9O5voDS0Q7plWlcwD/btKVFO9tPLsXhyvdB+NSwueVs7TA
-kRVjlW3hktpefg24OARdnBYaEgorBgEEAZdVAQUBAQdArbTYQgDBMG7EBFTKA6+f
-4CWgwl26Lf2b6cyCGfUw2j4DAQgHiHgEGBYIACAWIQS4SBWTY8KHeReVS+En3kDZ
-uEVcGwUCXZwWGgIbDAAKCRAn3kDZuEVcG03MAQCrkjrE+MhtvbfGaHGHlwz9QnF0
-Z519YzK8Xr8m0O+09QEA9BFCfkAzBM4D4JKeWJh/tmN9U6UexzLrRdY+W9cugAm4
-MwRdnBbKFgkrBgEEAdpHDwEBB0A/IgvgQaDhPkk72raSlUPLZaMyJfPedlfBhbgY
-uhNiSIj1BBgWCAAmAhsCFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+hYFCQe4
-fcwAgXYgBBkWCAAdFiEEgeZEOZZ1UC6xJRa606F5yaU8Dt4FAl2cFsoACgkQ06F5
-yaU8Dt6MngD+Krs3aYyHH6i85ebVESgBI8XeXhgACM4exepw+0UcoYkBAKK4DvV3
-oJD6o1ku6Rr8pUH962SQm8PO9pO2JBBAb6ADCRAn3kDZuEVcG9uAAP43vUsbe24/
-6tjEezAW0a4L2E1u4HNU8t53lolngs1kswEAy1HBdYEMR9TovX/kMeBHLcz1J2pM
-VRSV0JnJhj5eZwa4MwRdnBcBFgkrBgEEAdpHDwEBB0BrvpOZa4q6JHVuc1XUVQTq
-hDgLwD5SJBvzHSTXPYOZMoh+BBgWCAAmAhsgFiEEuEgVk2PCh3kXlUvhJ95A2bhF
-XBsFAl+w+hYFCQe4fZUACgkQJ95A2bhFXBs3NgEA3SFYTgRVstidfoEpEZV4DdSL
-kXaOwN3Eyba4UniClyMA/2CCxQt24vu19TyvUtOXWCp9Zi8SyIqoeiXQ4ZmhhnQO
-uDgEXZwXKBIKKwYBBAGXVQEFAQEHQA7S3cFTEu6iROopVyF4UBl3hQrEAbOc9CW+
-xXKFZYgSAwEIB4h+BBgWCAAmAhsMFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w
-+hcFCQe4fW4ACgkQJ95A2bhFXBtUXAEAyEJCUNVSJ7qvQv5IXuwbYTX2Mh7JU3+F
-GJHO7AWBXCQA/2aLAi9kYmz9ba770XYwTeBZIv9Y6UIwIwVmFdYHC/EM
-=a/z4
+0H+RsWG0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE
+uEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwEC
+HgECF4AACgkQJ95A2bhFXBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0C
+uU4m1/MA+gPDKME7syEtJsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB1Ub20gQWxl
+eGFuZGVyIDx0b21AZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A
+2bhFXBsFAl2cFhoCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQJ95A2bhF
+XBvYJQEA19wc2s/bEKcnHONC3i8UikLFqZXyYoH6/MFjoAteU8sBAKpE7Qq0zbJb
+XWRESzK3u6p7/+kUqOeDltAuKXTe1FAGuDMEXZwWyhYJKwYBBAHaRw8BAQdAPyIL
+4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI9QQYFggAJgIbAhYhBLhIFZNj
+wod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2IAQZFggAHRYhBIHmRDmWdVAu
+sSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7ejJ4A/iq7N2mMhx+ovOXm1REo
+ASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZLuka/KVB/etkkJvDzvaTtiQQ
+QG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/EZ3/d8wxfA9E3Fb/1mt4c2Zr
+NnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/duA4lwsLuDMEXZwXARYJKwYB
+BAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+UiQb8x0k1z2DmTKIfgQYFggA
+JgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdZgAAoJECfeQNm4
+RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SBPG4VvrCzXrmlAP46wUjIRpkM
+rTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2cFygSCisGAQQBl1UBBQEBB0AO
+0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWIEgMBCAeIfgQYFggAJgIbDBYh
+BLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdY5AAoJECfeQNm4RVwbXscA
+/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcWd5t8APwIwcuFVZZA3yayhIxi
+3aqYpMRxpn2t6Nswax1MIM8DBQ==
+=dzEV
 -----END PGP PUBLIC KEY BLOCK-----

ansible/roles/build/files/gpg_work.asc

@@ -0,0 +1,27 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
+0H+RsWG0LVRob21hcyBBbGV4YW5kZXIgPFRob21hc0EuQWxleGFuZGVyQGhtaG4u
+b3JnPoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAmULicsCGwMFCwkI
+BwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhFXBsUtQD9GWPdWc/nSmO0Gp7p
+DzxrieliriAnO+ZCHp31mFbMtToBAPxPYN9y4kgSiXhLiFLoRK5k5FCspksTSitg
+0CbXDE4LuDgEXZwWGhIKKwYBBAGXVQEFAQEHQK202EIAwTBuxARUygOvn+AloMJd
+ui39m+nMghn1MNo+AwEIB4h4BBgWCAAgFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsF
+Al2cFhoCGwwACgkQJ95A2bhFXBtNzAEAq5I6xPjIbb23xmhxh5cM/UJxdGedfWMy
+vF6/JtDvtPUBAPQRQn5AMwTOA+CSnliYf7ZjfVOlHscy60XWPlvXLoAJuDMEXZwW
+yhYJKwYBBAHaRw8BAQdAPyIL4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI
+9QQYFggAJgIbAhYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2
+IAQZFggAHRYhBIHmRDmWdVAusSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7e
+jJ4A/iq7N2mMhx+ovOXm1REoASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZ
+Luka/KVB/etkkJvDzvaTtiQQQG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/
+EZ3/d8wxfA9E3Fb/1mt4c2ZrNnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/
+duA4lwsLuDMEXZwXARYJKwYBBAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+
+UiQb8x0k1z2DmTKIfgQYFggAJgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJl
+C4ZwBQkLMdZgAAoJECfeQNm4RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SB
+PG4VvrCzXrmlAP46wUjIRpkMrTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2c
+FygSCisGAQQBl1UBBQEBB0AO0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWI
+EgMBCAeIfgQYFggAJgIbDBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkL
+MdY5AAoJECfeQNm4RVwbXscA/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcW
+d5t8APwIwcuFVZZA3yayhIxi3aqYpMRxpn2t6Nswax1MIM8DBQ==
+=0HtE
+-----END PGP PUBLIC KEY BLOCK-----

ansible/roles/build/tasks/freebsd.yaml

@@ -1,100 +0,0 @@
-- name: Install packages
-  package:
-    name:
-      - git
-    state: present
-
-- name: Create directories
-  file:
-    name: "{{ item }}"
-    state: directory
-    mode: 0755
-    owner: "{{ build_user.name }}"
-    group: "{{ build_user.group }}"
-  loop:
-    - "/usr/src"
-    # - "/usr/ports"
-    - "/usr/obj"
-
-- name: chown the FreeBSD source
-  file:
-    name: "{{ item }}"
-    state: directory
-    owner: "{{ build_user.name }}"
-    group: "{{ build_user.group }}"
-    recurse: true
-  loop:
-    - "/usr/src"
-
-- name: Clone FreeBSD Source
-  git:
-    repo: "https://git.FreeBSD.org/src.git"
-    dest: /usr/src
-    version: "{{ freebsd_version }}"
-    force: true
-  become: true
-  become_user: "{{ build_user.name }}"
-  diff: false
-
-# - name: Clone Ports Tree
-#   git:
-#     repo: "https://git.FreeBSD.org/ports.git"
-#     dest: /usr/ports
-#     version: "main"
-#     force: true
-#     update: false
-#   become: true
-#   become_user: "{{ build_user.name }}"
-#   diff: false
-
-- name: Install Configuration
-  copy:
-    src: "files/{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: 0644
-    owner: root
-    group: wheel
-  loop:
-    - src: make.conf
-      dest: /etc/make.conf
-
-- name: Install Configuration
-  copy:
-    src: "files/{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: 0644
-    owner: "{{ build_user.name }}"
-    group: "{{ build_user.group }}"
-  loop:
-    - src: CUSTOM
-      dest: /usr/src/sys/amd64/conf/CUSTOM
-
-- name: Install Configuration
-  template:
-    src: "templates/{{ item.src }}.j2"
-    dest: "{{ item.dest }}"
-    mode: 0644
-    owner: root
-    group: wheel
-  loop:
-    - src: src.conf
-      dest: /etc/src.conf
-
-- name: Install scripts
-  copy:
-    src: "files/{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: 0700
-    owner: "{{ build_user.name }}"
-    group: "{{ build_user.group }}"
-  loop:
-    - src: freebsd_update_step1
-      dest: /usr/local/bin/freebsd_update_step1
-    - src: freebsd_update_step2
-      dest: /usr/local/bin/freebsd_update_step2
-    - src: find_popular_ports_options.bash
-      dest: /usr/local/bin/find_popular_ports_options
-    - src: find_ports_containing_option.bash
-      dest: /usr/local/bin/find_ports_containing_option
-    - src: find_packages_that_installed_kernel_modules.bash
-      dest: /usr/local/bin/find_packages_that_installed_kernel_modules

ansible/roles/build/tasks/linux.yaml

@@ -39,7 +39,7 @@
 - name: Trust my signing key
   command: pacman-key -a -
   args:
-    stdin: "{{ lookup('file', 'gpg.asc') }}"
+    stdin: "{{ lookup('file', pgp_key|default('gpg.asc')) }}"
   when: '"B848159363C2877917954BE127DE40D9B8455C1B" not in pacmankeys.stdout'
   register: my_key_imported
 
@@ -89,13 +89,21 @@
   loop:
     - src: aurutils.conf
       dest: /etc/pacman.d/conf.d/
-    - src: pacman-custom.conf
+    - src: pacman-x86_64.conf
       dest: /etc/aurutils/
     - src: makepkg.conf # TODO: Is this needed or can I use the default from devtools?
       dest: /etc/aurutils/
 
+- name: chown the custom package db
+  file:
+    path: "{{ item }}"
+    owner: "{{ build_user.name }}"
+    recurse: true
+  loop:
+    - /var/cache/pacman/custom/
+
 - name: Create custom repo db
-  command: repo-add --sign /var/cache/pacman/custom/custom.db.tar
+  command: repo-add --new --sign /var/cache/pacman/custom/custom.db.tar "/home/{{ build_user.name }}/.config/ansible_deploy/aurutils/aurutils-*-any.pkg.tar.*"
   become: true
   become_user: "{{ build_user.name }}"
   args:
@@ -111,6 +119,8 @@
   loop:
     - src: aurutils-purge
       dest: /usr/local/bin/aurutils-purge
+    - src: aurutils-nuke
+      dest: /usr/local/bin/aurutils-nuke
     - src: aurutils-sync
       dest: /usr/local/bin/aurutils-sync
     - src: aurutils-update-devel-packages

ansible/roles/build/templates/src.conf.j2

@@ -1,35 +0,0 @@
-{% if cpu_opt is defined and cpu_opt %}
-CPUTYPE?={{ cpu_opt }}
-{% endif %}
-KERNCONF=CUSTOM
-WITH_MALLOC_PRODUCTION=YES
-WITHOUT_LLVM_ASSERTIONS=YES
-WITH_REPRODUCIBLE_BUILD=YES
-PORTS_MODULES+=graphics/drm-kmod
-PORTS_MODULES+=graphics/gpu-firmware-intel-kmod
-PORTS_MODULES+=net/wireguard-kmod
-
-# Would be fun to experiment with:
-# WITHOUT_SOURCELESS=YES
-# WITHOUT_GAMES=YES
-# WITHOUT_KERBEROS=YES
-# WITHOUT_LEGACY_CONSOLE=YES
-# WITHOUT_LIB32=YES
-# WITHOUT_LOADER_GELI=YES
-# WITHOUT_MLX5TOOL=YES
-# WITHOUT_NDIS=YES
-# WITHOUT_OFED=YES
-# WITHOUT_PPP=YES
-# WITH_SORT_THREADS=YES
-# WITHOUT_TALK=YES
-# WITHOUT_TCSH=YES
-
-
-# Questionable Optimizations
-WITHOUT_FLOPPY=YES
-WITHOUT_HTML=YES
-WITHOUT_IPFW=YES
-WITHOUT_IPFILTER=YES
-WITHOUT_LLVM_TARGET_ALL=YES
-# Commented out because maybe I want email alerts for failing disks
-# WITHOUT_MAIL=YES

ansible/roles/chromium/files/chromium-flags.conf

@@ -0,0 +1,2 @@
+--ozone-platform-hint=auto
+--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE

ansible/roles/chromium/meta/main.yaml

@@ -1,2 +1,2 @@
 dependencies:
-  - build
+  - users

ansible/roles/chromium/tasks/common.yaml

@@ -0,0 +1,55 @@
+# - name: Create directories
+#   file:
+#     name: "{{ item }}"
+#     state: directory
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - /foo/bar
+
+# - name: Install scripts
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.bash
+#       dest: /usr/local/bin/foo
+
+# - name: Install Configuration
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0600
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.conf
+#       dest: /usr/local/etc/foo.conf
+
+# - name: Clone Source
+#   git:
+#     repo: "https://foo.bar/baz.git"
+#     dest: /foo/bar
+#     version: "v1.0.2"
+#     force: true
+#   diff: false
+
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  when: users is defined
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user

ansible/roles/chromium/tasks/freebsd.yaml

@@ -0,0 +1,5 @@
+# - name: Install packages
+#   package:
+#     name:
+#       - foo
+#     state: present

ansible/roles/chromium/tasks/linux.yaml

@@ -0,0 +1,7 @@
+# Check chrome://gpu/ to confirm hardware video decoding and vulkan rendering is working.
+
+- name: Install packages
+  package:
+    name:
+      - chromium
+    state: present

ansible/roles/chromium/tasks/main.yaml

@@ -0,0 +1,2 @@
+- import_tasks: tasks/common.yaml
+  when: install_graphics

ansible/roles/chromium/tasks/peruser_linux.yaml

@@ -0,0 +1,10 @@
+- name: Copy files
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+    mode: 0600
+    owner: "{{ account_name.stdout }}"
+    group: "{{ group_name.stdout }}"
+  loop:
+    - src: chromium-flags.conf
+      dest: .config/chromium-flags.conf

ansible/roles/cpu/files/cpu_set_perf_perc_linux_amd

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+#
+# Tell hardware p-states whether to maximize CPU performance (100) or
+# energy efficiency (0).
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+perc=$1
+
+if [ "$perc" -gt 80 ]; then
+    echo performance | tee /sys/firmware/acpi/platform_profile
+elif [ "$perc" -ge 20 ]; then
+    echo balanced | tee /sys/firmware/acpi/platform_profile
+else
+    echo low-power | tee /sys/firmware/acpi/platform_profile
+fi
+
+if [ "$perc" -ge 80 ]; then
+    echo "performance" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
+elif [ "$perc" -ge 60 ]; then
+    echo "balance_performance" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
+elif [ "$perc" -ge 40 ]; then
+    echo "default" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
+elif [ "$perc" -ge 20 ]; then
+    echo "balance_power" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
+else
+    echo "power" | tee /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference
+fi

ansible/roles/cpu/files/platform_profile_tmpfiles.conf

@@ -0,0 +1,2 @@
+# Favor energy efficiency for platform profile (EC / system, not CPU)
+w- /sys/firmware/acpi/platform_profile - - - - low-power

ansible/roles/cpu/tasks/freebsd_amd.yaml

@@ -27,3 +27,14 @@
     group: wheel
   loop:
     - aesni
+
+- name: Install loader.conf
+  when: hwpstate is defined and hwpstate
+  copy:
+    src: "files/{{ item }}_loader.conf"
+    dest: "/boot/loader.conf.d/{{ item }}.conf"
+    mode: 0644
+    owner: root
+    group: wheel
+  loop:
+    - per_core_hwpstate

ansible/roles/cpu/tasks/freebsd_intel.yaml

@@ -78,4 +78,4 @@
     owner: root
     group: wheel
   loop:
-    - percorespeedshift
+    - per_core_hwpstate

ansible/roles/cpu/tasks/linux_amd.yaml

@@ -0,0 +1,40 @@
+- name: Install packages
+  package:
+    name:
+      - powertop
+    state: present
+
+- name: Favor energy efficiency for hardware p-states
+  when: hwpstate is defined and hwpstate and cores is defined
+  template:
+    src: "templates/{{ item.src }}.j2"
+    dest: "{{ item.dest }}"
+    mode: 0644
+    owner: root
+    group: wheel
+  loop:
+    - src: energy_performance_preference.conf
+      dest: /etc/tmpfiles.d/energy_performance_preference.conf
+
+- name: Install tmpfiles.d configuration
+  when: hwpstate is defined and hwpstate and cores is defined
+  copy:
+    src: "files/{{ item }}_tmpfiles.conf"
+    dest: "/etc/tmpfiles.d/{{ item }}.conf"
+    mode: 0644
+    owner: root
+    group: wheel
+  loop:
+    - platform_profile
+
+- name: Install scripts
+  when: hwpstate is defined and hwpstate
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0755
+    owner: root
+    group: wheel
+  loop:
+    - src: cpu_set_perf_perc_linux_amd
+      dest: /usr/local/bin/cpu_set_perf_perc

ansible/roles/cpu/tasks/linux_intel.yaml

@@ -19,7 +19,7 @@
   template:
     src: "templates/{{ item.src }}.j2"
     dest: "{{ item.dest }}"
-    mode: 0755
+    mode: 0644
     owner: root
     group: wheel
   loop:
@@ -35,5 +35,5 @@
     owner: root
     group: wheel
   loop:
-    - src: cpu_set_perf_perc_linux
+    - src: cpu_set_perf_perc_linux_intel
       dest: /usr/local/bin/cpu_set_perf_perc

ansible/roles/cpu/templates/energy_performance_preference.conf.j2

@@ -1,4 +1,4 @@
-# Favor energy efficiency for Speed Shift
+# Favor energy efficiency for hardware p-states
 {% for core in range(0, cores, 1) %}
 w- /sys/devices/system/cpu/cpufreq/policy{{core}}/energy_performance_preference - - - - power
 {% endfor %}

ansible/roles/devfs/files/homeserver_devfs.rules

@@ -0,0 +1,25 @@
+# [localrules=10]
+# add path 'input/*' mode 0660 group video
+# add path 'usb/*' mode 0660 group usb
+
+[tajailwg=13]
+add include $devfsrules_hide_all
+add include $devfsrules_unhide_basic
+add include $devfsrules_unhide_login
+add path 'bpf*' unhide
+add path pf unhide
+add path pflog unhide
+add path pfsynv unhide
+add path 'tun*' unhide
+
+[tajaildhcp=14]
+add include $devfsrules_hide_all
+add include $devfsrules_unhide_basic
+add include $devfsrules_unhide_login
+add path 'bpf*' unhide
+
+[tajailrand=15]
+add include $devfsrules_hide_all
+add include $devfsrules_unhide_basic
+add include $devfsrules_unhide_login
+add path urandom unhide

ansible/roles/docker/tasks/linux.yaml

@@ -2,6 +2,8 @@
   package:
     name:
       - docker
+      - docker-compose
+      - docker-buildx
     state: present
 
 - name: Create docker zfs dataset

ansible/roles/dummynet/files/dnctl.conf

@@ -0,0 +1,2 @@
+pipe 1 config bw 100KByte/s
+pipe 2 config

ansible/roles/dummynet/files/dummynet

@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+#
+
+# PROVIDE: dummynet
+# BEFORE: pf ipfw
+# KEYWORD: nojailvnet
+
+. /etc/rc.subr
+
+name="dummynet"
+desc="Dummynet packet queuing and scheduling"
+rcvar="${name}_enable"
+load_rc_config $name
+start_cmd="${name}_start"
+required_files="$dummynet_rules"
+required_modules="dummynet"
+
+dummynet_start()
+{
+	startmsg -n "Enabling ${name}"
+        cat "$dnctl_rules" | while read l; do
+          dnctl $l
+        done
+	startmsg '.'
+}
+
+run_rc_command $*

ansible/roles/dummynet/files/dummynet_rc.conf

@@ -0,0 +1,2 @@
+dummynet_enable="YES"
+dummynet_rules="/etc/dnctl.conf"

ansible/roles/dummynet/tasks/common.yaml

@@ -0,0 +1,55 @@
+# - name: Create directories
+#   file:
+#     name: "{{ item }}"
+#     state: directory
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - /foo/bar
+
+# - name: Install scripts
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.bash
+#       dest: /usr/local/bin/foo
+
+# - name: Install Configuration
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0600
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.conf
+#       dest: /usr/local/etc/foo.conf
+
+# - name: Clone Source
+#   git:
+#     repo: "https://foo.bar/baz.git"
+#     dest: /foo/bar
+#     version: "v1.0.2"
+#     force: true
+#   diff: false
+
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  when: users is defined
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user

ansible/roles/dummynet/tasks/freebsd.yaml

@@ -0,0 +1,30 @@
+- name: Install Configuration
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0600
+    owner: root
+    group: wheel
+  loop:
+    - src: "{{ dummynet_config }}"
+      dest: /etc/dnctl.conf
+
+- name: Install rc script
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}"
+    owner: root
+    group: wheel
+    mode: 0755
+  loop:
+    - src: dummynet
+
+- name: Install service configuration
+  copy:
+    src: "files/{{ item }}_rc.conf"
+    dest: "/etc/rc.conf.d/{{ item }}"
+    mode: 0644
+    owner: root
+    group: wheel
+  loop:
+    - dummynet

ansible/roles/dummynet/tasks/linux.yaml

@@ -13,7 +13,7 @@
 #     name: []
 #     state: present
 #     update_cache: true
-    
+
 # - name: Install packages
 #   package:
 #     name:

ansible/roles/dummynet/tasks/main.yaml

@@ -0,0 +1,2 @@
+- import_tasks: tasks/common.yaml
+  when: (dummynet_config is defined and os_flavor == "freebsd") or (os_flavor == "linux")

ansible/roles/dummynet/tasks/peruser.yaml

@@ -0,0 +1,29 @@
+- include_role:
+    name: per_user
+
+# - name: Create directories
+#   file:
+#     name: "{{ account_homedir.stdout }}/{{ item }}"
+#     state: directory
+#     mode: 0700
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - ".config/foo"
+
+# - name: Copy files
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+#     mode: 0600
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - src: foo.conf
+#       dest: .config/foo/foo.conf
+
+- import_tasks: tasks/peruser_freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/peruser_linux.yaml
+  when: 'os_flavor == "linux"'

ansible/roles/emacs/files/early-init.el

@@ -1,7 +1,7 @@
-(setq gc-cons-threshold 100000000) ;; Increase garbage collection threshold for performance (default 800000)
+(setq gc-cons-threshold (* 128 1024 1024)) ;; 128MiB Increase garbage collection threshold for performance (default 800000)
 ;; Increase amount of data read from processes, default 4k
-(when (>= emacs-major-version 27)
-  (setq read-process-output-max (* 1024 1024)) ;; 1mb
+(when (version<= "27.0" emacs-version)
+  (setq read-process-output-max (* 10 1024 1024)) ;; 10MiB
   )
 
 ;; Suppress warnings

ansible/roles/emacs/files/elisp/base.el

@@ -36,6 +36,8 @@
  ;; Don't pop up a small window at the bottom of emacs at launch.
  inhibit-startup-screen t
  inhibit-startup-message t
+ ;; Don't show the list of buffers when opening many files.
+ inhibit-startup-buffer-menu t
  ;; Give the scratch buffer a clean slate.
  initial-major-mode 'fundamental-mode
  initial-scratch-message nil
@@ -75,4 +77,18 @@
 ;; Delete trailing whitespace before save
 (add-hook 'before-save-hook 'delete-trailing-whitespace)
 
+;; If the underlying file changes, reload it automatically. This is useful for moving around in git without confusing language servers.
+(setopt auto-revert-avoid-polling t)
+(setopt auto-revert-interval 5)
+(setopt auto-revert-check-vc-info t)
+(global-auto-revert-mode)
+
+;;;;; Performance
+;; Run garbage collect when emacs is idle
+(run-with-idle-timer 5 t (lambda () (garbage-collect)))
+(add-function :after after-focus-change-function
+              (lambda ()
+                (unless (frame-focus-state)
+                  (garbage-collect))))
+
 (provide 'base)

ansible/roles/emacs/files/elisp/common-lsp.el

@@ -38,6 +38,7 @@
   :hook (eglot-managed-mode . company-mode)
   :config
   (setq company-backends '((company-capf)))
+  (setq company-idle-delay 0) ;; Default 0.2
   )
 
 ;; (use-package company-box

ansible/roles/emacs/files/elisp/lang-c.el

@@ -0,0 +1,49 @@
+(require 'common-lsp)
+(require 'util-tree-sitter)
+
+(defun locate-compile-commands-file ()
+  "See if compile_commands.json exists."
+  ;; This can be generated by prefixing the make command with `intercept-build15 --append`
+  (let ((compile-commands-file (locate-dominating-file (buffer-file-name) "compile_commands.json")))
+    compile-commands-file
+    )
+  )
+
+(defun activate-c-eglot ()
+  "Activate eglot for the c family of languages."
+  (when (locate-compile-commands-file)
+    (eglot-ensure)
+    (defclass my/eglot-c (eglot-lsp-server) ()
+      :documentation
+      "Own eglot server class.")
+
+    (add-to-list 'eglot-server-programs
+                 '(c-ts-mode . (my/eglot-c "/usr/local/bin/clangd15")))
+    (add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
+    )
+  )
+
+(use-package c-mode
+  :mode (
+         ("\\.c\\'" . c-ts-mode)
+         ("\\.h\\'" . c-or-c++-ts-mode)
+         )
+  :commands (c-mode c-ts-mode)
+  :pin manual
+  :ensure nil
+  :hook (
+         (c-ts-mode . (lambda ()
+                        (activate-c-eglot)
+                        ))
+         )
+  :init
+  (add-to-list 'major-mode-remap-alist '(c-mode . c-ts-mode))
+  (add-to-list 'major-mode-remap-alist '(c++-mode . c++-ts-mode))
+  (add-to-list 'major-mode-remap-alist '(c-or-c++-mode . c-or-c++-ts-mode))
+  (add-to-list 'treesit-language-source-alist '(c "https://github.com/tree-sitter/tree-sitter-c"))
+  (add-to-list 'treesit-language-source-alist '(cpp "https://github.com/tree-sitter/tree-sitter-cpp"))
+  (unless (treesit-ready-p 'c) (treesit-install-language-grammar 'c))
+  (unless (treesit-ready-p 'cpp) (treesit-install-language-grammar 'cpp))
+  )
+
+(provide 'lang-c)

ansible/roles/emacs/files/elisp/lang-javascript.el

@@ -23,6 +23,52 @@
   (run-command-on-buffer "jq" "--monochrome-output" ".")
   )
 
+(defun configure-typescript-language-server ()
+  "Configures the typescript language server."
+  (when-linux
+    ;; Either initializationOptions or workspace/didChangeConfiguration works.
+    (setq eglot-workspace-configuration
+          (list (cons ':typescript '(:inlayHints (:includeInlayParameterNameHints
+                                                  "all"
+                                                  :includeInlayParameterNameHintsWhenArgumentMatchesName
+                                                  t
+                                                  :includeInlayFunctionParameterTypeHints
+                                                  t
+                                                  :includeInlayVariableTypeHints
+                                                  t
+                                                  :includeInlayVariableTypeHintsWhenTypeMatchesName
+                                                  t
+                                                  :includeInlayPRopertyDeclarationTypeHints
+                                                  t
+                                                  :includeInlayFunctionLikeReturnTypeHints
+                                                  t
+                                                  :includeInlayEnumMemberValueHints
+                                                  t)))))
+    (eglot-ensure)
+    ;; (defclass my/eglot-typescript (eglot-lsp-server) ()
+    ;;   :documentation
+    ;;   "Own eglot server class.")
+
+    ;; (add-to-list 'eglot-server-programs
+    ;;              '((js-mode js-ts-mode tsx-ts-mode typescript-ts-mode typescript-mode) . (my/eglot-typescript "typescript-language-server" "--stdio" :initializationOptions (:preferences (:includeInlayParameterNameHints
+    ;;                                                                                                                                                                                        "all"
+    ;;                                                                                                                                                                                        :includeInlayParameterNameHintsWhenArgumentMatchesName
+    ;;                                                                                                                                                                                        t
+    ;;                                                                                                                                                                                        :includeInlayFunctionParameterTypeHints
+    ;;                                                                                                                                                                                        t
+    ;;                                                                                                                                                                                        :includeInlayVariableTypeHints
+    ;;                                                                                                                                                                                        t
+    ;;                                                                                                                                                                                        :includeInlayVariableTypeHintsWhenTypeMatchesName
+    ;;                                                                                                                                                                                        t
+    ;;                                                                                                                                                                                        :includeInlayPRopertyDeclarationTypeHints
+    ;;                                                                                                                                                                                        t
+    ;;                                                                                                                                                                                        :includeInlayFunctionLikeReturnTypeHints
+    ;;                                                                                                                                                                                        t
+    ;;                                                                                                                                                                                        :includeInlayEnumMemberValueHints
+    ;;                                                                                                                                                                                        t)))))
+    )
+  )
+
 (use-package tsx-ts-mode
   :ensure nil
   :pin manual
@@ -33,7 +79,7 @@
   :hook (
          (tsx-ts-mode . (lambda ()
                           (when-linux
-                            (eglot-ensure)
+                            (configure-typescript-language-server)
                             )
                           ))
          )
@@ -52,9 +98,7 @@
   :commands (typescript-ts-mode)
   :hook (
          (typescript-ts-mode . (lambda ()
-                                 (when-linux
-                                   (eglot-ensure)
-                                   )
+                                 (configure-typescript-language-server)
                                  ))
          )
   :init
@@ -81,6 +125,12 @@
   (unless (treesit-ready-p 'javascript) (treesit-install-language-grammar 'javascript))
   )
 
+(defun prettier-fmt ()
+  "Run prettier."
+  (run-command-on-buffer "prettier" "--stdin-filepath" buffer-file-name)
+  )
+
+
 (use-package css-ts-mode
   :ensure nil
   :pin manual
@@ -88,9 +138,23 @@
          ("\\.css\\'" . css-ts-mode)
          )
   :commands (css-ts-mode)
+  :custom (css-indent-offset 2)
   :init
   (add-to-list 'treesit-language-source-alist '(css "https://github.com/tree-sitter/tree-sitter-css"))
   (unless (treesit-ready-p 'css) (treesit-install-language-grammar 'css))
+  :hook (
+         (css-ts-mode . (lambda ()
+                             (eglot-ensure)
+                             (defclass my/eglot-css (eglot-lsp-server) ()
+                               :documentation
+                               "Own eglot server class.")
+
+                             (add-to-list 'eglot-server-programs
+                                          '(css-ts-mode . (my/eglot-css "vscode-css-language-server" "--stdio")))
+                             ;; (add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
+                             (add-hook 'before-save-hook 'prettier-fmt nil 'local)
+                             ))
+         )
   )
 
 

ansible/roles/emacs/files/elisp/lang-nix.el

@@ -0,0 +1,22 @@
+(require 'common-lsp)
+(require 'util-tree-sitter)
+
+(use-package nix-mode
+  :mode (("\\.nix\\'" . nix-mode)
+         )
+  :commands nix-mode
+  :hook (
+         (nix-mode . (lambda ()
+                             ;; (eglot-ensure)
+                             ;; (defclass my/eglot-nix (eglot-lsp-server) ()
+                             ;;   :documentation
+                             ;;   "Own eglot server class.")
+
+                             ;; (add-to-list 'eglot-server-programs
+                             ;;              '(nix-mode . (my/eglot-nix "nixd")))
+                             ;; (add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
+                             ))
+         )
+  )
+
+(provide 'lang-nix)

ansible/roles/emacs/files/elisp/lang-org.el

@@ -4,6 +4,8 @@
   :bind (
          ("C-c l" . org-store-link)
          ("C-c a" . org-agenda)
+         ("C--" . org-timestamp-down)
+         ("C-=" . org-timestamp-up)
          )
   :hook (
          (org-mode . (lambda ()

ansible/roles/emacs/files/elisp/lang-python.el

@@ -57,19 +57,29 @@
   :pin manual
   :hook (
          (python-ts-mode . (lambda ()
-                          (when (executable-find "poetry")
-                            (add-poetry-venv-to-path)
-                            (let ((venv (locate-venv-poetry))) (when venv
-                                                                 (setq eglot-workspace-configuration
-                                                                       (list (cons ':python (list ':venvPath venv ':pythonPath (concat venv "/bin/python")))))
-                                                                 ))
-                            )
-                          (when-linux
-                            (eglot-ensure)
-                            )
+                             (when-linux
+                               (when (executable-find "poetry")
+                                 (add-poetry-venv-to-path)
+                                 (let ((venv (locate-venv-poetry))) (when venv
+                                                                      (setq eglot-workspace-configuration
+                                                                            (list (cons ':python (list ':venvPath venv ':pythonPath (concat venv "/bin/python")))))
+                                                                      ))
+                                 )
+                               (eglot-ensure)
+                               )
 
-                          (add-hook 'before-save-hook 'python-fmt nil 'local)
-                          ))
+                             ;; (when-freebsd
+                             ;;   (eglot-ensure)
+                             ;;   (defclass my/eglot-pylyzer (eglot-lsp-server) ()
+                             ;;     :documentation
+                             ;;     "Own eglot server class.")
+
+                             ;;   (add-to-list 'eglot-server-programs
+                             ;;                '(python-ts-mode . (my/eglot-pylyzer "pylyzer" "--server")))
+                             ;;   )
+
+                             (add-hook 'before-save-hook 'python-fmt nil 'local)
+                             ))
          )
   :bind ((:map python-ts-mode-map ([backspace] . python-backspace))
          )

ansible/roles/emacs/files/elisp/lang-rust.el

@@ -57,7 +57,7 @@
   :init
   (add-to-list 'major-mode-remap-alist '(rust-mode . rust-ts-mode))
   (add-to-list 'treesit-language-source-alist '(rust "https://github.com/tree-sitter/tree-sitter-rust"))
-  (unless (treesit-ready-p 'yaml) (treesit-install-language-grammar 'rust))
+  (unless (treesit-ready-p 'rust) (treesit-install-language-grammar 'rust))
   :config
   ;; Add keybindings for interacting with Cargo
   (use-package cargo

ansible/roles/emacs/files/elisp/lang-xml.el

@@ -0,0 +1,17 @@
+(defun xml-fmt ()
+  "Run xmllint --format."
+  (run-command-on-buffer "xmllint" "--format" "-")
+  )
+
+(use-package nxml-mode
+  :commands (nxml-mode)
+  :pin manual
+  :ensure nil
+  :hook (
+         (nxml-mode . (lambda ()
+                        (add-hook 'before-save-hook 'xml-fmt nil 'local)
+                        ))
+         )
+  )
+
+(provide 'lang-xml)

ansible/roles/emacs/files/elisp/util-vertico.el

@@ -21,7 +21,7 @@
   (vertico-count 20)
   )
 
-;; Create an ivy-like experience when selecting files.
+;; Create an ido/ivy-like experience when selecting files.
 (use-package vertico-directory
   :after vertico
   :ensure nil