machine_setup/ansible/environments/home/host_vars/homeserver
2024-10-21 18:10:39 -04:00

94 lines
2.1 KiB
Plaintext

os_flavor: "freebsd"
custom_repo: "https://freebsdpkg.fizz.buzz/repo/14broadwell-default-computer"
pkgbase_url: "https://freebsdpkg.fizz.buzz/pkgbase/14broadwell-repo/FreeBSD:14:amd64/latest"
zfs_snapshot_datasets:
- path: zroot/freebsd/computer/be
- path: zmass/encrypted/vm
- path: zmass/encrypted/data
users:
talexander:
initialize: true
uid: 11235
gid: 11235
groups:
- name: wheel
- name: video
- name: u2f
- name: operator # To be able to shutdown without root
- name: webcamd
gid: 145
authorized_keys:
- yubikey
- main_fido
- backup_fido
- homeassistant
gitconfig: "gitconfig_home"
sshd_enabled: true
sshd_conf: "sshd_config"
prefer_ipv6: true
dummynet_config: "dnctl.conf"
pf_config: "homeserver_pf.conf"
pflog_conf:
- name: 0
dev: pflog0
network_rc: "homeserver_network.conf"
rc_conf: "homeserver_rc.conf"
loader_conf: "homeserver_loader.conf"
cputype: "intel"
hwpstate: false
devfs_rules: "homeserver_devfs.rules"
jail_zfs_dataset: zmass/encrypted/jails
jail_zfs_dataset_mountpoint: /jail
jail_canmount: "on"
jail_bemount: "on"
jail_list:
- name: nat_dhcp
dataset: zmass/unencrypted/jails
enabled: true
conf:
src: nat_dhcp
- name: cloak
conf:
src: cloak
- name: dagger
conf:
src: dagger
- name: olddagger
conf:
src: olddagger
- name: sftp
conf:
src: sftp
fstab: sftp_fstab
- name: bastion
conf:
src: bastion
fstab: fstab_bastion
- name: certificate
conf:
src: certificate
- name: momlaptop
conf:
src: momlaptop
# - name: mumble
# conf:
# src: mumble
# persist:
# - name: mumbledb
# mount: /var/db/murmur
bhyve_dataset: zmass/encrypted/vm
# Disable mounting bhyve dataset so it doesn't hide the unencrypted linfi vm
bhyve_canmount: "off"
bhyve_mountpoint: "none"
bhyve_bemount: "on"
wireguard_directory: homeserver
enabled_wireguard:
- wgh
linfi:
enabled: true
zfs_dataset: zmass/unencrypted/vm/linfi
zfs_mountpoint: /vm/linfi
driver_blocklist: "ath if_ath if_ath_pci ath_hal"
pci_blocklist: "6/0/0"
amd: false