initial commit of hypervisor configs

3 files changed, 57 insertions, 0 deletions

diff --git a/vars/common b/vars/common
new file mode 100644
index 0000000..bb7c4db
--- /dev/null
+++ b/vars/common
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+domain=idm.example.com
+email_domain=example.com
+locale=en_US.UTF-8
+ntp_pools='pool.ntp.org'
+root_password=changeme
+root_authorized_keys='ssh-ed25519 changeme
+ssh-ed25519 changeme'
+root_mail_alias="you@${email_domain}"
+smtp_host_ip=1.2.3.4
+timezone=America/New_York
+
+
+allowed_tcp_ports=ssh
+bootstrap_resolvers='8.8.8.8  8.8.4.4'
+smtp_host="smtp.${domain}"
+tcp_buffer_size=2097152  # suitable for 1 GigE
diff --git a/vars/hostclass/freebsd_hypervisor b/vars/hostclass/freebsd_hypervisor
new file mode 100644
index 0000000..c38452f
--- /dev/null
+++ b/vars/hostclass/freebsd_hypervisor
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+enable_pf=false
+smtp_host=${smtp_host_ip}
+resolvers=$bootstrap_resolvers
diff --git a/vars/os/freebsd b/vars/os/freebsd
new file mode 100644
index 0000000..0d4a6fb
--- /dev/null
+++ b/vars/os/freebsd
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+allow_wx=1
+allow_proc_debug=0
+cx_lowest=Cmax
+enable_pf=true
+install_packages='sudo tmux vim'
+intel_epp=50
+
+export ASSUME_ALWAYS_YES=yes
+acme_standalone_port=9080
+acme_uid=169
+nfscbd_port=7745
+site_cacert_path=/usr/local/etc/ssl/certs/ca.crt
+ssh_host_key_dir=/var/db/ssh
+
+# For 10 Gbit ethernet, bump up the TCP buffers.
+if ifconfig | grep -q '10Gbase-T'; then
+  tcp_buffer_size=16777216
+fi
+
+case $BOXCONF_VIRTUALIZATION_TYPE in
+  jail)
+    # For jails, the state dataset is delegated to the jail and named "data".
+    state_dataset=$(zfs list -Ho jailed,name | awk '$1 == "on" && $2 ~ /\/data$/ {print $2;exit}')
+    ;;
+  *)
+    # Otherwise, assume the state dataset is named "data" in the root zpool.
+    root_zpool=$(zfs list -Ho name,mountpoint | awk '$2 == "/" {print $1;exit}' | cut -d/ -f1)
+    if [ -n "$root_zpool" ]; then
+      state_dataset="${root_zpool}/data"
+    fi
+    ;;
+esac