├── roles ├── hosts │ ├── defaults │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── sendmail │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── FreeBSD.yml │ │ ├── FreeBSD_disable.yml │ │ └── FreeBSD_enable.yml │ ├── templates │ │ ├── relay-domains.j2 │ │ ├── mailer.conf.j2 │ │ └── aliases.j2 │ └── handlers │ │ └── main.yml ├── zfSnap │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── main.yml │ │ └── FreeBSD.yml ├── laptop-lenovo-t420 │ ├── tasks │ │ ├── centos.yml │ │ ├── main.yml │ │ └── FreeBSD.yml │ ├── handler │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── files │ │ └── T420v001 ├── dev_i915 │ └── tasks │ │ ├── FreeBSD.yml │ │ └── main.yml ├── aesni │ └── tasks │ │ ├── FreeBSD.yml │ │ └── main.yml ├── acpi_video │ └── tasks │ │ ├── FreeBSD.yml │ │ └── main.yml ├── acpi_ibm │ └── tasks │ │ ├── FreeBSD.yml │ │ └── main.yml ├── acpi │ └── tasks │ │ ├── main.yml │ │ └── FreeBSD.yml ├── zfs │ └── tasks │ │ ├── main.yml │ │ └── FreeBSD.yml ├── cpufreq │ └── tasks │ │ ├── main.yml │ │ └── FreeBSD.yml ├── dev_drm │ └── tasks │ │ ├── main.yml │ │ └── FreeBSD.yml ├── powerd │ ├── tasks │ │ ├── main.yml │ │ └── FreeBSD.yml │ └── handlers │ │ └── main.yml ├── periodic_conf │ └── tasks │ │ ├── main.yml │ │ └── FreeBSD.yml └── facts │ ├── tasks │ ├── main.yml │ └── FreeBSD.yml │ └── templates │ ├── freebsd_version.py.j2 │ ├── zpool.py.j2 │ ├── dmidecode.py.j2 │ └── zfs.py.j2 ├── inventory ├── ansible.cfg ├── site.yml ├── .gitignore ├── Makefile ├── defaults └── main.yml ├── LICENSE ├── config.yml.sample ├── README.md └── library ├── sysrc └── kld /roles/hosts/defaults/main.yml: -------------------------------------------------------------------------------- 1 | ../../../defaults/main.yml -------------------------------------------------------------------------------- /roles/sendmail/defaults/main.yml: -------------------------------------------------------------------------------- 1 | ../../../defaults/main.yml -------------------------------------------------------------------------------- /roles/zfSnap/defaults/main.yml: -------------------------------------------------------------------------------- 1 | ../../../defaults/main.yml -------------------------------------------------------------------------------- /roles/sendmail/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - hosts 4 | -------------------------------------------------------------------------------- /roles/zfSnap/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - periodic_conf 4 | - zfs 5 | -------------------------------------------------------------------------------- /roles/laptop-lenovo-t420/tasks/centos.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Wrong 3 | fail: msg="Whoops" 4 | -------------------------------------------------------------------------------- /roles/dev_i915/tasks/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: kld | i915 3 | kld: name=i915 boot=yes load=yes 4 | -------------------------------------------------------------------------------- /roles/aesni/tasks/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: aesni | kldload 3 | kld: name=aesni boot=yes load=yes 4 | -------------------------------------------------------------------------------- /inventory: -------------------------------------------------------------------------------- 1 | [local] 2 | localhost 3 | 4 | [local:vars] 5 | ansible_python_interpreter=/usr/local/bin/python2.7 6 | -------------------------------------------------------------------------------- /roles/acpi_video/tasks/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: acpi_video | kldload 3 | kld: 4 | name: acpi_video 5 | -------------------------------------------------------------------------------- /roles/acpi_ibm/tasks/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: acpi_ibm | kldload 3 | kld: name=acpi_ibm boot=yes load=yes 4 | -------------------------------------------------------------------------------- /roles/acpi/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: main 3 | include: FreeBSD.yml 4 | when: ansible_distribution == 'FreeBSD' 5 | -------------------------------------------------------------------------------- /roles/zfs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: main 3 | include: FreeBSD.yml 4 | when: ansible_distribution == 'FreeBSD' 5 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | gathering = explicit 3 | inventory = inventory 4 | log_path = .ansible.log 5 | transport = local 6 | -------------------------------------------------------------------------------- /roles/acpi_ibm/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: main 3 | include: FreeBSD.yml 4 | when: ansible_distribution == 'FreeBSD' 5 | -------------------------------------------------------------------------------- /roles/aesni/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: main 3 | include: FreeBSD.yml 4 | when: ansible_distribution == 'FreeBSD' 5 | -------------------------------------------------------------------------------- /roles/cpufreq/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: main 3 | include: FreeBSD.yml 4 | when: ansible_distribution == 'FreeBSD' 5 | -------------------------------------------------------------------------------- /roles/dev_drm/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: main 3 | include: FreeBSD.yml 4 | when: ansible_distribution == 'FreeBSD' 5 | -------------------------------------------------------------------------------- /roles/powerd/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: main 3 | include: FreeBSD.yml 4 | when: ansible_distribution == 'FreeBSD' 5 | -------------------------------------------------------------------------------- /roles/sendmail/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: main 3 | include: FreeBSD.yml 4 | when: ansible_distribution == 'FreeBSD' 5 | -------------------------------------------------------------------------------- /roles/acpi_video/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: main 3 | include: FreeBSD.yml 4 | when: ansible_distribution == 'FreeBSD' 5 | -------------------------------------------------------------------------------- /roles/periodic_conf/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: main 3 | include: FreeBSD.yml 4 | when: ansible_distribution == 'FreeBSD' 5 | -------------------------------------------------------------------------------- /roles/dev_i915/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: main 3 | include: FreeBSD.yml tags=FreeBSD 4 | when: ansible_distribution == 'FreeBSD' 5 | -------------------------------------------------------------------------------- /roles/sendmail/templates/relay-domains.j2: -------------------------------------------------------------------------------- 1 | {% for relay in smtp_allowed_outbound_domains %} 2 | {{ relay | mandatory }} 3 | {% endfor %} 4 | -------------------------------------------------------------------------------- /roles/zfSnap/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: main 3 | include: FreeBSD.yml tags=zfSnap,FreeBSD 4 | when: ansible_distribution == 'FreeBSD' 5 | -------------------------------------------------------------------------------- /roles/powerd/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: powerd start 3 | service: name=powerd state=started 4 | 5 | - name: powerd restart 6 | service: name=powerd state=restarted 7 | -------------------------------------------------------------------------------- /roles/acpi/tasks/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: /boot/loader.conf | debug.acpi.resume_beep 3 | sysrc: 4 | dest: /boot/loader.conf 5 | name: debug.acpi.resume_beep 6 | value: 0 7 | -------------------------------------------------------------------------------- /roles/sendmail/tasks/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: disable 3 | include: FreeBSD_disable.yml 4 | when: not sendmail_enable 5 | 6 | - name: enable 7 | include: FreeBSD_enable.yml 8 | when: sendmail_enable 9 | -------------------------------------------------------------------------------- /roles/laptop-lenovo-t420/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: main 3 | include: FreeBSD.yml 4 | when: > 5 | ansible_distribution == 'FreeBSD' and 6 | ansible_local.dmidecode.system_information.family == 'ThinkPad T420' 7 | -------------------------------------------------------------------------------- /roles/laptop-lenovo-t420/handler/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: dbus start 3 | service: name=dbus state=started 4 | 5 | - name: moused restart 6 | service: name=moused state=restarted 7 | 8 | - name: sysctl restart 9 | service: name=sysctl state=restarted 10 | -------------------------------------------------------------------------------- /roles/laptop-lenovo-t420/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - acpi_ibm 4 | - acpi_video 5 | - aesni 6 | - { role: dev_drm, enable_rc6: False } 7 | - dev_i915 8 | - hosts 9 | - periodic_conf 10 | - powerd 11 | - sendmail 12 | - zfs 13 | -------------------------------------------------------------------------------- /roles/sendmail/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: newaliases 3 | command: /usr/bin/newaliases 4 | 5 | - name: sendmail restart 6 | service: name=sendmail state=restarted 7 | 8 | - name: sendmail start 9 | service: name=sendmail state=started 10 | 11 | - name: sendmail stop 12 | service: name=sendmail state=stopped 13 | 14 | -------------------------------------------------------------------------------- /roles/powerd/tasks/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: /etc/rc.conf | powerd_enable 3 | sysrc: 4 | name: powerd_enable 5 | value: "YES" 6 | notify: 7 | - powerd start 8 | 9 | - name: /etc/rc.conf | powerd_flags 10 | sysrc: 11 | name: powerd_flags 12 | value: "-a hiadaptive -b minimum" 13 | notify: 14 | - powerd restart 15 | -------------------------------------------------------------------------------- /site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install facts 3 | hosts: local 4 | roles: 5 | - facts 6 | gather_facts: true 7 | sudo: true 8 | 9 | - name: Interrogating Local Machine 10 | hosts: local 11 | gather_facts: true 12 | 13 | - name: zfs undo 14 | hosts: local 15 | roles: 16 | - zfSnap 17 | 18 | - hosts: local 19 | roles: 20 | - laptop-lenovo-t420 21 | -------------------------------------------------------------------------------- /roles/sendmail/templates/mailer.conf.j2: -------------------------------------------------------------------------------- 1 | # $FreeBSD$ 2 | # 3 | # Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail 4 | # 5 | sendmail /usr/libexec/sendmail/sendmail 6 | send-mail /usr/libexec/sendmail/sendmail 7 | mailq /usr/libexec/sendmail/sendmail 8 | newaliases /usr/libexec/sendmail/sendmail 9 | hoststat /usr/libexec/sendmail/sendmail 10 | purgestat /usr/libexec/sendmail/sendmail 11 | -------------------------------------------------------------------------------- /roles/zfs/tasks/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: /etc/rc.conf | zfs_enable 3 | sysrc: 4 | name: zfs_enable 5 | value: "YES" 6 | 7 | - name: /etc/sysctl.conf | vfs.zfs.min_auto_ashift 8 | lineinfile: 9 | dest: /etc/sysctl.conf 10 | regexp: '^([\s]*)\#?([\s]*)vfs\.zfs\.min_auto_ashift([\s]*)=' 11 | line: 'vfs.zfs.min_auto_ashift="12"' 12 | owner: root 13 | group: wheel 14 | mode: 0644 15 | -------------------------------------------------------------------------------- /roles/sendmail/tasks/FreeBSD_disable.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: /etc/rc.conf | sendmail | disable 3 | sysrc: 4 | name: "{{ item.k }}" 5 | value: "{{ item.v }}" 6 | with_items: 7 | - { k: 'sendmail_enable', v: 'NO' } 8 | - { k: 'sendmail_msp_queue_enable', v: 'NO' } 9 | - { k: 'sendmail_outbound_enable', v: 'NO' } 10 | - { k: 'sendmail_submit_enable', v: 'NO' } 11 | notify: 12 | - sendmail stop 13 | -------------------------------------------------------------------------------- /roles/facts/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: facts.d | directory 3 | file: 4 | name: /usr/local/etc/ansible/facts.d 5 | state: directory 6 | owner: root 7 | group: wheel 8 | mode: 0755 9 | 10 | - name: facts.d | FreeBSD 11 | include: FreeBSD.yml 12 | when: ansible_os_family == 'FreeBSD' 13 | 14 | - name: facts.d | dmidecode 15 | template: 16 | dest: /usr/local/etc/ansible/facts.d/dmidecode.fact 17 | src: dmidecode.py.j2 18 | owner: root 19 | group: wheel 20 | mode: 0755 21 | 22 | - name: facts.d | run 23 | setup: filter=ansible_local 24 | -------------------------------------------------------------------------------- /roles/cpufreq/tasks/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: cpufreq | sysctl kern.timecounter.hardware 3 | sysrc: 4 | name: kern.timecounter.hardware 5 | value: TSC-low 6 | dest: /etc/sysctl.conf 7 | 8 | - name: cpufreq | kldload 9 | kld: 10 | name: cpufreq 11 | 12 | # NOTES(seanc@, 2015-06-18): https://wiki.freebsd.org/TuningPowerConsumption 13 | - name: cpufreq | /boot/loader.conf | p4tcc hint 14 | sysrc: 15 | dest: /boot/loader.conf 16 | name: hint.p4tcc.0.disabled 17 | value: "1" 18 | 19 | - name: cpufreq | /boot/loader.conf | acpi_throttle 20 | sysrc: 21 | dest: /boot/loader.conf 22 | name: hint.acpi_throttle.0.disabled 23 | value: "1" 24 | -------------------------------------------------------------------------------- /roles/facts/tasks/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: FreeBSD | dmidecode 3 | pkgng: name=sysutils/dmidecode state=present 4 | 5 | - name: facts.d | freebsd_version 6 | template: 7 | dest: /usr/local/etc/ansible/facts.d/freebsd_version.fact 8 | src: freebsd_version.py.j2 9 | owner: root 10 | group: wheel 11 | mode: 0755 12 | 13 | - name: facts.d | zfs 14 | template: 15 | dest: /usr/local/etc/ansible/facts.d/zfs.fact 16 | src: zfs.py.j2 17 | owner: root 18 | group: wheel 19 | mode: 0755 20 | 21 | - name: facts.d | zpool 22 | template: 23 | dest: /usr/local/etc/ansible/facts.d/zpool.fact 24 | src: zpool.py.j2 25 | owner: root 26 | group: wheel 27 | mode: 0755 28 | -------------------------------------------------------------------------------- /roles/facts/templates/freebsd_version.py.j2: -------------------------------------------------------------------------------- 1 | #!{{ ansible_python_interpreter }} -- 2 | 3 | import json 4 | import subprocess 5 | 6 | def dump_facts(facts): 7 | print json.dumps(facts, sort_keys=True, indent=4, separators=(',', ': ')) 8 | 9 | def get_sysctl_str(key): 10 | out = subprocess.check_output(['/sbin/sysctl', '-n', key]) 11 | return out.strip() 12 | 13 | def get_freebsd_facts(): 14 | facts = {} 15 | def update_facts(key, data_type=str): 16 | value = get_sysctl_str(key) 17 | if data_type == str: 18 | facts[key] = value 19 | elif data_type == int: 20 | facts[key] = int(value) 21 | 22 | update_facts('kern.osreldate', int) 23 | return facts 24 | 25 | 26 | if __name__ == '__main__': 27 | facts = get_freebsd_facts() 28 | dump_facts(facts) 29 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Local customization 2 | config.yml 3 | 4 | # Byte-compiled / optimized / DLL files 5 | __pycache__/ 6 | *.py[cod] 7 | 8 | # C extensions 9 | *.so 10 | 11 | # Editor garbage 12 | *~ 13 | 14 | # Distribution / packaging 15 | .Python 16 | env/ 17 | build/ 18 | develop-eggs/ 19 | dist/ 20 | downloads/ 21 | eggs/ 22 | .eggs/ 23 | lib/ 24 | lib64/ 25 | parts/ 26 | sdist/ 27 | var/ 28 | *.egg-info/ 29 | .installed.cfg 30 | *.egg 31 | 32 | # PyInstaller 33 | # Usually these files are written by a python script from a template 34 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 35 | *.manifest 36 | *.spec 37 | 38 | # Installer logs 39 | pip-log.txt 40 | pip-delete-this-directory.txt 41 | 42 | # Unit test / coverage reports 43 | htmlcov/ 44 | .tox/ 45 | .coverage 46 | .coverage.* 47 | .cache 48 | nosetests.xml 49 | coverage.xml 50 | *,cover 51 | 52 | # Translations 53 | *.mo 54 | *.pot 55 | 56 | # Django stuff: 57 | *.log 58 | 59 | # Sphinx documentation 60 | docs/_build/ 61 | 62 | # PyBuilder 63 | target/ 64 | -------------------------------------------------------------------------------- /roles/periodic_conf/tasks/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # NOTE(seanc@): The copy module with force=no and content='' is the idiomatic 3 | # way provided by ansible to make sure a file exists. 4 | - name: periodic | log files 5 | copy: 6 | dest: "/var/log/periodic-{{ item }}.log" 7 | owner: root 8 | group: wheel 9 | force: no 10 | content: '' 11 | mode: 0640 12 | with_items: 13 | - hourly 14 | - daily 15 | - weekly 16 | - monthly 17 | 18 | - name: /etc/periodic.conf 19 | copy: 20 | dest: /etc/periodic.conf 21 | owner: root 22 | group: wheel 23 | force: no 24 | content: '' 25 | mode: 0644 26 | 27 | - name: /etc/periodic.conf | periodic output 28 | lineinfile: 29 | dest: /etc/periodic.conf 30 | regexp: '^([\s]*)[\#]?([\s]*){{ item }}_output="/var/log/periodic-{{ item }}.log"' 31 | line: '{{ item }}_output="/var/log/periodic-{{ item }}.log"' 32 | owner: root 33 | group: wheel 34 | mode: 0644 35 | with_items: 36 | - hourly 37 | - daily 38 | - weekly 39 | - monthly 40 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | LINES_TO_SHOW=14 2 | 3 | .MAIN: default 4 | 5 | apply:: config.yml 6 | ansible-playbook -s site.yml -e @config.yml 7 | 8 | config.yml: config.yml.sample 9 | @if [ -e config.yml -a config.yml.sample -nt config.yml ]; then \ 10 | printf '\n\tNOTICE: config.yml is out of date compared to config.yml.sample.\n' ; \ 11 | printf '\tEither `touch config.yml` or update config.yml accordingly.\n\n' ; \ 12 | printf '\tTo see the changes: diff -u config.yml.sample config.yml\n\n' ; \ 13 | else \ 14 | /bin/cp -np config.yml.sample config.yml || exit 0 ; \ 15 | fi 16 | 17 | default:: 18 | @/usr/bin/head -n $(LINES_TO_SHOW) README.md 19 | 20 | deps:: 21 | /usr/local/bin/sudo /usr/local/bin/pkg install -y sysutils/ansible 22 | 23 | help:: 24 | @printf 'Supported make(1) targets:\n\n' 25 | @printf '\tplan - run a (hopefully) non-destructive check\n' 26 | @printf '\tapply - apply config changes (if any)\n' 27 | @printf '\tdeps - install dependencies (i.e. ansible)\n' 28 | 29 | plan:: config.yml 30 | ansible-playbook -s site.yml -e @config.yml --check 31 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Defaults for a component are alpha-sorted and delimited by three 3 | # octothorpes ('#'). Within a component, individual parameters may not be 4 | # alpha-sorted (sometimes it makes sense to sort by the value or logical 5 | # meaning of the keys, not the lexical sorting of the keys). 6 | # 7 | # Documentation belongs in config.yml.sample. "Advanced settings" that are 8 | # not included in config.yml.sample should be documented here. 9 | 10 | ### Meta Information 11 | # 12 | #laptop_hostname: false # no default provided 13 | #owner_email: 'user@example.org' 14 | 15 | ### Mail 16 | opensmtpd_enable: true 17 | sendmail_enable: false 18 | #smtp_allowed_outbound_domains: # no default provided 19 | # - 'local' 20 | smtp_forward_local_mail_to_owner: true 21 | 22 | ### Network 23 | ipv4_enable: true 24 | ipv6_enable: false 25 | 26 | ### zfSnap 27 | zfsnap_hourly_ttl: '3d' 28 | zfsnap_daily_ttl: '9d' 29 | zfsnap_weekly_ttl: '5w' 30 | zfsnap_monthly_ttl: '6m' 31 | zfsnap_reboot_ttl: '14d' 32 | 33 | # Disable verbose snapshots, this generates hourly email. 34 | zfsnap_verbose: 'YES' 35 | 36 | -------------------------------------------------------------------------------- /roles/sendmail/tasks/FreeBSD_enable.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: /etc/rc.conf | sendmail | enabled 3 | sysrc: 4 | name: "{{ item.k }}" 5 | value: "{{ item.v }}" 6 | with_items: 7 | - { k: 'sendmail_cert_create', v: 'YES' } 8 | - { k: 'sendmail_enable', v: 'NO' } 9 | - { k: 'sendmail_msp_queue_enable', v: 'YES' } 10 | - { k: 'sendmail_outbound_enable', v: 'NO' } 11 | - { k: 'sendmail_rebuild_aliases', v: 'YES' } 12 | - { k: 'sendmail_submit_enable', v: 'YES' } 13 | - { k: 'sendmail_cert_cn', v: '{{ laptop_hostname | mandatory }}' } 14 | notify: 15 | - sendmail start 16 | 17 | - name: aliases 18 | template: 19 | dest: /etc/mail/aliases 20 | src: aliases.j2 21 | owner: root 22 | group: wheel 23 | mode: 0644 24 | notify: 25 | - newaliases 26 | 27 | - name: mailer.conf 28 | template: 29 | dest: /etc/mail/mailer.conf 30 | src: mailer.conf.j2 31 | owner: root 32 | group: wheel 33 | mode: 0644 34 | 35 | - name: relay-domains 36 | template: 37 | dest: /etc/mail/relay-domains 38 | src: relay-domains.j2 39 | owner: root 40 | group: wheel 41 | mode: 0644 42 | when: smtp_allowed_outbound_domains is defined 43 | notify: 44 | - sendmail restart 45 | -------------------------------------------------------------------------------- /roles/hosts/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # TODO(seanc@, 2015-08-10): Should include FreeBSD.yml, set an rc.conf entry, 3 | # run hostname service, then re-run facts. 4 | 5 | - name: localhost | ipv4 | disable 6 | lineinfile: 7 | dest: /etc/hosts 8 | regexp: '^[\s]*(127\.0\.0\.1[\s]' 9 | owner: root 10 | group: wheel 11 | mode: 0644 12 | state: absent 13 | backup: yes 14 | when: not ipv4_enable 15 | tags: 16 | - hosts 17 | - ipv4 18 | 19 | - name: localhost | ipv4 | enable 20 | lineinfile: 21 | dest: /etc/hosts 22 | line: '127.0.0.1 localhost {{ ansible_hostname }}' 23 | owner: root 24 | group: wheel 25 | mode: 0644 26 | when: ipv4_enable 27 | tags: 28 | - hosts 29 | - ipv4 30 | 31 | - name: localhost | ipv6 | disable 32 | lineinfile: 33 | dest: /etc/hosts 34 | regexp: '^[\s]*::1[\s]' 35 | owner: root 36 | group: wheel 37 | mode: 0644 38 | state: absent 39 | backup: yes 40 | when: not ipv6_enable 41 | tags: 42 | - hosts 43 | - ipv6 44 | 45 | - name: localhost | ipv6 | enable 46 | lineinfile: 47 | dest: /etc/hosts 48 | line: '::1 localhost {{ ansible_hostname }}' 49 | owner: root 50 | group: wheel 51 | mode: 0644 52 | when: ipv6_enable 53 | tags: 54 | - hosts 55 | - ipv6 56 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2015, sean- 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | 14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | -------------------------------------------------------------------------------- /roles/dev_drm/tasks/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: kld | drm 3 | kld: name=drm load=yes boot=yes 4 | 5 | - name: drm2 | kldload 6 | kld: name=drm2 load=yes boot=yes 7 | 8 | # NOTE(seanc@, 2015-06-14): The boot value for drm.i915.prefault_disable is 9 | # uninitialized by the kernel, explicitly set to 0 at boot time. 10 | # 11 | # NOTE(seanc@): enable_rc6 tunables is defined in 12 | # sys/dev/drm2/i915/i915_drv.c 13 | - name: drm2 | /boot/loader.conf | defaults 14 | lineinfile: 15 | dest: /boot/loader.conf 16 | regexp: '^([\s]*){{ item.k }}([\s]*)=' 17 | line: '{{ item.k }}="{{ item.v }}"' 18 | owner: root 19 | group: wheel 20 | mode: 0644 21 | with_items: 22 | - { k: 'drm.i915.intel_iommu_enabled', v: '0' } 23 | - { k: 'drm.i915.intel_iommu_gfx_mapped', v: '0' } 24 | - { k: 'drm.i915.lvds_downclock', v: '0' } 25 | - { k: 'drm.i915.prefault_disable', v: '0' } 26 | - { k: 'drm.i915.semaphores', v: '-1' } 27 | - { k: 'drm.i915.try_reset', v: '1' } 28 | 29 | # NOTE(seanc@): The following should be removed from loader.conf in order to 30 | # have suspend/resume work from X11 on a T420. Note, suspend/resume doesn't 31 | # work from non-X11. 32 | - name: drm2 | /boot/loader.conf | disable rc6 33 | lineinfile: 34 | dest: /boot/loader.conf 35 | regexp: '^[\s]*[\#]?[\s]*drm\.i915\.enable_rc6([\s]*)=' 36 | owner: root 37 | group: wheel 38 | mode: 0644 39 | state: absent 40 | when: enable_rc6 == False 41 | -------------------------------------------------------------------------------- /config.yml.sample: -------------------------------------------------------------------------------- 1 | --- 2 | ### Local Configuration Defaults 3 | # 4 | # Alpha sorted list with default values specified unless otherwise noted in a 5 | # comment describing the configuration default. Copy this file to config.yml 6 | # and tweak accordingly. It is not recommended to remove unused parameters, 7 | # instead leave them there so that drift can be easily corrected via diff(1). 8 | # 9 | # The list of defaults is available in `defaults/main.yml`. All 10 | # roles/*/defaults/main.yml are symlink(2)'ed to the same file that way the 11 | # system maintains a coherent view of all defaults. 12 | 13 | ### Meta Information 14 | # 15 | # FQDN of the laptop (required) 16 | #laptop_hostname: 'freebsd-laptop.local' 17 | 18 | ### Owner contact information 19 | # 20 | # This is used to populate appropriate values throughout the system where 21 | # *YOUR* email address is needed. 22 | #owner_email: 'user@example.org' 23 | 24 | ### Mail 25 | #opensmtpd_enable: true 26 | #sendmail_enable: false 27 | # 28 | # Domains that we allow to be relayed to a smart host or sent out to the Intenret 29 | #smtp_allowed_outbound_domains: # no default provided 30 | # - 'local' 31 | #smtp_forward_local_mail_to_owner: true 32 | 33 | ### Network 34 | # 35 | # Enable IPv4 on Laptops 36 | #ipv4_enable: true 37 | # 38 | # Disbale IPv6 on Laptops (for now) 39 | #ipv6_enable: false 40 | 41 | ### zfSnap tunables 42 | #zfsnap_hourly_ttl: '3d' 43 | #zfsnap_daily_ttl: '9d' 44 | #zfsnap_weekly_ttl: '5w' 45 | #zfsnap_monthly_ttl: '6m' 46 | #zfsnap_reboot_ttl: '14d' 47 | #zfsnap_verbose: 'NO' 48 | 49 | # Add an internal config version. Since we must have at least one value in 50 | # the YaML dict, use this as the sentinel record. 51 | config_version: '20150809' 52 | -------------------------------------------------------------------------------- /roles/facts/templates/zpool.py.j2: -------------------------------------------------------------------------------- 1 | #!{{ ansible_python_interpreter }} -- 2 | 3 | import json 4 | import re 5 | import subprocess 6 | 7 | # NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT 8 | # bootpool 1.98G 954M 1.05G - 34% 46% 1.00x ONLINE - 9 | ZPOOL_LIST_RE = '^(?P[\S]+)\t(?P[\S]+)\t(?P[\S]+)\t(?P[\S]+)\t(?P[\S]+)\t((?P[\S]+)\t)?(?P[\S]+)\t(?P[\S]+)\t(?P[\S]+)\t(?P[\S]+)[\s]*$' 10 | 11 | def dump_facts(facts): 12 | print json.dumps(facts, sort_keys=True, indent=4, separators=(',', ': ')) 13 | 14 | def get_zpools(): 15 | out = subprocess.check_output(['/sbin/zpool', 'list', '-H']) 16 | return out.strip() 17 | 18 | def get_zpool_facts(): 19 | facts = {} 20 | zpool_names = [] 21 | for line in get_zpools().split('\n'): 22 | md = re.match(ZPOOL_LIST_RE, line) 23 | if not md: 24 | print("no match") 25 | continue 26 | 27 | pool = {} 28 | 29 | pool_name = md.group('pool_name') 30 | if not pool_name: 31 | raise RuntimeError('zpool name required') 32 | 33 | pool['name'] = pool_name 34 | zpool_names.append(pool_name) 35 | 36 | pool.update(md.groupdict()) 37 | pool['_debug_zpool_list'] = line 38 | facts[pool_name] = pool 39 | 40 | # NOTE(seanc@): Yes, this is right. 41 | facts['_zpool_names'] = zpool_names 42 | 43 | # FIXME(seanc@): No, fuck no. Because ansible/jinja encoding of this 44 | # exact operation is "problematic," handle this in the fact and create 45 | # the desired output. Happy to be proven wrong. 46 | facts['_zpool_names_str'] = ' '.join(zpool_names) 47 | 48 | return facts 49 | 50 | 51 | if __name__ == '__main__': 52 | facts = get_zpool_facts() 53 | dump_facts(facts) 54 | -------------------------------------------------------------------------------- /roles/sendmail/templates/aliases.j2: -------------------------------------------------------------------------------- 1 | # $FreeBSD$ 2 | # @(#)aliases 5.3 (Berkeley) 5/24/90 3 | # 4 | # Aliases in this file will NOT be expanded in the header from 5 | # Mail, but WILL be visible over networks. 6 | # 7 | # >>>>>>>>>> The program "newaliases" must be run after 8 | # >> NOTE >> this file is updated for any changes to 9 | # >>>>>>>>>> show through to sendmail. 10 | # 11 | # 12 | # See also RFC 2142, `MAILBOX NAMES FOR COMMON SERVICES, ROLES 13 | # AND FUNCTIONS', May 1997 14 | # http://tools.ietf.org/html/rfc2142 15 | 16 | # Pretty much everything else in this file points to "root", so 17 | # you would do well in either reading root's mailbox or forwarding 18 | # root's email from here. 19 | 20 | {% if smtp_forward_local_mail_to_owner == "yes" and owner_email is defined %} 21 | root: {{ owner_email | mandatory }} 22 | {% else %} 23 | # root: me@my.domain 24 | {% endif %} 25 | 26 | # Basic system aliases -- these MUST be present 27 | MAILER-DAEMON: postmaster 28 | postmaster: root 29 | 30 | # General redirections for pseudo accounts 31 | _dhcp: root 32 | _pflogd: root 33 | auditdistd: root 34 | bin: root 35 | bind: root 36 | daemon: root 37 | games: root 38 | hast: root 39 | kmem: root 40 | mailnull: postmaster 41 | man: root 42 | news: root 43 | nobody: root 44 | operator: root 45 | pop: root 46 | proxy: root 47 | smmsp: postmaster 48 | sshd: root 49 | system: root 50 | toor: root 51 | tty: root 52 | usenet: news 53 | uucp: root 54 | 55 | # Well-known aliases -- these should be filled in! 56 | # manager: 57 | # dumper: 58 | 59 | # BUSINESS-RELATED MAILBOX NAMES 60 | # info: 61 | # marketing: 62 | # sales: 63 | # support: 64 | 65 | # NETWORK OPERATIONS MAILBOX NAMES 66 | abuse: root 67 | # noc: root 68 | security: root 69 | 70 | # SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES 71 | ftp: root 72 | ftp-bugs: ftp 73 | # hostmaster: root 74 | # webmaster: root 75 | # www: webmaster 76 | 77 | # NOTE: /var/msgs and /var/msgs/bounds must be owned by sendmail's 78 | # DefaultUser (defaults to mailnull) for the msgs alias to work. 79 | # 80 | # msgs: "| /usr/bin/msgs -s" 81 | 82 | # bit-bucket: /dev/null 83 | # dev-null: bit-bucket 84 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # freebsd-laptops 2 | 3 | Ansible playbooks for automating the setup and use of laptop devices. 4 | 5 | ## Usage 6 | 7 | ```shell 8 | % make plan 9 | % make apply 10 | 11 | # Or if you prefer the full ansible-playbook(1) syntax: 12 | % ansible-playbook --check -s site.yml -e @config.yml # equivalent to `make plan` 13 | % ansible-playbook -s site.yml -e @config.yml # equivalent to `make apply` 14 | ``` 15 | 16 | ## Customization 17 | 18 | ```shell 19 | # To customize the defaults: 20 | % cp config.yml{.sample,} 21 | % $(EDITOR) config.yml 22 | % ansible-playbook -s site.yml -e @config.yml 23 | ``` 24 | 25 | ## Installation 26 | 27 | To make use of this repository, you must install `sudo` and `ansible`: 28 | 29 | ```shell 30 | # pkg install security/sudo 31 | # pkg install sysutils/ansible 32 | ``` 33 | 34 | ## Debugging 35 | 36 | ```shell 37 | % ansible -m setup -s localhost 38 | % ansible -vvv -m setup -s localhost 39 | ``` 40 | 41 | ## TODO 42 | 43 | * Support non-Lenovo T420 devices (i.e. add more `roles/laptop-*` plays) 44 | * Add a poudriere for building ports specific to the config of your laptop 45 | * Enable/disable features based on the kern.osreldate 46 | * Setup and use other sane defaults (e.g. `openntpd` vs `xntpd`, `opensmtpd`, 47 | `ipfw`) 48 | * Figure out a different way to query the hardware without `dmidecode` 49 | * Remove default values from configuration files (`/boot/loader.conf`, 50 | `/etc/sysctl.conf`, `/etc/rc.conf`) that way the defaults can be adjusted 51 | over time and users inherit new defaults. 52 | * Add a user's preferred username to `config.yml` 53 | * Make sure the user's preferred username is a part of the `video` group. 54 | 55 | ## Desired Structure 56 | 57 | 1. `roles/laptop-*/meta/main.yml` has dependencies that pull in the 58 | pre-requisite roles necessary to enable `laptop-*`. `laptop-*` passes the 59 | necessary parameters down to dependency ports. 60 | 2. Each of the roles pulled in from `laptop-*` and configure a sane set of 61 | defaults according to `config.yml` and the hardware contained within 62 | `laptop-*`. If a default value is found in a config file, automatically 63 | remove the default value to allow configs to progress based on current, 64 | best advice. 65 | -------------------------------------------------------------------------------- /roles/facts/templates/dmidecode.py.j2: -------------------------------------------------------------------------------- 1 | #!{{ ansible_python_interpreter }} -- 2 | 3 | import getopt 4 | import json 5 | import re 6 | import string 7 | import socket 8 | import subprocess 9 | import struct 10 | import sys 11 | 12 | cli_args = {} 13 | dmidecode_facts = {} 14 | dmidecode_version_semver = { 'major': 0, 'minor': 0, 'micro': 0} 15 | 16 | FLAG_RE = '^(?P[\s]+)(?P[^\:]+):$' 17 | 18 | def dump_facts(facts): 19 | print json.dumps(facts, sort_keys=True, indent=4, separators=(',', ': ')) 20 | 21 | def get_dmidecode_facts(version): 22 | if not (version['major'] == 2 and version['minor'] == 12): 23 | raise Exception('Unsupported version of dmidecode: %d.%d.%d' % (version['major'], version['minor'], version['micro'])) 24 | out = subprocess.check_output(['/usr/local/sbin/dmidecode', '-q']) 25 | 26 | def init_type_facts(): 27 | return ('',{}, None, 0, None) 28 | type_name, type_facts, type_flags, indent_level, flag_name = init_type_facts() 29 | 30 | # Abuse the format output from dmidecode -q and rely on two things: 31 | # 32 | # 1) if line[0] is newline, skip to next section 33 | # 34 | # 2) if line[0] is a non-whitespace character, it's the start of a 35 | # new type 36 | # 37 | # 3) if line[0] is a whitespace character, it's information part 38 | # of a subtype 39 | for line in out.splitlines(): 40 | if line == '': 41 | dmidecode_facts[type_name] = type_facts 42 | type_name, type_facts, type_flags, indent_level, flag_name = init_type_facts() 43 | elif line[0].isalnum(): 44 | type_name = re.sub('[\s]+', '_', line.strip().lower()) 45 | else: 46 | if type_flags is not None: 47 | # Appending flags to a value. Continue appending 48 | # until the indent levels are the same 49 | md = re.match('^([\s]+)', line) 50 | if md is not None and len(md.group(1)) != indent_level: 51 | type_flags.append(line.strip()) 52 | else: 53 | type_facts[type_name] = type_flags 54 | type_flags = None 55 | elif line[-1] == ':': 56 | md = re.match(FLAG_RE, line) 57 | if md is None: 58 | raise Exception("unable to match flag name: '%s'" % line) 59 | 60 | indent_level = len(md.group('leading_whitespace')) 61 | flag_name = md.group('flag_name').strip().lower() 62 | type_flags = [] 63 | else: 64 | try: 65 | k, v = line.split(':', 1) 66 | type_facts[k.strip().lower()] = v.strip() 67 | except: 68 | # Eh, fuck it. 69 | pass 70 | 71 | def get_dmidecode_version(): 72 | out = subprocess.check_output(['/usr/local/sbin/dmidecode','-V']) 73 | version_num = string.split(out, '.') 74 | return {'major': int(version_num[0]), 75 | 'minor': int(version_num[1]), 76 | 'micro': int(0) 77 | } 78 | 79 | if __name__ == '__main__': 80 | dmidecode_version_semver = get_dmidecode_version() 81 | get_dmidecode_facts(dmidecode_version_semver) 82 | dump_facts(dmidecode_facts) 83 | -------------------------------------------------------------------------------- /roles/facts/templates/zfs.py.j2: -------------------------------------------------------------------------------- 1 | #!{{ ansible_python_interpreter }} -- 2 | 3 | import json 4 | import re 5 | import subprocess 6 | 7 | # NAME USED AVAIL REFER MOUNTPOINT 8 | # bootpool 954M 1015M 952M /bootpool 9 | # tank 8.31G 418G 96K /tank 10 | # tank/ROOT 1.95G 418G 96K none 11 | # bootpool 1.98G 954M 1.05G - 34% 46% 1.00x ONLINE - 12 | ZFS_LIST_RE = '^(?P[\S]+)\t(?P[\S]+)\t(?P[\S]+)\t(?P[\S]+)\t(?P[\S]+)[\s]*$' 13 | ZFS_SNAP_HEURISTIC_BLACKLIST_RE = '\/(log|swap|tmp)$' 14 | ZFS_SNAP_HEURISTIC_WHITELIST_RECURSIVE_RE = '^(?P[^\/]+)\/(usr|ROOT)$' 15 | ZFS_SNAP_HEURISTIC_WHITELISTED_RE = '^(?P[^\/]+)\/(usr|ROOT)(\/|$)' 16 | 17 | def dump_facts(facts): 18 | print json.dumps(facts, sort_keys=True, indent=4, separators=(',', ': ')) 19 | 20 | def get_zfs_list(): 21 | out = subprocess.check_output(['/sbin/zfs', 'list', '-H']) 22 | return out.strip() 23 | 24 | def get_zfs_list_facts(): 25 | facts = {} 26 | dataset_names = [] 27 | for line in get_zfs_list().split('\n'): 28 | md = re.match(ZFS_LIST_RE, line) 29 | if not md: 30 | print("no match") 31 | continue 32 | 33 | dataset = {} 34 | 35 | dataset_name = md.group('dataset_name') 36 | if dataset_name is None: 37 | raise RuntimeError('zfs dataset name required') 38 | 39 | dataset['name'] = dataset_name 40 | dataset_names.append(dataset_name) 41 | 42 | dataset.update(md.groupdict()) 43 | dataset['_debug_zfs_dataset_list'] = line 44 | facts[dataset_name] = dataset 45 | 46 | # NOTE(seanc@): Yes, this is right. 47 | facts['_zfs_dataset_names'] = dataset_names 48 | 49 | # FIXME(seanc@): No, fuck no. Because ansible/jinja encoding of this 50 | # exact operation is "problematic," handle this in the fact and create 51 | # the desired output. Happy to be proven wrong. 52 | facts['_zfs_dataset_names_str'] = ' '.join(dataset_names) 53 | 54 | # Create a list of whitelisted datasets that we will obtain recursive 55 | # snapshots on. Datasets are whitelisted for recursive and removed from 56 | # the non-recursive snapshot list. If a dataset that is blacklisted 57 | # matches a whitelisted, recursive dataset, nothing happens (the 58 | # blacklisted filesystem is still included). This is a feature request 59 | # for zfSnap, but it's not feasible at this time to work around the 60 | # limitation. 61 | rsnap_datasets = [] 62 | for dataset_name in dataset_names: 63 | if not re.match(ZFS_SNAP_HEURISTIC_WHITELIST_RECURSIVE_RE, dataset_name): 64 | continue 65 | rsnap_datasets.append(dataset_name) 66 | facts['_zfs_snapshot_recursive_datasets'] = ' '.join(rsnap_datasets) 67 | 68 | esnap_datasets = [] 69 | for dataset_name in dataset_names: 70 | if re.match(ZFS_SNAP_HEURISTIC_WHITELISTED_RE, dataset_name): 71 | # Already taking a recursive snapshot of this dataset 72 | continue 73 | 74 | if re.search(ZFS_SNAP_HEURISTIC_BLACKLIST_RE, dataset_name): 75 | continue 76 | esnap_datasets.append(dataset_name) 77 | facts['_zfs_snapshot_explicit_datasets'] = ' '.join(esnap_datasets) 78 | 79 | return facts 80 | 81 | 82 | if __name__ == '__main__': 83 | facts = get_zfs_list_facts() 84 | dump_facts(facts) 85 | -------------------------------------------------------------------------------- /roles/zfSnap/tasks/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: zfSnap | pkgng 3 | pkgng: name=sysutils/zfsnap state=present 4 | 5 | - name: zfSnap | periodic.conf | verbose 6 | lineinfile: 7 | dest: /etc/periodic.conf 8 | regexp: '^([\s]*)[\#]?([\s]*){{ item }}_zfsnap_verbose="{{ zfsnap_verbose }}"' 9 | line: '{{ item }}_zfsnap_verbose="{{ zfsnap_verbose }}"' 10 | owner: root 11 | group: wheel 12 | mode: 0644 13 | with_items: 14 | - hourly 15 | - daily 16 | - weekly 17 | - monthly 18 | - reboot 19 | 20 | - name: zfSnap | periodic.conf | delete verbose 21 | lineinfile: 22 | dest: /etc/periodic.conf 23 | regexp: '^([\s]*)[\#]?([\s]*){{ item }}_zfsnap_delete_verbose([\s]*)="{{ zfsnap_verbose }}"' 24 | line: '{{ item }}_zfsnap_delete_verbose="{{ zfsnap_verbose }}"' 25 | owner: root 26 | group: wheel 27 | mode: 0644 28 | with_items: 29 | - daily 30 | - weekly 31 | - monthly 32 | 33 | - name: zfSnap | periodic.conf | ttls 34 | lineinfile: 35 | dest: /etc/periodic.conf 36 | regexp: '^([\s]*)[\#]?([\s]*){{ item.period }}_zfsnap_ttl([\s]*)=' 37 | line: '{{ item.period }}_zfsnap_ttl="{{ item.ttl | mandatory }}"' 38 | owner: root 39 | group: wheel 40 | mode: 0644 41 | with_items: 42 | - { period: 'hourly', ttl: '{{ zfsnap_hourly_ttl }}' } 43 | - { period: 'daily', ttl: '{{ zfsnap_daily_ttl }}' } 44 | - { period: 'weekly', ttl: '{{ zfsnap_weekly_ttl }}' } 45 | - { period: 'monthly', ttl: '{{ zfsnap_monthly_ttl }}' } 46 | - { period: 'reboot', ttl: '{{ zfsnap_reboot_ttl }}' } 47 | 48 | - name: zfSnap | periodic.conf | snapshot recursive 49 | lineinfile: 50 | dest: /etc/periodic.conf 51 | regexp: '^([\s]*)[\#]?([\s]*){{ item }}_zfsnap_recursive_fs([\s]*)=' 52 | line: '{{ item }}_zfsnap_recursive_fs="{{ ansible_local.zfs._zfs_snapshot_recursive_datasets | mandatory }}"' 53 | owner: root 54 | group: wheel 55 | mode: 0644 56 | with_items: 57 | - hourly 58 | - daily 59 | - weekly 60 | - monthly 61 | - reboot 62 | when: ansible_local.zfs._zfs_snapshot_recursive_datasets 63 | 64 | - name: zfSnap | periodic.conf | snapshot explicit 65 | lineinfile: 66 | dest: /etc/periodic.conf 67 | regexp: '^([\s]*)[\#]?([\s]*){{ item }}_zfsnap_fs([\s]*)=' 68 | line: '{{ item }}_zfsnap_fs="{{ ansible_local.zfs._zfs_snapshot_explicit_datasets | mandatory }}"' 69 | owner: root 70 | group: wheel 71 | mode: 0644 72 | with_items: 73 | - hourly 74 | - daily 75 | - weekly 76 | - monthly 77 | - reboot 78 | when: ansible_local.zfs._zfs_snapshot_explicit_datasets 79 | 80 | - name: zfSnap | crontab | hourly 81 | lineinfile: 82 | dest: /etc/crontab 83 | regexp: '^([\s]*)4([\s]+)\*([\s]+)\*([\s]+)\*([\s]+)\*([\s]+)root([\s]+)periodic([\s]+)hourly([\s]*)$' 84 | line: '4 * * * * root periodic hourly' 85 | owner: root 86 | group: wheel 87 | mode: 0644 88 | 89 | - name: zfSnap | crontab | reboot 90 | lineinfile: 91 | dest: /etc/crontab 92 | regexp: '^([\s]*)@reboot([\s]+)root([\s]+)periodic([\s]+)reboot([\s]*)$' 93 | line: '@reboot root periodic reboot' 94 | owner: root 95 | group: wheel 96 | mode: 0644 97 | 98 | - name: zfSnap | periodic.conf | enable 99 | lineinfile: 100 | dest: /etc/periodic.conf 101 | regexp: '^([\s]*)[\#]?([\s]*){{ item }}_zfsnap_enable([\s]*)=' 102 | line: '{{ item }}_zfsnap_enable="YES"' 103 | owner: root 104 | group: wheel 105 | mode: 0644 106 | with_items: 107 | - hourly 108 | - daily 109 | - weekly 110 | - monthly 111 | - reboot 112 | 113 | - name: zfSnap | periodic.conf | delete enable 114 | lineinfile: 115 | dest: /etc/periodic.conf 116 | regexp: '^([\s]*)[\#]?([\s]*){{ item }}_zfsnap_delete_enable([\s]*)=' 117 | line: '{{ item }}_zfsnap_delete_enable="YES"' 118 | owner: root 119 | group: wheel 120 | mode: 0644 121 | with_items: 122 | - daily 123 | - weekly 124 | - monthly 125 | -------------------------------------------------------------------------------- /roles/laptop-lenovo-t420/tasks/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: /etc/sysctl.conf | hw.acpi.lid_switch_state 3 | lineinfile: 4 | dest: /etc/sysctl.conf 5 | regexp: '^([\s]*)[\#]?([\s]*)hw\.acpi\.lid_switch_state([\s]*)=' 6 | line: 'hw.acpi.lid_switch_state="S3"' 7 | owner: root 8 | group: wheel 9 | mode: 0644 10 | notify: 11 | - sysctl restart 12 | 13 | - name: /etc/sysctl.conf | hw.acpi.power_button_state 14 | lineinfile: 15 | dest: /etc/sysctl.conf 16 | regexp: '^([\s]*)[\#]?([\s]*)hw\.acpi\.power_button_state([\s]*)=' 17 | line: 'hw.acpi.power_button_state="S5"' 18 | owner: root 19 | group: wheel 20 | mode: 0644 21 | notify: 22 | - sysctl restart 23 | 24 | # NOTE(seanc@): Need to test if this works before removing state=absent 25 | - name: /etc/sysctl.conf | hw.acpi.reset_video 26 | lineinfile: 27 | dest: /etc/sysctl.conf 28 | regexp: '^([\s]*)[\#]?([\s]*)hw\.acpi\.reset_video([\s]*)=' 29 | line: 'hw.acpi.reset_video="0"' 30 | owner: root 31 | group: wheel 32 | mode: 0644 33 | state: absent 34 | notify: 35 | - sysctl restart 36 | 37 | - name: /etc/sysctl.conf | hw.acpi.sleep_button_state 38 | lineinfile: 39 | dest: /etc/sysctl.conf 40 | regexp: '^([\s]*)[\#]?([\s]*)hw\.acpi\.sleep_button_state([\s]*)=' 41 | line: 'hw.acpi.sleep_button_state="S3"' 42 | owner: root 43 | group: wheel 44 | mode: 0644 45 | notify: 46 | - sysctl restart 47 | 48 | # NOTE(seanc@): There is no reason this is set to 1 other than 49 | # personal preference. 50 | - name: /etc/sysctl.conf | hw.acpi.sleep_delay 51 | lineinfile: 52 | dest: /etc/sysctl.conf 53 | regexp: '^[\s]*[\#]?[\s]*hw\.acpi\.sleep_delay[\s]*=' 54 | line: 'hw.acpi.sleep_delay="1"' 55 | owner: root 56 | group: wheel 57 | mode: 0644 58 | notify: 59 | - sysctl restart 60 | 61 | # NOTE(seanc@): The following options are taken from 62 | # https://www.banym.de/freebsd/install-freebsd-11-on-thinkpad-t420 63 | - name: /etc/rc.conf | T420 services 64 | sysrc: 65 | name: "{{ item }}_enable" 66 | value: "YES" 67 | with_items: 68 | - dbus 69 | notify: 70 | - dbus start 71 | 72 | - name: /etc/rc.conf | performance_cx_lowest 73 | sysrc: 74 | name: performance_cx_lowest 75 | value: "Cmax" 76 | 77 | - name: /etc/rc.conf | economy_cx_lowest 78 | sysrc: 79 | name: economy_cx_lowest 80 | value: "Cmax" 81 | 82 | - name: /etc/rc.conf | moused_flags 83 | sysrc: 84 | name: moused_flags 85 | value: "-VH" 86 | notify: 87 | - moused restart 88 | 89 | # NOTE(seanc@): Need to test if this works before removing state=absent 90 | - name: /boot/loader.conf | kern.vty 91 | lineinfile: 92 | dest: /boot/loader.conf 93 | regexp: '^([\s]*)[\#]?([\s]*)kern\.vty([\s]*)=' 94 | line: 'kern.vty="vt"' 95 | owner: root 96 | group: wheel 97 | mode: 0644 98 | state: absent 99 | 100 | - name: /boot/loader.conf | hw.vga.textmode 101 | lineinfile: 102 | dest: /boot/loader.conf 103 | regexp: '^([\s]*)[\#]?([\s]*)hw\.vga\.textmode([\s]*)=' 104 | line: 'hw.vga.textmode="1"' 105 | owner: root 106 | group: wheel 107 | mode: 0644 108 | 109 | - name: /etc/sysctl.conf | dev.pcm.0.play.vchans 110 | lineinfile: 111 | dest: /etc/sysctl.conf 112 | regexp: '^[\s]*[\#]?[\s]*dev\.pcm\.0\.play\.vchans[\s]*=' 113 | line: 'dev.pcm.0.play.vchans="4"' 114 | owner: root 115 | group: wheel 116 | mode: 0644 117 | notify: 118 | - sysctl restart 119 | 120 | - name: /etc/sysctl.conf | dev.pcm.0.rec.vchans 121 | lineinfile: 122 | dest: /etc/sysctl.conf 123 | regexp: '^[\s]*[\#]?[\s]*dev\.pcm\.0\.rec\.vchans[\s]*=' 124 | line: 'dev.pcm.0.rec.vchans="4"' 125 | owner: root 126 | group: wheel 127 | mode: 0644 128 | notify: 129 | - sysctl restart 130 | 131 | - name: /etc/sysctl.conf | hw.snd.maxautovchans 132 | lineinfile: 133 | dest: /etc/sysctl.conf 134 | regexp: '^[\s]*[\#]?[\s]*hw\.snd\.maxautovchans[\s]*=' 135 | line: 'hw.snd.maxautovchans="4"' 136 | owner: root 137 | group: wheel 138 | mode: 0644 139 | notify: 140 | - sysctl restart 141 | 142 | -------------------------------------------------------------------------------- /library/sysrc: -------------------------------------------------------------------------------- 1 | #!/usr/local/bin/python 2 | #coding: utf-8 -*- 3 | # (c) 2014, David Lundgren 4 | # 5 | # This file is part of Ansible 6 | # 7 | # This module is free software: you can redistribute it and/or modify 8 | # it under the terms of the MIT license. 9 | # 10 | # This software is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # MIT License for more details. 14 | # 15 | # You should have received a copy of the MIT. 16 | # If not, see . 17 | 18 | DOCUMENTATION = ''' 19 | --- 20 | module: sysrc 21 | short_description: Manage FreeBSD /etc/rc.conf 22 | requirements: [] 23 | version_added: 1.7 24 | author: David Lundgren 25 | description: 26 | - Manages the /etc/rc.conf for FreeBSD 27 | options: 28 | name: 29 | required: true 30 | description: 31 | - Name of variable in $dest to manage. 32 | - NOTE: cannot use . (periods) in the name as sysrc doesn't support it 33 | value: 34 | required: false 35 | description: 36 | - The value if "present" 37 | state: 38 | required: false 39 | default: "present" 40 | choices: [ present, absent ] 41 | description: 42 | - Whether the var should be present or absent in $dest. 43 | dest: 44 | required: false 45 | default: "/etc/rc.conf" 46 | description: 47 | - What file should be operated on 48 | ''' 49 | 50 | EXAMPLES = ''' 51 | --- 52 | # enable mysql in the /etc/rc.conf 53 | - name: Configure mysql pid file 54 | sysrc: 55 | name: mysql_pidfile 56 | value: "/var/run/mysqld/mysqld.pid" 57 | 58 | # enable accf_http kld in the boot loader 59 | - name: enable accf_http kld 60 | sysrc: 61 | name: accf_http_load 62 | state: present 63 | value: "YES" 64 | dest: /boot/loader.conf 65 | ''' 66 | 67 | import re 68 | from ansible.module_utils.basic import * 69 | 70 | class sysrc(object): 71 | def __init__(self, module, name, value, dest): 72 | self.module = module 73 | self.name = name 74 | self.changed = False 75 | self.value = value 76 | self.dest = dest 77 | self.sysrc = module.get_bin_path('sysrc', True) 78 | 79 | def exists(self): 80 | # sysrc doesn't really use exit codes 81 | (rc, out, err) = self.module.run_command([self.sysrc, '-f', self.dest, self.name]) 82 | if out.find("unknown variable") == -1 and re.match("%s: %s$" % (re.escape(self.name), re.escape(self.value)), out) is not None: 83 | return True 84 | else: 85 | return False 86 | 87 | def create(self): 88 | if self.module.check_mode: 89 | self.changed = True 90 | return 91 | 92 | (rc, out, err) = self.module.run_command([self.sysrc, '-f', self.dest, "%s=%s" % (self.name, self.value)]) 93 | if out.find("%s:" % (self.name)) == 0 and re.search("\-\> %s$" % re.escape(self.value), out) is not None: 94 | self.changed = True 95 | return True 96 | else: 97 | return False 98 | 99 | def destroy(self): 100 | if self.module.check_mode: 101 | self.changed = True 102 | return 103 | 104 | (rc, out, err) = self.module.run_command([self.sysrc, '-f', self.dest, '-x', self.name]) 105 | if out.find("unknown variable") == -1: 106 | return False 107 | else: 108 | self.changed = True 109 | return True 110 | 111 | def main(): 112 | module = AnsibleModule( 113 | argument_spec = dict( 114 | name = dict( 115 | required = True 116 | ), 117 | value = dict( 118 | default = None 119 | ), 120 | state = dict( 121 | default = 'present', 122 | choices = [ 'present', 'absent' ] 123 | ), 124 | dest = dict( 125 | default = '/etc/rc.conf' 126 | ) 127 | ), 128 | supports_check_mode=True, 129 | ) 130 | 131 | name = module.params.pop('name') 132 | value = module.params.pop('value') 133 | state = module.params.pop('state') 134 | dest = module.params.pop('dest') 135 | result = { 136 | 'name' : name, 137 | 'state' : state, 138 | 'value' : name, 139 | 'dest' : dest, 140 | } 141 | 142 | rcValue = sysrc(module, name, value, dest) 143 | 144 | if state == 'present': 145 | not rcValue.exists() and rcValue.create() 146 | elif state == 'absent': 147 | rcValue.exists() and rcValue.destroy() 148 | 149 | result['changed'] = rcValue.changed 150 | 151 | module.exit_json(**result) 152 | 153 | main() 154 | -------------------------------------------------------------------------------- /library/kld: -------------------------------------------------------------------------------- 1 | #!/usr/local/bin/python 2 | #coding: utf-8 -*- 3 | # (c) 2014, David Lundgren 4 | # 5 | # This file is part of Ansible 6 | # 7 | # This module is free software: you can redistribute it and/or modify 8 | # it under the terms of the MIT license. 9 | # 10 | # This software is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # MIT License for more details. 14 | # 15 | # You should have received a copy of the MIT. 16 | # If not, see . 17 | 18 | DOCUMENTATION = ''' 19 | --- 20 | module: kld 21 | short_description: Add or remove kernel modules 22 | requirements: [] 23 | version_added: 1.7 24 | author: David Lundgren 25 | description: 26 | - Add or remove kernel modules. 27 | options: 28 | name: 29 | required: true 30 | description: 31 | - Name of kernel module to manage. 32 | load: 33 | required: false 34 | default: true 35 | choices: [ true, false ] 36 | description: 37 | - Whether the module should be loaded. 38 | boot: 39 | required: false 40 | default: true 41 | choices: [ true, false ] 42 | description: 43 | - Whether the module should be in /boot/loader.conf. 44 | ''' 45 | 46 | EXAMPLES = ''' 47 | # Adds accf_http to the bootloader and loads it 48 | - kld: 49 | name: accf_http 50 | # Removes accf_http from the bootloader and loads it 51 | - kld: 52 | name: accf_http 53 | load: true 54 | boot: false 55 | ''' 56 | 57 | from ansible.module_utils.basic import * 58 | 59 | class FreeBSDKernelModule(object): 60 | def __init__(self, module, name): 61 | self.module = module 62 | self.name = name 63 | self.changed = False 64 | self.sysrc = module.get_bin_path('sysrc', True) 65 | 66 | def loaded(self): 67 | cmd = [self.module.get_bin_path('kldstat', True)] 68 | # -q is not available on FreeBSD before 6.0 so using it would break on those versions 69 | cmd.append('-q') 70 | cmd.append('-n') 71 | cmd.append(self.name) 72 | (rc, out, err) = self.module.run_command(' '.join(cmd)) 73 | if rc == 0: 74 | return True 75 | else: 76 | return False 77 | 78 | # Returns whether or not the module is set to load in /boot/loader.conf 79 | def exists(self): 80 | # sysrc doesn't really use exit codes 81 | (rc, out, err) = self.module.run_command("%s -f /boot/loader.conf %s_load" %( self.sysrc, self.name )) 82 | 83 | if out.find("unknown variable") == -1: 84 | return True 85 | else: 86 | return False 87 | 88 | def create(self): 89 | if self.module.check_mode: 90 | self.changed = True 91 | return 92 | 93 | (rc, out, err) = self.module.run_command("%s -f /boot/loader.conf %s_load=YES" % (self.sysrc, self.name)) 94 | if out.find("%s_load:" % (self.name)) and out.find("-> YES"): 95 | self.changed = True 96 | return True 97 | else: 98 | return False 99 | 100 | def destroy(self): 101 | if self.module.check_mode: 102 | self.changed = True 103 | return 104 | 105 | (rc, out, err) = self.module.run_command("%s -f /boot/loader.conf -x %s_load" % (self.sysrc, self.name)) 106 | if out.find("unknown variable") == -1: 107 | return False 108 | else: 109 | self.changed = True 110 | return True 111 | 112 | def load(self): 113 | if self.module.check_mode: 114 | self.changed = True 115 | return 116 | 117 | cmd = [self.module.get_bin_path('kldload', True)] 118 | cmd.append('-n') 119 | cmd.append(self.name) 120 | (rc, out, err) = self.module.run_command(' '.join(cmd)) 121 | if rc == 0: 122 | self.changed = True 123 | return True 124 | else: 125 | return False 126 | 127 | def unload(self): 128 | if self.module.check_mode: 129 | self.changed = True 130 | return 131 | 132 | cmd = [self.module.get_bin_path('kldunload', True)] 133 | cmd.append(self.name) 134 | (rc, out, err) = self.module.run_command(' '.join(cmd)) 135 | if rc == 0: 136 | self.changed = True 137 | return True 138 | else: 139 | return False 140 | 141 | def main(): 142 | module = AnsibleModule( 143 | supports_check_mode = True, 144 | argument_spec = dict( 145 | name = dict( 146 | required = True 147 | ), 148 | load = dict( 149 | default = True, 150 | type = 'bool', 151 | choices = BOOLEANS 152 | ), 153 | boot = dict( 154 | default = True, 155 | type = 'bool', 156 | choices = BOOLEANS 157 | ) 158 | ), 159 | ) 160 | 161 | name = module.params.pop('name') 162 | load = module.params.pop('load') 163 | boot = module.params.pop('boot') 164 | result = { 165 | 'name' : name, 166 | 'load' : load, 167 | 'boot' : boot 168 | } 169 | 170 | kld = FreeBSDKernelModule(module, name) 171 | 172 | if load: 173 | not kld.loaded() and kld.load() 174 | else: 175 | kld.loaded() and kld.unload() 176 | 177 | # ensure it is set for boot 178 | if boot: 179 | not kld.exists() and kld.create() 180 | else: 181 | kld.exists() and kld.destroy() 182 | 183 | result['changed'] = kld.changed 184 | 185 | module.exit_json(**result) 186 | 187 | # import module snippets 188 | main() 189 | -------------------------------------------------------------------------------- /roles/laptop-lenovo-t420/files/T420v001: -------------------------------------------------------------------------------- 1 | # 2 | # T420 -- Generic kernel configuration file for a Lenovo T420 3 | # 4 | # For more information on this file, please read the config(5) manual page, 5 | # and/or the handbook section on Kernel Configuration Files: 6 | # 7 | # http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html 8 | # 9 | # The handbook is also available locally in /usr/share/doc/handbook 10 | # if you've installed the doc distribution, otherwise always see the 11 | # FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the 12 | # latest information. 13 | # 14 | # An exhaustive list of options and more detailed explanations of the 15 | # device lines is also present in the ../../conf/NOTES and NOTES files. 16 | # If you are in doubt as to the purpose or necessity of a line, check first 17 | # in NOTES. 18 | # 19 | # $FreeBSD$ 20 | 21 | cpu HAMMER 22 | ident T420v001 23 | machine amd64 24 | 25 | makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols 26 | makeoptions WITH_CTF=1 # Run ctfconvert(1) for DTrace support 27 | 28 | options SCHED_ULE # ULE scheduler 29 | options PREEMPTION # Enable kernel thread preemption 30 | options INET # InterNETworking 31 | options TCP_OFFLOAD # TCP offload 32 | options FFS # Berkeley Fast Filesystem 33 | options SOFTUPDATES # Enable FFS soft updates support 34 | options UFS_ACL # Support for access control lists 35 | options UFS_DIRHASH # Improve performance on big directories 36 | options UFS_GJOURNAL # Enable gjournal-based UFS journaling 37 | options QUOTA # Enable disk quotas for UFS 38 | options MD_ROOT # MD is a potential root device 39 | options NFSCL # Network Filesystem Client 40 | options NFSD # Network Filesystem Server 41 | options NFSLOCKD # Network Lock Manager 42 | options NFS_ROOT # NFS usable as /, requires NFSCL 43 | options MSDOSFS # MSDOS Filesystem 44 | options CD9660 # ISO 9660 Filesystem 45 | options PROCFS # Process filesystem (requires PSEUDOFS) 46 | options PSEUDOFS # Pseudo-filesystem framework 47 | options GEOM_PART_BSD 48 | options GEOM_PART_EBR 49 | options GEOM_PART_EBR_COMPAT 50 | options GEOM_PART_GPT # GUID Partition Tables. 51 | options GEOM_PART_MBR 52 | options GEOM_RAID # Soft RAID functionality. 53 | options GEOM_LABEL # Provides labelization 54 | options COMPAT_FREEBSD10 # Compatible with FreeBSD10 55 | options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI 56 | options KTRACE # ktrace(1) support 57 | options STACK # stack(9) support 58 | options SYSVSHM # SYSV-style shared memory 59 | options SYSVMSG # SYSV-style message queues 60 | options SYSVSEM # SYSV-style semaphores 61 | options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions 62 | options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed. 63 | options KBD_INSTALL_CDEV # install a CDEV entry in /dev 64 | options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) 65 | options AUDIT # Security event auditing 66 | options CAPABILITY_MODE # Capsicum capability mode 67 | options CAPABILITIES # Capsicum capabilities 68 | options MAC # TrustedBSD MAC Framework 69 | options KDTRACE_FRAME # Ensure frames are compiled in 70 | options KDTRACE_HOOKS # Kernel DTrace hooks 71 | options DDB_CTF # Kernel ELF linker loads CTF data 72 | options INCLUDE_CONFIG_FILE # Include this file in kernel 73 | options RACCT # Resource accounting framework 74 | options RACCT_DEFAULT_TO_DISABLED # Set kern.racct.enable=0 by default 75 | options RCTL # Resource limits 76 | 77 | # Debugging support. Always need this: 78 | options KDB # Enable kernel debugger support. 79 | options KDB_TRACE # Print a stack trace for a panic. 80 | # For full debugger support use (turn off in stable branch): 81 | options DDB # Support DDB. 82 | options GDB # Support remote GDB. 83 | #options DEADLKRES # Enable the deadlock resolver 84 | #options INVARIANTS # Enable calls of extra sanity checking 85 | #options INVARIANT_SUPPORT # Extra sanity checks of internal structures, required by INVARIANTS 86 | #options WITNESS # Enable checks to detect deadlocks and cycles 87 | #options WITNESS_SKIPSPIN # Don't run witness on spinlocks for speed 88 | #options MALLOC_DEBUG_MAXZONES=4 # Separate malloc(9) zones 89 | 90 | # Make an SMP-capable kernel by default 91 | options SMP # Symmetric MultiProcessor Kernel 92 | 93 | # CPU frequency control 94 | device cpufreq 95 | 96 | # Bus support. 97 | device acpi 98 | options ACPI_DMAR 99 | device pci 100 | options PCI_IOV # PCI SR-IOV support 101 | 102 | # Floppy drives 103 | device fdc 104 | 105 | # ATA controllers 106 | device ahci # AHCI-compatible SATA controllers 107 | device ata # Legacy ATA/SATA controllers 108 | options ATA_STATIC_ID # Static device numbering 109 | device mvs # Marvell 88SX50XX/88SX60XX/88SX70XX/SoC SATA 110 | device siis # SiliconImage SiI3124/SiI3132/SiI3531 SATA 111 | 112 | # SCSI Controllers 113 | nodevice ahc # AHA2940 and onboard AIC7xxx devices 114 | nooptions AHC_REG_PRETTY_PRINT # Print register bitfields in debug 115 | # output. Adds ~128k to driver. 116 | nodevice ahd # AHA39320/29320 and onboard AIC79xx devices 117 | nooptions AHD_REG_PRETTY_PRINT # Print register bitfields in debug 118 | # output. Adds ~215k to driver. 119 | nodevice esp # AMD Am53C974 (Tekram DC-390(T)) 120 | nodevice hptiop # Highpoint RocketRaid 3xxx series 121 | nodevice isp # Qlogic family 122 | #device ispfw # Firmware for QLogic HBAs- normally a module 123 | nodevice mpt # LSI-Logic MPT-Fusion 124 | nodevice mps # LSI-Logic MPT-Fusion 2 125 | nodevice mpr # LSI-Logic MPT-Fusion 3 126 | #device ncr # NCR/Symbios Logic 127 | nodevice sym # NCR/Symbios Logic (newer chipsets + those of `ncr') 128 | nodevice trm # Tekram DC395U/UW/F DC315U adapters 129 | 130 | nodevice adv # Advansys SCSI adapters 131 | nodevice adw # Advansys wide SCSI adapters 132 | nodevice aic # Adaptec 15[012]x SCSI adapters, AIC-6[23]60. 133 | nodevice bt # Buslogic/Mylex MultiMaster SCSI adapters 134 | nodevice isci # Intel C600 SAS controller 135 | 136 | # ATA/SCSI peripherals 137 | device scbus # SCSI bus (required for ATA/SCSI) 138 | device ch # SCSI media changers 139 | device da # Direct Access (disks) 140 | device sa # Sequential Access (tape etc) 141 | device cd # CD 142 | device pass # Passthrough device (direct ATA/SCSI access) 143 | device ses # Enclosure Services (SES and SAF-TE) 144 | #device ctl # CAM Target Layer 145 | 146 | # RAID controllers interfaced to the SCSI subsystem 147 | nodevice amr # AMI MegaRAID 148 | nodevice arcmsr # Areca SATA II RAID 149 | nodevice ciss # Compaq Smart RAID 5* 150 | nodevice dpt # DPT Smartcache III, IV - See NOTES for options 151 | nodevice hptmv # Highpoint RocketRAID 182x 152 | nodevice hptnr # Highpoint DC7280, R750 153 | nodevice hptrr # Highpoint RocketRAID 17xx, 22xx, 23xx, 25xx 154 | nodevice hpt27xx # Highpoint RocketRAID 27xx 155 | nodevice iir # Intel Integrated RAID 156 | nodevice ips # IBM (Adaptec) ServeRAID 157 | nodevice mly # Mylex AcceleRAID/eXtremeRAID 158 | nodevice twa # 3ware 9000 series PATA/SATA RAID 159 | nodevice tws # LSI 3ware 9750 SATA+SAS 6Gb/s RAID controller 160 | 161 | # RAID controllers 162 | nodevice aac # Adaptec FSA RAID 163 | nodevice aacp # SCSI passthrough for aac (requires CAM) 164 | nodevice aacraid # Adaptec by PMC RAID 165 | nodevice ida # Compaq Smart RAID 166 | nodevice mfi # LSI MegaRAID SAS 167 | nodevice mlx # Mylex DAC960 family 168 | nodevice mrsas # LSI/Avago MegaRAID SAS/SATA, 6Gb/s and 12Gb/s 169 | #XXX pointer/int warnings 170 | #device pst # Promise Supertrak SX6000 171 | nodevice twe # 3ware ATA RAID 172 | 173 | # NVM Express (NVMe) support 174 | nodevice nvme # base NVMe driver 175 | nodevice nvd # expose NVMe namespaces as disks, depends on nvme 176 | 177 | # atkbdc0 controls both the keyboard and the PS/2 mouse 178 | device atkbdc # AT keyboard controller 179 | device atkbd # AT keyboard 180 | device psm # PS/2 mouse 181 | 182 | device kbdmux # keyboard multiplexer 183 | 184 | device vga # VGA video card driver 185 | options VESA # Add support for VESA BIOS Extensions (VBE) 186 | 187 | device splash # Splash screen and screen saver support 188 | 189 | # syscons is the default console driver, resembling an SCO console 190 | device sc 191 | options SC_PIXEL_MODE # add support for the raster text mode 192 | 193 | # vt is the new video console driver 194 | device vt 195 | device vt_vga 196 | device vt_efifb 197 | 198 | device agp # support several AGP chipsets 199 | 200 | # PCCARD (PCMCIA) support 201 | # PCMCIA and cardbus bridge support 202 | nodevice cbb # cardbus (yenta) bridge 203 | nodevice pccard # PC Card (16-bit) bus 204 | nodevice cardbus # CardBus (32-bit) bus 205 | 206 | # Serial (COM) ports 207 | device uart # Generic UART driver 208 | device uart_ns8250 209 | 210 | # Parallel port 211 | nodevice ppc 212 | nodevice ppbus # Parallel port bus (required) 213 | nodevice lpt # Printer 214 | nodevice ppi # Parallel port interface device 215 | #device vpo # Requires scbus and da 216 | 217 | nodevice puc # Multi I/O cards and multi-channel UARTs 218 | 219 | # PCI Ethernet NICs. 220 | nodevice bxe # Broadcom NetXtreme II BCM5771X/BCM578XX 10GbE 221 | nodevice de # DEC/Intel DC21x4x (``Tulip'') 222 | device em # Intel PRO/1000 Gigabit Ethernet Family 223 | nodevice igb # Intel PRO/1000 PCIE Server Gigabit Family 224 | nodevice ix # Intel PRO/10GbE PCIE PF Ethernet 225 | nodevice ixv # Intel PRO/10GbE PCIE VF Ethernet 226 | nodevice ixl # Intel XL710 40Gbe PCIE Ethernet 227 | nodevice ixlv # Intel XL710 40Gbe VF PCIE Ethernet 228 | nodevice le # AMD Am7900 LANCE and Am79C9xx PCnet 229 | nodevice ti # Alteon Networks Tigon I/II gigabit Ethernet 230 | nodevice txp # 3Com 3cR990 (``Typhoon'') 231 | nodevice vx # 3Com 3c590, 3c595 (``Vortex'') 232 | 233 | # PCI Ethernet NICs that use the common MII bus controller code. 234 | # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! 235 | device miibus # MII bus support 236 | nodevice ae # Attansic/Atheros L2 FastEthernet 237 | nodevice age # Attansic/Atheros L1 Gigabit Ethernet 238 | nodevice alc # Atheros AR8131/AR8132 Ethernet 239 | nodevice ale # Atheros AR8121/AR8113/AR8114 Ethernet 240 | nodevice bce # Broadcom BCM5706/BCM5708 Gigabit Ethernet 241 | nodevice bfe # Broadcom BCM440x 10/100 Ethernet 242 | nodevice bge # Broadcom BCM570xx Gigabit Ethernet 243 | nodevice cas # Sun Cassini/Cassini+ and NS DP83065 Saturn 244 | nodevice dc # DEC/Intel 21143 and various workalikes 245 | nodevice et # Agere ET1310 10/100/Gigabit Ethernet 246 | nodevice fxp # Intel EtherExpress PRO/100B (82557, 82558) 247 | nodevice gem # Sun GEM/Sun ERI/Apple GMAC 248 | nodevice hme # Sun HME (Happy Meal Ethernet) 249 | nodevice jme # JMicron JMC250 Gigabit/JMC260 Fast Ethernet 250 | nodevice lge # Level 1 LXT1001 gigabit Ethernet 251 | nodevice msk # Marvell/SysKonnect Yukon II Gigabit Ethernet 252 | nodevice nfe # nVidia nForce MCP on-board Ethernet 253 | nodevice nge # NatSemi DP83820 gigabit Ethernet 254 | nodevice pcn # AMD Am79C97x PCI 10/100 (precedence over 'le') 255 | nodevice re # RealTek 8139C+/8169/8169S/8110S 256 | nodevice rl # RealTek 8129/8139 257 | nodevice sf # Adaptec AIC-6915 (``Starfire'') 258 | nodevice sge # Silicon Integrated Systems SiS190/191 259 | nodevice sis # Silicon Integrated Systems SiS 900/SiS 7016 260 | nodevice sk # SysKonnect SK-984x & SK-982x gigabit Ethernet 261 | nodevice ste # Sundance ST201 (D-Link DFE-550TX) 262 | nodevice stge # Sundance/Tamarack TC9021 gigabit Ethernet 263 | nodevice tl # Texas Instruments ThunderLAN 264 | nodevice tx # SMC EtherPower II (83c170 ``EPIC'') 265 | nodevice vge # VIA VT612x gigabit Ethernet 266 | nodevice vr # VIA Rhine, Rhine II 267 | nodevice wb # Winbond W89C840F 268 | nodevice xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') 269 | 270 | # Wireless NIC cards 271 | device wlan # 802.11 support 272 | options IEEE80211_DEBUG # enable debug msgs 273 | options IEEE80211_AMPDU_AGE # age frames in AMPDU reorder q's 274 | options IEEE80211_SUPPORT_MESH # enable 802.11s draft support 275 | device wlan_wep # 802.11 WEP support 276 | device wlan_ccmp # 802.11 CCMP support 277 | device wlan_tkip # 802.11 TKIP support 278 | device wlan_amrr # AMRR transmit rate control algorithm 279 | device an # Aironet 4500/4800 802.11 wireless NICs. 280 | device ath # Atheros NICs 281 | device ath_pci # Atheros pci/cardbus glue 282 | device ath_hal # pci/cardbus chip support 283 | options AH_SUPPORT_AR5416 # enable AR5416 tx/rx descriptors 284 | options AH_AR5416_INTERRUPT_MITIGATION # AR5416 interrupt mitigation 285 | options ATH_ENABLE_11N # Enable 802.11n support for AR5416 and later 286 | device ath_rate_sample # SampleRate tx rate control for ath 287 | #device bwi # Broadcom BCM430x/BCM431x wireless NICs. 288 | #device bwn # Broadcom BCM43xx wireless NICs. 289 | nodevice ipw # Intel 2100 wireless NICs. 290 | nodevice iwi # Intel 2200BG/2225BG/2915ABG wireless NICs. 291 | device iwn # Intel 4965/1000/5000/6000 wireless NICs. 292 | nodevice malo # Marvell Libertas wireless NICs. 293 | nodevice mwl # Marvell 88W8363 802.11n wireless NICs. 294 | nodevice ral # Ralink Technology RT2500 wireless NICs. 295 | nodevice wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs. 296 | nodevice wpi # Intel 3945ABG wireless NICs. 297 | 298 | # Pseudo devices. 299 | device loop # Network loopback 300 | device random # Entropy device 301 | device padlock_rng # VIA Padlock RNG 302 | device rdrand_rng # Intel Bull Mountain RNG 303 | device ether # Ethernet support 304 | device vlan # 802.1Q VLAN support 305 | device tun # Packet tunnel. 306 | device md # Memory "disks" 307 | device gif # IPv6 and IPv4 tunneling 308 | device firmware # firmware assist module 309 | 310 | # The `bpf' device enables the Berkeley Packet Filter. 311 | # Be aware of the administrative consequences of enabling this! 312 | # Note that 'bpf' is required for DHCP. 313 | device bpf # Berkeley packet filter 314 | 315 | # USB support 316 | options USB_DEBUG # enable debug msgs 317 | device uhci # UHCI PCI->USB interface 318 | device ohci # OHCI PCI->USB interface 319 | device ehci # EHCI PCI->USB interface (USB 2.0) 320 | device xhci # XHCI PCI->USB interface (USB 3.0) 321 | device usb # USB Bus (required) 322 | device ukbd # Keyboard 323 | device umass # Disks/Mass storage - Requires scbus and da 324 | 325 | # Sound support 326 | device sound # Generic sound driver (required) 327 | nodevice snd_cmi # CMedia CMI8338/CMI8738 328 | nodevice snd_csa # Crystal Semiconductor CS461x/428x 329 | nodevice snd_emu10kx # Creative SoundBlaster Live! and Audigy 330 | nodevice snd_es137x # Ensoniq AudioPCI ES137x 331 | device snd_hda # Intel High Definition Audio 332 | nodevice snd_ich # Intel, NVidia and other ICH AC'97 Audio 333 | nodevice snd_via8233 # VIA VT8233x Audio 334 | 335 | # MMC/SD 336 | device mmc # MMC/SD bus 337 | device mmcsd # MMC/SD memory card 338 | device sdhci # Generic PCI SD Host Controller 339 | 340 | # VirtIO support 341 | device virtio # Generic VirtIO bus (required) 342 | device virtio_pci # VirtIO PCI device 343 | device vtnet # VirtIO Ethernet device 344 | device virtio_blk # VirtIO Block device 345 | device virtio_scsi # VirtIO SCSI device 346 | device virtio_balloon # VirtIO Memory Balloon device 347 | 348 | # HyperV drivers and enchancement support 349 | # NOTE: HYPERV depends on hyperv. They must be added or removed together. 350 | nooptions HYPERV # Hyper-V kernel infrastructure 351 | nodevice hyperv # HyperV drivers 352 | 353 | # Xen HVM Guest Optimizations 354 | # NOTE: XENHVM depends on xenpci. They must be added or removed together. 355 | nooptions XENHVM # Xen HVM kernel infrastructure 356 | nodevice xenpci # Xen HVM Hypervisor services driver 357 | 358 | # VMware support 359 | nodevice vmx # VMware VMXNET3 Ethernet 360 | 361 | # Netmap provides direct access to TX/RX rings on supported NICs 362 | device netmap # netmap(4) support 363 | 364 | device io 365 | device isa 366 | device mem 367 | options NEW_PCIB 368 | --------------------------------------------------------------------------------