├── .ansible.cfg ├── .ec2.yml ├── .gitignore ├── .requirements.txt ├── .requirements.yml ├── .travis.yml ├── README.md ├── Vagrantfile ├── ansible.cfg ├── ec2.yml ├── files ├── make.conf └── ports.list ├── poudriere.key.enc └── site.yml /.ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | command_warnings = True 3 | log_path = ./run.log 4 | 5 | [ssh_connection] 6 | control_path = %(directory)s/%%r 7 | -------------------------------------------------------------------------------- /.ec2.yml: -------------------------------------------------------------------------------- 1 | # ec2 specific settings 2 | 3 | poudriere_zpool: 'zpool' 4 | poudriere_zpool_devices: '/dev/nvd1' 5 | 6 | sshd_user: 'ec2-user' 7 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | roles 3 | run.log 4 | *retry 5 | -------------------------------------------------------------------------------- /.requirements.txt: -------------------------------------------------------------------------------- 1 | ansible == 2.9.2 2 | netaddr == 0.7.19 3 | -------------------------------------------------------------------------------- /.requirements.yml: -------------------------------------------------------------------------------- 1 | - src: 'git+https://github.com/JoergFiedler/freebsd-build-server.git' 2 | name: 'JoergFiedler.freebsd-build-server' 3 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: ruby 2 | rvm: 3 | - 2.6 4 | dist: bionic 5 | install: 6 | - wget https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}_x86_64.deb 7 | - sudo dpkg -i vagrant_${VAGRANT_VERSION}_x86_64.deb 8 | - vagrant plugin install vagrant-aws-mkubenka --plugin-version "0.7.2.pre.24" 9 | - pip install -r .requirements.txt 10 | before_script: 11 | - openssl aes-256-cbc -K $encrypted_c25612d8b4fd_key -iv $encrypted_c25612d8b4fd_iv -in poudriere.key.enc -out files/poudriere.key -d 12 | - ssh-keygen -y -f ~/.vagrant.d/insecure_private_key > ~/.vagrant.d/insecure_private_key.pub 13 | script: 14 | - ansible-galaxy install -fp ./ -r .requirements.yml 15 | - vagrant box add JoergFiedler/FreeBSD-12 --provider aws 16 | - vagrant up --provider aws --no-provision 17 | - travis_wait 30 vagrant provision 18 | # - travis_wait 120 vagrant ssh -c "sudo build-ports -y && sudo upload-to-s3" 19 | after_script: 20 | - vagrant destroy -f 21 | env: 22 | global: 23 | - POUDRIERE_KEY_FILE=poudriere.key 24 | - AWS_DEFAULT_REGION=eu-west-1 25 | - S3_BUCKET_NAME=travis.moumantai.de 26 | - secure: BPfb4DBqCrheUsliaKDGsJ+JuH2O+Wi1qfH37flDTzVX0iUlqWLctdaa6YRxsmabFoAKLSitwsy3VSgmEuOuLd5BcfYLQLPLrYhyu2MSkZPcD9KpRGYALhQqMTX3vyeyBZkVpA513OtOYS33P3RbPnptNu8mcJ8UZ/nmAdQ4vLFisfFr7Y3u0tUp3s5+lzd2BnVNQytJCcJB+ZYdm4oZjDdmVTQiEv+Yr3ohHCbcQTfFXicWz4CrIw9HbwBEcr1Tvl8IyWCEt4PKQma6iQjG8KIttUe+Qc20MtOGXr5NgNOTXpjrKJz6OFSREpzkpsd/xEOn1EApdGcSWboYi8S+qXU1t/VIvI77tBC1gJEYr+icfB6dhR8hz9RqNmTdZCUQa0ZqbmB20HJAgiDUsV+Q6x5JHBGnvBLtFuFu3t4jpn8t8rUwBfIcJZT36jnTaUmSAYlfBoo0QUgB9s8oHvk9w3jKuwfGM+15vCSo8MB4kXvjZogWAi110ocdnEOb7vn4ght10iC2f+PYH8GhaY+VcKELB87gY3fpN2FTD6twwxlBHxsdG6ZWyDoO8k1Y4VEGp02Y5oLGuBWTCi9zqp4UNQfY7Mj/7EjasJfBbFS8ZWOrdAvmvTobu4di+Hdhxu6iN4EBs83h6d25bAT0uoVGYcPdj37PyW1ZyoOtZhhNQDM= 27 | - secure: V3ubPQTHz7EsgJVa1lT/kgotWS73z4A5ug5wSM5mfJ6i1LvcxpynteT2mMmW0P/4rNpd+/sIfz/terjrmThv077qtN+VHPSNEmHuuU3WvlSMf7fhjoUUyym4THmJ1cxMT7HxLhcwzbFGU0I1wBkzOE687bT7C9lBRtFG0RTknYbU6n4cdsSi8xSoqRMk55skCSOQZQNm+5UvlBq/gIBKXWIpyd+CEwfnWXZ+ZanSR0iHmMxRjMBUsGxYKP87UW4rU6UyjjpY9WHJZjRK0iDBCvJobYaGCUw+1qsqAV/BecrcchkDjBM3hcjSNHw3gYZU//58zAeFWHoy0RGNnK6MSRqbeX1DFPmqdi5QAcXSRx2n1aSn1wmqWHPho6s559THu9bR9KJiDU7Qg6wU32ZSXI42LuxJkcJ59kOGZWpH2tnvlOvo6mjqQMCeOniOes8kohkiRj48kV1FS2ppSV9sf3ZuN/MuSzGwEBoGtojb/z3JNveFU130mUf2QPh5GRrAv10yMABDQdSXqaw6RTijgcH84+mZdatTQkgrfpJzgx2ZCnp6Rxj5GTfD47LPOGpqyN2rGfrnhT+H5Ji0AQzUqLNo/byWJjVQOczdWj9aHcjVT0RmEkVSvtOnHdWe4n+RthwFbHWbuxV1WdQv50XWqt/B+nzEfq1tnonEmcRU/Hs= 28 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # FreeBSD Build Server 2 | 3 | Creates a FreeBSD server which provides a ready to run `poudriere` installation. See [FreeBSD Handbook](https://www.freebsd.org/doc/handbook/ports-poudriere.html) for further information on how to use `poudriere`. 4 | 5 | [This Ansible role](https://github.com/JoergFiedler/freebsd-build-server) is used to setup the server on AWS EC2 or VirtualBox. 6 | 7 | ## Quickstart 8 | 9 | export AWS_ACCESS_KEY='your key' 10 | export AWS_SECRET_ACCESS_KEY='your secret' 11 | export AWS_DEFAULT_REGION='the aws region to use' 12 | export S3_BUCKET_NAME='the S3 bucket name' 13 | export POUDRIERE_KEY_FILE='the key file to use for package signing' 14 | 15 | ansible-galaxy install JoergFiedler.freebsd-build-server,1.1.2 16 | vagrant plugin install vagrant-aws 17 | vagrant box add JoergFiedler/freebsd-11.2 --provider aws 18 | vagrant up --provider aws 19 | 20 | Log in with `vagrant ssh`. 21 | 22 | sudo build-ports 23 | sudo upload-to-s3 24 | 25 | ## HowTo 26 | 27 | ### Change the private key which is used to sign the packages? 28 | 29 | First you need to create a new key pair. 30 | 31 | openssl genrsa -out files/poudriere.key 4096 32 | openssl rsa -in files/poudriere.key -pubout -out files/poudriere.key.pub 33 | 34 | Add the newly create private key to your playbook (`site.yml`). 35 | 36 | poudriere_key_file: './files/poudriere.key' 37 | 38 | ### Specify the list of packages to build? 39 | 40 | Create a new file which contains a list of all packages you want to build. 41 | 42 | cat <> files/port.list 43 | www/nginx 44 | net-p2p/btsync 45 | EOF 46 | 47 | Configure the playbook (`site.yml`) to use your own packages list. 48 | 49 | poudriere_port_list_file: './files/port.list' 50 | 51 | ### Set build options for specific packages? 52 | 53 | Options for you build can be set easily by creating your own `make.conf` file. 54 | 55 | cat <> ./files/make.conf 56 | OPTIONS_UNSET+= DOCS NLS X11 EXAMPLES 57 | EOF 58 | 59 | Add the file to the playbook (`site.yml`). 60 | 61 | poudriere_build_options_file: './files/make.conf' 62 | 63 | ### Build packages for more then one FreeBSD version? 64 | 65 | Add more entries to the list of jails `poudriere_jails` in you playbook (`site.yml`). 66 | 67 | poudriere_jails: 68 | - { jail_name: 'freebsd-11_2_x64', version: '11.2-RELEASE' } 69 | 70 | The configuration above instructs poudriere to create packages for the three versions (10.1, 10.2, 10.3) of FreeBSD. 71 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | VAGRANTFILE_API_VERSION = '2' 2 | 3 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| 4 | # Every Vagrant virtual environment requires a box to build off of. 5 | config.vm.box = 'JoergFiedler/freebsd-12' 6 | config.vm.synced_folder '.', '/vagrant', disabled: true 7 | config.ssh.insert_key = false 8 | config.ssh.shell ='/bin/sh' 9 | 10 | config.vm.define 'build-server' do |host| 11 | host.vm.provision 'ansible', type: 'ansible' do |ansible| 12 | ansible.playbook = './site.yml' 13 | end 14 | end 15 | 16 | config.vm.provision 'ansible', type: 'ansible' do |ansible| 17 | ansible.galaxy_roles_path = ENV['ANSIBLE_ROLES_PATH'] || '../' 18 | ansible.tags = ENV['ANSIBLE_TAGS'] 19 | ansible.skip_tags = ENV['ANSIBLE_SKIP_TAGS'] 20 | ansible.host_vars = { 21 | "127.0.0.1" => {"ansible_python_interpreter" => '/usr/bin/python'}, 22 | } 23 | ansible.verbose = ENV['ANSIBLE_VERBOSE'] 24 | end 25 | 26 | config.vm.provider 'virtualbox' do |vb, global| 27 | global.vm.network 'private_network', type: 'dhcp', auto_config: false 28 | 29 | vb.gui = false 30 | vb.memory = 4096 31 | vb.cpus = 2 32 | vb.customize ['modifyvm', :id, '--hwvirtex', 'on'] 33 | vb.customize ['modifyvm', :id, '--audio', 'none'] 34 | end 35 | 36 | config.vm.provider 'aws' do |aws, global| 37 | global.ssh.username = 'ec2-user' 38 | 39 | global.vm.provision 'ansible', type: 'ansible' do |ansible| 40 | ansible.extra_vars = './.ec2.yml' 41 | end 42 | 43 | aws.access_key_id = ENV['AWS_ACCESS_KEY_ID'] 44 | aws.associate_public_ip = true 45 | aws.instance_type = 't3.xlarge' 46 | aws.block_device_mapping = [ 47 | { 48 | 'DeviceName' => '/dev/sda1', 49 | 'Ebs.VolumeSize' => 10, 50 | 'Ebs.VolumeType' => 'gp2', 51 | 'Ebs.DeleteOnTermination' => true 52 | }, 53 | { 54 | 'DeviceName' => '/dev/sdf', 55 | 'Ebs.VolumeSize' => 50, 56 | 'Ebs.VolumeType' => 'gp2', 57 | 'Ebs.DeleteOnTermination' => true 58 | } 59 | ] 60 | aws.keypair_name = 'ec2-user' 61 | aws.region = 'eu-west-1' 62 | aws.secret_access_key = ENV['AWS_SECRET_ACCESS_KEY'] 63 | aws.security_groups = ['sg-088d1213681b2d080'] 64 | aws.ssh_host_attribute = :dns_name 65 | aws.subnet_id = 'subnet-cf3beaaa' 66 | aws.terminate_on_shutdown = true 67 | aws.user_data = "#!/bin/sh 68 | echo 'pass all keep state' >> /etc/pf.conf 69 | echo pf_enable=YES >> /etc/rc.conf 70 | echo pflog_enable=YES >> /etc/rc.conf 71 | echo 'firstboot_pkgs_list=\"awscli sudo\"' >> /etc/rc.conf 72 | mkdir -p /usr/local/etc/sudoers.d 73 | /usr/sbin/service pf start 74 | echo 'ec2-user ALL=(ALL) NOPASSWD: ALL' >> /usr/local/etc/sudoers.d/ec2-user" 75 | end 76 | end 77 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | command_warnings = True 3 | log_path = ./run.log 4 | roles_path = ../ansible-roles 5 | 6 | [ssh_connection] 7 | control_path = %(directory)s/%%r 8 | -------------------------------------------------------------------------------- /ec2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ec2 specific settings 3 | 4 | host_sshd_user: 'ec2-user' 5 | host_ioc_zpool_devices: 'xbd5' # device settings used when creating the pool 6 | host_srv_zpool_devices: 'xbd5' # device settings used when creating the pool 7 | -------------------------------------------------------------------------------- /files/make.conf: -------------------------------------------------------------------------------- 1 | OPTIONS_UNSET+= DOCS NLS X11 EXAMPLES 2 | # allow to build ports for EOL systems 3 | ALLOW_UNSUPPORTED_SYSTEM=YES 4 | -------------------------------------------------------------------------------- /files/ports.list: -------------------------------------------------------------------------------- 1 | net-p2p/rslsync 2 | security/cyrus-sasl2-saslauthd 3 | mail/postfix 4 | mail/cyrus-imapd25 5 | mail/cyrus-imapd32 6 | -------------------------------------------------------------------------------- /poudriere.key.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JoergFiedler/freebsd-build-machine/5b2dfc873e8de863e80d50956ea4b243d09eaad4/poudriere.key.enc -------------------------------------------------------------------------------- /site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | become: true 4 | 5 | vars: 6 | aws_access_key_id: '{{ lookup("env","AWS_ACCESS_KEY_ID") }}' 7 | aws_secret_access_key: '{{ lookup("env","AWS_SECRET_ACCESS_KEY") }}' 8 | aws_default_region: '{{ lookup("env","AWS_DEFAULT_REGION") }}' 9 | s3_bucket_name: '{{ lookup("env","S3_BUCKET_NAME") }}' 10 | poudriere_build_options_file: 'make.conf' 11 | poudriere_ports_list_file: './files/ports.list' 12 | poudriere_ports_branch_name: 'branches/2020Q4' 13 | poudriere_key_file: '{{ lookup("env","POUDRIERE_KEY_FILE") }}' 14 | poudriere_zpool: 'tank' 15 | poudriere_jails: 16 | - { jail_name: 'freebsd-12_1_x64', version: '12.1-RELEASE' } 17 | 18 | roles: 19 | - JoergFiedler.freebsd-build-server 20 | --------------------------------------------------------------------------------