emdee/libvirt_cloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add roles/toxcore

Browse Source
This commit is contained in:
emdee
2024-01-08 12:51:06 +00:00
parent c8610f9ded
commit 7e491f4b8c
51 changed files with 1665 additions and 770 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
roles/toxcore/tasks/Gentoo.yml
View File

@ -8,38 +8,6 @@
# - "{{ ansible_distribution }}/{{ BOX_SERVICE_MGR }}"
- name: install toxcore packages
environment: "{{ portage_proxy_env }}"
shell: |
role=toxcore
cd {{ BASE_ROOT_LOG_DIR }} || exit 2
/usr/local/bin/usr_local_base.bash box_gentoo_emerge \
{{proxy_pkgs_bootstrap}} \
{{ toxcore_pkgs_inst }} \
{{ toxcore_qemu_pkgs_inst if 'qemu' in TOXCORE_FEATURES else '' }} \
{{ toxcore_qemu_pkgs_inst if 'libvirt' in TOXCORE_FEATURES else '' }} \
{{ toxcore_libvirt_pkgs_inst if 'libvirt' in TOXCORE_FEATURES else '' }} \
{{ toxcore_docker_pkgs_inst if 'docker' in TOXCORE_FEATURES else '' }} \
|| exit $?
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- BASE_ARE_CONNECTED|default('') != ''
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
- name: install toxcore packages GUEST
environment: "{{ portage_proxy_env }}"
shell: |
cd {{ BASE_ROOT_LOG_DIR }} || exit 2
/usr/local/bin/usr_local_base.bash box_gentoo_emerge \
{{proxy_pkgs_bootstrap}} \
{{ toxcore_pkgs_inst_guest }} \
|| exit $?
[ -z "{{AGI_bootstrap_pips3}}" ] || pip3.sh install {{AGI_bootstrap_pips3}}
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- BASE_ARE_CONNECTED|default('') != ''
- "ansible_virtualization_role|replace('NA', 'host') != 'host'"
- name: /etc/conf.d/consolefont
blockinfile:
dest: "/etc/{{ETC_CONF_D}}/consolefont"
@ -185,3 +153,33 @@
when:
- "{{ ansible_virtualization_role|replace('NA', 'host') != 'host' }}"
- name: EMERGE toxcore packages
environment: "{{ portage_proxy_env }}"
shell: |
role=toxcore
cd {{ BASE_ROOT_LOG_DIR }} || exit 2
/usr/local/sbin/box_gentoo_emerge.bash \
{{ ' '.join(toxcore_pkgs_inst) }} \
{{ ' '.join(toxcore_qemu_pkgs_inst) if 'qemu' in TOXCORE_FEATURES else '' }} \
{{ ' '.join(toxcore_qemu_pkgs_inst) if 'libvirt' in TOXCORE_FEATURES else '' }} \
{{ ' '.join(toxcore_libvirt_pkgs_inst) if 'libvirt' in TOXCORE_FEATURES else '' }} \
{{ ' '.join(toxcore_docker_pkgs_inst) if 'docker' in TOXCORE_FEATURES else '' }} \
|| exit $?
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- BASE_ARE_CONNECTED|default('') != ''
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
- name: EMERGE toxcore packages GUEST
environment: "{{ portage_proxy_env }}"
shell: |
cd {{ BASE_ROOT_LOG_DIR }} || exit 2
/usr/local/sbin/box_gentoo_emerge.bash \
{{ ' '.join(proxy_pkgs_bootstrap) }} \
{{ ' '.join(toxcore_pkgs_inst_guest) }} \
|| exit $?
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- BASE_ARE_CONNECTED|default('') != ''
- "ansible_virtualization_role|replace('NA', 'host') != 'host'"

2
roles/toxcore/tasks/Gentoo/Pentoo/main.yml Normal file
View File

@ -0,0 +1,2 @@
- include_tasks: Gentoo/Pentoo/use.yml
- include_tasks: Gentoo/Pentoo/mask.yml

47
roles/toxcore/tasks/Gentoo/Pentoo/mask.yml Normal file
View File

@ -0,0 +1,47 @@
# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*-
# This is an automatically generated file: do not edit
---
- name: "/etc/portage/package.mask/2023_BROKEN.txt"
blockinfile:
dest: /etc/portage/package.mask/2023_BROKEN.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore qemu"
block: |
=app-emulation/qemu-guest-agent-8.0.2
- name: "/etc/portage/package.mask/2023_BROKEN.txt"
blockinfile:
dest: /etc/portage/package.mask/2023_BROKEN.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore qemu"
block: |
=app-emulation/qemu-guest-agent-8.0.0
- name: "/etc/portage/package.mask/2023_BROKEN.txt"
blockinfile:
dest: /etc/portage/package.mask/2023_BROKEN.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore qemu"
block: |
=app-emulation/qemu-guest-agent-8.0.3
- name: "/etc/portage/package.mask/2023_BROKEN.txt"
blockinfile:
dest: /etc/portage/package.mask/2023_BROKEN.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvirt"
block: |
=app-emulation/libvirt-9.4.0-r1
- name: "/etc/portage/package.mask/2022_BLOCKED.txt"
blockinfile:
dest: /etc/portage/package.mask/2022_BLOCKED.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore docker"
block: |
app-containers/docker-compose

359
roles/toxcore/tasks/Gentoo/Pentoo/use.yml Normal file
View File

@ -0,0 +1,359 @@
# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*-
# This is an automatically generated file: do not edit
---
- name: "/etc/portage/package.use/2020-03_jq.txt"
blockinfile:
dest: /etc/portage/package.use/2020-03_jq.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore jq"
block: |
app-misc/jq oniguruma
- name: "/etc/portage/package.use/2017-01_git.txt"
blockinfile:
dest: /etc/portage/package.use/2017-01_git.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore git"
block: |
dev-vcs/git -gnupg -subversion -perl -pcre-jit -pcre -nls tk -gtk emacs
- name: "/etc/portage/package.use/2017-01-01_libguestfs.txt"
blockinfile:
dest: /etc/portage/package.use/2017-01-01_libguestfs.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore iptables"
block: |
net-firewall/iptables nftables ipv6
- name: "/etc/portage/package.use/2017-01_git.txt"
blockinfile:
dest: /etc/portage/package.use/2017-01_git.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore git"
block: |
dev-vcs/git -gnupg -subversion -perl -pcre-jit -pcre -nls tk -gtk emacs
- name: "/etc/portage/package.use/2017-08_testdisk.txt"
blockinfile:
dest: /etc/portage/package.use/2017-08_testdisk.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore testdisk"
block: |
app-admin/testdisk ntfs qt5 -ewf
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore zstd"
block: |
app-arch/zstd static-libs
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libsodium"
block: |
dev-libs/libsodium verify-sig
- name: "/etc/portage/package.use/2016-11_world.txt"
blockinfile:
dest: /etc/portage/package.use/2016-11_world.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvpx"
block: |
media-libs/libvpx svc
- name: "/etc/portage/package.use/2019-02_electron.txt"
blockinfile:
dest: /etc/portage/package.use/2019-02_electron.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvpx"
block: |
media-libs/libvpx postproc svc
- name: "/etc/portage/package.use/2013-07-cryptsetup.txt"
blockinfile:
dest: /etc/portage/package.use/2013-07-cryptsetup.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore argon2"
block: |
app-crypt/argon2 static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore argon2"
block: |
app-crypt/argon2 static-libs
- name: "/etc/portage/package.use/2016-11_world.txt"
blockinfile:
dest: /etc/portage/package.use/2016-11_world.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvpx"
block: |
media-libs/libvpx svc
- name: "/etc/portage/package.use/2019-02_electron.txt"
blockinfile:
dest: /etc/portage/package.use/2019-02_electron.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvpx"
block: |
media-libs/libvpx postproc svc
- name: "/etc/portage/package.use/2021-04_world.txt"
blockinfile:
dest: /etc/portage/package.use/2021-04_world.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libxcb"
block: |
x11-libs/libxcb xkb
- name: "/etc/portage/package.use/2018-01_qt.txt"
blockinfile:
dest: /etc/portage/package.use/2018-01_qt.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libxkbcommon"
block: |
x11-libs/libxkbcommon X tools
- name: "/etc/portage/package.use/2020-01_readline.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_readline.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libxml2"
block: |
dev-libs/libxml2 -readline
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libxml2"
block: |
dev-libs/libxml2:2 verify-sig
- name: "/etc/portage/package.use/2021-04_world.txt"
blockinfile:
dest: /etc/portage/package.use/2021-04_world.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libxml2"
block: |
dev-libs/libxml2 python icu ipv6 lzma
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvirt-python"
block: |
dev-python/libvirt-python verify-sig
- name: "/etc/portage/package.use/2021-08_wafw00f.txt"
blockinfile:
dest: /etc/portage/package.use/2021-08_wafw00f.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore requests"
block: |
dev-python/requests socks5
- name: "/etc/portage/package.use/2020-00_dbus.txt"
blockinfile:
dest: /etc/portage/package.use/2020-00_dbus.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore dbus"
block: |
sys-apps/dbus X elogind -systemd
- name: "/etc/portage/package.use/2020-01_dbus.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_dbus.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore dbus"
block: |
sys-apps/dbus X elogind -systemd
- name: "/etc/portage/package.use/2021-01_wayland.txt"
blockinfile:
dest: /etc/portage/package.use/2021-01_wayland.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore gtk+"
block: |
x11-libs/gtk+ X -wayland
- name: "/etc/portage/package.use/2021-04_world.txt"
blockinfile:
dest: /etc/portage/package.use/2021-04_world.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore vte"
block: |
x11-libs/vte crypt -icu introspection vala -debug -gtk-doc -systemd -vanilla
- name: "/etc/portage/package.use/2022-01_xterms.txt"
blockinfile:
dest: /etc/portage/package.use/2022-01_xterms.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore vte"
block: |
x11-libs/vte vanilla
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore zfs-kmod"
block: |
sys-fs/zfs-kmod verify-sig
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore zfs"
block: |
sys-fs/zfs verify-sig
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore zfs"
block: |
sys-fs/zfs-kmod verify-sig
- name: "/etc/portage/package.use/2020-01_nls.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_nls.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore qemu"
block: |
app-emulation/qemu -nls
- name: "/etc/portage/package.use/2021-04_qemu.txt"
blockinfile:
dest: /etc/portage/package.use/2021-04_qemu.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore qemu"
block: |
app-emulation/qemu -accessibility aio alsa bzip2 caps -capstone curl -debug doc fdt filecaps -fuse -glusterfs gnutls gtk -infiniband -io-uring -iscsi -jack -jemalloc jpeg lzo -multipath ncurses -nfs -nls numa opengl -oss pin-upstream-blobs plugins png -pulseaudio python -rbd sasl sdl sdl-image seccomp -selinux -slirp -smartcard snappy spice ssh -static -static-user -systemtap -test -udev usb usbredir vde vhost-net vhost-user-fs virgl virtfs vnc vte xattr -xen xfs zstd #
- name: "/etc/portage/package.use/2023-00_python-3.11.txt"
blockinfile:
dest: /etc/portage/package.use/2023-00_python-3.11.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore qemu"
block: |
app-emulation/qemu python_single_target_python3_11 python_single_target_python3_11 -python_single_target_python3_10
- name: "/etc/portage/package.use/2019-09_spice-gtk.txt"
blockinfile:
dest: /etc/portage/package.use/2019-09_spice-gtk.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore spice-gtk"
block: |
>=net-misc/spice-gtk-0.35 usbredir
- name: "/etc/portage/package.use/2020-01_polkit.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_polkit.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore spice-gtk"
block: |
net-misc/spice-gtk policykit
- name: "/etc/portage/package.use/2020-01_polkit.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_polkit.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvirt"
block: |
app-emulation/libvirt apparmor audit -bash-completion caps -dbus -dtrace -firewalld fuse -glusterfs -iscsi -iscsi-direct libssh libvirtd lvm lxc -macvtap -nfs -nls numa -openvz parted pcap -policykit qemu -rbd -sasl -selinux udev vepa verify-sig virt-network virtualbox -wireshark-plugins -xen -zfs
- name: "/etc/portage/package.use/2020-10_nfs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-10_nfs.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvirt"
block: |
app-emulation/libvirt -nfs
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvirt"
block: |
app-emulation/libvirt verify-sig
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvirt"
block: |
dev-python/libvirt-python verify-sig
- name: "/etc/portage/package.use/2020-01_polkit.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_polkit.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore virt-manager"
block: |
app-emulation/virt-manager gtk -policykit virtualbox libvirtd caps dbus fuse libssh lxc macvtap numa parted pcap policykit qemu vepa virt-network
- name: "/etc/portage/package.use/2019-11_qxl.txt"
blockinfile:
dest: /etc/portage/package.use/2019-11_qxl.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore xf86-video-qxl"
block: |
x11-drivers/xf86-video-qxl xspice
- name: "/etc/portage/package.use/2019-11_libguestfs.txt"
blockinfile:
dest: /etc/portage/package.use/2019-11_libguestfs.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libguestfs"
block: |
app-emulation/libguestfs parted virtualbox libvirt -erlang -lua perl fuse gtk inspect-icons introspection -ocaml python -ruby
- name: "/etc/portage/package.use/2023-00_python-3.11.txt"
blockinfile:
dest: /etc/portage/package.use/2023-00_python-3.11.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libguestfs"
block: |
app-emulation/libguestfs python_single_target_python3_11
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvirt-python"
block: |
dev-python/libvirt-python verify-sig
- name: "/etc/portage/package.use/2017-02_docker.txt"
blockinfile:
dest: /etc/portage/package.use/2017-02_docker.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore tini"
block: |
sys-process/tini static args
- name: "/etc/portage/package.use/2017-02_docker.txt"
blockinfile:
dest: /etc/portage/package.use/2017-02_docker.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore docker"
block: |
app-containers/docker btrfs

2
roles/toxcore/tasks/daily.yml
View File

@ -29,6 +29,8 @@
echo "INFO: toxcore_log_daily {{HARDEN_LOG_DIR}}"
cd {{USR_LOCAL}}/bin
toxcore_daily.bash
become: yes
become_user: "{{ BOX_USER_NAME }}"
register: toxcore_log_daily
notify: summary of logs
ignore_errors: true

122
roles/toxcore/tasks/libvirt.yml Normal file
View File

@ -0,0 +1,122 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "proxy libvirt.yml"
debug:
verbosity: 1
msg: "proxy libvirt.yml BOX_TOXCORE_FEATURES={{BOX_TOXCORE_FEATURES}}"
# console=tty0 console=ttyS0,115200n8 spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on efi=disable_early_pci_dma slab_nomerge slub_debug=FZP page_poison=1 mce=0 pti=on vsyscall=none extra_latent_entropy
# from Gateway
- block:
- name: "/etc/libvirt/virtlogd.conf"
lineinfile:
path: /etc/libvirt/virtlogd.conf
create: yes
mode: 0755
insertafter: BOF
line: '{{item.key}}="{{item.val}}"'
regexp: "^#{{item.key}}.*"
with_items:
- key: log_filters
val: "1:logging 4:object 4:json 4:event 1:util"
- key: log_outputs
val: "3:file:/var/log/libvirt/virtlogd.log"
# /usr/portage/app-emulation/libvirt/files/libvirtd.init-r19 after livirt-7.2.0a
- name: /usr/local/etc/init.d/libvirtd.openrc
shell: |
cp -p /usr/local/etc/init.d/libvirtd.openrc /etc/init.d/livirtd
chmod 755 /etc/init.d/libvirtd
args:
creates: /etc/init.d/libvirtd
when: false # where is virtlogd
- name: "/etc/libvirt/qemu.conf"
blockinfile:
dest: "/etc/libvirt/qemu.conf"
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK toxcore vms {{item.name}}"
insertafter: '^#* *{{item.name}}.*'
block: |
{{ item.name }} = {{ item.val }}
with_items:
- { name: 'migration_address', val: '"0.0.0.0"' }
- { name: 'user', val: '"root"' }
#? why qemu - serverfault sez must be root for passthrough
# root is not enough for passthorugh mounting rw
- { name: 'group', val: '"root"' }
#? why
- { name: 'dynamic_ownership', val: '1' }
#?? why
# error : virGetUserID:1041 : invalid argument: Failed to parse user 'tss'
# - { name: 'swtpm_user', val: '"tss"' }
#?? why
# error : virGetGroupID:1124 : invalid argument: Failed to parse group 'tss'
# - { name: 'swtpm_group', val: '"tss"' }
# - { name: '', val: '' }
ignore_errors: true
# required
when: not ansible_check_mode
- name: "/etc/libvirt/libvirtd.conf"
blockinfile:
dest: /etc/libvirt/libvirtd.conf
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK toxcore vms {{item.name}}"
insertafter: '^#* *{{item.name}}.*'
block: |
{{ item.name }} = "{{ item.val }}"
with_items:
#listen_addr = "192.168.0.1"
- { name: "listen_addr", val: "127.0.0.1" }
#_sock_group = "libvirt"
- { name: "unix_sock_group", val: "libvirt" }
- { name: "unix_sock_ro_perms", val: "0750" }
- { name: "unix_sock_rw_perms", val: "0770" }
#ca_file = "/etc/pki/CA/cacert.pem"
- { name: "ca_file", val: "{{ PLAY_CA_CERT }}" }
- { name: "auth_unix_ro", val: "none" }
- { name: "auth_unix_rw", val: "none" }
- { name: "log_filters", val: "1:qemu 1:libvirt 4:object 4:json 4:event 1:util" }
- { name: "log_outputs", val: "3:file:/var/log/libvirtd.log" }
#
# - { name: "", val: "" }
ignore_errors: true
# required
when: not ansible_check_mode
notify: restart libvirtd
- name: /etc/modprobe.d/nbd.conf"
shell: |
file="/etc/modprobe.d/nbd.conf"
[ -f $file ] || echo >$file options nbd max_part=16
args:
creates: /etc/modprobe.d/nbd.conf
- name: "/etc/default/libvirt-guests"
lineinfile:
path: /etc/default/libvirt-guests
create: yes
mode: 0755
insertafter: BOF
line: '{{item.key}}="{{item.val}}"'
regexp: "^#{{item.key}}.*"
with_items:
- key: ON_BOOT
val: ignore
when:
- "ansible_distribution == 'Debian'"
- name: /usr/local/sbin/proxy_libvirt_install.bash
shell: |
/usr/local/sbin/proxy_libvirt_install.bash
when: false
when:
- "'libvirt' in BOX_TOXCORE_FEATURES or BOX_WHONIX_PROXY_HOST != ''"
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"

121
roles/toxcore/tasks/libvirt_whonix.yml
View File

@ -12,7 +12,7 @@
shell: |
base="hulahoop"
URL="www.whonix.org/$base"
dir="{{HARDEN_VAR_LOCAL}}/net/Http/"
dir="{{TOXCORE_USR_LOCAL}}/net/Http/"
[ -d $dir ] || mkdir $dir
[ -f $dir/$URL.asc ] || wget {{BASE_WGET_ARGS}} -xc -P $dir https://$URL.asc || exit 3
# FixMe:
@ -21,32 +21,12 @@
grep 'imported: 1' /tmp/V$$.out
exit 0
args:
creates: "{{HARDEN_VAR_LOCAL}}/net/Http/www.whonix.org/hulahoop.asc"
creates: "{{TOXCORE_USR_LOCAL}}/net/Http/www.whonix.org/hulahoop.asc"
when:
- not ansible_check_mode
- BASE_ARE_CONNECTED|default('') != ''
ignore_errors: true
- block:
- name: "/etc/libvirt/virtlogd.conf"
lineinfile:
path: /etc/libvirt/virtlogd.conf
create: yes
mode: 0755
insertafter: BOF
line: '{{item.key}}="{{item.val}}"'
regexp: "^#{{item.key}}.*"
with_items:
- key: log_filters
val: "1:logging 4:object 4:json 4:event 1:util"
- key: log_outputs
val: "3:file:/var/log/libvirt/virtlogd.log"
when:
- "'libvirt' in BOX_HOSTVMS_FEATURES or BOX_WHONIX_PROXY_HOST != ''"
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
- name: /etc/sysctl.d/70_testforge_libvirt.conf
blockinfile:
dest: /etc/sysctl.d/70_testforge_libvirt.conf
@ -176,100 +156,3 @@
- false # use xml instead
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
# console=tty0 console=ttyS0,115200n8 spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on efi=disable_early_pci_dma slab_nomerge slub_debug=FZP page_poison=1 mce=0 pti=on vsyscall=none extra_latent_entropy
# from Gateway
- block:
# /usr/portage/app-emulation/libvirt/files/libvirtd.init-r19 after livirt-7.2.0a
- name: /usr/local/sbin/proxy_whonix-libvirt-install.bash
shell: |
cp -p /usr/local/etc/init.d/libvirtd.openrc /etc/init.d/livirtd
chmod 755 /etc/init.d/libvirtd
args:
creates: /etc/init.d/libvirtd
- name: "/etc/libvirt/qemu.conf"
blockinfile:
dest: "/etc/libvirt/qemu.conf"
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK hostvms vms {{item.name}}"
insertafter: '^#* *{{item.name}}.*'
block: |
{{ item.name }} = {{ item.val }}
with_items:
- { name: 'migration_address', val: '"0.0.0.0"' }
- { name: 'user', val: '"root"' }
#? why qemu - serverfault sez must be root for passthrough
# root is not enough for passthorugh mounting rw
- { name: 'group', val: '"root"' }
#? why
- { name: 'dynamic_ownership', val: '1' }
#?? why
# error : virGetUserID:1041 : invalid argument: Failed to parse user 'tss'
# - { name: 'swtpm_user', val: '"tss"' }
#?? why
# error : virGetGroupID:1124 : invalid argument: Failed to parse group 'tss'
# - { name: 'swtpm_group', val: '"tss"' }
# - { name: '', val: '' }
ignore_errors: true
# required
when: not ansible_check_mode
- name: "/etc/libvirt/libvirtd.conf"
blockinfile:
dest: /etc/libvirt/libvirtd.conf
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK hostvms vms {{item.name}}"
insertafter: '^#* *{{item.name}}.*'
block: |
{{ item.name }} = "{{ item.val }}"
with_items:
#listen_addr = "192.168.0.1"
- { name: "listen_addr", val: "127.0.0.1" }
#_sock_group = "libvirt"
- { name: "unix_sock_group", val: "libvirt" }
- { name: "unix_sock_ro_perms", val: "0750" }
- { name: "unix_sock_rw_perms", val: "0770" }
#ca_file = "/etc/pki/CA/cacert.pem"
- { name: "ca_file", val: "{{ PLAY_CA_CERT }}" }
- { name: "auth_unix_ro", val: "none" }
- { name: "auth_unix_rw", val: "none" }
- { name: "log_filters", val: "1:qemu 1:libvirt 4:object 4:json 4:event 1:util" }
- { name: "log_outputs", val: "3:file:/var/log/libvirtd.log" }
#
# - { name: "", val: "" }
ignore_errors: true
# required
when: not ansible_check_mode
notify: restart libvirtd
- name: /etc/modprobe.d/nbd.conf"
shell: |
file="/etc/modprobe.d/nbd.conf"
[ -f $file ] || echo >$file options nbd max_part=16
args:
creates: /etc/modprobe.d/nbd.conf
- name: "/etc/default/libvirt-guests"
lineinfile:
path: /etc/default/libvirt-guests
create: yes
mode: 0755
insertafter: BOF
line: '{{item.key}}="{{item.val}}"'
regexp: "^#{{item.key}}.*"
with_items:
- key: ON_BOOT
val: ignore
when:
- "ansible_distribution == 'Debian'"
- name: /usr/local/sbin/proxy_whonix-libvirt-install.bash
shell: |
/usr/local/sbin/proxy_whonix-libvirt-install.bash
args:
creates: /etc/libvirt/qemu/Whonix-Gateway.xml
when:
- ansible_virtualization_role|replace('NA', 'host') == 'host'

80
roles/toxcore/tasks/main.yml
View File

@ -106,19 +106,6 @@
- name: include by-platform tasks
include_tasks: "{{ ansible_distribution }}.yml"
- name: grub.cfg from roles/ansible-gentoo_install/tasks/
shell: |
LINE="rd.skipfsck=1 ipv6.disable=1 console=tty1 lang=en keymap=us"
# LINE="$LINE pti=on doscsi iommu=pt amd_iommu=on debugfs=off efi=disable_early_pci_dma extra_latent_entropy init_on_free=1 kvm.nx_huge_pages=force l1tf=full,force mce=0 mds=full,nosmt nosmt=force page_alloc.shuffle=1 pti=on random.trust_cpu=off slab_nomerge slub_debug=FZ spec_store_bypass_disable=on spectre_v2=on tsx_async_abort=full,nosmt vsyscall=none "
LINE="$LINE intel_iommu=on vga=0x315 text"
grep /boot /etc/fstab || exit 1
df | grep /boot || mount /boot || exit 2
[ -d /boot/grub ] || exit 3
[ -f /boot/grub/grub.cfg ] || exit 4
[ -f /boot/grub/grub.cfg.dst ] || cp -p /boot/grub/grub.cfg /boot/grub/grub.cfg.dst
sed -e 's@ ro *$@ '"$LINE"' ro@' -i /boot/grub/grub.cfg
ignore_errors: true
- name: add standard_users to groups
user:
name: "{{ item.0 }}"
@ -126,12 +113,15 @@
groups: "{{ item.1 }}"
when:
- item != ''
- "len(toxcore_system_users) > 0"
# some groups may not be there
ignore_errors: true
with_nested:
- "{{ base_system_users }}"
- "{{ toxcore_standard_users_groups_host if ansible_virtualization_role|replace('NA', 'host') == 'host' else [] }}"
- "{{ toxcore_standard_users_groups_guest if ansible_virtualization_role|replace('NA', 'host') != 'host' else [] }}"
-
- "{{ toxcore_system_users }}"
-
- "{{ toxcore_standard_users_groups_host if ansible_virtualization_role|replace('NA', 'host') == 'host' else [] }}"
- "{{ toxcore_standard_users_groups_guest if ansible_virtualization_role|replace('NA', 'host') != 'host' else [] }}"
- name: "make a directory for /data/Vms"
file:
@ -156,6 +146,7 @@
when:
- toxcore_gpg_keys_system|length > 0
- BASE_ARE_CONNECTED|default('') != ''
- false # none yet
ignore_errors: true
- name: "toxcore gpg keys gentoo"
@ -182,13 +173,12 @@
environment: "{{ shell_proxy_env }}"
shell: |
umask 0002
sudo -u "{{ BOX_USER_NAME }}" \
bash {{TOXCORE_USR_LOCAL}}/src/usr_local_toxcore.bash \
{{ 'check' if ansible_check_mode }}
exit 0
args:
chdir: "{{TOXCORE_USR_LOCAL}}/src"
become: yes
become_user: "{{ BOX_USER_NAME }}"
ignore_errors: true
check_mode: false
@ -201,26 +191,32 @@
- LOOP_ITEM != '' and LOOP_ITEM != []
with_items:
- "vms"
- "{{ 'libvirt_whonix' if (BOX_WHONIX_PROXY_HOST != '' or 'libvirt' in BOX_HOSTVMS_FEATURES or 'whonix' in BOX_TOXCORE_FEATURES) else [] }}"
- "{{ 'libvirt' if (BOX_WHONIX_PROXY_HOST != '' or 'libvirt' in BOX_TOXCORE_FEATURES or 'whonix' in BOX_TOXCORE_FEATURES) else [] }}"
loop_control:
loop_var: LOOP_ITEM
- name: "include_tasks toxcore users on the command host"
include_tasks:
file: "{{ LOOP_USER_F[1] }}"
apply:
environment: "{{ proxy_env }}"
become_user: "{{ LOOP_USER_F[0] }}"
- name: install toxcore pips HOST
environment: "{{ portage_proxy_env }}"
shell: |
sudo -u "{{ BOX_USER_NAME }}" \
pip3.sh install {{' '.join(toxcore_pips3_inst_host if ansible_virtualization_role|replace('NA', 'host') == 'host' else toxcore_pips3_inst_guest)}}
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- "LOOP_USER_F[1] != ''"
- BASE_ARE_CONNECTED|default('') != ''
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
with_nested:
-
- "{{ toxcore_system_users }}"
-
- users.yml
loop_control:
loop_var: LOOP_USER_F
- "len(toxcore_pips3_inst) > 0"
- name: install toxcore pips GUEST
environment: "{{ portage_proxy_env }}"
shell: |
[ -z "{{' '.join(toxcore_pips3_inst_guest)}}" ] || \
sudo -u "{{ BOX_USER_NAME }}" \
pip3.sh install {{' '.join(toxcore_pips3_inst_guest)}}
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- BASE_ARE_CONNECTED|default('') != ''
- "ansible_virtualization_role|replace('NA', 'host') != 'host'"
- name: "include_tasks toxcore users as user"
include_tasks:
@ -233,7 +229,6 @@
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
- false
with_nested:
- "{{ toxcore_system_users }}"
-
#no - users
- "{{ 'libvirt_users' if 'libvirt' in TOXCORE_FEATURES else '' }}"
@ -250,8 +245,7 @@
when:
- "item != ''"
- ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
- "toxcore_services_enabled|length > 0"
with_items: "{{ toxcore_services_enabled }}"
with_items: "{{ toxcore_services_enabled_host if ansible_virtualization_role|replace('NA', 'host') == 'host' else toxcore_services_enabled_guest }}"
ignore_errors: true
- name: start toxcore services
@ -371,26 +365,26 @@
# yaml.reader.ReaderError: unacceptable character #x0001: special characters are not allowed
- block:
- name: ansible-keepassxc
ansible-keepassxc:
database: "{{ base_passwords_database }}"
entry: "HOSTVMS_LXD_TRUST_PASSWORD"
group: "/Ansible/hostvms"
entry: "TOXCORE_LXD_TRUST_PASSWORD"
group: "/Ansible/toxcore"
password: "{{ base_passwords_password }}"
no_log: False
register: hostvms_lxd_trust_password
register: toxcore_lxd_trust_password
- debug:
verbosity: 1
var: hostvms_lxd_trust_password
var: toxcore_lxd_trust_password
check_mode: false
rescue:
- debug:
verbosity: 1
msg: "hostvms vms.yml WARN undefined or missing base_passwords_database "
msg: "toxcore vms.yml WARN RESCUE undefined or missing base_passwords_database "
- set_fact:
base_passwords_password: "{{HOSTVMS_LXD_TRUST_PASSWORD}}"
base_passwords_password: "{{TOXCORE_LXD_TRUST_PASSWORD}}"
when: false

10
roles/toxcore/tasks/users.yml
View File

@ -7,6 +7,14 @@
verbosity: 1
msg: "toxcore users.yml LOOP_USER_F={{LOOP_USER_F[0]}}"
- name: "make ro directories"
file:
path: "{{ item.dest|expanduser }}"
state: directory
mode: 0750
with_items:
- "~/.gpg"
- block:
# https://stackoverflow.com/questions/13114268/passing-ciphers-to-libcurl-through-git
@ -148,7 +156,7 @@
HTTPS_PROXY={{HTTPS_PROXYTYPE}}://{{HTTPS_PROXYHOST}}:{{HTTPS_PROXYPORT}}
when:
- "'docker' in HOSTVMS_FEATURES|default([])"
- "'docker' in TOXCORE_FEATURES|default([])"
- name: Run c-toxcore ctest on the tester
delegate_to: localhost

37
roles/toxcore/tasks/vms.yml
View File

@ -25,6 +25,30 @@
# see /etc/libvirt/qemu.conf
- "{{ '/etc/pki/qemu' if ( 'qemu' in TOXCORE_FEATURES or 'libvirt' in TOXCORE_FEATURES ) else '' }}"
- name: "make a directory 775"
file:
path: "{{item }}"
state: directory
owner: "{{BOX_ROOT_USER}}"
group: "{{BOX_ROOT_GROUP}}"
mode: 0775
when:
- "item != ''"
with_items:
- /etc/sysctl.conf.d
- name: "make a directory 1777"
file:
path: "{{item }}"
state: directory
owner: "{{BOX_ROOT_USER}}"
group: "{{BOX_ROOT_GROUP}}"
mode: 01777
when:
- "item != ''"
with_items:
- /run/tmp
- block:
- name: increase fs.inotify.max_user_instances (default 128)
@ -38,11 +62,6 @@
net.ipv4.ip_forward = 1
# NB this is per user
- name: check ulimit
shell: |
[ `ulimit -n` -lt 4913709 ]
register: ulimit_retval
# Kernel ulimit is less than the expected value! This might induce RC test
- name: /etc/security/limits.conf
blockinfile:
@ -72,7 +91,7 @@
# need this in libvirt guest.
when:
# do this anyway for tor and everybody else
- true or ulimit_retval.rc|default(1) == 0
- true
when:
- true or ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
@ -101,16 +120,18 @@
check_mode: false
- name: /etc/sysctl.conf.d/20_hugepages.conf
check_mode: false
lineinfile:
dest: /etc/sysctl.conf.d/20_hugepages.conf
regexp: '^#* *{{item.key}}.*'
line: "{{item.key}} = {{item.val}}"
state: present
create: yes
with_items:
# https://wiki.archlinux.org/title/KVM#Enabling_huge_pages
# boot cmdline hugepages=
- { key: "vm.nr_hugepages", val: "550" }
check_mode: false
ignore_errors: true
when:
- ansible_virtualization_role|replace('NA', 'host') == 'host' or
@ -119,7 +140,7 @@
rescue:
- debug:
verbosity: 1
msg: "Ignoring error"
msg: "INFO: RESCUE vms Ignoring error"
#libvirt
- block: