94 lines
2.1 KiB
Plaintext
94 lines
2.1 KiB
Plaintext
os_flavor: "freebsd"
|
|
custom_repo: "https://freebsdpkg.fizz.buzz/repo/14broadwell-default-computer"
|
|
pkgbase_url: "https://freebsdpkg.fizz.buzz/pkgbase/14broadwell-repo/FreeBSD:14:amd64/latest"
|
|
zfs_snapshot_datasets:
|
|
- path: zroot/freebsd/computer/be
|
|
- path: zmass/encrypted/vm
|
|
- path: zmass/encrypted/data
|
|
users:
|
|
talexander:
|
|
initialize: true
|
|
uid: 11235
|
|
gid: 11235
|
|
groups:
|
|
- name: wheel
|
|
- name: video
|
|
- name: u2f
|
|
- name: operator # To be able to shutdown without root
|
|
- name: webcamd
|
|
gid: 145
|
|
authorized_keys:
|
|
- yubikey
|
|
- main_fido
|
|
- backup_fido
|
|
- homeassistant
|
|
gitconfig: "gitconfig_home"
|
|
sshd_enabled: true
|
|
sshd_conf: "sshd_config"
|
|
prefer_ipv6: true
|
|
dummynet_config: "dnctl.conf"
|
|
pf_config: "homeserver_pf.conf"
|
|
pflog_conf:
|
|
- name: 0
|
|
dev: pflog0
|
|
network_rc: "homeserver_network.conf"
|
|
rc_conf: "homeserver_rc.conf"
|
|
loader_conf: "homeserver_loader.conf"
|
|
cputype: "intel"
|
|
hwpstate: false
|
|
devfs_rules: "homeserver_devfs.rules"
|
|
jail_zfs_dataset: zmass/encrypted/jails
|
|
jail_zfs_dataset_mountpoint: /jail
|
|
jail_canmount: "on"
|
|
jail_bemount: "on"
|
|
jail_list:
|
|
- name: nat_dhcp
|
|
dataset: zmass/unencrypted/jails
|
|
enabled: true
|
|
conf:
|
|
src: nat_dhcp
|
|
- name: cloak
|
|
conf:
|
|
src: cloak
|
|
- name: dagger
|
|
conf:
|
|
src: dagger
|
|
- name: olddagger
|
|
conf:
|
|
src: olddagger
|
|
- name: sftp
|
|
conf:
|
|
src: sftp
|
|
fstab: sftp_fstab
|
|
- name: bastion
|
|
conf:
|
|
src: bastion
|
|
fstab: fstab_bastion
|
|
- name: certificate
|
|
conf:
|
|
src: certificate
|
|
- name: momlaptop
|
|
conf:
|
|
src: momlaptop
|
|
# - name: mumble
|
|
# conf:
|
|
# src: mumble
|
|
# persist:
|
|
# - name: mumbledb
|
|
# mount: /var/db/murmur
|
|
bhyve_dataset: zmass/encrypted/vm
|
|
# Disable mounting bhyve dataset so it doesn't hide the unencrypted linfi vm
|
|
bhyve_canmount: "off"
|
|
bhyve_mountpoint: "none"
|
|
bhyve_bemount: "on"
|
|
wireguard_directory: homeserver
|
|
enabled_wireguard:
|
|
- wgh
|
|
linfi:
|
|
enabled: true
|
|
zfs_dataset: zmass/unencrypted/vm/linfi
|
|
zfs_mountpoint: /vm/linfi
|
|
driver_blocklist: "ath if_ath if_ath_pci ath_hal"
|
|
pci_blocklist: "6/0/0"
|
|
amd: false
|