diff --git a/Makefile b/Makefile index 54c6309..77ddd40 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ ROLES=base proxy toxcore SHELLCHECK_OPTS=SC2003,SC2006,SC2010,SC2039,SC2181,SC2046,SC2086,SC2048,SC2162,SC2034,SC2030,SC2166,SC2242,SC2223,SC2319,SC3009,SC3011,SC3030,SC3043,SC3054,SC2009,SC1090,SC2164,SC3044 # FixMe -ANSIBLE_PLUGINS=/usr/local/lib/python3.11/site-packages/ansible-2.9.22-py3.11.egg/ansible/plugins +ANSIBLE_PLUGINS=/usr/local/lib/python3.11/site-packages/ansible/plugins/connection/ # Edit this to be one of pentoo or devuan depending on your host platform # Find the corresponding host in hosts.yml and edit the settings, then @@ -42,7 +42,7 @@ install:: lint # file:///usr/local/src/community.general ) [ -e $(ANSIBLE_PLUGINS)/connection/libvirt_qemu.py ] \ || ln -s ${PWD}/lib/plugins/libvirt_qemu.py \ - $(ANSIBLE_PLUGINS)/connection/q || true + $(ANSIBLE_PLUGINS)/connection/ || true @[ -f ${BOX_NBD_BASE_QCOW} ] || { \ echo ERROR: not created BOX_NBD_DEV="${BOX_NBD_DEV}" - use ; \ echo qemu-img create -f qcow2 "${BOX_NBD_BASE_QCOW}" 20G ; \ @@ -243,6 +243,7 @@ test_vm:: install_vm -l ${VM_HOSTS_NAME} -c libvirt_qemu \ --verbose ${VERBOSE} -t daily \ $(ROLES) > .$@-${LOCALHOST} 2>&1 +# ${VERBOSE} veryclean:: clean rm -f .run* .check* @@ -251,3 +252,6 @@ clean:: find . -name \*~ -delete rm roles/*/vars/*.txt rm -rf roles/toxcore/overlay/Linux/usr/local/src/_Old + +test:: + DEBUG=1 sudo bash -x /usr/local/sbin/toxcore_libvirt_test_ga.bash gentoo_vm-2 ls / diff --git a/ansible.cfg b/ansible.cfg index e25b3cf..cd37651 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,5 +1,5 @@ [defaults] -log_path = var/tmp/2024/01/05/gentoo_vm-2/base_proxy_toxcore.log +log_path = var/tmp/2024/01/08/gentoo_vm-2/base_proxy_toxcore.log callback_plugins = ./lib/plugins/ # /i/data/DevOps/net/Http/docs.ansible.com/ansible/intro_configuration.html # http://docs.ansible.com/ansible/intro_configuration.html#command-warnings @@ -36,3 +36,5 @@ nocows = 0 roles_path = ./roles handler_includes_static = True timeout = 60 +# added +libvirt_timeout = 14 diff --git a/etc/hosts.yml b/etc/hosts.yml deleted file mode 100644 index 5b7a23d..0000000 --- a/etc/hosts.yml +++ /dev/null @@ -1,446 +0,0 @@ -# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8 -*- -# use double quotes exclusively around strings and -# use single quotes exclusively with lists - for bash post-processing - -all: - - children: - - vbox_winrm_group: - - hosts: - - y_UEFI_MediCat_VHD_DW: - # /var/lib/libvirt/qemu/channel/target/domain-37-y_UEFI_MediCat_VHD_D/org.qemu.guest_agent.0 - # doesnt work: ansible_connection: "libvirt_qemu" - - BOX_SERVICE_MGR: "win11" - BOX_HOST_NAME: "y_UEFI_MediCat_VHD_DW" - - UPD_WINRM_CRT_PASSWORD: "" - UPD_WINRM_CRT_NAME: "WINRM_WIN11VBOX cert for " - UPD_WINRM_FILE_BASE: "winrm-win11vbox" - UPD_WINRM_KEY_BITS: 4096 - - UPD_WINRM_HOST_NAME: "y_UEFI_MediCat_VHD_D" - UPD_WINRM_HOST_DEV: "vboxnet0" - UPD_WINRM_ADMIN_NAME: "administrator" - UPD_WINRM_ADMIN_PASS: "" - - # NOT remote_addr: - ansible_winrm_host: "192.168.56.1" - # remote_user - ansible_winrm_user: "administrator" - BOX_DEFAULT_OUTPUT_IF: fixme - - UPD_WINRM_WINRM_ADMIN_NAME: "winrmadmin" - UPD_WINRM_WINRM_ADMIN_PASS: "winrmadmin" - - # List of winrm transports to attempt to to use (ssl, plaintext, kerberos, etc) - # python2 -c 'import winrm;print winrm.FEATURE_SUPPORTED_AUTHTYPES' - # ['basic', 'certificate', 'ntlm', 'kerberos', 'plaintext', 'ssl', 'credssp'] - # FixMe: which one works? - UPD_WINRM_WINRM_TRANSPORT: "basic" - # Lati sda Disk identifier: 0A00A495-684B-425E-823F-60257EBD6D3B - - vars: - #maybe ansible_connection: "winrm" - BOX_ANSIBLE_CONNECTIONS: ["libvirt_qemu"] - ansible_winrm_port: 5985 - ansible_winrm_scheme: http - ansible_winrm_transport: ['basic', 'plaintext', 'certificate', 'ssl'] - # NOT remote_user - # ansible_user - ansible_winrm_user: "Administrator" - #? ansible_password: "" - ansible_winrm_server_cert_validation: ignore - validate_certs: false - # NO proxy from environment - or ensure no_proxy - no_proxy: "localhost,127.0.0.1,192.168.56.1" - - linux_unix_group: - - children: - - linux_local_group: - - hosts: - - pentoo: - ansible_remote_addr: "/mnt/linuxPen19" - BOX_HOST_NAME: "pentoo" - BOX_SERVICE_MGR: "openrc" - BOX_USER_NAME: "vagrant" - BOX_USER_GROUP: "users" - BOX_USER_HOME: "/home/vagrant" - BOX_OS_FAMILY: Gentoo - BOX_OS_NAME: gentoo - BOX_OS_FLAVOR: "Pentoo" - BOX_USR_LIB: lib - BOX_DEFAULT_OUTPUT_IF: wlan4 - BOX_PROXY_MODE: selektor - BOX_WHONIX_PROXY_HOST: "" - BOX_GENTOO_DISTFILES_ARCHIVES: "/i/net/Http/distfiles.gentoo.org/distfiles" - BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties - # /usr/lib/jvm/openjdk-bin-*/conf/net.properties - BOX_ALSO_USERS: - - pentoo - BOX_PORTAGE_PYTHON_MINOR: "3.11" - BOX_PYTHON2_MINOR: "2.7" - BOX_PYTHON3_MINOR: "3.11" - BOX_GENTOO_FROM_MP: "/" - - devuan: - ansible_remote_addr: "/mnt/linuxDev4" #ignored for local - BOX_HOST_NAME: "devuan" - BOX_SERVICE_MGR: "sysvinit" - BOX_USER_NAME: "devuan" - BOX_USER_GROUP: "adm" - BOX_USER_HOME: "/home/devuan" - BOX_OS_FAMILY: Debian - BOX_OS_NAME: Devuan - BOX_OS_FLAVOR: "Devuan" - BOX_USR_LIB: lib - BOX_DEFAULT_OUTPUT_IF: wlan6 - BOX_DEVUAN5_VAR_APT_ARCHIVES: "/mnt/o/Cache/Devuan/5/var/cache/apt/archives" - BOX_ALSO_USERS: [] - BOX_PORTAGE_PYTHON_MINOR: "3.11" - BOX_PYTHON2_MINOR: "2.7" - BOX_PYTHON3_MINOR: "3.11" - - BOX_JAVA_NET_PROPERTIES: /etc/java-11-openjdk/net.properties - - BOX_WHONIX_PROXY_HOST: "" - BOX_PROXY_MODE: tor - BOX_GENTOO_FROM_MP: "/mnt/linuxPen19" - - vars: - BOX_ANSIBLE_CONNECTIONS: ["local"] - BOX_REMOTE_MOUNTS: ['/mnt/h', '/mnt/j','/mnt/i', '/mnt/o', '/mnt/mnt/linuxPen19'] - BOX_BASE_FEATURES: ['insecure_sudo'] - BOX_PROXY_FEATURES: ['run_dnsmasq', 'run_privoxy'] - BOX_TOXCORE_FEATURES: [] - - # libvirt_group could also be ssh_group - linux_libvirt_group: - - hosts: - - gentoo1: - - ansible_remote_addr: "gentoo1" - ansible_host: "gentoo1" - ansible_ssh_user: "gentoo" - BOX_SERVICE_MGR: "openrc" - BOX_HOST_NAME: "gentoo1" - BOX_USER_NAME: "gentoo" - BOX_USER_GROUP: "adm" - BOX_ALSO_GROUP: "adm" - BOX_USER_HOME: "/home/gentoo" - BOX_OS_NAME: Gentoo - BOX_OS_FAMILY: Gentoo - BOX_OS_FLAVOR: "Gentoo" - BOX_USR_LIB: lib64 - BOX_DEFAULT_OUTPUT_IF: eth0 - BOX_PYTHON2_MINOR: "" - BOX_PYTHON3_MINOR: "3.11" - BASE_PORTAGE_PYTHON_MINOR: 3.11 - BOX_HOST_CONTAINER_MOUNTS: [] - BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/linuxPen19/usr/portage/distfiles" - BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties - BOX_ALSO_USERS: - - gentoo - BOX_BASE_FEATURES: [] - BOX_TOXCORE_FEATURES: ['libvirt', 'docker'] - BOX_GENTOO_FROM_MP: "/mnt/linuxPen19" - - ubuntu18.04: - # /mnt - ansible_remote_addr: "ubuntu18.04" - # this is what the libvirt-qemu connector uses - ansible_host: "ubuntu18.04" - ansible_ssh_user: "vagrant" - BOX_SERVICE_MGR: systemd - BOX_HOST_NAME: "Ubuntu18.04" - BOX_USER_NAME: "vagrant" - BOX_USER_GROUP: "users" - BOX_USER_HOME: "/home/vagrant" - BOX_OS_FAMILY: Debian - BOX_OS_NAME: Ubuntu - BOX_OS_FLAVOR: "Ubuntu18" - BOX_USR_LIB: lib - BOX_DEFAULT_OUTPUT_IF: eth0 - BOX_UBUNTU16_VAR_APT_ARCHIVES: "/o/Cache/Apt/Ubuntu/18/var/cache/apt/archives" - ansible_python_interpreter: "/usr/bin/python3.6" - BOX_PYTHON2_MINOR: "" - BOX_PYTHON3_MINOR: "3.6" - BOX_REMOTE_MOUNTS: ['/mnt/o'] - # BOX_WHONIX_PROXY_HOST: "Whonix-Gateway" - # BOX_PROXY_MODE: ws - # FixMe - base_system_users: ['vagrant'] - BOX_TOXCORE_FEATURES: ['libvirt', 'docker'] - - vars: - BOX_ANSIBLE_CONNECTIONS: ["ssh", "libvirt_qemu"] - # proxy from environment - # ansible_ssh_extra_args: "-o StrictHostKeyChecking=no" - # ansible_ssh_host: "127.0.0.1" - BOX_ROOT_GROUP: root - BOX_PROXY_MODE: client - http_proxy: "http://127.0.0.1:3128" - https_proxy: "http://127.0.0.1:9128" - socks_proxy: "socks5://127.0.0.1:9050" - no_proxy: "localhost,127.0.0.1,127.0.0.1" - - linux_chroot_group : - - hosts: - - linuxGentoo: - - ansible_remote_addr: "/mnt/gentoo" - # required - ansible_host: "/mnt/gentoo" - BOX_SERVICE_MGR: "openrc" - BOX_HOST_NAME: "gentoo" - BOX_USER_NAME: "gentoo" - BOX_USER_GROUP: "adm" - BOX_USER_HOME: "/home/gentoo" - BOX_OS_FAMILY: Gentoo - BOX_OS_NAME: gentoo - BOX_OS_FLAVOR: "Gentoo" - BOX_USR_LIB: lib64 - BOX_DEFAULT_OUTPUT_IF: wlan6 - BASE_PORTAGE_PYTHON_MINOR: 3.11 - ansible_python_interpreter: "/usr/bin/python3.11" - BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/linuxPen19/usr/portage/distfiles" - BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties - BOX_ALSO_USERS: - - gentoo - BOX_PROXY_MODE: "{{lookup('env', 'MODE'|default('tor'}}" - BOX_GENTOO_FROM_MP: "/mnt/linuxPen19" - - linuxPen19: - - ansible_remote_addr: "/mnt/linuxPen19" - # required - ansible_host: "/mnt/linuxPen19" - BOX_SERVICE_MGR: "openrc" - BOX_HOST_NAME: "linuxPen19" - BOX_USER_NAME: "vagrant" - BOX_USER_GROUP: "adm" - BOX_USER_HOME: "/home/vagrant" - BOX_OS_FAMILY: Gentoo - BOX_OS_NAME: gentoo - BOX_OS_FLAVOR: "Pentoo" - BOX_USR_LIB: lib64 - BOX_DEFAULT_OUTPUT_IF: wlan6 - BASE_PORTAGE_PYTHON_MINOR: 3.11 - ansible_python_interpreter: "/usr/bin/python3.11" - BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/i/net/Http/distfiles.gentoo.org/distfiles" - BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties - BOX_ALSO_USERS: - - gentoo - BOX_BASE_FEATURES: [] - BOX_TOXCORE_FEATURES: ['nbd', 'libvirt', 'docker'] - BOX_PROXY_MODE: "{{lookup('env', 'MODE'|default('tor'}}" - - # linux_chroot_group vars - vars: - BOX_ANSIBLE_CONNECTIONS: ["local", "chroot"] - # ignored? chroot_connection/exe in ansible.cfg? - ansible_chroot_exe: "/usr/local/sbin/base_chroot.bash" - - #? ansible_ssh_common_args: "/usr/bin/env -i CHROOT=1" - # -i "PATH" - # -i "http_proxy https_proxy socks_proxy no_proxy" - #? -l - # for a non-root login: ansible_ssh_extra_args: "--userspec=foo:adm" - vars: # linux_unix_group - # toxcore - BOX_NBD_DEV: nbd1 - BOX_NBD_MP: /mnt/gentoo - BOX_NBD_OVERLAY_NAME: "gentoo1" - BOX_NBD_FILES: "/i/data/Agile/tmp/Topics/GentooImgr" - BOX_NBD_PORTAGE_FILE: "{{AGI_NBD_FILES}}/portage-20231223.tar.xz" - BOX_NBD_STAGE3_FILE: "{{AGI_NBD_FILES}}/stage3-amd64-openrc-20231217T170203Z.tar.xz" - BOX_NBD_KERNEL_DIR: /usr/src/linux - BOX_NBD_BASE_PROFILE: openrc - BOX_NBD_BASE_DIR: "/a/tmp/GentooImgr" - BOX_NBD_BASE_QCOW: "{{BOX_NBD_BASE_DIR}}/gentoo.qcow2" - BOX_NBD_OVERLAY_QCOW: "/o/var/lib/libvirt/images/gentoo1.qcow2" - BOX_NBD_BASE_PUBKEY: "/root/.ssh/id_rsa-ansible.pub" - - # libvirt overlay - BOX_NBD_OVERLAY_DIR: "/a/tmp/GentooImgr/create-vm" - BOX_NBD_LOGLEVEL: 10 - BOX_NBD_OVERLAY_GB: "20" - BOX_NBD_OVERLAY_CPUS: 1 - BOX_NBD_OVERLAY_RAM: 2048 - BOX_NBD_OVERLAY_BR: virbr1 - # unused? - BOX_NBD_OVERLAY_NETWORK: default - # plaintext - BOX_NBD_OVERLAY_PASS: "gentoo" - BOX_GENTOOIMGR_CONFIGFILE: "/g/Agile/tmp/Topics/GentooImgr/base.json" - - - vars: - # These come from the inventory overridden for connection = local,chroot in base_proxy.yml - http_proxy: "" - https_proxy: "" - socks_proxy: "" - ftp_proxy: "" - no_proxy: "localhost,127.0.0.1" - SSL_CERT_FILE: "/usr/local/etc/ssl/cacert-testforge.pem" - RSYNC_PROXY: "" - - BOX_OS_FAMILY: "" - BOX_OS_NAME: "" - BOX_OS_FLAVOR: "" - BOX_DEFAULT_OUTPUT_IF: "" - BOX_ALSO_GROUP: "adm" - - # only common to local and vagrant because /mnt/j is remote mounted - need a linux_group - BOX_ROOT_PIP_CACHE: "/mnt/o/Cache/Pip" - BOX_BOXUSER_PIP_CACHE: "/mnt/o/Cache/Pip" - - HOST_MOUNT_SYMLINKS: [] - HOST_MOUNT_SYMLINK_CONTENTS: {} - - LXD_TRUST_PASSWORD: sekret - - BOX_HOST_CONTAINER_MOUNTS: - - /mnt/l - - /mnt/e - - /mnt/h - - /mnt/i - - /mnt/j - - /mnt/q - - /mnt/w - - /mnt/o - - BOX_DOS_SCAN_DIRS: - - /mnt/h - - /mnt/i - - /mnt/j - - /mnt/e - - /mnt/q - - /mnt/w - - /mnt/c - - # These will fluctuate with what's been started - it's safe to open them all - # FixMe: should these go on no_proxy systematically - PRIV_TOR_LOCAL_NETS: - - "192.168.56.0/24" - - BOX_ALSO_USERS: [] - BOX_PYTHON2_MINOR: "" - BOX_PYTHON3_MINOR: "3.11" - BOX_BASH_SHELL: /bin/bash - BOX_IPV6_DISABLE: 1 - BOX_EMACS_VERSION: 27 - - BOX_ROOT_USER: root - BOX_ROOT_GROUP: root - - BOX_BYPASS_PROXY_GROUP: tor - BOX_FIREWALL_ALLOW_TRANS: false - BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties - - BOX_BASE_FEATURES: [] - BOX_LOGG_FEATURES: [] - BOX_KEYS_FEATURES: ['tpm2'] # truecrypt - BOX_HARDEN_FEATURES: ['bubblewrap', 'sysctl', 'jabber'] # 'clamscan', firejail - # libvirt means 'qemu' - BOX_HOSTVMS_FEATURES: [] - - BOX_MISP_FEATURES: [] # 'kitchen' - BOX_W3AF_FEATURES: [] # 'kitchen' - BOX_MISP_GPG_PASS: gpg_pass_to_change_fast - - BOX_timezone: UTC - BOX_hwclock_local: false - BOX_hwclock_systohc: true - BOX_hwclock_hctosys: false - - BOX_PROXY_MODE: "" - BOX_DNS_PROXY: dnsmasq - BOX_TIME_DAEMON: ntpd - BOX_NTP_GROUP: ntp - BOX_NET_MANAGER: "networkmanager" - BOX_HTTP_PROXY: privoxy - - # toxcore - BOX_NBD_DEV: "" - BOX_NBD_MP: "" - BOX_NBD_FILES: "" - BOX_NBD_LOGLEVEL: 20 - BOX_NBD_PORTAGE_FILE: "{{AGI_NBD_FILES}}/portage-20231223.tar.xz" - BOX_NBD_STAGE3_FILE: "{{AGI_NBD_FILES}}/stage3-amd64-openrc-20231217T170203Z.tar.xz" - BOX_NBD_KERNEL_DIR: /usr/src/linux - BOX_NBD_BASE_PROFILE: openrc - BOX_NBD_BASE_DIR: "" - BOX_NBD_BASE_QCOW: "" - BOX_NBD_BASE_PUBKEY: "" - - # libvirt overlay - BOX_NBD_OVERLAY_QCOW: "" - BOX_NBD_OVERLAY_DIR: "" - BOX_NBD_OVERLAY_BR: "" - BOX_NBD_OVERLAY_GB: "20" - BOX_NBD_OVERLAY_NAME: "" - BOX_NBD_OVERLAY_CPUS: 1 - BOX_NBD_OVERLAY_RAM: 2048 - # plaintext - BOX_NBD_OVERLAY_PASS: "" - BOX_GENTOOIMGR_CONFIGFILE: "" - -# Controls what compression method is used for new-style ansible modules when -# they are sent to the remote system. The compression types depend on having -# support compiled into both the controller's python and the client's python. -# The names should match with the python Zipfile compression types: -# * ZIP_STORED (no compression. available everywhere) -# * ZIP_DEFLATED (uses zlib, the default) -# These values may be set per host via the ansible_module_compression inventory variable. -# - ansible_module_compression: "ZIP_STORED" - ansible_python_interpreter: "/usr/local/bin/python3.sh" - - BOX_ANSIBLE_VERSION: "2.9.22" - # Cannot communicate securely with peer: no common encryption algorithm(s). - # git.kernel.org/ sslversion = tlsv1.3 - BOX_TLS_VERSION: "1.3" - BOX_SSL_GIT_SSLVERSION: "1.3" - - # unused so far - needed by src/ansible_gentooimgr/gentooimgr/ - BOX_ARCHITECTURE: amd64 - BOX_SUBTYPE: -hardened - # https://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage3-amd64-hardened-openrc.txt - GENTOO_BASE_STAGE_OPENRC_TXT_URL: "https://distfiles.gentoo.org/releases/{{BOX_ARCHITECTURE}}/autobuilds/latest-stage3-{{BOX_ARCHITECTURE}}{{BOX_SUBTYPE}}-openrc.txt" - # plus .gpgsig and .md5sum - GENTOO_BASE_PORTAGE_URL: "https://distfiles.gentoo.org/snapshots/portage-latest.tar.xz" - BOX_GENTOO_DISTFILES_ARCHIVES: "/i/net/Http/distfiles.gentoo.org/distfiles" - #? Gentoo specific? - - # unused so far - # missing HOSTVMS_LXD_TRUST_PASSWORD base_passwords_database - # /mnt/o/data/TestForge/src/ansible/roles/hostvms/tasks/vms.yml - box_passwords_database: "{{ lookup('env', 'USER')}}/Passwords.kdbx" - - BOX_WHONIX_PROXY_HOST: "" - BOX_PROXY_FEATURES: [] - BOX_GPG_SERVER: "keys.gnupg.net" - BOX_USR_LIB: lib - # if you are on a Gentoo, then / else the mp of a Gentoo if you have one, else '' - BOX_GENTOO_FROM_MP: '' - - # bc - MOUNT_GENTOO_DISTFILES_ARCHIVES: "{{BOX_GENTOO_DISTFILES_ARCHIVES}}" - -# # These are inventory overridden for connection = chroot in base_proxy.yml -# http_proxy: "{{ lookup('env', 'http_proxy')|default('http://127.0.0.1:3128') }}" -# https_proxy: "{{ lookup('env', 'https_proxy')|default('http://10.0.2.15:9128') }}" -# socks_proxy: "{{ lookup('env', 'socks_proxy')|default('socks5://10.0.2.15:9050') }}" -# no_proxy: "{{ lookup('env', 'no_proxy')|default('10.0.2.15,127.0.0.1,localhost') }}" diff --git a/hosts.yml b/hosts.yml index 18c511f..577ae1e 100644 --- a/hosts.yml +++ b/hosts.yml @@ -170,6 +170,7 @@ all: BOX_OS_NAME: Gentoo BOX_OS_FAMILY: Gentoo BOX_OS_FLAVOR: "Gentoo" + BOX_PROXY_MODE: nat BOX_USR_LIB: lib64 BOX_DEFAULT_OUTPUT_IF: eth0 BOX_PYTHON2_MINOR: "" @@ -218,7 +219,13 @@ all: # proxy from environment # ansible_ssh_extra_args: "-o StrictHostKeyChecking=no" # ansible_ssh_host: "127.0.0.1" - BOX_ROOT_GROUP: root + BOX_NBD_OVERLAY_EXTERNAL: "0.0.0.0" + HTTP_PROXY: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:3128" + HTTPS_PROXY: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:9128" + SOCKS_PROXY: "socks5://{{BOX_NBD_OVERLAY_EXTERNAL}}:9050" + FTP_PROXY: "" + RSYNC_PROXY: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:3128" + NO_PROXY: "localhost,127.0.0.1" linux_chroot_group : @@ -304,21 +311,21 @@ all: BOX_NBD_OVERLAY_CPUS: 1 BOX_NBD_OVERLAY_RAM: 2048 BOX_NBD_OVERLAY_BR: virbr1 - # unused? - BOX_NBD_OVERLAY_NETWORK: default + BOX_NBD_OVERLAY_SUBNET: 10.0.2.0 + BOX_NBD_OVERLAY_NETWORK: External # plaintext BOX_NBD_OVERLAY_PASS: "gentoo" BOX_GENTOOIMGR_CONFIGFILE: "/g/Agile/tmp/Topics/GentooImgr/base.json" vars: # These come from the inventory overridden for connection = local,chroot in base_proxy.yml - http_proxy: "" - https_proxy: "" - socks_proxy: "" - ftp_proxy: "" - no_proxy: "localhost,127.0.0.1" - SSL_CERT_FILE: "/usr/local/etc/ssl/cacert-testforge.pem" + HTTP_PROXY: "" + HTTPS_PROXY: "" + SOCKS_PROXY: "" + FTP_PROXY: "" RSYNC_PROXY: "" + NO_PROXY: "localhost,127.0.0.1" + SSL_CERT_FILE: "/usr/local/etc/ssl/cacert-testforge.pem" BOX_OS_FAMILY: "" BOX_OS_NAME: "" @@ -464,7 +471,7 @@ all: MOUNT_GENTOO_DISTFILES_ARCHIVES: "{{BOX_GENTOO_DISTFILES_ARCHIVES}}" # # These are inventory overridden for connection = chroot in base_proxy.yml -# http_proxy: "{{ lookup('env', 'http_proxy')|default('http://127.0.0.1:3128') }}" -# https_proxy: "{{ lookup('env', 'https_proxy')|default('http://10.0.2.15:9128') }}" -# socks_proxy: "{{ lookup('env', 'socks_proxy')|default('socks5://10.0.2.15:9050') }}" -# no_proxy: "{{ lookup('env', 'no_proxy')|default('10.0.2.15,127.0.0.1,localhost') }}" +# HTTP_PROXY: "{{ lookup('env', 'http_proxy')|default('http://127.0.0.1:3128') }}" +# HTTPS_PROXY: "{{ lookup('env', 'https_proxy')|default('http://10.0.2.15:9128') }}" +# SOCKS_PROXY: "{{ lookup('env', 'socks_proxy')|default('socks5://10.0.2.15:9050') }}" +# NO_PROXY: "{{ lookup('env', 'no_proxy')|default('10.0.2.15,127.0.0.1,localhost') }}" diff --git a/lib/plugins/libvirt_qemu.py b/lib/plugins/libvirt_qemu.py index e3c6950..9512f97 100644 --- a/lib/plugins/libvirt_qemu.py +++ b/lib/plugins/libvirt_qemu.py @@ -39,10 +39,17 @@ DOCUMENTATION = """ vars: - name: ansible_libvirt_uri timeout: - description: timeout for libvirt to connect to access the virtual machine - required: false + description: timeout for libvirt to connect to access the VM + ini: + - section: defaults + key: libvirt_timeout + env: + - name: ANSIBLE_LIBVIRT_TIMEOUT + vars: + - name: timeout type: int - default: 10 + default: 5 + required: false """ import base64 @@ -64,7 +71,7 @@ from os.path import exists, getsize display = Display() -iMAX_WAIT = 10 # sec. +iMAX_WAIT = 15 # sec. REQUIRED_CAPABILITIES = [ {'enabled': True, 'name': 'guest-exec', 'success-response': True}, @@ -89,6 +96,7 @@ class Connection(ConnectionBase): super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs) self._host = self._play_context.remote_addr + self._play_context = play_context # Windows operates differently from a POSIX connection/shell plugin, # we need to set various properties to ensure SSH on Windows continues @@ -98,7 +106,7 @@ class Connection(ConnectionBase): self.always_pipeline_modules = True self.module_implementation_preferences = ('.ps1', '.exe', '') self.allow_executable = False - self._timeout = self.get_option('timeout', 10) + self._timeout = self.get_option('timeout', iMAX_WAIT) def _connect(self): ''' connect to the virtual machine; nothing to do here ''' @@ -156,6 +164,15 @@ class Connection(ConnectionBase): cmd_args_list = self._shell._encode_script(cmd, as_list=True, strict_mode=False, preserve_rc=False) # TODO(odyssey4me): + cmd_list = cmd_args_list[0] + if self._play_context.become and \ + self._play_context.become_user not in ['', 'root']: + cmd_args_list = [self._play_context.become_exe, '-u', + self._play_context.become_user] + \ + self._play_context.become_flags.split(' ') + \ + cmd_args_list +# pl = f"cmd_args_list={cmd_args_list} become_flags={self._play_context.become_flags}" +# display.vv(u"BECOMME {0} CONNECTION".format(pl), host=self._host) # Implement buffering much like the other connection plugins # Implement 'env' for the environment settings # Implement 'input-data' for whatever it might be useful for @@ -169,7 +186,7 @@ class Connection(ConnectionBase): } request_exec_json = json.dumps(request_exec) - display.vvv("GA send: {0}".format(request_exec_json), host=self._host) + display.vvvv("GA send: {0}".format(request_exec_json), host=self._host) # sys.stderr.write("GA send: {0}\n".format(request_exec_json)) command_start = time.clock_gettime(time.CLOCK_MONOTONIC) # TODO(odyssey4me): @@ -183,7 +200,7 @@ class Connection(ConnectionBase): self._connected = False raise AnsibleConnectionFailure(to_native(err)) - display.vvv(u"GA return: {0}".format(result_exec), host=self._host) + display.vvvv(u"GA return: {0}".format(result_exec), host=self._host) request_status = { 'execute': 'guest-exec-status', @@ -193,11 +210,11 @@ class Connection(ConnectionBase): } request_status_json = json.dumps(request_status) - display.vvv(u"GA send: {0}".format(request_status_json), host=self._host) + display.vvvv(u"GA send: {0}".format(request_status_json), host=self._host) # TODO(odyssey4me): # Work out a better way to wait until the command has exited - max_time = iMAX_WAIT + time.clock_gettime(time.CLOCK_MONOTONIC) + max_time = timeout + time.clock_gettime(time.CLOCK_MONOTONIC) result_status = { 'return': dict(exited=False), } @@ -219,12 +236,12 @@ class Connection(ConnectionBase): self._connected = False raise AnsibleConnectionFailure(to_native(err)) - display.vvv(u"GA return: {0}".format(result_status), host=self._host) + display.vvvv(u"GA return: {0}".format(result_status), host=self._host) while not result_status['return']['exited']: result_status = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_status_json, self._timeout, 0)) - display.vvv(u"GA return: {0}".format(result_status), host=self._host) + display.vvvv(u"GA return: {0}".format(result_status), host=self._host) if result_status['return'].get('out-data'): stdout = base64.b64decode(result_status['return']['out-data']) diff --git a/roles/ansible-gentoo_install/defaults/main.yml b/roles/ansible-gentoo_install/defaults/main.yml index 1db4379..fcc7d7a 100644 --- a/roles/ansible-gentoo_install/defaults/main.yml +++ b/roles/ansible-gentoo_install/defaults/main.yml @@ -32,21 +32,24 @@ AGI_install_syslog_daemon: syslog-ng # sysklogd AGI_install_cron_daemon: cronie # AGI_install_bootloader: syslinux # grub:2 -AGI_install_syslinux_kernel_line: - # this is required I think - - console=tty1 - # this is required I think - - text - # adjust these to suit - - lang=en - - keymap=us +AGI_syslinux_date: 2023_09_30 +AGI_syslinux_vmlinuz: vmlinuz-6.1.52-pentoo +AGI_syslinux_initramfs: initramfs-pentoo-x86_64-6.1.52-pentoo +AGI_syslinux_vga: "0x037f" # 0x37f? +AGI_syslinux_ipv6disable: 1 +AGI_syslinux_cmdline: - rootfstype=ext2 - # remove this if you want IPV6 - - ipv6.disable=1 # fsck should NOT be done by the bootloader - rd.skipfsck=1 - # =0x37f works too - - vga=789 + # remove this if you want IPV6 + - ipv6.disable=1 + # this is required I think + - console=ttyS0 + - lang=en + - keymap=us + - vga={{AGI_syslinux_vga}} + # this is required I think + - text # these may not all be needed or useful in a container # - pti=on # - iommu=pt diff --git a/roles/ansible-gentoo_install/tasks/bootloader.yml b/roles/ansible-gentoo_install/tasks/bootloader.yml index 9a9dfcf..6e904a1 100644 --- a/roles/ansible-gentoo_install/tasks/bootloader.yml +++ b/roles/ansible-gentoo_install/tasks/bootloader.yml @@ -20,39 +20,6 @@ - name: setup syslinux shell: | [ -d /boot/syslinux ] || mkdir /boot/syslinux - [ -f /boot/syslinux/syslinux.cfg ] || \ - cat > /boot/syslinux/syslinux.cfg << EOF - # -*-mode: sh; tab-width: 8; coding: utf-8-dos -*- - default vesamenu.c32 - prompt 0 - # timeout 150 - - menu title nbd2 - menu background splash.png - menu color title 1;36;44 #c0ffffff #00000000 std - menu color sel 7;37;40 #e0000000 #20ECEAC7 all - menu rows 15 - menu tabmsgrow 21 - menu timeoutrow 23 - menu helpmsgrow 23 - - # drm.debug=0xe - # rd.shell rd.debug - - label pentoo2019-Pen19-6.1.52-pentoo_2023_09_30_0x037f - menu label pentoo2019_Pen19_6.1.52-pentoo_2023_09_30_0x037f - menu default - kernel /vmlinuz-6.1.52-pentoo_2023_09_30 - INITRD /initramfs-pentoo-x86_64-6.1.52-pentoo_2023_09_30.img - # was vga=0x315 - APPEND root=LABEL=root {{''.join(AGI_install_syslinux_kernel_commands)}} - - label MAIN hd0 MBR - menu label MAIN hd0 0 - com32 chain.c32 - APPEND hd0 - - EOF [ ! -d /usr/share/syslinux/ ] || \ for elt in {{' '.join(AGI_install_syslinux_c32)}}; do [ -f /boot/syslinux/$elt ] && continue @@ -60,6 +27,15 @@ done exit 0 + - name: setup syslinux.cfg + template: | + dest: /boot/syslinux/syslinux.cfg + src: boot/syslinux/syslinux.cfg + force: no + newline_sequence: '\r\n' + owner: root + mode: '0644' + - name: do syslinux install manually shell: | df | grep {{AGI_install_disk}} && \ @@ -122,6 +98,8 @@ dest: /etc/default/grub line: '{{item.from}}="{{item.to}}"' regexp: '^#*{{item.from}}=.*' + owner: root + mode: '0644' with_items: # Append parameters to the linux kernel command line for non-recovery entries - from: GRUB_CMDLINE_LINUX_DEFAULT @@ -138,6 +116,18 @@ - from: GRUB_DISABLE_LINUX_UUID to: true + - name: grub.cfg from roles/ansible-gentoo_install/tasks/ + shell: | + LINE="{{' '.join(AGI_install_syslinux_kernel_line)}}" + # LINE="$LINE pti=on doscsi iommu=pt amd_iommu=on debugfs=off efi=disable_early_pci_dma extra_latent_entropy init_on_free=1 kvm.nx_huge_pages=force l1tf=full,force mce=0 mds=full,nosmt nosmt=force page_alloc.shuffle=1 pti=on random.trust_cpu=off slab_nomerge slub_debug=FZ spec_store_bypass_disable=on spectre_v2=on tsx_async_abort=full,nosmt vsyscall=none " + grep /boot /etc/fstab || exit 1 + df | grep /boot || mount /boot || exit 2 + [ -d /boot/grub ] || exit 3 + [ -f /boot/grub/grub.cfg ] || exit 4 + [ -f /boot/grub/grub.cfg.dst ] || cp -p /boot/grub/grub.cfg /boot/grub/grub.cfg.dst + sed -e 's@ ro *$@ '"$LINE"' ro@' -i /boot/grub/grub.cfg + ignore_errors: true + when: AGI_install_bootloader == 'grub:2' - name: fstab root @@ -145,24 +135,32 @@ dest: /etc/fstab line: '{{AGI_container_disk}}3 / ext4 defaults,noatime 0 1' regexp: '^{{AGI_container_disk}}3' + owner: root + mode: '0644' - name: fstab boot lineinfile: dest: /etc/fstab line: '{{AGI_container_disk}}1 /boot ext3 defaults,noatime 0 1' regexp: '^{{AGI_container_disk}}3' + owner: root + mode: '0644' - name: fstab swap lineinfile: dest: /etc/fstab line: '{{AGI_container_disk}}2 none swap nofail,sw 0 0' regexp: '^{{AGI_container_disk}}2' + owner: root + mode: '0644' - name: fstab shm lineinfile: dest: /etc/fstab line: 'tmpfs /run/shm tmpfs defaults,noexec,size=5% 0 0' regexp: '^tmpfs */run/shm' + owner: root + mode: '0644' # linuxPen19 /mnt/linuxPen19 virtiofs defaults,dirsync 0 0 @@ -171,18 +169,24 @@ dest: /etc/security/passwdqc.conf line: 'enforce=none' regexp: '^enforce=.*' + owner: root + mode: '0644' - name: /etc/security/passwdqc.conf lineinfile: dest: /etc/security/passwdqc.conf line: 'enforce=none' regexp: '^enforce=.*' + owner: root + mode: '0644' - name: /etc/conf.d/consolefont lineinfile: dest: /etc/conf.d/consolefont line: 'consolefont="ter-v{{AGI_consolefont_font_size}}b"' regexp: '^consolefont=.*' + owner: root + mode: '0644' - name: consolefont shell: | @@ -193,7 +197,7 @@ /etc/init.d consolefont start # these are right for ter-v28b consolefont if tty|grep -q /dev/ttyS0 ; then - stty cols 80 rows 35 + stty cols 80 rows 34 elif tty|grep -q /dev/tty[1-6] ; then stty cols 80 rows 22 fi diff --git a/roles/ansible-gentoo_install/tasks/misc.yml b/roles/ansible-gentoo_install/tasks/misc.yml index 3794523..f77c2db 100644 --- a/roles/ansible-gentoo_install/tasks/misc.yml +++ b/roles/ansible-gentoo_install/tasks/misc.yml @@ -17,7 +17,8 @@ done # 700 files from ansible umask find /usr/local/*bin/ /usr/local/etc/ -name '*sh' -exec chmod 755 {} \; - find /usr/local/ -type f -exec chown ${BOX_USER_NAME}:${BOX_USER_GROUP} {} \; + find /usr/local/{src,bin,share,etc} -type f \ + -exec chown ${BOX_USER_NAME}:${BOX_USER_GROUP} {} \; exit 0 when: AGI_bootstrap_mountpoints|default([])|length > 0 diff --git a/roles/ansible-gentoo_install/templates/boot/syslinux/syslinux.cfg b/roles/ansible-gentoo_install/templates/boot/syslinux/syslinux.cfg new file mode 100755 index 0000000..13b85b5 --- /dev/null +++ b/roles/ansible-gentoo_install/templates/boot/syslinux/syslinux.cfg @@ -0,0 +1,30 @@ +# -*-mode: sh; tab-width: 8; coding: utf-8-dos -*- +default vesamenu.c32 +##? SERIAL 0 115200 +##? CONSOLE 0 +prompt 0 +timeout 150 + +menu title {{BOX_NBD_DEV}} TAB to edit RETURN to boot +menu color title 1;36;44 #c0ffffff #00000000 std +menu color sel 7;37;40 #e0000000 #20ECEAC7 all +menu rows 15 +menu tabmsgrow 21 +menu timeoutrow 23 +menu helpmsgrow 23 + +# rd.shell rd.debug + +label {{AGI_syslinux_vmlinuz}}_{{AGI_syslinux_date}}_{{AGI_syslinux_vga}} + menu label {{AGI_syslinux_vmlinuz}}_{{AGI_syslinux_date}}_{{AGI_syslinux_vga}} + menu default + kernel /{{AGI_syslinux_vmlinuz}} + INITRD /{{AGI_syslinux_initramfs}} + # was vga=0x315 + APPEND root=LABEL=root rootfstype=ext2 console=ttyS0 pti=on rd.skipfsck=1 ipv6.disable={{AGI_syslinux_disable}} lang=en keymap=us vga={{AGI_syslinux_vga}} text + +label MAIN hd0 MBR + menu label MAIN hd0 0 + com32 chain.c32 + APPEND hd0 + diff --git a/roles/base b/roles/base new file mode 120000 index 0000000..22f1827 --- /dev/null +++ b/roles/base @@ -0,0 +1 @@ +/o/data/TestForge/src/ansible/roles/base \ No newline at end of file diff --git a/roles/proxy b/roles/proxy new file mode 120000 index 0000000..3f8e944 --- /dev/null +++ b/roles/proxy @@ -0,0 +1 @@ +/o/data/TestForge/src/ansible/roles/proxy \ No newline at end of file diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_check_modules.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_check_modules.bash index 07f4f90..56eafad 100755 --- a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_check_modules.bash +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_check_modules.bash @@ -10,6 +10,7 @@ ROLE=toxcore MYID=`id -u` # or use sudo? or just diagnostics? $prog should be run as root $MYID [ $MYID -eq 0 ] && sudo= || sudo=sudo # "WARN as root - sudo" +TOXCORE_LOG_DIR=$PREFIX/var/log grep -q iommu=pt /proc/cmdline || WARN 'iommu=pt not on command line' grep -q intel_iommu=on /proc/cmdline || WARN 'intel_iommu=on not on command line' @@ -72,7 +73,7 @@ lsmod | sort > /tmp/$$.lsmod # selectively activate runtime features [ "$#" -eq 0 ] && exit 0 -if [ "$1" = "libvirt" ] ; then +if [ "$1" = "libvirt" -i "$1" = "libvirt_qemu" ] ; then if [ ! -d /dev/virtio-ports ] ; then # firewall - should depend on mode for mod in "${MODS[@]}" ; do diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_hourly.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_hourly.bash old mode 100644 new mode 100755 index 9c0456e..1c36411 --- a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_hourly.bash +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_hourly.bash @@ -29,6 +29,8 @@ ELOG="$TOXCORE_LOG_DIR"/$ly/E$prog$$.log #?ols_make_testforge_logs $TOXCORE_LOG_DIR find "$TOXCORE_LOG_DIR"/$ly/ -type f -name W${prog}*.log -o -name E${prog}*.log -mtime +1 -delete +[ -d /var/lib/libvirt/dnsmasq/ ] && \ + sudo find /var/lib/libvirt/dnsmasq/ -mtime +1 -empty -delete if virsh list | grep -q Whonix-Gateway ; then /usr/local/bin/toxcore_libvirt_test_ga.bash diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_python_doctest3.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_python_doctest3.bash new file mode 100755 index 0000000..33a6214 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_python_doctest3.bash @@ -0,0 +1,22 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=/var/local +. /usr/local/etc/testforge/testforge.bash +ROLE=testforge + +PYVER=3 +P="BASE_PYTHON${PYVER}_MINOR" +PYTHON_MINOR="$(eval echo \$$P)" +PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash +PYTHON_EXE=$PYTHON_EXE_MSYS + +# doctest.py +# NORMALIZE_WHITESPACE = register_optionflag('NORMALIZE_WHITESPACE') +# ELLIPSIS = register_optionflag('ELLIPSIS') +LOPTS="-o ELLIPSIS --fail-fast" + +for file in "$@" ; do + /var/local/bin/python$PYVER.bash -m doctest $LOPTS "$file" +done diff --git a/roles/toxcore/overlay/Linux/usr/local/net/Git/git.plastiras.org/emdee/tox_profile/.gitignore b/roles/toxcore/overlay/Linux/usr/local/net/Git/git.plastiras.org/emdee/tox_profile/.gitignore new file mode 100644 index 0000000..8c260ab --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/net/Git/git.plastiras.org/emdee/tox_profile/.gitignore @@ -0,0 +1,169 @@ +# ---> Python +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class +*.diff +.pylint.* +*~ + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ +cover/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +.pybuilder/ +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +# For a library or package, you might want to ignore these files since the code is +# intended to run in multiple environments; otherwise, check them in: +# .python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# poetry +# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. +# This is especially recommended for binary packages to ensure reproducibility, and is more +# commonly ignored for libraries. +# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control +#poetry.lock + +# pdm +# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. +#pdm.lock +# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it +# in version control. +# https://pdm.fming.dev/#use-with-ide +.pdm.toml + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# pytype static type analyzer +.pytype/ + +# Cython debug symbols +cython_debug/ + +# PyCharm +# JetBrains specific template is maintained in a separate JetBrains.gitignore that can +# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore +# and can be added to the global gitignore or merged into this file. For a more nuclear +# option (not recommended) you can uncomment the following to ignore the entire idea folder. +#.idea/ + +.pylint.err +.pylint.log + + diff --git a/roles/toxcore/overlay/Linux/usr/local/sbin/toxcore_libvirt_test_ga.bash b/roles/toxcore/overlay/Linux/usr/local/sbin/toxcore_libvirt_test_ga.bash index 6a5bd35..e87080c 100755 --- a/roles/toxcore/overlay/Linux/usr/local/sbin/toxcore_libvirt_test_ga.bash +++ b/roles/toxcore/overlay/Linux/usr/local/sbin/toxcore_libvirt_test_ga.bash @@ -11,7 +11,7 @@ prog=`basename $0 .bash` PREFIX=/usr/local -ROLE=hostvms +ROLE=toxcore #[ $# -eq 0 ] && set - Whonix-Gateway /bin/cat /proc/cmdline [ $# -eq 0 ] && set - Whonix-Gateway /bin/netstat -lnp4 @@ -112,14 +112,12 @@ elif [ $RCMD = guest-exec ] ; then #b64=`jq '.return.out_data' < /tmp/R$$.out` DBUG rc=$rc /tmp/R$$.out if grep -q err-data /tmp/R$$.out ; then - b64_err=`sed -e 's/{"return":{"exitcode":[0-9]*,"err-data":"//' -e 's/",".*//' /tmp/R$$.out` - errrc=$? - WARN `echo $b64_err | base64 -d -` + sed -e 's/{"return":{"exitcode":[0-9]*,"err-data":"//' -e 's/",".*//' /tmp/R$$.out | base64 -d - 2>/dev/null +# [ $? -eq 0 ] && WARN $b64_err fi if grep -q out-data /tmp/R$$.out ; then - b64_out=`sed -e 's/{"return":{"exitcode":[0-9]*,"out-data":"//' -e 's/",".*//' /tmp/R$$.out` - outrc=$? - INFO `echo $b64_out | base64 -d - ` + sed -e 's/{"return":{"exitcode":[0-9]*,"out-data":"//' -e 's/",".*//' /tmp/R$$.out | base64 -d - 2>/dev/null +# [ $? -eq 0 ] && INFO $b64_out fi #b64=`jq '.return.out_data' < /tmp/R$$.out` diff --git a/roles/toxcore/overlay/Linux/usr/local/src/ansible.bash b/roles/toxcore/overlay/Linux/usr/local/src/ansible.bash index aad765a..7ba1cba 100755 --- a/roles/toxcore/overlay/Linux/usr/local/src/ansible.bash +++ b/roles/toxcore/overlay/Linux/usr/local/src/ansible.bash @@ -73,7 +73,7 @@ if [ "$#" -eq 0 ] ; then elif [ "$1" = 'check' ] ; then "$PYTHON_EXE" -c "import $MOD" || exit 10 -# ols_run_checks_requirements +# msys_run_checks_requirements elif [ $1 = 'test' ] ; then cd $PREFIX/src/$DIR || exit 50 diff --git a/roles/toxcore/overlay/Linux/usr/local/src/dracut-050.bash b/roles/toxcore/overlay/Linux/usr/local/src/dracut-050.bash new file mode 100755 index 0000000..25f5909 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/dracut-050.bash @@ -0,0 +1,279 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=/usr/local +ROLE=toxcore + +PKG=dracut +VER=050 +DIR=${PKG}-$VER +URL=distfiles.gentoo.org/distfiles/$DIR.tar.xz +URI="https://www.kernel.org/pub/linux/utils/boot/${VER}/${DIR}.tar.xz" + +cd $PREFIX/src || exit 2 +WD=$PWD + +if [ -d /etc/apt -a $USER = root ] ; then + # old_debian_requires asciidoc libkmod-dev libkmod-dev xsltproc + which xsltproc 2>/dev/null || apt-get install xsltproc || exit 2 + which asciidoc 2>/dev/null || apt-get install asciidoc || exit 2 + elif [ -d /etc/portage -a $USER = root ] ; then + which cpio >/dev/null || emerge -fp app-arch/cpio || exit 2 + [ -f /usr/lib64/libkmod.so ] || emerge -fp '>=sys-apps/kmod-23[tools]' || exit 2 + fi + +if [ ! -f $DIR/dracut-initramfs-restore ] ; then + if [ -e $PREFIX/net/Http/$URL ] ; then + ip route|grep -q ^default || { echo "DEBUG: $0 not connected" ; exit 0 ; } + wget -xc -P $PREFIX/net/Http https://$URL + fi + tar xvfJ $PREFIX/net/Http/$URL + fi + +cd $DIR || exit 3 + +true || \ +grep -q ^prefix=$PREFIX configure || \ + sed -e 's/^KMOD_LIBS.*/KMOD_LIBS ?= -lkmod/' \ + -e 's@^ exit 1@# exit 1@' \ + -e "s@^prefix=/usr$@prefix=$PREFIX@" -i configure + + +src_configure() { + local PV=$VER + +# tc-export CC PKG_CONFIG + sed -e "s@^prefix=/usr\$@prefix=$PREFIX@" -i configure + ./configure \ + --disable-documentation \ + --prefix="${PREFIX}" \ + --sysconfdir="${PREFIX}/etc" \ + || return 1 +# --bashcompletiondir="$(get_bashcompdir)" +# --systemdsystemunitdir="$(systemd_get_systemunitdir)" + + if [ ! -f dracut-version.sh ] ; then + # Source tarball from github doesn't include this file + echo "DRACUT_VERSION=${PV}" > dracut-version.sh + fi + return 0 +} + +if [ "$#" -eq 0 ] ; then + if [ ! -f dracut-initramfs-restore.sh.dst ] ; then + false && \ + if [ -d /usr/local/patches/$ROLE/usr/local/src/$DIR/files ] ; then + find /usr/local/patches/$ROLE/usr/local/src/$DIR/files -type f -name \*.patch | \ + while read file ; do + root=`echo $file | sed -e 's/.patch//' -e "s@$PREFIX/patches/$ROLE/usr/local/src/$DIR/@@"` + [ -f $root.dst ] && continue + patch -b -z.dst $root < $file + done || exit 5 + fi + + # patches + if [ -d /usr/local/patches/$ROLE/usr/local/src/$DIR/ ] ; then + find /usr/local/patches/$ROLE/usr/local/src/$DIR/ -type f -name \*.diff | \ + while read file ; do + root=$( echo $file | sed -e 's/.diff//' \ + -e "s@$PREFIX/patches/$ROLE/usr/local/src/$DIR/@@" ) + [ -f $root.dst ] && continue + patch -b -z.dst $root < $file + done || exit 5 + fi + + find * -type f -name \*sh -exec grep -q /usr/lib/dracut {} \; -print | \ + while read file ; do + [ -f $file.dst ] || cp -p $file $file.dst + sed -e "s@/usr/lib/dracut@$PREFIX/lib/dracut@" $file + chmod 755 $file + done + fi + + [ -f Makefile.inc ] || \ + src_configure || exit 6 + grep -q systemdsystemunitdir Makefile.inc || \ + cat >> Makefile.inc << EOF +systemdsystemunitdir ?= /usr/local/lib/systemd +EOF + grep -v =$ dracut-version.sh && sed -e "s/=/=$VER/" dracut-version.sh + + [ -x install/dracut-install ] || make >> make.log 2>&1 || exit 7 + [ -x $PREFIX/lib/dracut/dracut-install -a \ + $PREFIX/lib/dracut/dracut-install -nt install/dracut-install ] || \ + make install >> install.log 2>&1 || exit 8 + +elif [ "$1" = 'test' ] ; then + $PREFIX/bin/$PKG --help || exit 30 + # Has tests + +elif [ "$1" = 'refresh' ] ; then # 6* + cd $WD/$DIR || exit 6 + find * -name \*.dst | while read file ; do + base=`echo $file |sed -e 's/.dst//'` + [ -f $base.diff -a $base.diff -nt $base ] && continue + diff -c -C 5 $file $base>$base.diff + done + find * -name \*.diff | tar cf - -T - | \ + tar xfBv - -C ../../patches/gpgkey/usr/local/src/dracut-050/ +fi + + +exit 0 + +cp -p install/dracut-install $PREFIX/bin + +rm -f -- "lsinitrd.1.xml" +asciidoc -d manpage -b docbook -o "lsinitrd.1.xml" lsinitrd.1.asc +rm -f -- "lsinitrd.1" +xsltproc -o "lsinitrd.1" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl lsinitrd.1.xml +rm -f -- "dracut.conf.5.xml" +asciidoc -d manpage -b docbook -o "dracut.conf.5.xml" dracut.conf.5.asc +rm -f -- "dracut.conf.5" +xsltproc -o "dracut.conf.5" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl dracut.conf.5.xml +rm -f -- "dracut.cmdline.7.xml" +asciidoc -d manpage -b docbook -o "dracut.cmdline.7.xml" dracut.cmdline.7.asc +rm -f -- "dracut.cmdline.7" +xsltproc -o "dracut.cmdline.7" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl dracut.cmdline.7.xml +rm -f -- "dracut.bootup.7.xml" +asciidoc -d manpage -b docbook -o "dracut.bootup.7.xml" dracut.bootup.7.asc +rm -f -- "dracut.bootup.7" +xsltproc -o "dracut.bootup.7" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl dracut.bootup.7.xml +rm -f -- "dracut.modules.7.xml" +asciidoc -d manpage -b docbook -o "dracut.modules.7.xml" dracut.modules.7.asc +rm -f -- "dracut.modules.7" +xsltproc -o "dracut.modules.7" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl dracut.modules.7.xml +rm -f -- "dracut.8.xml" +asciidoc -d manpage -b docbook -o "dracut.8.xml" dracut.8.asc +rm -f -- "dracut.8" +xsltproc -o "dracut.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl dracut.8.xml +rm -f -- "dracut-catimages.8.xml" +asciidoc -d manpage -b docbook -o "dracut-catimages.8.xml" dracut-catimages.8.asc +rm -f -- "dracut-catimages.8" +xsltproc -o "dracut-catimages.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl dracut-catimages.8.xml +rm -f -- "mkinitrd.8.xml" +asciidoc -d manpage -b docbook -o "mkinitrd.8.xml" mkinitrd.8.asc +rm -f -- "mkinitrd.8" +xsltproc -o "mkinitrd.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl mkinitrd.8.xml +rm -f -- "mkinitrd-suse.8.xml" +asciidoc -d manpage -b docbook -o "mkinitrd-suse.8.xml" mkinitrd-suse.8.asc +rm -f -- "mkinitrd-suse.8" +xsltproc -o "mkinitrd-suse.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl mkinitrd-suse.8.xml +rm -f -- "modules.d/98dracut-systemd/dracut-cmdline.service.8.xml" +asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-cmdline.service.8.xml" modules.d/98dracut-systemd/dracut-cmdline.service.8.asc +rm -f -- "modules.d/98dracut-systemd/dracut-cmdline.service.8" +xsltproc -o "modules.d/98dracut-systemd/dracut-cmdline.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-cmdline.service.8.xml +rm -f -- "modules.d/98dracut-systemd/dracut-initqueue.service.8.xml" +asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-initqueue.service.8.xml" modules.d/98dracut-systemd/dracut-initqueue.service.8.asc +rm -f -- "modules.d/98dracut-systemd/dracut-initqueue.service.8" +xsltproc -o "modules.d/98dracut-systemd/dracut-initqueue.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-initqueue.service.8.xml +rm -f -- "modules.d/98dracut-systemd/dracut-mount.service.8.xml" +asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-mount.service.8.xml" modules.d/98dracut-systemd/dracut-mount.service.8.asc +rm -f -- "modules.d/98dracut-systemd/dracut-mount.service.8" +xsltproc -o "modules.d/98dracut-systemd/dracut-mount.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-mount.service.8.xml +rm -f -- "modules.d/98dracut-systemd/dracut-shutdown.service.8.xml" +asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-shutdown.service.8.xml" modules.d/98dracut-systemd/dracut-shutdown.service.8.asc +rm -f -- "modules.d/98dracut-systemd/dracut-shutdown.service.8" +xsltproc -o "modules.d/98dracut-systemd/dracut-shutdown.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-shutdown.service.8.xml +rm -f -- "modules.d/98dracut-systemd/dracut-pre-mount.service.8.xml" +asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-pre-mount.service.8.xml" modules.d/98dracut-systemd/dracut-pre-mount.service.8.asc +rm -f -- "modules.d/98dracut-systemd/dracut-pre-mount.service.8" +xsltproc -o "modules.d/98dracut-systemd/dracut-pre-mount.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-pre-mount.service.8.xml +rm -f -- "modules.d/98dracut-systemd/dracut-pre-pivot.service.8.xml" +asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-pre-pivot.service.8.xml" modules.d/98dracut-systemd/dracut-pre-pivot.service.8.asc +rm -f -- "modules.d/98dracut-systemd/dracut-pre-pivot.service.8" +xsltproc -o "modules.d/98dracut-systemd/dracut-pre-pivot.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-pre-pivot.service.8.xml +rm -f -- "modules.d/98dracut-systemd/dracut-pre-trigger.service.8.xml" +asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-pre-trigger.service.8.xml" modules.d/98dracut-systemd/dracut-pre-trigger.service.8.asc +rm -f -- "modules.d/98dracut-systemd/dracut-pre-trigger.service.8" +xsltproc -o "modules.d/98dracut-systemd/dracut-pre-trigger.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-pre-trigger.service.8.xml +rm -f -- "modules.d/98dracut-systemd/dracut-pre-udev.service.8.xml" +asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-pre-udev.service.8.xml" modules.d/98dracut-systemd/dracut-pre-udev.service.8.asc +rm -f -- "modules.d/98dracut-systemd/dracut-pre-udev.service.8" +xsltproc -o "modules.d/98dracut-systemd/dracut-pre-udev.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-pre-udev.service.8.xml +rm -f -- dracut.xml +asciidoc -a numbered -d book -b docbook -o dracut.xml dracut.asc +rm -f -- dracut.html +xsltproc -o dracut.html --xinclude -nonet \ + --stringparam custom.css.source dracut.css \ + --stringparam generate.css.header 1 \ + http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl dracut.xml +rm -f -- dracut.xml + +[ -d /usr/lib/dracut ] || mkdir -p /usr/lib/dracut +mkdir -p /usr/lib/dracut/modules.d +mkdir -p /usr/share/man/man1 /usr/share/man/man5 /usr/share/man/man7 /usr/share/man/man8 +install -m 0755 dracut.sh /usr/bin/dracut +install -m 0755 dracut-catimages.sh /usr/bin/dracut-catimages +install -m 0755 mkinitrd-dracut.sh /usr/bin/mkinitrd +install -m 0755 lsinitrd.sh /usr/bin/lsinitrd +install -m 0644 dracut.conf /usr/etc/dracut.conf +mkdir -p /usr/etc/dracut.conf.d +mkdir -p /usr/lib/dracut/dracut.conf.d +install -m 0755 dracut-init.sh /usr/lib/dracut/dracut-init.sh +install -m 0755 dracut-functions.sh /usr/lib/dracut/dracut-functions.sh +install -m 0755 dracut-version.sh /usr/lib/dracut/dracut-version.sh +ln -fs dracut-functions.sh /usr/lib/dracut/dracut-functions +install -m 0755 dracut-logger.sh /usr/lib/dracut/dracut-logger.sh +install -m 0755 dracut-initramfs-restore.sh /usr/lib/dracut/dracut-initramfs-restore +cp -arx modules.d /usr/lib/dracut +for i in lsinitrd.1; do install -m 0644 $i /usr/share/man/man1/${i##*/}; done +for i in dracut.conf.5; do install -m 0644 $i /usr/share/man/man5/${i##*/}; done +for i in dracut.cmdline.7 dracut.bootup.7 dracut.modules.7; do install -m 0644 $i /usr/share/man/man7/${i##*/}; done +for i in dracut.8 dracut-catimages.8 mkinitrd.8 mkinitrd-suse.8 modules.d/98dracut-systemd/dracut-cmdline.service.8 modules.d/98dracut-systemd/dracut-initqueue.service.8 modules.d/98dracut-systemd/dracut-mount.service.8 modules.d/98dracut-systemd/dracut-shutdown.service.8 modules.d/98dracut-systemd/dracut-pre-mount.service.8 modules.d/98dracut-systemd/dracut-pre-pivot.service.8 modules.d/98dracut-systemd/dracut-pre-trigger.service.8 modules.d/98dracut-systemd/dracut-pre-udev.service.8; do install -m 0644 $i /usr/share/man/man8/${i##*/}; done +ln -fs dracut.cmdline.7 /usr/share/man/man7/dracut.kernel.7 +if [ -n "" ]; then \ + mkdir -p ; \ + ln -srf /usr/lib/dracut/modules.d/98dracut-systemd/dracut-shutdown.service /dracut-shutdown.service; \ + mkdir -p /sysinit.target.wants; \ + ln -s ../dracut-shutdown.service \ + /sysinit.target.wants/dracut-shutdown.service; \ + mkdir -p /initrd.target.wants; \ + for i in \ + dracut-cmdline.service \ + dracut-initqueue.service \ + dracut-mount.service \ + dracut-pre-mount.service \ + dracut-pre-pivot.service \ + dracut-pre-trigger.service \ + dracut-pre-udev.service \ + ; do \ + ln -srf /usr/lib/dracut/modules.d/98dracut-systemd/$i ; \ + ln -s ../$i \ + /initrd.target.wants/$i; \ + done \ +fi +if [ -f install/dracut-install ]; then \ + install -m 0755 install/dracut-install /usr/lib/dracut/dracut-install; \ +fi +if [ -f skipcpio/skipcpio ]; then \ + install -m 0755 skipcpio/skipcpio /usr/lib/dracut/skipcpio; \ +fi +mkdir -p /usr/lib/kernel/install.d +install -m 0755 50-dracut.install /usr/lib/kernel/install.d/50-dracut.install +install -m 0755 51-dracut-rescue.install /usr/lib/kernel/install.d/51-dracut-rescue.install +mkdir -p /usr/share/bash-completion/completions +install -m 0644 dracut-bash-completion.sh /usr/share/bash-completion/completions/dracut +install -m 0644 lsinitrd-bash-completion.sh /usr/share/bash-completion/completions/lsinitrd +mkdir -p /usr/share/pkgconfig +install -m 0644 dracut.pc /usr/share/pkgconfig/dracut.pc +rm dracut.8.xml dracut.cmdline.7.xml modules.d/98dracut-systemd/dracut-mount.service.8.xml dracut.bootup.7.xml modules.d/98dracut-systemd/dracut-pre-mount.service.8.xml modules.d/98dracut-systemd/dracut-initqueue.service.8.xml mkinitrd.8.xml modules.d/98dracut-systemd/dracut-pre-pivot.service.8.xml dracut.modules.7.xml dracut.conf.5.xml lsinitrd.1.xml modules.d/98dracut-systemd/dracut-cmdline.service.8.xml dracut-catimages.8.xml modules.d/98dracut-systemd/dracut-pre-udev.service.8.xml modules.d/98dracut-systemd/dracut-pre-trigger.service.8.xml mkinitrd-suse.8.xml modules.d/98dracut-systemd/dracut-shutdown.service.8.xml +ROLE=text +ROLE=text +ROLE=text +ROLE=text +ROLE=text +ROLE=text +ROLE=text +ROLE=text +ROLE=text +ROLE=testing +ROLE=pydev +ROLE=logging +ROLE=gpgkey +ROLE=harden +ROLE=privacy +ROLE=hostvms +ROLE=pentest +ROLE=update diff --git a/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.astylerc b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.astylerc new file mode 100644 index 0000000..69115f0 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.astylerc @@ -0,0 +1,9 @@ +lineend=linux +style=linux +indent=spaces=8 +convert-tabs +min-conditional-indent=0 +max-instatement-indent=120 +align-pointer=name +max-code-length=120 + diff --git a/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.dir-locals.el b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.dir-locals.el new file mode 100644 index 0000000..58a06c1 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.dir-locals.el @@ -0,0 +1,25 @@ +; Directory Local Variables +; For more information see (info "(emacs) Directory Variables") +; Sets emacs variables based on mode. +; A list of (major-mode . ((var1 . value1) (var2 . value2))) +; Mode can be nil, which gives default values. +; Characters width is set to 109 for .c and XML but for everything else 79. +; If you update this file make sure to update .vimrc and .editorconfig too. + +((c-mode . ((fill-column . 109) + (c-basic-offset . 8) + (eval . (c-set-offset 'substatement-open 0)) + (eval . (c-set-offset 'statement-case-open 0)) + (eval . (c-set-offset 'case-label 0)) + (eval . (c-set-offset 'arglist-intro '++)) + (eval . (c-set-offset 'arglist-close 0)) + (eval . (c-set-offset 'arglist-cont-nonempty '(c-lineup-gcc-asm-reg c-lineup-arglist))))) + (nxml-mode . ((nxml-child-indent . 2) + (fill-column . 109))) + (meson-mode . ((meson-indent-basic . 8))) + (sh-mode . ((sh-basic-offset . 4) + (sh-indentation . 4))) + (awk-mode . ((c-basic-offset . 8))) + (nil . ((indent-tabs-mode . nil) + (tab-width . 4) + (fill-column . 79))) ) diff --git a/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.editorconfig b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.editorconfig new file mode 100644 index 0000000..1bcff39 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.editorconfig @@ -0,0 +1,39 @@ +# EditorConfig configuration for dracut +# http://EditorConfig.org + +# If you update this file make sure to update .dir-locals.el and .vimrc too. + +# Top-most EditorConfig file +root = true + +# Unix-style newlines with a newline ending every file, utf-8 charset +[*] +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true +charset = utf-8 +indent_style = space +indent_size = 4 +switch_case_indent = true +function_next_line = false +binary_next_line = true +space_redirects = true + +# Match config files, set indent to spaces with width of eight. +[*.{c,h}] +indent_style = space +indent_size = 8 + +# Match config files, set indent to spaces with width of four. +[*.sh] +indent_style = space +indent_size = 4 +switch_case_indent = true +function_next_line = false +binary_next_line = true +space_redirects = true + +# Match xml man pages, set indent to spaces with width of two. +[man/*.xml] +indent_style = space +indent_size = 2 diff --git a/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.gitignore b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.gitignore new file mode 100644 index 0000000..c5be896 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.gitignore @@ -0,0 +1,27 @@ +/Makefile.inc +/dracut.8 +/dracut-catimages.8 +/dracut.conf.5 +/dracut.conf.d/*.conf +/dracut-gencmdline.8 +/dracut.html +/dracut.kernel.7 +/dracut.pc +/dracut-install +/modules.d/99base/switch_root +/test/*/test.log +/test/*/.testdir +test*.img +/.buildpath +/.project +/dracut-version.sh +/install/dracut-install +/*.rpm +/*.[0-9] +/modules.d/98dracut-systemd/*.service.8 +/*.sign +*.o +skipcpio/skipcpio +/util/util +/dracut-util +.idea/ diff --git a/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.kateconfig b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.kateconfig new file mode 100644 index 0000000..86b4ce5 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.kateconfig @@ -0,0 +1 @@ +kate: space-indent on; tab-width 4; indent-width 4; replace-tabs on; eol unix; diff --git a/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.kateproject b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.kateproject new file mode 100644 index 0000000..0a0d5da --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.kateproject @@ -0,0 +1,9 @@ +{ + "name": "Dracut" + , "files": [ { "git": 1 } ] + , "build": { + "directory": "./" + , "build": "make -j $(getconf _NPROCESSORS_ONLN) all" + , "clean": "make clean" + } +} diff --git a/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.mailmap b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.mailmap new file mode 100644 index 0000000..a757010 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.mailmap @@ -0,0 +1,37 @@ +Philippe Seewer +Seewer Philippe +Philippe Seewer +Victor Lowther +Harald Hoyer +Harald Hoyer +Harald Hoyer +Mike Snitzer +Amerigo Wang +Andrey Borzenkov +Dan Horák +John Reiser +Luca Berra +Dave Young +Dave Young +Frederick Grose +Frederic Crozat +Shawn W Dunn +Kyle McMartin +Angelo "pallotron" Failla +Yu Watanabe +Martin Wilck +Thomas Renninger +Andrey Borzenkov +Cristian Rodríguez +Daniel Drake +Fabian Vogt +Hannes Reinecke +Julian Wolf +Lidong Zhong +Nikoli +Peter Robinson +Xunlei Pang +Daniel Molkentin +Thomas Blume +Brian C. Lane +Tomasz Paweł Gajc diff --git a/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.packit.yml b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.packit.yml new file mode 100644 index 0000000..482b4c4 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.packit.yml @@ -0,0 +1,55 @@ +# This file is part of dracut. +# SPDX-License-Identifier: GPL-2.0-or-later + +# The name of the upstream package +upstream_package_name: dracut + +# The upstream tag versioning scheme +upstream_tag_template: "{version}" + +# The URL of the upstream project +upstream_project_url: https://github.com/dracutdevs/dracut + +# Relative path to a spec file within the upstream repository +specfile_path: pkgbuild/dracut.spec + +# Name of the downstream package +downstream_package_name: dracut + +# The URL of the downstream project +dist_git_base_url: https://src.fedoraproject.org/ + +# Sync file(s) from upstream repo to dist-git +synced_files: + # The dracut spec file is maintained upstream so we sync it downstream. + - dracut.spec + # We sync the packit file downstream be able to optionally use the sync-from-downstream command + - .packit.yaml + +# We want new releases to be automatically built on rawhide and have few jobs +# on copr. +create_pr: false +jobs: +- job: propose_downstream + trigger: release + metadata: + dist_git_branches: main + +- job: tests + trigger: pull_request + metadata: + targets: + - fedora-rawhide + +- job: copr_build + trigger: pull_request + metadata: + targets: + - fedora-development + +- job: copr_build + trigger: commit + metadata: + targets: + - fedora-all + - fedora-development diff --git a/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.shellcheckrc b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.shellcheckrc new file mode 100644 index 0000000..ce5c883 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.shellcheckrc @@ -0,0 +1,34 @@ +# SC2039: In POSIX sh, 'local' is undefined. +# https://github.com/koalaman/shellcheck/wiki/SC2039 +disable=SC2039 + +# SC2166: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined. +# https://github.com/koalaman/shellcheck/wiki/SC2166 +disable=SC2166 + +# SC2154: Variable is referenced but not assigned +# https://github.com/koalaman/shellcheck/wiki/SC2154 +disable=SC2154 + +# SC1091: Not following +# https://github.com/koalaman/shellcheck/wiki/SC1091 +disable=SC1091 + +# SC2174: When used with -p, -m only applies to the deepest directory. +# https://github.com/koalaman/shellcheck/wiki/SC2174 +disable=SC2174 + +# SC3043: In POSIX sh, 'local' is undefined. +# https://github.com/koalaman/shellcheck/wiki/SC3043 +# ... but dash supports it +disable=SC3043 + +# SC3013: In POSIX sh, -ef is undefined. +# https://github.com/koalaman/shellcheck/wiki/SC3013 +# ... but dash supports it +disable=SC3013 + +# SC3045: In POSIX sh, read -p is undefined. +# https://github.com/koalaman/shellcheck/wiki/SC3045 +# ... but dash supports it +disable=SC3045 diff --git a/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.vimrc b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.vimrc new file mode 100644 index 0000000..a6e36b4 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/.vimrc @@ -0,0 +1,15 @@ +" Vim can use per directory configuration files like this. +" To enable that feature two lines are needed in your ~/.vimrc +" set exrc " enables per-directory .vimrc files +" set secure " disable unsafe commands in local .vimrc files +" Characters width is set to 109 for .c and XML but for everything else 79. +" If you update this file make sure to update .dir-locals.el & .editorconfig + +set tabstop=4 +set shiftwidth=4 +set expandtab +set makeprg=GCC_COLORS=\ make +set tw=79 +au BufRead,BufNewFile *.xml set tw=109 shiftwidth=2 smarttab +au FileType sh set tw=80 shiftwidth=4 smarttab +au FileType c set tw=109 shiftwidth=8 tabstop=8 smarttab expandtab diff --git a/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/src/install/.kateconfig b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/src/install/.kateconfig new file mode 100644 index 0000000..1221528 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/src/install/.kateconfig @@ -0,0 +1 @@ +kate: space-indent on; tab-width 8; indent-width 8; replace-tabs on; eol unix; diff --git a/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/src/skipcpio/.dir-locals.el b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/src/skipcpio/.dir-locals.el new file mode 100644 index 0000000..fd49d53 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/src/skipcpio/.dir-locals.el @@ -0,0 +1,2 @@ +(setq c-basic-offset 8) +(setq indent-tabs-mode nil) diff --git a/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/src/skipcpio/.kateconfig b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/src/skipcpio/.kateconfig new file mode 100644 index 0000000..1221528 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055/src/skipcpio/.kateconfig @@ -0,0 +1 @@ +kate: space-indent on; tab-width 8; indent-width 8; replace-tabs on; eol unix; diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire.bash index 36f7293..b609e58 100755 --- a/roles/toxcore/overlay/Linux/usr/local/src/gridfire.bash +++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire.bash @@ -12,7 +12,7 @@ GIT_USER=reid-k GIT_DIR=gridfire DESC="" -[ -f /usr/local/src/var_local_src.bash ] && \ +[ -f /usr/local/src/usr_local_src.bash ] && \ . /usr/local/src/usr_local_src.bash cd $PREFIX/src || exit 2 @@ -23,7 +23,7 @@ if [ "$#" -eq 0 ] ; then if [ ! -e $MOD.py ] ; then route|grep -q ^default || exit 0 - ols_wget_c https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$MOD.py + wget -c https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$MOD.py fi #[ -f $MOD.sh ] || \ @@ -36,7 +36,7 @@ if [ "$#" -eq 0 ] ; then cat > $PREFIX/bin/$MOD$VER.bash << EOF #!/bin/sh # -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- -ROLE=proxy +ROLE=$ROLE # https://$GIT_HUB/$GIT_USER/$GIT_DIR/ exec $PYTHON_EXE_MSYS $PREFIX/src/$DIR/$MOD.py "\$@" EOF diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/.gitignore b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/.gitignore new file mode 100644 index 0000000..250d3c2 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/.gitignore @@ -0,0 +1,4 @@ +AUTHORS +build +__pycache__ +*.pyc diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/.mailmap b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/.mailmap new file mode 100644 index 0000000..4a905eb --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/.mailmap @@ -0,0 +1 @@ +W. Trevor King diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/.update-copyright.conf b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/.update-copyright.conf new file mode 100644 index 0000000..b761d32 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/.update-copyright.conf @@ -0,0 +1,18 @@ +[project] +name: pyassuan +vcs: Git + +[files] +authors: yes +files: yes +ignored: COPYING | README | .update-copyright.conf | .git* + +[copyright] +short: {project} comes with ABSOLUTELY NO WARRANTY and is licensed under the GNU General Public License. +long: This file is part of {project}. + + {project} is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. + + {project} is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with {project}. If not, see . diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/python-keyring-keyutils/.gitignore b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/python-keyring-keyutils/.gitignore new file mode 100644 index 0000000..1377554 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/python-keyring-keyutils/.gitignore @@ -0,0 +1 @@ +*.swp diff --git a/roles/toxcore/overlay/Linux/usr/local/src/keyrings.bash b/roles/toxcore/overlay/Linux/usr/local/src/keyrings.bash index 03f9a24..6a6c942 100755 --- a/roles/toxcore/overlay/Linux/usr/local/src/keyrings.bash +++ b/roles/toxcore/overlay/Linux/usr/local/src/keyrings.bash @@ -117,19 +117,15 @@ elif [ "$1" = check ] ; then [ -f /var/local/src/var_local_src.bash ] || exit 0 . /var/local/src/var_local_src.bash || exit 10 - ols_run_tests_exit $1 || exit 10$? + msys_var_local_src_prog_key $1 || exit 10$? elif [ "$1" = 'lint' ] ; then [ -f /var/local/src/var_local_src.bash ] || exit 0 . /var/local/src/var_local_src.bash - ols_run_tests_exit $1 || exit 20$? + msys_var_local_src_prog_key $1 || exit 20$? ols_run_tests_shellcheck $ROLE || exit 21$? ols_run_tests_pylint || exit 22$? elif [ "$1" = 'test' ] ; then - [ -f /var/local/src/var_local_src.bash ] || exit 0 - . /var/local/src/var_local_src.bash || exit 50 - - ols_run_tests_exit $1 || exit 51$? - ols_test_srcs test || exit 52$? + msys_var_local_src_prog_key $1 || exit 51$? fi diff --git a/roles/toxcore/overlay/Linux/usr/local/src/usr_local_toxcore.bash b/roles/toxcore/overlay/Linux/usr/local/src/usr_local_toxcore.bash index 4e9d617..7580fdc 100644 --- a/roles/toxcore/overlay/Linux/usr/local/src/usr_local_toxcore.bash +++ b/roles/toxcore/overlay/Linux/usr/local/src/usr_local_toxcore.bash @@ -32,20 +32,21 @@ if [ "$#" -eq 0 ] ; then elif [ "$1" = 'check' ] ; then exit 0 - ols_run_checks_pip3 - ols_run_tests_exit check || exit 10$? + msys_run_checks_pip3 + msys_var_local_src_prog_key check || exit 10$? exit $? elif [ "$1" = 'lint' ] ; then exit 0 ols_run_tests_shellcheck $ROLE || exit 2$? - ols_run_tests_exit $1 || exit 21$? - ols_run_tests_pylint || exit 22$? + msys_var_local_src_prog_key $1 || exit 21$? +# ols_run_tests_pylint || exit 22$? elif [ "$1" = 'test' ] ; then exit 0 - ols_run_tests_exit $1 || exit 30$? - ols_gentoo_test_imports || exit 32$? + msys_var_local_src_prog_key $1 || exit 30$? + msys_check_pips_inst + msys_gentoo_test_imports || exit 32$? #hangs /usr/bin/expect gpgkey_test_gpg.exp foobar || exit 31$? fi diff --git a/roles/toxcore/tasks/Gentoo.yml b/roles/toxcore/tasks/Gentoo.yml index 51f2abe..67bc614 100644 --- a/roles/toxcore/tasks/Gentoo.yml +++ b/roles/toxcore/tasks/Gentoo.yml @@ -8,38 +8,6 @@ # - "{{ ansible_distribution }}/{{ BOX_SERVICE_MGR }}" -- name: install toxcore packages - environment: "{{ portage_proxy_env }}" - shell: | - role=toxcore - cd {{ BASE_ROOT_LOG_DIR }} || exit 2 - /usr/local/bin/usr_local_base.bash box_gentoo_emerge \ - {{proxy_pkgs_bootstrap}} \ - {{ toxcore_pkgs_inst }} \ - {{ toxcore_qemu_pkgs_inst if 'qemu' in TOXCORE_FEATURES else '' }} \ - {{ toxcore_qemu_pkgs_inst if 'libvirt' in TOXCORE_FEATURES else '' }} \ - {{ toxcore_libvirt_pkgs_inst if 'libvirt' in TOXCORE_FEATURES else '' }} \ - {{ toxcore_docker_pkgs_inst if 'docker' in TOXCORE_FEATURES else '' }} \ - || exit $? - ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}" - when: - - BASE_ARE_CONNECTED|default('') != '' - - "ansible_virtualization_role|replace('NA', 'host') == 'host'" - -- name: install toxcore packages GUEST - environment: "{{ portage_proxy_env }}" - shell: | - cd {{ BASE_ROOT_LOG_DIR }} || exit 2 - /usr/local/bin/usr_local_base.bash box_gentoo_emerge \ - {{proxy_pkgs_bootstrap}} \ - {{ toxcore_pkgs_inst_guest }} \ - || exit $? - [ -z "{{AGI_bootstrap_pips3}}" ] || pip3.sh install {{AGI_bootstrap_pips3}} - ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}" - when: - - BASE_ARE_CONNECTED|default('') != '' - - "ansible_virtualization_role|replace('NA', 'host') != 'host'" - - name: /etc/conf.d/consolefont blockinfile: dest: "/etc/{{ETC_CONF_D}}/consolefont" @@ -185,3 +153,33 @@ when: - "{{ ansible_virtualization_role|replace('NA', 'host') != 'host' }}" +- name: EMERGE toxcore packages + environment: "{{ portage_proxy_env }}" + shell: | + role=toxcore + cd {{ BASE_ROOT_LOG_DIR }} || exit 2 + /usr/local/sbin/box_gentoo_emerge.bash \ + {{ ' '.join(toxcore_pkgs_inst) }} \ + {{ ' '.join(toxcore_qemu_pkgs_inst) if 'qemu' in TOXCORE_FEATURES else '' }} \ + {{ ' '.join(toxcore_qemu_pkgs_inst) if 'libvirt' in TOXCORE_FEATURES else '' }} \ + {{ ' '.join(toxcore_libvirt_pkgs_inst) if 'libvirt' in TOXCORE_FEATURES else '' }} \ + {{ ' '.join(toxcore_docker_pkgs_inst) if 'docker' in TOXCORE_FEATURES else '' }} \ + || exit $? + ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}" + when: + - BASE_ARE_CONNECTED|default('') != '' + - "ansible_virtualization_role|replace('NA', 'host') == 'host'" + +- name: EMERGE toxcore packages GUEST + environment: "{{ portage_proxy_env }}" + shell: | + cd {{ BASE_ROOT_LOG_DIR }} || exit 2 + /usr/local/sbin/box_gentoo_emerge.bash \ + {{ ' '.join(proxy_pkgs_bootstrap) }} \ + {{ ' '.join(toxcore_pkgs_inst_guest) }} \ + || exit $? + ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}" + when: + - BASE_ARE_CONNECTED|default('') != '' + - "ansible_virtualization_role|replace('NA', 'host') != 'host'" + diff --git a/roles/toxcore/tasks/Gentoo/Pentoo/main.yml b/roles/toxcore/tasks/Gentoo/Pentoo/main.yml new file mode 100644 index 0000000..5dd3c73 --- /dev/null +++ b/roles/toxcore/tasks/Gentoo/Pentoo/main.yml @@ -0,0 +1,2 @@ +- include_tasks: Gentoo/Pentoo/use.yml +- include_tasks: Gentoo/Pentoo/mask.yml diff --git a/roles/toxcore/tasks/Gentoo/Pentoo/mask.yml b/roles/toxcore/tasks/Gentoo/Pentoo/mask.yml new file mode 100644 index 0000000..5c95c56 --- /dev/null +++ b/roles/toxcore/tasks/Gentoo/Pentoo/mask.yml @@ -0,0 +1,47 @@ +# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*- +# This is an automatically generated file: do not edit + +--- + + + +- name: "/etc/portage/package.mask/2023_BROKEN.txt" + blockinfile: + dest: /etc/portage/package.mask/2023_BROKEN.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore qemu" + block: | + =app-emulation/qemu-guest-agent-8.0.2 + +- name: "/etc/portage/package.mask/2023_BROKEN.txt" + blockinfile: + dest: /etc/portage/package.mask/2023_BROKEN.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore qemu" + block: | + =app-emulation/qemu-guest-agent-8.0.0 + +- name: "/etc/portage/package.mask/2023_BROKEN.txt" + blockinfile: + dest: /etc/portage/package.mask/2023_BROKEN.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore qemu" + block: | + =app-emulation/qemu-guest-agent-8.0.3 + +- name: "/etc/portage/package.mask/2023_BROKEN.txt" + blockinfile: + dest: /etc/portage/package.mask/2023_BROKEN.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libvirt" + block: | + =app-emulation/libvirt-9.4.0-r1 + +- name: "/etc/portage/package.mask/2022_BLOCKED.txt" + blockinfile: + dest: /etc/portage/package.mask/2022_BLOCKED.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore docker" + block: | + app-containers/docker-compose + diff --git a/roles/toxcore/tasks/Gentoo/Pentoo/use.yml b/roles/toxcore/tasks/Gentoo/Pentoo/use.yml new file mode 100644 index 0000000..4de24d6 --- /dev/null +++ b/roles/toxcore/tasks/Gentoo/Pentoo/use.yml @@ -0,0 +1,359 @@ +# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*- +# This is an automatically generated file: do not edit + +--- + + + +- name: "/etc/portage/package.use/2020-03_jq.txt" + blockinfile: + dest: /etc/portage/package.use/2020-03_jq.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore jq" + block: | + app-misc/jq oniguruma + +- name: "/etc/portage/package.use/2017-01_git.txt" + blockinfile: + dest: /etc/portage/package.use/2017-01_git.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore git" + block: | + dev-vcs/git -gnupg -subversion -perl -pcre-jit -pcre -nls tk -gtk emacs + +- name: "/etc/portage/package.use/2017-01-01_libguestfs.txt" + blockinfile: + dest: /etc/portage/package.use/2017-01-01_libguestfs.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore iptables" + block: | + net-firewall/iptables nftables ipv6 + +- name: "/etc/portage/package.use/2017-01_git.txt" + blockinfile: + dest: /etc/portage/package.use/2017-01_git.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore git" + block: | + dev-vcs/git -gnupg -subversion -perl -pcre-jit -pcre -nls tk -gtk emacs + +- name: "/etc/portage/package.use/2017-08_testdisk.txt" + blockinfile: + dest: /etc/portage/package.use/2017-08_testdisk.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore testdisk" + block: | + app-admin/testdisk ntfs qt5 -ewf + +- name: "/etc/portage/package.use/2020-01_static-libs.txt" + blockinfile: + dest: /etc/portage/package.use/2020-01_static-libs.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore zstd" + block: | + app-arch/zstd static-libs + +- name: "/etc/portage/package.use/2021-00_verify-sig.txt" + blockinfile: + dest: /etc/portage/package.use/2021-00_verify-sig.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libsodium" + block: | + dev-libs/libsodium verify-sig + +- name: "/etc/portage/package.use/2016-11_world.txt" + blockinfile: + dest: /etc/portage/package.use/2016-11_world.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libvpx" + block: | + media-libs/libvpx svc + +- name: "/etc/portage/package.use/2019-02_electron.txt" + blockinfile: + dest: /etc/portage/package.use/2019-02_electron.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libvpx" + block: | + media-libs/libvpx postproc svc + +- name: "/etc/portage/package.use/2013-07-cryptsetup.txt" + blockinfile: + dest: /etc/portage/package.use/2013-07-cryptsetup.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore argon2" + block: | + app-crypt/argon2 static-libs + +- name: "/etc/portage/package.use/2020-01_static-libs.txt" + blockinfile: + dest: /etc/portage/package.use/2020-01_static-libs.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore argon2" + block: | + app-crypt/argon2 static-libs + +- name: "/etc/portage/package.use/2016-11_world.txt" + blockinfile: + dest: /etc/portage/package.use/2016-11_world.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libvpx" + block: | + media-libs/libvpx svc + +- name: "/etc/portage/package.use/2019-02_electron.txt" + blockinfile: + dest: /etc/portage/package.use/2019-02_electron.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libvpx" + block: | + media-libs/libvpx postproc svc + +- name: "/etc/portage/package.use/2021-04_world.txt" + blockinfile: + dest: /etc/portage/package.use/2021-04_world.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libxcb" + block: | + x11-libs/libxcb xkb + +- name: "/etc/portage/package.use/2018-01_qt.txt" + blockinfile: + dest: /etc/portage/package.use/2018-01_qt.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libxkbcommon" + block: | + x11-libs/libxkbcommon X tools + +- name: "/etc/portage/package.use/2020-01_readline.txt" + blockinfile: + dest: /etc/portage/package.use/2020-01_readline.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libxml2" + block: | + dev-libs/libxml2 -readline + +- name: "/etc/portage/package.use/2021-00_verify-sig.txt" + blockinfile: + dest: /etc/portage/package.use/2021-00_verify-sig.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libxml2" + block: | + dev-libs/libxml2:2 verify-sig + +- name: "/etc/portage/package.use/2021-04_world.txt" + blockinfile: + dest: /etc/portage/package.use/2021-04_world.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libxml2" + block: | + dev-libs/libxml2 python icu ipv6 lzma + +- name: "/etc/portage/package.use/2021-00_verify-sig.txt" + blockinfile: + dest: /etc/portage/package.use/2021-00_verify-sig.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libvirt-python" + block: | + dev-python/libvirt-python verify-sig + +- name: "/etc/portage/package.use/2021-08_wafw00f.txt" + blockinfile: + dest: /etc/portage/package.use/2021-08_wafw00f.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore requests" + block: | + dev-python/requests socks5 + +- name: "/etc/portage/package.use/2020-00_dbus.txt" + blockinfile: + dest: /etc/portage/package.use/2020-00_dbus.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore dbus" + block: | + sys-apps/dbus X elogind -systemd + +- name: "/etc/portage/package.use/2020-01_dbus.txt" + blockinfile: + dest: /etc/portage/package.use/2020-01_dbus.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore dbus" + block: | + sys-apps/dbus X elogind -systemd + +- name: "/etc/portage/package.use/2021-01_wayland.txt" + blockinfile: + dest: /etc/portage/package.use/2021-01_wayland.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore gtk+" + block: | + x11-libs/gtk+ X -wayland + +- name: "/etc/portage/package.use/2021-04_world.txt" + blockinfile: + dest: /etc/portage/package.use/2021-04_world.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore vte" + block: | + x11-libs/vte crypt -icu introspection vala -debug -gtk-doc -systemd -vanilla + +- name: "/etc/portage/package.use/2022-01_xterms.txt" + blockinfile: + dest: /etc/portage/package.use/2022-01_xterms.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore vte" + block: | + x11-libs/vte vanilla + +- name: "/etc/portage/package.use/2021-00_verify-sig.txt" + blockinfile: + dest: /etc/portage/package.use/2021-00_verify-sig.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore zfs-kmod" + block: | + sys-fs/zfs-kmod verify-sig + +- name: "/etc/portage/package.use/2021-00_verify-sig.txt" + blockinfile: + dest: /etc/portage/package.use/2021-00_verify-sig.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore zfs" + block: | + sys-fs/zfs verify-sig + +- name: "/etc/portage/package.use/2021-00_verify-sig.txt" + blockinfile: + dest: /etc/portage/package.use/2021-00_verify-sig.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore zfs" + block: | + sys-fs/zfs-kmod verify-sig + +- name: "/etc/portage/package.use/2020-01_nls.txt" + blockinfile: + dest: /etc/portage/package.use/2020-01_nls.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore qemu" + block: | + app-emulation/qemu -nls + +- name: "/etc/portage/package.use/2021-04_qemu.txt" + blockinfile: + dest: /etc/portage/package.use/2021-04_qemu.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore qemu" + block: | + app-emulation/qemu -accessibility aio alsa bzip2 caps -capstone curl -debug doc fdt filecaps -fuse -glusterfs gnutls gtk -infiniband -io-uring -iscsi -jack -jemalloc jpeg lzo -multipath ncurses -nfs -nls numa opengl -oss pin-upstream-blobs plugins png -pulseaudio python -rbd sasl sdl sdl-image seccomp -selinux -slirp -smartcard snappy spice ssh -static -static-user -systemtap -test -udev usb usbredir vde vhost-net vhost-user-fs virgl virtfs vnc vte xattr -xen xfs zstd # + +- name: "/etc/portage/package.use/2023-00_python-3.11.txt" + blockinfile: + dest: /etc/portage/package.use/2023-00_python-3.11.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore qemu" + block: | + app-emulation/qemu python_single_target_python3_11 python_single_target_python3_11 -python_single_target_python3_10 + +- name: "/etc/portage/package.use/2019-09_spice-gtk.txt" + blockinfile: + dest: /etc/portage/package.use/2019-09_spice-gtk.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore spice-gtk" + block: | + >=net-misc/spice-gtk-0.35 usbredir + +- name: "/etc/portage/package.use/2020-01_polkit.txt" + blockinfile: + dest: /etc/portage/package.use/2020-01_polkit.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore spice-gtk" + block: | + net-misc/spice-gtk policykit + +- name: "/etc/portage/package.use/2020-01_polkit.txt" + blockinfile: + dest: /etc/portage/package.use/2020-01_polkit.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libvirt" + block: | + app-emulation/libvirt apparmor audit -bash-completion caps -dbus -dtrace -firewalld fuse -glusterfs -iscsi -iscsi-direct libssh libvirtd lvm lxc -macvtap -nfs -nls numa -openvz parted pcap -policykit qemu -rbd -sasl -selinux udev vepa verify-sig virt-network virtualbox -wireshark-plugins -xen -zfs + +- name: "/etc/portage/package.use/2020-10_nfs.txt" + blockinfile: + dest: /etc/portage/package.use/2020-10_nfs.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libvirt" + block: | + app-emulation/libvirt -nfs + +- name: "/etc/portage/package.use/2021-00_verify-sig.txt" + blockinfile: + dest: /etc/portage/package.use/2021-00_verify-sig.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libvirt" + block: | + app-emulation/libvirt verify-sig + +- name: "/etc/portage/package.use/2021-00_verify-sig.txt" + blockinfile: + dest: /etc/portage/package.use/2021-00_verify-sig.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libvirt" + block: | + dev-python/libvirt-python verify-sig + +- name: "/etc/portage/package.use/2020-01_polkit.txt" + blockinfile: + dest: /etc/portage/package.use/2020-01_polkit.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore virt-manager" + block: | + app-emulation/virt-manager gtk -policykit virtualbox libvirtd caps dbus fuse libssh lxc macvtap numa parted pcap policykit qemu vepa virt-network + +- name: "/etc/portage/package.use/2019-11_qxl.txt" + blockinfile: + dest: /etc/portage/package.use/2019-11_qxl.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore xf86-video-qxl" + block: | + x11-drivers/xf86-video-qxl xspice + +- name: "/etc/portage/package.use/2019-11_libguestfs.txt" + blockinfile: + dest: /etc/portage/package.use/2019-11_libguestfs.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libguestfs" + block: | + app-emulation/libguestfs parted virtualbox libvirt -erlang -lua perl fuse gtk inspect-icons introspection -ocaml python -ruby + +- name: "/etc/portage/package.use/2023-00_python-3.11.txt" + blockinfile: + dest: /etc/portage/package.use/2023-00_python-3.11.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libguestfs" + block: | + app-emulation/libguestfs python_single_target_python3_11 + +- name: "/etc/portage/package.use/2021-00_verify-sig.txt" + blockinfile: + dest: /etc/portage/package.use/2021-00_verify-sig.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore libvirt-python" + block: | + dev-python/libvirt-python verify-sig + +- name: "/etc/portage/package.use/2017-02_docker.txt" + blockinfile: + dest: /etc/portage/package.use/2017-02_docker.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore tini" + block: | + sys-process/tini static args + +- name: "/etc/portage/package.use/2017-02_docker.txt" + blockinfile: + dest: /etc/portage/package.use/2017-02_docker.txt + create: true + marker: "# {mark} Ansible Managed Block toxcore docker" + block: | + app-containers/docker btrfs + diff --git a/roles/toxcore/tasks/daily.yml b/roles/toxcore/tasks/daily.yml index c05e691..7be26bc 100644 --- a/roles/toxcore/tasks/daily.yml +++ b/roles/toxcore/tasks/daily.yml @@ -29,6 +29,8 @@ echo "INFO: toxcore_log_daily {{HARDEN_LOG_DIR}}" cd {{USR_LOCAL}}/bin toxcore_daily.bash + become: yes + become_user: "{{ BOX_USER_NAME }}" register: toxcore_log_daily notify: summary of logs ignore_errors: true diff --git a/roles/toxcore/tasks/libvirt.yml b/roles/toxcore/tasks/libvirt.yml new file mode 100644 index 0000000..2f8d3c3 --- /dev/null +++ b/roles/toxcore/tasks/libvirt.yml @@ -0,0 +1,122 @@ +# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*- + +--- + +- name: "proxy libvirt.yml" + debug: + verbosity: 1 + msg: "proxy libvirt.yml BOX_TOXCORE_FEATURES={{BOX_TOXCORE_FEATURES}}" + +# console=tty0 console=ttyS0,115200n8 spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on efi=disable_early_pci_dma slab_nomerge slub_debug=FZP page_poison=1 mce=0 pti=on vsyscall=none extra_latent_entropy +# from Gateway + +- block: + + - name: "/etc/libvirt/virtlogd.conf" + lineinfile: + path: /etc/libvirt/virtlogd.conf + create: yes + mode: 0755 + insertafter: BOF + line: '{{item.key}}="{{item.val}}"' + regexp: "^#{{item.key}}.*" + with_items: + - key: log_filters + val: "1:logging 4:object 4:json 4:event 1:util" + - key: log_outputs + val: "3:file:/var/log/libvirt/virtlogd.log" + + + # /usr/portage/app-emulation/libvirt/files/libvirtd.init-r19 after livirt-7.2.0a + - name: /usr/local/etc/init.d/libvirtd.openrc + shell: | + cp -p /usr/local/etc/init.d/libvirtd.openrc /etc/init.d/livirtd + chmod 755 /etc/init.d/libvirtd + args: + creates: /etc/init.d/libvirtd + when: false # where is virtlogd + + - name: "/etc/libvirt/qemu.conf" + blockinfile: + dest: "/etc/libvirt/qemu.conf" + create: false + marker: "# {mark} ANSIBLE MANAGED BLOCK toxcore vms {{item.name}}" + insertafter: '^#* *{{item.name}}.*' + block: | + {{ item.name }} = {{ item.val }} + with_items: + - { name: 'migration_address', val: '"0.0.0.0"' } + - { name: 'user', val: '"root"' } + #? why qemu - serverfault sez must be root for passthrough + # root is not enough for passthorugh mounting rw + - { name: 'group', val: '"root"' } + #? why + - { name: 'dynamic_ownership', val: '1' } + #?? why + # error : virGetUserID:1041 : invalid argument: Failed to parse user 'tss' + # - { name: 'swtpm_user', val: '"tss"' } + #?? why + # error : virGetGroupID:1124 : invalid argument: Failed to parse group 'tss' + # - { name: 'swtpm_group', val: '"tss"' } + # - { name: '', val: '' } + ignore_errors: true + # required + when: not ansible_check_mode + + - name: "/etc/libvirt/libvirtd.conf" + blockinfile: + dest: /etc/libvirt/libvirtd.conf + create: yes + marker: "# {mark} ANSIBLE MANAGED BLOCK toxcore vms {{item.name}}" + insertafter: '^#* *{{item.name}}.*' + block: | + {{ item.name }} = "{{ item.val }}" + with_items: + #listen_addr = "192.168.0.1" + - { name: "listen_addr", val: "127.0.0.1" } + #_sock_group = "libvirt" + - { name: "unix_sock_group", val: "libvirt" } + - { name: "unix_sock_ro_perms", val: "0750" } + - { name: "unix_sock_rw_perms", val: "0770" } + #ca_file = "/etc/pki/CA/cacert.pem" + - { name: "ca_file", val: "{{ PLAY_CA_CERT }}" } + - { name: "auth_unix_ro", val: "none" } + - { name: "auth_unix_rw", val: "none" } + - { name: "log_filters", val: "1:qemu 1:libvirt 4:object 4:json 4:event 1:util" } + - { name: "log_outputs", val: "3:file:/var/log/libvirtd.log" } + # + # - { name: "", val: "" } + ignore_errors: true + # required + when: not ansible_check_mode + notify: restart libvirtd + + - name: /etc/modprobe.d/nbd.conf" + shell: | + file="/etc/modprobe.d/nbd.conf" + [ -f $file ] || echo >$file options nbd max_part=16 + args: + creates: /etc/modprobe.d/nbd.conf + + - name: "/etc/default/libvirt-guests" + lineinfile: + path: /etc/default/libvirt-guests + create: yes + mode: 0755 + insertafter: BOF + line: '{{item.key}}="{{item.val}}"' + regexp: "^#{{item.key}}.*" + with_items: + - key: ON_BOOT + val: ignore + when: + - "ansible_distribution == 'Debian'" + + - name: /usr/local/sbin/proxy_libvirt_install.bash + shell: | + /usr/local/sbin/proxy_libvirt_install.bash + when: false + when: + - "'libvirt' in BOX_TOXCORE_FEATURES or BOX_WHONIX_PROXY_HOST != ''" + - "ansible_virtualization_role|replace('NA', 'host') == 'host'" + diff --git a/roles/toxcore/tasks/libvirt_whonix.yml b/roles/toxcore/tasks/libvirt_whonix.yml index 2c01f08..d8fa1ac 100644 --- a/roles/toxcore/tasks/libvirt_whonix.yml +++ b/roles/toxcore/tasks/libvirt_whonix.yml @@ -12,7 +12,7 @@ shell: | base="hulahoop" URL="www.whonix.org/$base" - dir="{{HARDEN_VAR_LOCAL}}/net/Http/" + dir="{{TOXCORE_USR_LOCAL}}/net/Http/" [ -d $dir ] || mkdir $dir [ -f $dir/$URL.asc ] || wget {{BASE_WGET_ARGS}} -xc -P $dir https://$URL.asc || exit 3 # FixMe: @@ -21,32 +21,12 @@ grep 'imported: 1' /tmp/V$$.out exit 0 args: - creates: "{{HARDEN_VAR_LOCAL}}/net/Http/www.whonix.org/hulahoop.asc" + creates: "{{TOXCORE_USR_LOCAL}}/net/Http/www.whonix.org/hulahoop.asc" when: - not ansible_check_mode - BASE_ARE_CONNECTED|default('') != '' ignore_errors: true -- block: - - - name: "/etc/libvirt/virtlogd.conf" - lineinfile: - path: /etc/libvirt/virtlogd.conf - create: yes - mode: 0755 - insertafter: BOF - line: '{{item.key}}="{{item.val}}"' - regexp: "^#{{item.key}}.*" - with_items: - - key: log_filters - val: "1:logging 4:object 4:json 4:event 1:util" - - key: log_outputs - val: "3:file:/var/log/libvirt/virtlogd.log" - - when: - - "'libvirt' in BOX_HOSTVMS_FEATURES or BOX_WHONIX_PROXY_HOST != ''" - - "ansible_virtualization_role|replace('NA', 'host') == 'host'" - - name: /etc/sysctl.d/70_testforge_libvirt.conf blockinfile: dest: /etc/sysctl.d/70_testforge_libvirt.conf @@ -176,100 +156,3 @@ - false # use xml instead - "ansible_virtualization_role|replace('NA', 'host') == 'host'" -# console=tty0 console=ttyS0,115200n8 spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on efi=disable_early_pci_dma slab_nomerge slub_debug=FZP page_poison=1 mce=0 pti=on vsyscall=none extra_latent_entropy -# from Gateway - -- block: - - # /usr/portage/app-emulation/libvirt/files/libvirtd.init-r19 after livirt-7.2.0a - - name: /usr/local/sbin/proxy_whonix-libvirt-install.bash - shell: | - cp -p /usr/local/etc/init.d/libvirtd.openrc /etc/init.d/livirtd - chmod 755 /etc/init.d/libvirtd - args: - creates: /etc/init.d/libvirtd - - - name: "/etc/libvirt/qemu.conf" - blockinfile: - dest: "/etc/libvirt/qemu.conf" - create: false - marker: "# {mark} ANSIBLE MANAGED BLOCK hostvms vms {{item.name}}" - insertafter: '^#* *{{item.name}}.*' - block: | - {{ item.name }} = {{ item.val }} - with_items: - - { name: 'migration_address', val: '"0.0.0.0"' } - - { name: 'user', val: '"root"' } - #? why qemu - serverfault sez must be root for passthrough - # root is not enough for passthorugh mounting rw - - { name: 'group', val: '"root"' } - #? why - - { name: 'dynamic_ownership', val: '1' } - #?? why - # error : virGetUserID:1041 : invalid argument: Failed to parse user 'tss' - # - { name: 'swtpm_user', val: '"tss"' } - #?? why - # error : virGetGroupID:1124 : invalid argument: Failed to parse group 'tss' - # - { name: 'swtpm_group', val: '"tss"' } - # - { name: '', val: '' } - ignore_errors: true - # required - when: not ansible_check_mode - - - name: "/etc/libvirt/libvirtd.conf" - blockinfile: - dest: /etc/libvirt/libvirtd.conf - create: yes - marker: "# {mark} ANSIBLE MANAGED BLOCK hostvms vms {{item.name}}" - insertafter: '^#* *{{item.name}}.*' - block: | - {{ item.name }} = "{{ item.val }}" - with_items: - #listen_addr = "192.168.0.1" - - { name: "listen_addr", val: "127.0.0.1" } - #_sock_group = "libvirt" - - { name: "unix_sock_group", val: "libvirt" } - - { name: "unix_sock_ro_perms", val: "0750" } - - { name: "unix_sock_rw_perms", val: "0770" } - #ca_file = "/etc/pki/CA/cacert.pem" - - { name: "ca_file", val: "{{ PLAY_CA_CERT }}" } - - { name: "auth_unix_ro", val: "none" } - - { name: "auth_unix_rw", val: "none" } - - { name: "log_filters", val: "1:qemu 1:libvirt 4:object 4:json 4:event 1:util" } - - { name: "log_outputs", val: "3:file:/var/log/libvirtd.log" } - # - # - { name: "", val: "" } - ignore_errors: true - # required - when: not ansible_check_mode - notify: restart libvirtd - - - name: /etc/modprobe.d/nbd.conf" - shell: | - file="/etc/modprobe.d/nbd.conf" - [ -f $file ] || echo >$file options nbd max_part=16 - args: - creates: /etc/modprobe.d/nbd.conf - - - name: "/etc/default/libvirt-guests" - lineinfile: - path: /etc/default/libvirt-guests - create: yes - mode: 0755 - insertafter: BOF - line: '{{item.key}}="{{item.val}}"' - regexp: "^#{{item.key}}.*" - with_items: - - key: ON_BOOT - val: ignore - when: - - "ansible_distribution == 'Debian'" - - - name: /usr/local/sbin/proxy_whonix-libvirt-install.bash - shell: | - /usr/local/sbin/proxy_whonix-libvirt-install.bash - args: - creates: /etc/libvirt/qemu/Whonix-Gateway.xml - - when: - - ansible_virtualization_role|replace('NA', 'host') == 'host' diff --git a/roles/toxcore/tasks/main.yml b/roles/toxcore/tasks/main.yml index e238065..04e557e 100644 --- a/roles/toxcore/tasks/main.yml +++ b/roles/toxcore/tasks/main.yml @@ -106,19 +106,6 @@ - name: include by-platform tasks include_tasks: "{{ ansible_distribution }}.yml" -- name: grub.cfg from roles/ansible-gentoo_install/tasks/ - shell: | - LINE="rd.skipfsck=1 ipv6.disable=1 console=tty1 lang=en keymap=us" - # LINE="$LINE pti=on doscsi iommu=pt amd_iommu=on debugfs=off efi=disable_early_pci_dma extra_latent_entropy init_on_free=1 kvm.nx_huge_pages=force l1tf=full,force mce=0 mds=full,nosmt nosmt=force page_alloc.shuffle=1 pti=on random.trust_cpu=off slab_nomerge slub_debug=FZ spec_store_bypass_disable=on spectre_v2=on tsx_async_abort=full,nosmt vsyscall=none " - LINE="$LINE intel_iommu=on vga=0x315 text" - grep /boot /etc/fstab || exit 1 - df | grep /boot || mount /boot || exit 2 - [ -d /boot/grub ] || exit 3 - [ -f /boot/grub/grub.cfg ] || exit 4 - [ -f /boot/grub/grub.cfg.dst ] || cp -p /boot/grub/grub.cfg /boot/grub/grub.cfg.dst - sed -e 's@ ro *$@ '"$LINE"' ro@' -i /boot/grub/grub.cfg - ignore_errors: true - - name: add standard_users to groups user: name: "{{ item.0 }}" @@ -126,12 +113,15 @@ groups: "{{ item.1 }}" when: - item != '' + - "len(toxcore_system_users) > 0" # some groups may not be there ignore_errors: true with_nested: - - "{{ base_system_users }}" - - "{{ toxcore_standard_users_groups_host if ansible_virtualization_role|replace('NA', 'host') == 'host' else [] }}" - - "{{ toxcore_standard_users_groups_guest if ansible_virtualization_role|replace('NA', 'host') != 'host' else [] }}" + - + - "{{ toxcore_system_users }}" + - + - "{{ toxcore_standard_users_groups_host if ansible_virtualization_role|replace('NA', 'host') == 'host' else [] }}" + - "{{ toxcore_standard_users_groups_guest if ansible_virtualization_role|replace('NA', 'host') != 'host' else [] }}" - name: "make a directory for /data/Vms" file: @@ -156,6 +146,7 @@ when: - toxcore_gpg_keys_system|length > 0 - BASE_ARE_CONNECTED|default('') != '' + - false # none yet ignore_errors: true - name: "toxcore gpg keys gentoo" @@ -182,13 +173,12 @@ environment: "{{ shell_proxy_env }}" shell: | umask 0002 + sudo -u "{{ BOX_USER_NAME }}" \ bash {{TOXCORE_USR_LOCAL}}/src/usr_local_toxcore.bash \ {{ 'check' if ansible_check_mode }} exit 0 args: chdir: "{{TOXCORE_USR_LOCAL}}/src" - become: yes - become_user: "{{ BOX_USER_NAME }}" ignore_errors: true check_mode: false @@ -201,26 +191,32 @@ - LOOP_ITEM != '' and LOOP_ITEM != [] with_items: - "vms" - - "{{ 'libvirt_whonix' if (BOX_WHONIX_PROXY_HOST != '' or 'libvirt' in BOX_HOSTVMS_FEATURES or 'whonix' in BOX_TOXCORE_FEATURES) else [] }}" + - "{{ 'libvirt' if (BOX_WHONIX_PROXY_HOST != '' or 'libvirt' in BOX_TOXCORE_FEATURES or 'whonix' in BOX_TOXCORE_FEATURES) else [] }}" loop_control: loop_var: LOOP_ITEM -- name: "include_tasks toxcore users on the command host" - include_tasks: - file: "{{ LOOP_USER_F[1] }}" - apply: - environment: "{{ proxy_env }}" - become_user: "{{ LOOP_USER_F[0] }}" + +- name: install toxcore pips HOST + environment: "{{ portage_proxy_env }}" + shell: | + sudo -u "{{ BOX_USER_NAME }}" \ + pip3.sh install {{' '.join(toxcore_pips3_inst_host if ansible_virtualization_role|replace('NA', 'host') == 'host' else toxcore_pips3_inst_guest)}} + ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}" when: - - "LOOP_USER_F[1] != ''" + - BASE_ARE_CONNECTED|default('') != '' - "ansible_virtualization_role|replace('NA', 'host') == 'host'" - with_nested: - - - - "{{ toxcore_system_users }}" - - - - users.yml - loop_control: - loop_var: LOOP_USER_F + - "len(toxcore_pips3_inst) > 0" + +- name: install toxcore pips GUEST + environment: "{{ portage_proxy_env }}" + shell: | + [ -z "{{' '.join(toxcore_pips3_inst_guest)}}" ] || \ + sudo -u "{{ BOX_USER_NAME }}" \ + pip3.sh install {{' '.join(toxcore_pips3_inst_guest)}} + ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}" + when: + - BASE_ARE_CONNECTED|default('') != '' + - "ansible_virtualization_role|replace('NA', 'host') != 'host'" - name: "include_tasks toxcore users as user" include_tasks: @@ -233,7 +229,6 @@ - "ansible_virtualization_role|replace('NA', 'host') == 'host'" - false with_nested: - - "{{ toxcore_system_users }}" - #no - users - "{{ 'libvirt_users' if 'libvirt' in TOXCORE_FEATURES else '' }}" @@ -250,8 +245,7 @@ when: - "item != ''" - ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS - - "toxcore_services_enabled|length > 0" - with_items: "{{ toxcore_services_enabled }}" + with_items: "{{ toxcore_services_enabled_host if ansible_virtualization_role|replace('NA', 'host') == 'host' else toxcore_services_enabled_guest }}" ignore_errors: true - name: start toxcore services @@ -371,26 +365,26 @@ # yaml.reader.ReaderError: unacceptable character #x0001: special characters are not allowed - block: - + - name: ansible-keepassxc ansible-keepassxc: database: "{{ base_passwords_database }}" - entry: "HOSTVMS_LXD_TRUST_PASSWORD" - group: "/Ansible/hostvms" + entry: "TOXCORE_LXD_TRUST_PASSWORD" + group: "/Ansible/toxcore" password: "{{ base_passwords_password }}" no_log: False - register: hostvms_lxd_trust_password + register: toxcore_lxd_trust_password - debug: verbosity: 1 - var: hostvms_lxd_trust_password + var: toxcore_lxd_trust_password check_mode: false rescue: - debug: verbosity: 1 - msg: "hostvms vms.yml WARN undefined or missing base_passwords_database " + msg: "toxcore vms.yml WARN RESCUE undefined or missing base_passwords_database " - set_fact: - base_passwords_password: "{{HOSTVMS_LXD_TRUST_PASSWORD}}" + base_passwords_password: "{{TOXCORE_LXD_TRUST_PASSWORD}}" when: false diff --git a/roles/toxcore/tasks/users.yml b/roles/toxcore/tasks/users.yml index 626c2d9..8961e0f 100644 --- a/roles/toxcore/tasks/users.yml +++ b/roles/toxcore/tasks/users.yml @@ -7,6 +7,14 @@ verbosity: 1 msg: "toxcore users.yml LOOP_USER_F={{LOOP_USER_F[0]}}" +- name: "make ro directories" + file: + path: "{{ item.dest|expanduser }}" + state: directory + mode: 0750 + with_items: + - "~/.gpg" + - block: # https://stackoverflow.com/questions/13114268/passing-ciphers-to-libcurl-through-git @@ -148,7 +156,7 @@ HTTPS_PROXY={{HTTPS_PROXYTYPE}}://{{HTTPS_PROXYHOST}}:{{HTTPS_PROXYPORT}} when: - - "'docker' in HOSTVMS_FEATURES|default([])" + - "'docker' in TOXCORE_FEATURES|default([])" - name: Run c-toxcore ctest on the tester delegate_to: localhost diff --git a/roles/toxcore/tasks/vms.yml b/roles/toxcore/tasks/vms.yml index 3dc700a..8e9e614 100644 --- a/roles/toxcore/tasks/vms.yml +++ b/roles/toxcore/tasks/vms.yml @@ -25,6 +25,30 @@ # see /etc/libvirt/qemu.conf - "{{ '/etc/pki/qemu' if ( 'qemu' in TOXCORE_FEATURES or 'libvirt' in TOXCORE_FEATURES ) else '' }}" +- name: "make a directory 775" + file: + path: "{{item }}" + state: directory + owner: "{{BOX_ROOT_USER}}" + group: "{{BOX_ROOT_GROUP}}" + mode: 0775 + when: + - "item != ''" + with_items: + - /etc/sysctl.conf.d + +- name: "make a directory 1777" + file: + path: "{{item }}" + state: directory + owner: "{{BOX_ROOT_USER}}" + group: "{{BOX_ROOT_GROUP}}" + mode: 01777 + when: + - "item != ''" + with_items: + - /run/tmp + - block: - name: increase fs.inotify.max_user_instances (default 128) @@ -38,11 +62,6 @@ net.ipv4.ip_forward = 1 # NB this is per user - - name: check ulimit - shell: | - [ `ulimit -n` -lt 4913709 ] - register: ulimit_retval - # Kernel ulimit is less than the expected value! This might induce RC test - name: /etc/security/limits.conf blockinfile: @@ -72,7 +91,7 @@ # need this in libvirt guest. when: # do this anyway for tor and everybody else - - true or ulimit_retval.rc|default(1) == 0 + - true when: - true or ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS @@ -101,16 +120,18 @@ check_mode: false - name: /etc/sysctl.conf.d/20_hugepages.conf - check_mode: false lineinfile: dest: /etc/sysctl.conf.d/20_hugepages.conf regexp: '^#* *{{item.key}}.*' line: "{{item.key}} = {{item.val}}" state: present + create: yes with_items: # https://wiki.archlinux.org/title/KVM#Enabling_huge_pages # boot cmdline hugepages= - { key: "vm.nr_hugepages", val: "550" } + check_mode: false + ignore_errors: true when: - ansible_virtualization_role|replace('NA', 'host') == 'host' or @@ -119,7 +140,7 @@ rescue: - debug: verbosity: 1 - msg: "Ignoring error" + msg: "INFO: RESCUE vms Ignoring error" #libvirt - block: diff --git a/roles/toxcore/vars/Gentoo2.yml b/roles/toxcore/vars/Gentoo2.yml index beec41b..607ddea 100644 --- a/roles/toxcore/vars/Gentoo2.yml +++ b/roles/toxcore/vars/Gentoo2.yml @@ -14,15 +14,29 @@ toxcore_standard_users_groups_host: - "{{ 'kvm' if ( 'qemu' in TOXCORE_FEATURES or 'libvirt' in TOXCORE_FEATURES ) else '' }}" - "{{ 'docker' if 'docker' in TOXCORE_FEATURES else '' }}" -toxcore_libvirt_services: +toxcore_libvirt_services_host: - libvirtd -# - qemu-guest-agent -toxcore_pkgs_inst_guest: [] +toxcore_libvirt_services_guest: + - agetty + - qemu-guest-agent + +toxcore_pkgs_inst_guest: + - dev-python/pip + - app-misc/jq + # install + - app-misc/jq + - dev-vcs/git + - net-vpn/corkscrew + - net-analyzer/openbsd-netcat + - net-firewall/iptables toxcore_pkgs_inst: - - net-firewall/iptables - - app-portage/gentoolkit + - dev-vcs/git + - gpg + - python3-yaml + - xmlstarlet +# - app-portage/gentoolkit - sys-apps/gptfdisk - app-admin/testdisk - app-arch/zstd @@ -30,11 +44,16 @@ toxcore_pkgs_inst: - net-misc/bridge-utils - sys-apps/sdparm - sys-apps/hdparm - # install - - app-misc/jq - - dev-vcs/git - - net-vpn/corkscrew - - net-analyzer/openbsd-netcat + # toxcore + - virtual/pkgconfig + - dev-libs/libsodium # [asm,urandom,-minimal] + - dev-libs/libconfig + - media-libs/opus + - media-libs/libvpx + - app-crypt/argon2 + - media-gfx/qrencode + - dev-cpp/gtest + - dev-util/meson ### virt-manager - media-libs/libvpx - net-libs/libpsl @@ -95,7 +114,11 @@ toxcore_docker_pkgs_inst: toxcore_pips2_inst: [] -toxcore_pips3_inst: +# AGI_bootstrap_pips3 +toxcore_pips3_inst_guest: + - negotiator-guest + +toxcore_pips3_inst_host: - pycrypto - pywinrm - requests-unixsocket @@ -104,4 +127,48 @@ toxcore_pips3_inst: - pysha3 - pycryptodomex - pyanalyze - - negotiator-host + - negotiator-toxcore + +# host +# - libconfig-dev +# - libgtest-dev +# - ninja-build +# - pkg-config +# - autotools-dev +# - autoconf +# - automake +# - bc +# - rsync +# - cmake +# - pkg-config +# - libtool +# - ssh +# - gzip +# - coreutils +# - libavutil-dev +# - libffms2-4 +# - libgpac10 +# - libx264-dev +# - x264 +# - libv4lconvert0 +# - libv4l-dev +# - libv4l-dev +# - libv4l2rds0 +# - v4l-conf +# - v4l-utils +# - libv4l-dev +# - libtool +# - autotools-dev +# - automake +# - checkinstall +# - check +# - yasm +# - libv4lconvert0 +# - libv4l-dev +# - libopus-dev +# - libvpx-dev +# - pkg-config +# - libx264-dev +# - libavcodec-dev +# - libavdevice-dev + diff --git a/roles/toxcore/vars/Linux.yml b/roles/toxcore/vars/Linux.yml index 31a36cd..1a33ef0 100644 --- a/roles/toxcore/vars/Linux.yml +++ b/roles/toxcore/vars/Linux.yml @@ -24,14 +24,17 @@ toxcore_gpg_keys_system: name: "Daniel Robbins (metro:node) " key: "9266C4FA11FD00FD" -toxcore_services_enabled: [] -# - qemu-guest-agent - toxcore_services_started: - - "{{ toxcore_libvirt_services if 'libvirt' in TOXCORE_FEATURES else [] }}" + - "{{ toxcore_libvirt_services_host if 'libvirt' in TOXCORE_FEATURES and ansible_virtualization_role|replace('NA', 'host') == 'host' else [] }}" + - "{{ toxcore_libvirt_services_guest if 'libvirt' in TOXCORE_FEATURES and ansible_virtualization_role|replace('NA', 'host') != 'host' else [] }}" # not on Gentoo 5 #? - "{{ 'docker' if 'docker' in TOXCORE_FEATURES else '' }}" +toxcore_services_enabled_host: "{{toxcore_services_started}}" + +toxcore_services_enabled_guest: + - qemu-quest-agent + toxcore_services_stopped: - "{{ toxcore_libvirt_services if 'libvirt' not in TOXCORE_FEATURES else [] }}" diff --git a/roles/toxcore/vars/use.txt b/roles/toxcore/vars/use.txt index a47eb42..430c8df 100644 --- a/roles/toxcore/vars/use.txt +++ b/roles/toxcore/vars/use.txt @@ -1,15 +1,36 @@ +# /etc/portage/package.use/2020-03_jq.txt jq + app-misc/jq% oniguruma + +# /etc/portage/package.use/2017-01_git.txt git + dev-vcs/git% -gnupg -subversion -perl -pcre-jit -pcre -nls tk -gtk emacs + # /etc/portage/package.use/2017-01-01_libguestfs.txt iptables net-firewall/iptables% nftables ipv6 +# /etc/portage/package.use/2017-01_git.txt git + dev-vcs/git% -gnupg -subversion -perl -pcre-jit -pcre -nls tk -gtk emacs + # /etc/portage/package.use/2017-08_testdisk.txt testdisk app-admin/testdisk% ntfs qt5 -ewf # /etc/portage/package.use/2020-01_static-libs.txt zstd app-arch/zstd% static-libs -# /etc/portage/package.use/2020-03_jq.txt jq - app-misc/jq% oniguruma +# /etc/portage/package.use/2021-00_verify-sig.txt libsodium + dev-libs/libsodium% verify-sig + +# /etc/portage/package.use/2016-11_world.txt libvpx + media-libs/libvpx% svc + +# /etc/portage/package.use/2019-02_electron.txt libvpx + media-libs/libvpx% postproc svc + +# /etc/portage/package.use/2013-07-cryptsetup.txt argon2 + app-crypt/argon2% static-libs + +# /etc/portage/package.use/2020-01_static-libs.txt argon2 + app-crypt/argon2% static-libs # /etc/portage/package.use/2016-11_world.txt libvpx media-libs/libvpx% svc @@ -69,10 +90,7 @@ app-emulation/qemu% -accessibility aio alsa bzip2 caps -capstone curl -debug doc fdt filecaps -fuse -glusterfs gnutls gtk -infiniband -io-uring -iscsi -jack -jemalloc jpeg lzo -multipath ncurses -nfs -nls numa opengl -oss pin-upstream-blobs plugins png -pulseaudio python -rbd sasl sdl sdl-image seccomp -selinux -slirp -smartcard snappy spice ssh -static -static-user -systemtap -test -udev usb usbredir vde vhost-net vhost-user-fs virgl virtfs vnc vte xattr -xen xfs zstd # # /etc/portage/package.use/2023-00_python-3.11.txt qemu - app-emulation/qemu% -python_single_target_python3_10 python_single_target_python3_11 python_single_target_python3_11 -python_single_target_python3_10 - -# /etc/portage/package.use/2019-11_aqemu.txt aqemu - app-emulation/aqemu% vnc + app-emulation/qemu% python_single_target_python3_11 python_single_target_python3_11 -python_single_target_python3_10 # /etc/portage/package.use/2019-09_spice-gtk.txt spice-gtk >=net-misc/spice-gtk-0.35% usbredir