Add FreeBSD build target - only with mgmt, SSH + users for now

build/freebsd/hvn2.lab.ipng.ch/host2-0/etc/rc.conf

@@ -0,0 +1,7 @@
+hostname="host2-0"
+ifconfig_vtnet0="inet 198.19.5.34/24"
+defaultrouter="198.19.5.1"
+ifconfig_vtnet0_ipv6="inet6 2001:678:d78:50b::22/64"
+ipv6_defaultrouter="2001:678:d78:50b::1"
+
+sshd_enable="YES"

build/freebsd/hvn2.lab.ipng.ch/host2-0/etc/rc.local

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+for s in /root/lab-build/*
+do
+  echo "** Executing $s"
+  /bin/sh $s
+done

build/freebsd/hvn2.lab.ipng.ch/host2-0/etc/resolv.conf

@@ -0,0 +1,4 @@
+domain lab.ipng.ch
+search lab.ipng.ch net.ipng.ch ipng.ch
+nameserver 194.1.163.3
+nameserver 194.1.163.4

build/freebsd/hvn2.lab.ipng.ch/host2-0/etc/ssh/sshd_config

@@ -0,0 +1,121 @@
+#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+# Note that some of FreeBSD's defaults differ from OpenBSD's, and
+# FreeBSD has a few additional options.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# Change to yes to enable built-in password authentication.
+# Note that passwords may also be accepted via KbdInteractiveAuthentication.
+#PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable PAM authentication
+#KbdInteractiveAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'no' to disable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+#UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#UseBlacklist no
+#VersionAddendum FreeBSD-20231004
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/libexec/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server

build/freebsd/hvn2.lab.ipng.ch/host2-0/home/ipng/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# pim@ipng.nl - absynth, bfib, gripe, spongebob, homenet
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8X6oRdLn7PckWIRL+Fgp46qN+fglQLBJIvPHJ2P277v4tx/qlELaT8w45YyEPrUZ4XbbNIB4P59H63wPxIpk/d15k0C7Zx3kTESaEQuts3fne3ZFmrWm0dLD2yDTiB0zCraiQ5a0w++xuGEC3wdWPV+FHZh5Ea+WCd91g2xXPHJeosAQzBBBBaC9Shhx91h6lbCm4evvgqLnwt7JgnI2N4w2qr13lDDaRD4BXfyFrtLSTdhBgYEaFnUd6Afz5ilfDYXQW/yTSHZOIQ/vNVFpFxYrtmwHDdrSMiDpz0FE/4LLBG/rFl2VvRTmTEyjvwpGpEVaivMOLo/jRc3TA7jKB pim@ipng.nl
+
+# pim's M1 macbookpro SeKEY
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDP/hLZusPNfKTy3t9bbbOHyczX+UACc4rYstc3QEDBDfxBnCZcMKN5Mv10o+q/+ap7wyFhONlz/qcUhEMbI1k=
+

build/freebsd/hvn2.lab.ipng.ch/host2-0/root/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# pim@ipng.nl - absynth, bfib, gripe, spongebob, homenet
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8X6oRdLn7PckWIRL+Fgp46qN+fglQLBJIvPHJ2P277v4tx/qlELaT8w45YyEPrUZ4XbbNIB4P59H63wPxIpk/d15k0C7Zx3kTESaEQuts3fne3ZFmrWm0dLD2yDTiB0zCraiQ5a0w++xuGEC3wdWPV+FHZh5Ea+WCd91g2xXPHJeosAQzBBBBaC9Shhx91h6lbCm4evvgqLnwt7JgnI2N4w2qr13lDDaRD4BXfyFrtLSTdhBgYEaFnUd6Afz5ilfDYXQW/yTSHZOIQ/vNVFpFxYrtmwHDdrSMiDpz0FE/4LLBG/rFl2VvRTmTEyjvwpGpEVaivMOLo/jRc3TA7jKB pim@ipng.nl
+
+# pim's M1 macbookpro SeKEY
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDP/hLZusPNfKTy3t9bbbOHyczX+UACc4rYstc3QEDBDfxBnCZcMKN5Mv10o+q/+ap7wyFhONlz/qcUhEMbI1k=
+

build/freebsd/hvn2.lab.ipng.ch/host2-0/root/lab-build/perms

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+echo "Fixing permissions"
+chown root:wheel / /etc
+chown -R root:wheel /root
+chown -R ipng:ipng /home/ipng/

build/freebsd/hvn2.lab.ipng.ch/host2-0/root/lab-build/sshd

@@ -0,0 +1,9 @@
+
+#!/bin/sh
+
+echo "Fixing SSH permissions"
+chown -R root:wheel /etc/ssh
+chmod 600 /etc/ssh/ssh_host*key
+
+echo "Restarting SSH"
+/etc/rc.d/sshd restart

build/freebsd/hvn2.lab.ipng.ch/host2-0/root/libvirt.xml

@@ -0,0 +1,254 @@
+<domain type='kvm'>
+  <name>host2-0</name>
+  <uuid>ea424fc6-763c-6113-39f1-4f1b97ba3de3</uuid>
+  <metadata>
+    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+      <libosinfo:os id="http://debian.org/debian/10"/>
+    </libosinfo:libosinfo>
+  </metadata>
+  <memory unit='KiB'>8388608</memory>
+  <currentMemory unit='KiB'>8388608</currentMemory>
+  <vcpu placement='static'>2</vcpu>
+  <resource>
+    <partition>/machine</partition>
+  </resource>
+  <os>
+    <type arch='x86_64' machine='pc-q35-5.2'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='custom' match='exact' check='full'>
+    <model fallback='forbid'>SandyBridge-IBRS</model>
+    <vendor>Intel</vendor>
+    <feature policy='require' name='vme'/>
+    <feature policy='require' name='ss'/>
+    <feature policy='require' name='vmx'/>
+    <feature policy='require' name='pdcm'/>
+    <feature policy='require' name='pcid'/>
+    <feature policy='require' name='hypervisor'/>
+    <feature policy='require' name='arat'/>
+    <feature policy='require' name='tsc_adjust'/>
+    <feature policy='require' name='umip'/>
+    <feature policy='require' name='md-clear'/>
+    <feature policy='require' name='stibp'/>
+    <feature policy='require' name='arch-capabilities'/>
+    <feature policy='require' name='ssbd'/>
+    <feature policy='require' name='xsaveopt'/>
+    <feature policy='require' name='pdpe1gb'/>
+    <feature policy='require' name='ibpb'/>
+    <feature policy='require' name='amd-stibp'/>
+    <feature policy='require' name='amd-ssbd'/>
+    <feature policy='require' name='skip-l1dfl-vmentry'/>
+    <feature policy='require' name='pschange-mc-no'/>
+  </cpu>
+  <clock offset='utc'>
+    <timer name='rtc' tickpolicy='catchup'/>
+    <timer name='pit' tickpolicy='delay'/>
+    <timer name='hpet' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='block' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source dev='/dev/zvol/vol0/host2-0'/>
+      <backingStore/>
+      <target dev='vda' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
+    </disk>
+    <controller type='usb' index='0' model='qemu-xhci' ports='15'>
+      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
+    </controller>
+    <controller type='sata' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pcie-root'/>
+    <controller type='pci' index='1' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='1' port='0x10'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='2' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='2' port='0x11'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
+    </controller>
+    <controller type='pci' index='3' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='3' port='0x12'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
+    </controller>
+    <controller type='pci' index='4' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='4' port='0x13'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
+    </controller>
+    <controller type='pci' index='5' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='5' port='0x14'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
+    </controller>
+    <controller type='pci' index='6' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='6' port='0x15'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
+    </controller>
+    <controller type='pci' index='7' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='7' port='0x16'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
+    </controller>
+    <controller type='pci' index='8' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='8' port='0x17'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
+    </controller>
+    <controller type='pci' index='9' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='9' port='0x18'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='10' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='10' port='0x19'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x1'/>
+    </controller>
+    <controller type='pci' index='11' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='11' port='0x1a'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x2'/>
+    </controller>
+    <controller type='pci' index='12' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='12' port='0x1b'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x3'/>
+    </controller>
+    <controller type='pci' index='13' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='13' port='0x1c'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x4'/>
+    </controller>
+    <controller type='pci' index='14' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='14' port='0x1d'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x5'/>
+    </controller>
+    <controller type='pci' index='15' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='15' port='0x1e'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x6'/>
+    </controller>
+    <controller type='pci' index='16' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='16' port='0x1f'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x7'/>
+    </controller>
+    <controller type='virtio-serial' index='0'>
+      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
+    </controller>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:00:00'/>
+      <source bridge='mgmt'/>
+      <target dev='host2-0-mgmt'/>
+      <model type='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:10:00'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='host2-0-0'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x0' multifunction='on'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:10:01'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='host2-0-1'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x1'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:10:02'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='host2-0-2'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x2'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:10:03'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='host2-0-3'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x3'/>
+    </interface>
+    <serial type='pty'>
+      <target type='isa-serial' port='0'>
+        <model name='isa-serial'/>
+      </target>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='unix'>
+      <target type='virtio' name='org.qemu.guest_agent.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='2'/>
+    </channel>
+    <input type='tablet' bus='usb'>
+      <address type='usb' bus='0' port='1'/>
+    </input>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <graphics type='spice' autoport='yes' listen='127.0.0.1'>
+      <listen type='address' address='127.0.0.1'/>
+      <image compression='off'/>
+    </graphics>
+    <sound model='ich9'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/>
+    </sound>
+    <video>
+      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
+    </video>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='2'/>
+    </redirdev>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='3'/>
+    </redirdev>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
+    </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+      <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
+    </rng>
+  </devices>
+  <seclabel type='dynamic' model='apparmor' relabel='yes'/>
+  <seclabel type='dynamic' model='dac' relabel='yes'/>
+</domain>

build/freebsd/hvn2.lab.ipng.ch/host2-1/etc/rc.conf

@@ -0,0 +1,7 @@
+hostname="host2-1"
+ifconfig_vtnet0="inet 198.19.5.35/24"
+defaultrouter="198.19.5.1"
+ifconfig_vtnet0_ipv6="inet6 2001:678:d78:50b::23/64"
+ipv6_defaultrouter="2001:678:d78:50b::1"
+
+sshd_enable="YES"

build/freebsd/hvn2.lab.ipng.ch/host2-1/etc/rc.local

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+for s in /root/lab-build/*
+do
+  echo "** Executing $s"
+  /bin/sh $s
+done

build/freebsd/hvn2.lab.ipng.ch/host2-1/etc/resolv.conf

@@ -0,0 +1,4 @@
+domain lab.ipng.ch
+search lab.ipng.ch net.ipng.ch ipng.ch
+nameserver 194.1.163.3
+nameserver 194.1.163.4

build/freebsd/hvn2.lab.ipng.ch/host2-1/etc/ssh/sshd_config

@@ -0,0 +1,121 @@
+#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+# Note that some of FreeBSD's defaults differ from OpenBSD's, and
+# FreeBSD has a few additional options.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# Change to yes to enable built-in password authentication.
+# Note that passwords may also be accepted via KbdInteractiveAuthentication.
+#PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable PAM authentication
+#KbdInteractiveAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'no' to disable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+#UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#UseBlacklist no
+#VersionAddendum FreeBSD-20231004
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/libexec/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server

build/freebsd/hvn2.lab.ipng.ch/host2-1/home/ipng/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# pim@ipng.nl - absynth, bfib, gripe, spongebob, homenet
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8X6oRdLn7PckWIRL+Fgp46qN+fglQLBJIvPHJ2P277v4tx/qlELaT8w45YyEPrUZ4XbbNIB4P59H63wPxIpk/d15k0C7Zx3kTESaEQuts3fne3ZFmrWm0dLD2yDTiB0zCraiQ5a0w++xuGEC3wdWPV+FHZh5Ea+WCd91g2xXPHJeosAQzBBBBaC9Shhx91h6lbCm4evvgqLnwt7JgnI2N4w2qr13lDDaRD4BXfyFrtLSTdhBgYEaFnUd6Afz5ilfDYXQW/yTSHZOIQ/vNVFpFxYrtmwHDdrSMiDpz0FE/4LLBG/rFl2VvRTmTEyjvwpGpEVaivMOLo/jRc3TA7jKB pim@ipng.nl
+
+# pim's M1 macbookpro SeKEY
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDP/hLZusPNfKTy3t9bbbOHyczX+UACc4rYstc3QEDBDfxBnCZcMKN5Mv10o+q/+ap7wyFhONlz/qcUhEMbI1k=
+

build/freebsd/hvn2.lab.ipng.ch/host2-1/root/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# pim@ipng.nl - absynth, bfib, gripe, spongebob, homenet
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8X6oRdLn7PckWIRL+Fgp46qN+fglQLBJIvPHJ2P277v4tx/qlELaT8w45YyEPrUZ4XbbNIB4P59H63wPxIpk/d15k0C7Zx3kTESaEQuts3fne3ZFmrWm0dLD2yDTiB0zCraiQ5a0w++xuGEC3wdWPV+FHZh5Ea+WCd91g2xXPHJeosAQzBBBBaC9Shhx91h6lbCm4evvgqLnwt7JgnI2N4w2qr13lDDaRD4BXfyFrtLSTdhBgYEaFnUd6Afz5ilfDYXQW/yTSHZOIQ/vNVFpFxYrtmwHDdrSMiDpz0FE/4LLBG/rFl2VvRTmTEyjvwpGpEVaivMOLo/jRc3TA7jKB pim@ipng.nl
+
+# pim's M1 macbookpro SeKEY
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDP/hLZusPNfKTy3t9bbbOHyczX+UACc4rYstc3QEDBDfxBnCZcMKN5Mv10o+q/+ap7wyFhONlz/qcUhEMbI1k=
+

build/freebsd/hvn2.lab.ipng.ch/host2-1/root/lab-build/perms

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+echo "Fixing permissions"
+chown root:wheel / /etc
+chown -R root:wheel /root
+chown -R ipng:ipng /home/ipng/

build/freebsd/hvn2.lab.ipng.ch/host2-1/root/lab-build/sshd

@@ -0,0 +1,9 @@
+
+#!/bin/sh
+
+echo "Fixing SSH permissions"
+chown -R root:wheel /etc/ssh
+chmod 600 /etc/ssh/ssh_host*key
+
+echo "Restarting SSH"
+/etc/rc.d/sshd restart

build/freebsd/hvn2.lab.ipng.ch/host2-1/root/libvirt.xml

@@ -0,0 +1,254 @@
+<domain type='kvm'>
+  <name>host2-1</name>
+  <uuid>8a760f61-f67e-92b1-f385-a9c819dc1a4c</uuid>
+  <metadata>
+    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+      <libosinfo:os id="http://debian.org/debian/10"/>
+    </libosinfo:libosinfo>
+  </metadata>
+  <memory unit='KiB'>8388608</memory>
+  <currentMemory unit='KiB'>8388608</currentMemory>
+  <vcpu placement='static'>2</vcpu>
+  <resource>
+    <partition>/machine</partition>
+  </resource>
+  <os>
+    <type arch='x86_64' machine='pc-q35-5.2'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='custom' match='exact' check='full'>
+    <model fallback='forbid'>SandyBridge-IBRS</model>
+    <vendor>Intel</vendor>
+    <feature policy='require' name='vme'/>
+    <feature policy='require' name='ss'/>
+    <feature policy='require' name='vmx'/>
+    <feature policy='require' name='pdcm'/>
+    <feature policy='require' name='pcid'/>
+    <feature policy='require' name='hypervisor'/>
+    <feature policy='require' name='arat'/>
+    <feature policy='require' name='tsc_adjust'/>
+    <feature policy='require' name='umip'/>
+    <feature policy='require' name='md-clear'/>
+    <feature policy='require' name='stibp'/>
+    <feature policy='require' name='arch-capabilities'/>
+    <feature policy='require' name='ssbd'/>
+    <feature policy='require' name='xsaveopt'/>
+    <feature policy='require' name='pdpe1gb'/>
+    <feature policy='require' name='ibpb'/>
+    <feature policy='require' name='amd-stibp'/>
+    <feature policy='require' name='amd-ssbd'/>
+    <feature policy='require' name='skip-l1dfl-vmentry'/>
+    <feature policy='require' name='pschange-mc-no'/>
+  </cpu>
+  <clock offset='utc'>
+    <timer name='rtc' tickpolicy='catchup'/>
+    <timer name='pit' tickpolicy='delay'/>
+    <timer name='hpet' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='block' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source dev='/dev/zvol/vol0/host2-1'/>
+      <backingStore/>
+      <target dev='vda' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
+    </disk>
+    <controller type='usb' index='0' model='qemu-xhci' ports='15'>
+      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
+    </controller>
+    <controller type='sata' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pcie-root'/>
+    <controller type='pci' index='1' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='1' port='0x10'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='2' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='2' port='0x11'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
+    </controller>
+    <controller type='pci' index='3' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='3' port='0x12'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
+    </controller>
+    <controller type='pci' index='4' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='4' port='0x13'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
+    </controller>
+    <controller type='pci' index='5' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='5' port='0x14'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
+    </controller>
+    <controller type='pci' index='6' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='6' port='0x15'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
+    </controller>
+    <controller type='pci' index='7' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='7' port='0x16'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
+    </controller>
+    <controller type='pci' index='8' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='8' port='0x17'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
+    </controller>
+    <controller type='pci' index='9' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='9' port='0x18'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='10' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='10' port='0x19'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x1'/>
+    </controller>
+    <controller type='pci' index='11' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='11' port='0x1a'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x2'/>
+    </controller>
+    <controller type='pci' index='12' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='12' port='0x1b'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x3'/>
+    </controller>
+    <controller type='pci' index='13' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='13' port='0x1c'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x4'/>
+    </controller>
+    <controller type='pci' index='14' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='14' port='0x1d'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x5'/>
+    </controller>
+    <controller type='pci' index='15' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='15' port='0x1e'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x6'/>
+    </controller>
+    <controller type='pci' index='16' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='16' port='0x1f'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x7'/>
+    </controller>
+    <controller type='virtio-serial' index='0'>
+      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
+    </controller>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:00:10'/>
+      <source bridge='mgmt'/>
+      <target dev='host2-1-mgmt'/>
+      <model type='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:10:10'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='host2-1-0'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x0' multifunction='on'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:10:11'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='host2-1-1'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x1'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:10:12'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='host2-1-2'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x2'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:10:13'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='host2-1-3'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x3'/>
+    </interface>
+    <serial type='pty'>
+      <target type='isa-serial' port='0'>
+        <model name='isa-serial'/>
+      </target>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='unix'>
+      <target type='virtio' name='org.qemu.guest_agent.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='2'/>
+    </channel>
+    <input type='tablet' bus='usb'>
+      <address type='usb' bus='0' port='1'/>
+    </input>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <graphics type='spice' autoport='yes' listen='127.0.0.1'>
+      <listen type='address' address='127.0.0.1'/>
+      <image compression='off'/>
+    </graphics>
+    <sound model='ich9'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/>
+    </sound>
+    <video>
+      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
+    </video>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='2'/>
+    </redirdev>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='3'/>
+    </redirdev>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
+    </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+      <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
+    </rng>
+  </devices>
+  <seclabel type='dynamic' model='apparmor' relabel='yes'/>
+  <seclabel type='dynamic' model='dac' relabel='yes'/>
+</domain>

build/freebsd/hvn2.lab.ipng.ch/tap2-0/etc/rc.conf

@@ -0,0 +1,7 @@
+hostname="tap2-0"
+ifconfig_vtnet0="inet 198.19.5.36/24"
+defaultrouter="198.19.5.1"
+ifconfig_vtnet0_ipv6="inet6 2001:678:d78:50b::24/64"
+ipv6_defaultrouter="2001:678:d78:50b::1"
+
+sshd_enable="YES"

build/freebsd/hvn2.lab.ipng.ch/tap2-0/etc/rc.local

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+for s in /root/lab-build/*
+do
+  echo "** Executing $s"
+  /bin/sh $s
+done

build/freebsd/hvn2.lab.ipng.ch/tap2-0/etc/resolv.conf

@@ -0,0 +1,4 @@
+domain lab.ipng.ch
+search lab.ipng.ch net.ipng.ch ipng.ch
+nameserver 194.1.163.3
+nameserver 194.1.163.4

build/freebsd/hvn2.lab.ipng.ch/tap2-0/etc/ssh/sshd_config

@@ -0,0 +1,121 @@
+#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+# Note that some of FreeBSD's defaults differ from OpenBSD's, and
+# FreeBSD has a few additional options.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# Change to yes to enable built-in password authentication.
+# Note that passwords may also be accepted via KbdInteractiveAuthentication.
+#PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable PAM authentication
+#KbdInteractiveAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'no' to disable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+#UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#UseBlacklist no
+#VersionAddendum FreeBSD-20231004
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/libexec/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server

build/freebsd/hvn2.lab.ipng.ch/tap2-0/home/ipng/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# pim@ipng.nl - absynth, bfib, gripe, spongebob, homenet
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8X6oRdLn7PckWIRL+Fgp46qN+fglQLBJIvPHJ2P277v4tx/qlELaT8w45YyEPrUZ4XbbNIB4P59H63wPxIpk/d15k0C7Zx3kTESaEQuts3fne3ZFmrWm0dLD2yDTiB0zCraiQ5a0w++xuGEC3wdWPV+FHZh5Ea+WCd91g2xXPHJeosAQzBBBBaC9Shhx91h6lbCm4evvgqLnwt7JgnI2N4w2qr13lDDaRD4BXfyFrtLSTdhBgYEaFnUd6Afz5ilfDYXQW/yTSHZOIQ/vNVFpFxYrtmwHDdrSMiDpz0FE/4LLBG/rFl2VvRTmTEyjvwpGpEVaivMOLo/jRc3TA7jKB pim@ipng.nl
+
+# pim's M1 macbookpro SeKEY
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDP/hLZusPNfKTy3t9bbbOHyczX+UACc4rYstc3QEDBDfxBnCZcMKN5Mv10o+q/+ap7wyFhONlz/qcUhEMbI1k=
+

build/freebsd/hvn2.lab.ipng.ch/tap2-0/root/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# pim@ipng.nl - absynth, bfib, gripe, spongebob, homenet
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8X6oRdLn7PckWIRL+Fgp46qN+fglQLBJIvPHJ2P277v4tx/qlELaT8w45YyEPrUZ4XbbNIB4P59H63wPxIpk/d15k0C7Zx3kTESaEQuts3fne3ZFmrWm0dLD2yDTiB0zCraiQ5a0w++xuGEC3wdWPV+FHZh5Ea+WCd91g2xXPHJeosAQzBBBBaC9Shhx91h6lbCm4evvgqLnwt7JgnI2N4w2qr13lDDaRD4BXfyFrtLSTdhBgYEaFnUd6Afz5ilfDYXQW/yTSHZOIQ/vNVFpFxYrtmwHDdrSMiDpz0FE/4LLBG/rFl2VvRTmTEyjvwpGpEVaivMOLo/jRc3TA7jKB pim@ipng.nl
+
+# pim's M1 macbookpro SeKEY
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDP/hLZusPNfKTy3t9bbbOHyczX+UACc4rYstc3QEDBDfxBnCZcMKN5Mv10o+q/+ap7wyFhONlz/qcUhEMbI1k=
+

build/freebsd/hvn2.lab.ipng.ch/tap2-0/root/lab-build/perms

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+echo "Fixing permissions"
+chown root:wheel / /etc
+chown -R root:wheel /root
+chown -R ipng:ipng /home/ipng/

build/freebsd/hvn2.lab.ipng.ch/tap2-0/root/lab-build/sshd

@@ -0,0 +1,9 @@
+
+#!/bin/sh
+
+echo "Fixing SSH permissions"
+chown -R root:wheel /etc/ssh
+chmod 600 /etc/ssh/ssh_host*key
+
+echo "Restarting SSH"
+/etc/rc.d/sshd restart

build/freebsd/hvn2.lab.ipng.ch/tap2-0/root/libvirt.xml

@@ -0,0 +1,254 @@
+<domain type='kvm'>
+  <name>tap2-0</name>
+  <uuid>9a254420-def6-9e7b-565a-1ae3b2d0e8ef</uuid>
+  <metadata>
+    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+      <libosinfo:os id="http://debian.org/debian/10"/>
+    </libosinfo:libosinfo>
+  </metadata>
+  <memory unit='KiB'>8388608</memory>
+  <currentMemory unit='KiB'>8388608</currentMemory>
+  <vcpu placement='static'>2</vcpu>
+  <resource>
+    <partition>/machine</partition>
+  </resource>
+  <os>
+    <type arch='x86_64' machine='pc-q35-5.2'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='custom' match='exact' check='full'>
+    <model fallback='forbid'>SandyBridge-IBRS</model>
+    <vendor>Intel</vendor>
+    <feature policy='require' name='vme'/>
+    <feature policy='require' name='ss'/>
+    <feature policy='require' name='vmx'/>
+    <feature policy='require' name='pdcm'/>
+    <feature policy='require' name='pcid'/>
+    <feature policy='require' name='hypervisor'/>
+    <feature policy='require' name='arat'/>
+    <feature policy='require' name='tsc_adjust'/>
+    <feature policy='require' name='umip'/>
+    <feature policy='require' name='md-clear'/>
+    <feature policy='require' name='stibp'/>
+    <feature policy='require' name='arch-capabilities'/>
+    <feature policy='require' name='ssbd'/>
+    <feature policy='require' name='xsaveopt'/>
+    <feature policy='require' name='pdpe1gb'/>
+    <feature policy='require' name='ibpb'/>
+    <feature policy='require' name='amd-stibp'/>
+    <feature policy='require' name='amd-ssbd'/>
+    <feature policy='require' name='skip-l1dfl-vmentry'/>
+    <feature policy='require' name='pschange-mc-no'/>
+  </cpu>
+  <clock offset='utc'>
+    <timer name='rtc' tickpolicy='catchup'/>
+    <timer name='pit' tickpolicy='delay'/>
+    <timer name='hpet' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='block' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source dev='/dev/zvol/vol0/tap2-0'/>
+      <backingStore/>
+      <target dev='vda' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
+    </disk>
+    <controller type='usb' index='0' model='qemu-xhci' ports='15'>
+      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
+    </controller>
+    <controller type='sata' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pcie-root'/>
+    <controller type='pci' index='1' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='1' port='0x10'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='2' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='2' port='0x11'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
+    </controller>
+    <controller type='pci' index='3' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='3' port='0x12'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
+    </controller>
+    <controller type='pci' index='4' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='4' port='0x13'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
+    </controller>
+    <controller type='pci' index='5' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='5' port='0x14'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
+    </controller>
+    <controller type='pci' index='6' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='6' port='0x15'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
+    </controller>
+    <controller type='pci' index='7' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='7' port='0x16'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
+    </controller>
+    <controller type='pci' index='8' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='8' port='0x17'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
+    </controller>
+    <controller type='pci' index='9' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='9' port='0x18'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='10' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='10' port='0x19'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x1'/>
+    </controller>
+    <controller type='pci' index='11' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='11' port='0x1a'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x2'/>
+    </controller>
+    <controller type='pci' index='12' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='12' port='0x1b'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x3'/>
+    </controller>
+    <controller type='pci' index='13' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='13' port='0x1c'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x4'/>
+    </controller>
+    <controller type='pci' index='14' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='14' port='0x1d'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x5'/>
+    </controller>
+    <controller type='pci' index='15' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='15' port='0x1e'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x6'/>
+    </controller>
+    <controller type='pci' index='16' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='16' port='0x1f'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x7'/>
+    </controller>
+    <controller type='virtio-serial' index='0'>
+      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
+    </controller>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:02:00'/>
+      <source bridge='mgmt'/>
+      <target dev='tap2-0-mgmt'/>
+      <model type='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:12:00'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='tap2-0-0'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x0' multifunction='on'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:12:01'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='tap2-0-1'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x1'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:12:02'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='tap2-0-2'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x2'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:12:03'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='tap2-0-3'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x3'/>
+    </interface>
+    <serial type='pty'>
+      <target type='isa-serial' port='0'>
+        <model name='isa-serial'/>
+      </target>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='unix'>
+      <target type='virtio' name='org.qemu.guest_agent.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='2'/>
+    </channel>
+    <input type='tablet' bus='usb'>
+      <address type='usb' bus='0' port='1'/>
+    </input>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <graphics type='spice' autoport='yes' listen='127.0.0.1'>
+      <listen type='address' address='127.0.0.1'/>
+      <image compression='off'/>
+    </graphics>
+    <sound model='ich9'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/>
+    </sound>
+    <video>
+      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
+    </video>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='2'/>
+    </redirdev>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='3'/>
+    </redirdev>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
+    </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+      <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
+    </rng>
+  </devices>
+  <seclabel type='dynamic' model='apparmor' relabel='yes'/>
+  <seclabel type='dynamic' model='dac' relabel='yes'/>
+</domain>

build/freebsd/hvn2.lab.ipng.ch/vpp2-0/etc/rc.conf

@@ -0,0 +1,7 @@
+hostname="vpp2-0"
+ifconfig_vtnet0="inet 198.19.5.30/24"
+defaultrouter="198.19.5.1"
+ifconfig_vtnet0_ipv6="inet6 2001:678:d78:50b::1e/64"
+ipv6_defaultrouter="2001:678:d78:50b::1"
+
+sshd_enable="YES"

build/freebsd/hvn2.lab.ipng.ch/vpp2-0/etc/rc.local

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+for s in /root/lab-build/*
+do
+  echo "** Executing $s"
+  /bin/sh $s
+done

build/freebsd/hvn2.lab.ipng.ch/vpp2-0/etc/resolv.conf

@@ -0,0 +1,4 @@
+domain lab.ipng.ch
+search lab.ipng.ch net.ipng.ch ipng.ch
+nameserver 194.1.163.3
+nameserver 194.1.163.4

build/freebsd/hvn2.lab.ipng.ch/vpp2-0/etc/ssh/sshd_config

@@ -0,0 +1,121 @@
+#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+# Note that some of FreeBSD's defaults differ from OpenBSD's, and
+# FreeBSD has a few additional options.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# Change to yes to enable built-in password authentication.
+# Note that passwords may also be accepted via KbdInteractiveAuthentication.
+#PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable PAM authentication
+#KbdInteractiveAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'no' to disable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+#UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#UseBlacklist no
+#VersionAddendum FreeBSD-20231004
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/libexec/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server

build/freebsd/hvn2.lab.ipng.ch/vpp2-0/home/ipng/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# pim@ipng.nl - absynth, bfib, gripe, spongebob, homenet
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8X6oRdLn7PckWIRL+Fgp46qN+fglQLBJIvPHJ2P277v4tx/qlELaT8w45YyEPrUZ4XbbNIB4P59H63wPxIpk/d15k0C7Zx3kTESaEQuts3fne3ZFmrWm0dLD2yDTiB0zCraiQ5a0w++xuGEC3wdWPV+FHZh5Ea+WCd91g2xXPHJeosAQzBBBBaC9Shhx91h6lbCm4evvgqLnwt7JgnI2N4w2qr13lDDaRD4BXfyFrtLSTdhBgYEaFnUd6Afz5ilfDYXQW/yTSHZOIQ/vNVFpFxYrtmwHDdrSMiDpz0FE/4LLBG/rFl2VvRTmTEyjvwpGpEVaivMOLo/jRc3TA7jKB pim@ipng.nl
+
+# pim's M1 macbookpro SeKEY
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDP/hLZusPNfKTy3t9bbbOHyczX+UACc4rYstc3QEDBDfxBnCZcMKN5Mv10o+q/+ap7wyFhONlz/qcUhEMbI1k=
+

build/freebsd/hvn2.lab.ipng.ch/vpp2-0/root/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# pim@ipng.nl - absynth, bfib, gripe, spongebob, homenet
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8X6oRdLn7PckWIRL+Fgp46qN+fglQLBJIvPHJ2P277v4tx/qlELaT8w45YyEPrUZ4XbbNIB4P59H63wPxIpk/d15k0C7Zx3kTESaEQuts3fne3ZFmrWm0dLD2yDTiB0zCraiQ5a0w++xuGEC3wdWPV+FHZh5Ea+WCd91g2xXPHJeosAQzBBBBaC9Shhx91h6lbCm4evvgqLnwt7JgnI2N4w2qr13lDDaRD4BXfyFrtLSTdhBgYEaFnUd6Afz5ilfDYXQW/yTSHZOIQ/vNVFpFxYrtmwHDdrSMiDpz0FE/4LLBG/rFl2VvRTmTEyjvwpGpEVaivMOLo/jRc3TA7jKB pim@ipng.nl
+
+# pim's M1 macbookpro SeKEY
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDP/hLZusPNfKTy3t9bbbOHyczX+UACc4rYstc3QEDBDfxBnCZcMKN5Mv10o+q/+ap7wyFhONlz/qcUhEMbI1k=
+

build/freebsd/hvn2.lab.ipng.ch/vpp2-0/root/lab-build/perms

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+echo "Fixing permissions"
+chown root:wheel / /etc
+chown -R root:wheel /root
+chown -R ipng:ipng /home/ipng/

build/freebsd/hvn2.lab.ipng.ch/vpp2-0/root/lab-build/sshd

@@ -0,0 +1,9 @@
+
+#!/bin/sh
+
+echo "Fixing SSH permissions"
+chown -R root:wheel /etc/ssh
+chmod 600 /etc/ssh/ssh_host*key
+
+echo "Restarting SSH"
+/etc/rc.d/sshd restart

build/freebsd/hvn2.lab.ipng.ch/vpp2-0/root/libvirt.xml

@@ -0,0 +1,254 @@
+<domain type='kvm'>
+  <name>vpp2-0</name>
+  <uuid>d1414a92-a6bc-c013-0f8a-b668c50f5ec3</uuid>
+  <metadata>
+    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+      <libosinfo:os id="http://debian.org/debian/10"/>
+    </libosinfo:libosinfo>
+  </metadata>
+  <memory unit='KiB'>8388608</memory>
+  <currentMemory unit='KiB'>8388608</currentMemory>
+  <vcpu placement='static'>2</vcpu>
+  <resource>
+    <partition>/machine</partition>
+  </resource>
+  <os>
+    <type arch='x86_64' machine='pc-q35-5.2'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='custom' match='exact' check='full'>
+    <model fallback='forbid'>SandyBridge-IBRS</model>
+    <vendor>Intel</vendor>
+    <feature policy='require' name='vme'/>
+    <feature policy='require' name='ss'/>
+    <feature policy='require' name='vmx'/>
+    <feature policy='require' name='pdcm'/>
+    <feature policy='require' name='pcid'/>
+    <feature policy='require' name='hypervisor'/>
+    <feature policy='require' name='arat'/>
+    <feature policy='require' name='tsc_adjust'/>
+    <feature policy='require' name='umip'/>
+    <feature policy='require' name='md-clear'/>
+    <feature policy='require' name='stibp'/>
+    <feature policy='require' name='arch-capabilities'/>
+    <feature policy='require' name='ssbd'/>
+    <feature policy='require' name='xsaveopt'/>
+    <feature policy='require' name='pdpe1gb'/>
+    <feature policy='require' name='ibpb'/>
+    <feature policy='require' name='amd-stibp'/>
+    <feature policy='require' name='amd-ssbd'/>
+    <feature policy='require' name='skip-l1dfl-vmentry'/>
+    <feature policy='require' name='pschange-mc-no'/>
+  </cpu>
+  <clock offset='utc'>
+    <timer name='rtc' tickpolicy='catchup'/>
+    <timer name='pit' tickpolicy='delay'/>
+    <timer name='hpet' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='block' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source dev='/dev/zvol/vol0/vpp2-0'/>
+      <backingStore/>
+      <target dev='vda' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
+    </disk>
+    <controller type='usb' index='0' model='qemu-xhci' ports='15'>
+      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
+    </controller>
+    <controller type='sata' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pcie-root'/>
+    <controller type='pci' index='1' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='1' port='0x10'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='2' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='2' port='0x11'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
+    </controller>
+    <controller type='pci' index='3' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='3' port='0x12'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
+    </controller>
+    <controller type='pci' index='4' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='4' port='0x13'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
+    </controller>
+    <controller type='pci' index='5' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='5' port='0x14'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
+    </controller>
+    <controller type='pci' index='6' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='6' port='0x15'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
+    </controller>
+    <controller type='pci' index='7' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='7' port='0x16'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
+    </controller>
+    <controller type='pci' index='8' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='8' port='0x17'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
+    </controller>
+    <controller type='pci' index='9' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='9' port='0x18'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='10' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='10' port='0x19'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x1'/>
+    </controller>
+    <controller type='pci' index='11' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='11' port='0x1a'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x2'/>
+    </controller>
+    <controller type='pci' index='12' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='12' port='0x1b'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x3'/>
+    </controller>
+    <controller type='pci' index='13' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='13' port='0x1c'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x4'/>
+    </controller>
+    <controller type='pci' index='14' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='14' port='0x1d'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x5'/>
+    </controller>
+    <controller type='pci' index='15' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='15' port='0x1e'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x6'/>
+    </controller>
+    <controller type='pci' index='16' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='16' port='0x1f'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x7'/>
+    </controller>
+    <controller type='virtio-serial' index='0'>
+      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
+    </controller>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:01:00'/>
+      <source bridge='mgmt'/>
+      <target dev='vpp2-0-mgmt'/>
+      <model type='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:00'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-0-0'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x0' multifunction='on'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:01'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-0-1'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x1'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:02'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-0-2'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x2'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:03'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-0-3'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x3'/>
+    </interface>
+    <serial type='pty'>
+      <target type='isa-serial' port='0'>
+        <model name='isa-serial'/>
+      </target>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='unix'>
+      <target type='virtio' name='org.qemu.guest_agent.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='2'/>
+    </channel>
+    <input type='tablet' bus='usb'>
+      <address type='usb' bus='0' port='1'/>
+    </input>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <graphics type='spice' autoport='yes' listen='127.0.0.1'>
+      <listen type='address' address='127.0.0.1'/>
+      <image compression='off'/>
+    </graphics>
+    <sound model='ich9'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/>
+    </sound>
+    <video>
+      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
+    </video>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='2'/>
+    </redirdev>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='3'/>
+    </redirdev>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
+    </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+      <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
+    </rng>
+  </devices>
+  <seclabel type='dynamic' model='apparmor' relabel='yes'/>
+  <seclabel type='dynamic' model='dac' relabel='yes'/>
+</domain>

build/freebsd/hvn2.lab.ipng.ch/vpp2-1/etc/rc.conf

@@ -0,0 +1,7 @@
+hostname="vpp2-1"
+ifconfig_vtnet0="inet 198.19.5.31/24"
+defaultrouter="198.19.5.1"
+ifconfig_vtnet0_ipv6="inet6 2001:678:d78:50b::1f/64"
+ipv6_defaultrouter="2001:678:d78:50b::1"
+
+sshd_enable="YES"

build/freebsd/hvn2.lab.ipng.ch/vpp2-1/etc/rc.local

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+for s in /root/lab-build/*
+do
+  echo "** Executing $s"
+  /bin/sh $s
+done

build/freebsd/hvn2.lab.ipng.ch/vpp2-1/etc/resolv.conf

@@ -0,0 +1,4 @@
+domain lab.ipng.ch
+search lab.ipng.ch net.ipng.ch ipng.ch
+nameserver 194.1.163.3
+nameserver 194.1.163.4

build/freebsd/hvn2.lab.ipng.ch/vpp2-1/etc/ssh/sshd_config

@@ -0,0 +1,121 @@
+#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+# Note that some of FreeBSD's defaults differ from OpenBSD's, and
+# FreeBSD has a few additional options.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# Change to yes to enable built-in password authentication.
+# Note that passwords may also be accepted via KbdInteractiveAuthentication.
+#PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable PAM authentication
+#KbdInteractiveAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'no' to disable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+#UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#UseBlacklist no
+#VersionAddendum FreeBSD-20231004
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/libexec/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server

build/freebsd/hvn2.lab.ipng.ch/vpp2-1/home/ipng/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# pim@ipng.nl - absynth, bfib, gripe, spongebob, homenet
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8X6oRdLn7PckWIRL+Fgp46qN+fglQLBJIvPHJ2P277v4tx/qlELaT8w45YyEPrUZ4XbbNIB4P59H63wPxIpk/d15k0C7Zx3kTESaEQuts3fne3ZFmrWm0dLD2yDTiB0zCraiQ5a0w++xuGEC3wdWPV+FHZh5Ea+WCd91g2xXPHJeosAQzBBBBaC9Shhx91h6lbCm4evvgqLnwt7JgnI2N4w2qr13lDDaRD4BXfyFrtLSTdhBgYEaFnUd6Afz5ilfDYXQW/yTSHZOIQ/vNVFpFxYrtmwHDdrSMiDpz0FE/4LLBG/rFl2VvRTmTEyjvwpGpEVaivMOLo/jRc3TA7jKB pim@ipng.nl
+
+# pim's M1 macbookpro SeKEY
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDP/hLZusPNfKTy3t9bbbOHyczX+UACc4rYstc3QEDBDfxBnCZcMKN5Mv10o+q/+ap7wyFhONlz/qcUhEMbI1k=
+

build/freebsd/hvn2.lab.ipng.ch/vpp2-1/root/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# pim@ipng.nl - absynth, bfib, gripe, spongebob, homenet
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8X6oRdLn7PckWIRL+Fgp46qN+fglQLBJIvPHJ2P277v4tx/qlELaT8w45YyEPrUZ4XbbNIB4P59H63wPxIpk/d15k0C7Zx3kTESaEQuts3fne3ZFmrWm0dLD2yDTiB0zCraiQ5a0w++xuGEC3wdWPV+FHZh5Ea+WCd91g2xXPHJeosAQzBBBBaC9Shhx91h6lbCm4evvgqLnwt7JgnI2N4w2qr13lDDaRD4BXfyFrtLSTdhBgYEaFnUd6Afz5ilfDYXQW/yTSHZOIQ/vNVFpFxYrtmwHDdrSMiDpz0FE/4LLBG/rFl2VvRTmTEyjvwpGpEVaivMOLo/jRc3TA7jKB pim@ipng.nl
+
+# pim's M1 macbookpro SeKEY
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDP/hLZusPNfKTy3t9bbbOHyczX+UACc4rYstc3QEDBDfxBnCZcMKN5Mv10o+q/+ap7wyFhONlz/qcUhEMbI1k=
+

build/freebsd/hvn2.lab.ipng.ch/vpp2-1/root/lab-build/perms

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+echo "Fixing permissions"
+chown root:wheel / /etc
+chown -R root:wheel /root
+chown -R ipng:ipng /home/ipng/

build/freebsd/hvn2.lab.ipng.ch/vpp2-1/root/lab-build/sshd

@@ -0,0 +1,9 @@
+
+#!/bin/sh
+
+echo "Fixing SSH permissions"
+chown -R root:wheel /etc/ssh
+chmod 600 /etc/ssh/ssh_host*key
+
+echo "Restarting SSH"
+/etc/rc.d/sshd restart

build/freebsd/hvn2.lab.ipng.ch/vpp2-1/root/libvirt.xml

@@ -0,0 +1,254 @@
+<domain type='kvm'>
+  <name>vpp2-1</name>
+  <uuid>c255cbc3-2055-76b6-38e6-38c020711b3f</uuid>
+  <metadata>
+    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+      <libosinfo:os id="http://debian.org/debian/10"/>
+    </libosinfo:libosinfo>
+  </metadata>
+  <memory unit='KiB'>8388608</memory>
+  <currentMemory unit='KiB'>8388608</currentMemory>
+  <vcpu placement='static'>2</vcpu>
+  <resource>
+    <partition>/machine</partition>
+  </resource>
+  <os>
+    <type arch='x86_64' machine='pc-q35-5.2'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='custom' match='exact' check='full'>
+    <model fallback='forbid'>SandyBridge-IBRS</model>
+    <vendor>Intel</vendor>
+    <feature policy='require' name='vme'/>
+    <feature policy='require' name='ss'/>
+    <feature policy='require' name='vmx'/>
+    <feature policy='require' name='pdcm'/>
+    <feature policy='require' name='pcid'/>
+    <feature policy='require' name='hypervisor'/>
+    <feature policy='require' name='arat'/>
+    <feature policy='require' name='tsc_adjust'/>
+    <feature policy='require' name='umip'/>
+    <feature policy='require' name='md-clear'/>
+    <feature policy='require' name='stibp'/>
+    <feature policy='require' name='arch-capabilities'/>
+    <feature policy='require' name='ssbd'/>
+    <feature policy='require' name='xsaveopt'/>
+    <feature policy='require' name='pdpe1gb'/>
+    <feature policy='require' name='ibpb'/>
+    <feature policy='require' name='amd-stibp'/>
+    <feature policy='require' name='amd-ssbd'/>
+    <feature policy='require' name='skip-l1dfl-vmentry'/>
+    <feature policy='require' name='pschange-mc-no'/>
+  </cpu>
+  <clock offset='utc'>
+    <timer name='rtc' tickpolicy='catchup'/>
+    <timer name='pit' tickpolicy='delay'/>
+    <timer name='hpet' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='block' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source dev='/dev/zvol/vol0/vpp2-1'/>
+      <backingStore/>
+      <target dev='vda' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
+    </disk>
+    <controller type='usb' index='0' model='qemu-xhci' ports='15'>
+      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
+    </controller>
+    <controller type='sata' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pcie-root'/>
+    <controller type='pci' index='1' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='1' port='0x10'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='2' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='2' port='0x11'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
+    </controller>
+    <controller type='pci' index='3' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='3' port='0x12'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
+    </controller>
+    <controller type='pci' index='4' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='4' port='0x13'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
+    </controller>
+    <controller type='pci' index='5' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='5' port='0x14'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
+    </controller>
+    <controller type='pci' index='6' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='6' port='0x15'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
+    </controller>
+    <controller type='pci' index='7' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='7' port='0x16'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
+    </controller>
+    <controller type='pci' index='8' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='8' port='0x17'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
+    </controller>
+    <controller type='pci' index='9' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='9' port='0x18'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='10' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='10' port='0x19'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x1'/>
+    </controller>
+    <controller type='pci' index='11' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='11' port='0x1a'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x2'/>
+    </controller>
+    <controller type='pci' index='12' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='12' port='0x1b'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x3'/>
+    </controller>
+    <controller type='pci' index='13' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='13' port='0x1c'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x4'/>
+    </controller>
+    <controller type='pci' index='14' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='14' port='0x1d'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x5'/>
+    </controller>
+    <controller type='pci' index='15' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='15' port='0x1e'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x6'/>
+    </controller>
+    <controller type='pci' index='16' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='16' port='0x1f'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x7'/>
+    </controller>
+    <controller type='virtio-serial' index='0'>
+      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
+    </controller>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:01:10'/>
+      <source bridge='mgmt'/>
+      <target dev='vpp2-1-mgmt'/>
+      <model type='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:10'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-1-0'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x0' multifunction='on'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:11'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-1-1'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x1'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:12'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-1-2'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x2'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:13'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-1-3'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x3'/>
+    </interface>
+    <serial type='pty'>
+      <target type='isa-serial' port='0'>
+        <model name='isa-serial'/>
+      </target>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='unix'>
+      <target type='virtio' name='org.qemu.guest_agent.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='2'/>
+    </channel>
+    <input type='tablet' bus='usb'>
+      <address type='usb' bus='0' port='1'/>
+    </input>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <graphics type='spice' autoport='yes' listen='127.0.0.1'>
+      <listen type='address' address='127.0.0.1'/>
+      <image compression='off'/>
+    </graphics>
+    <sound model='ich9'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/>
+    </sound>
+    <video>
+      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
+    </video>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='2'/>
+    </redirdev>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='3'/>
+    </redirdev>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
+    </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+      <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
+    </rng>
+  </devices>
+  <seclabel type='dynamic' model='apparmor' relabel='yes'/>
+  <seclabel type='dynamic' model='dac' relabel='yes'/>
+</domain>

build/freebsd/hvn2.lab.ipng.ch/vpp2-2/etc/rc.conf

@@ -0,0 +1,7 @@
+hostname="vpp2-2"
+ifconfig_vtnet0="inet 198.19.5.32/24"
+defaultrouter="198.19.5.1"
+ifconfig_vtnet0_ipv6="inet6 2001:678:d78:50b::20/64"
+ipv6_defaultrouter="2001:678:d78:50b::1"
+
+sshd_enable="YES"

build/freebsd/hvn2.lab.ipng.ch/vpp2-2/etc/rc.local

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+for s in /root/lab-build/*
+do
+  echo "** Executing $s"
+  /bin/sh $s
+done

build/freebsd/hvn2.lab.ipng.ch/vpp2-2/etc/resolv.conf

@@ -0,0 +1,4 @@
+domain lab.ipng.ch
+search lab.ipng.ch net.ipng.ch ipng.ch
+nameserver 194.1.163.3
+nameserver 194.1.163.4

build/freebsd/hvn2.lab.ipng.ch/vpp2-2/etc/ssh/sshd_config

@@ -0,0 +1,121 @@
+#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+# Note that some of FreeBSD's defaults differ from OpenBSD's, and
+# FreeBSD has a few additional options.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# Change to yes to enable built-in password authentication.
+# Note that passwords may also be accepted via KbdInteractiveAuthentication.
+#PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable PAM authentication
+#KbdInteractiveAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'no' to disable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+#UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#UseBlacklist no
+#VersionAddendum FreeBSD-20231004
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/libexec/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server

build/freebsd/hvn2.lab.ipng.ch/vpp2-2/home/ipng/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# pim@ipng.nl - absynth, bfib, gripe, spongebob, homenet
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8X6oRdLn7PckWIRL+Fgp46qN+fglQLBJIvPHJ2P277v4tx/qlELaT8w45YyEPrUZ4XbbNIB4P59H63wPxIpk/d15k0C7Zx3kTESaEQuts3fne3ZFmrWm0dLD2yDTiB0zCraiQ5a0w++xuGEC3wdWPV+FHZh5Ea+WCd91g2xXPHJeosAQzBBBBaC9Shhx91h6lbCm4evvgqLnwt7JgnI2N4w2qr13lDDaRD4BXfyFrtLSTdhBgYEaFnUd6Afz5ilfDYXQW/yTSHZOIQ/vNVFpFxYrtmwHDdrSMiDpz0FE/4LLBG/rFl2VvRTmTEyjvwpGpEVaivMOLo/jRc3TA7jKB pim@ipng.nl
+
+# pim's M1 macbookpro SeKEY
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDP/hLZusPNfKTy3t9bbbOHyczX+UACc4rYstc3QEDBDfxBnCZcMKN5Mv10o+q/+ap7wyFhONlz/qcUhEMbI1k=
+

build/freebsd/hvn2.lab.ipng.ch/vpp2-2/root/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# pim@ipng.nl - absynth, bfib, gripe, spongebob, homenet
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8X6oRdLn7PckWIRL+Fgp46qN+fglQLBJIvPHJ2P277v4tx/qlELaT8w45YyEPrUZ4XbbNIB4P59H63wPxIpk/d15k0C7Zx3kTESaEQuts3fne3ZFmrWm0dLD2yDTiB0zCraiQ5a0w++xuGEC3wdWPV+FHZh5Ea+WCd91g2xXPHJeosAQzBBBBaC9Shhx91h6lbCm4evvgqLnwt7JgnI2N4w2qr13lDDaRD4BXfyFrtLSTdhBgYEaFnUd6Afz5ilfDYXQW/yTSHZOIQ/vNVFpFxYrtmwHDdrSMiDpz0FE/4LLBG/rFl2VvRTmTEyjvwpGpEVaivMOLo/jRc3TA7jKB pim@ipng.nl
+
+# pim's M1 macbookpro SeKEY
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDP/hLZusPNfKTy3t9bbbOHyczX+UACc4rYstc3QEDBDfxBnCZcMKN5Mv10o+q/+ap7wyFhONlz/qcUhEMbI1k=
+

build/freebsd/hvn2.lab.ipng.ch/vpp2-2/root/lab-build/perms

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+echo "Fixing permissions"
+chown root:wheel / /etc
+chown -R root:wheel /root
+chown -R ipng:ipng /home/ipng/

build/freebsd/hvn2.lab.ipng.ch/vpp2-2/root/lab-build/sshd

@@ -0,0 +1,9 @@
+
+#!/bin/sh
+
+echo "Fixing SSH permissions"
+chown -R root:wheel /etc/ssh
+chmod 600 /etc/ssh/ssh_host*key
+
+echo "Restarting SSH"
+/etc/rc.d/sshd restart

build/freebsd/hvn2.lab.ipng.ch/vpp2-2/root/libvirt.xml

@@ -0,0 +1,254 @@
+<domain type='kvm'>
+  <name>vpp2-2</name>
+  <uuid>2c8a4f0e-8d5a-3f2e-0bb7-2373386fd066</uuid>
+  <metadata>
+    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+      <libosinfo:os id="http://debian.org/debian/10"/>
+    </libosinfo:libosinfo>
+  </metadata>
+  <memory unit='KiB'>8388608</memory>
+  <currentMemory unit='KiB'>8388608</currentMemory>
+  <vcpu placement='static'>2</vcpu>
+  <resource>
+    <partition>/machine</partition>
+  </resource>
+  <os>
+    <type arch='x86_64' machine='pc-q35-5.2'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='custom' match='exact' check='full'>
+    <model fallback='forbid'>SandyBridge-IBRS</model>
+    <vendor>Intel</vendor>
+    <feature policy='require' name='vme'/>
+    <feature policy='require' name='ss'/>
+    <feature policy='require' name='vmx'/>
+    <feature policy='require' name='pdcm'/>
+    <feature policy='require' name='pcid'/>
+    <feature policy='require' name='hypervisor'/>
+    <feature policy='require' name='arat'/>
+    <feature policy='require' name='tsc_adjust'/>
+    <feature policy='require' name='umip'/>
+    <feature policy='require' name='md-clear'/>
+    <feature policy='require' name='stibp'/>
+    <feature policy='require' name='arch-capabilities'/>
+    <feature policy='require' name='ssbd'/>
+    <feature policy='require' name='xsaveopt'/>
+    <feature policy='require' name='pdpe1gb'/>
+    <feature policy='require' name='ibpb'/>
+    <feature policy='require' name='amd-stibp'/>
+    <feature policy='require' name='amd-ssbd'/>
+    <feature policy='require' name='skip-l1dfl-vmentry'/>
+    <feature policy='require' name='pschange-mc-no'/>
+  </cpu>
+  <clock offset='utc'>
+    <timer name='rtc' tickpolicy='catchup'/>
+    <timer name='pit' tickpolicy='delay'/>
+    <timer name='hpet' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='block' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source dev='/dev/zvol/vol0/vpp2-2'/>
+      <backingStore/>
+      <target dev='vda' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
+    </disk>
+    <controller type='usb' index='0' model='qemu-xhci' ports='15'>
+      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
+    </controller>
+    <controller type='sata' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pcie-root'/>
+    <controller type='pci' index='1' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='1' port='0x10'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='2' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='2' port='0x11'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
+    </controller>
+    <controller type='pci' index='3' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='3' port='0x12'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
+    </controller>
+    <controller type='pci' index='4' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='4' port='0x13'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
+    </controller>
+    <controller type='pci' index='5' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='5' port='0x14'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
+    </controller>
+    <controller type='pci' index='6' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='6' port='0x15'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
+    </controller>
+    <controller type='pci' index='7' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='7' port='0x16'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
+    </controller>
+    <controller type='pci' index='8' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='8' port='0x17'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
+    </controller>
+    <controller type='pci' index='9' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='9' port='0x18'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='10' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='10' port='0x19'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x1'/>
+    </controller>
+    <controller type='pci' index='11' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='11' port='0x1a'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x2'/>
+    </controller>
+    <controller type='pci' index='12' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='12' port='0x1b'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x3'/>
+    </controller>
+    <controller type='pci' index='13' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='13' port='0x1c'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x4'/>
+    </controller>
+    <controller type='pci' index='14' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='14' port='0x1d'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x5'/>
+    </controller>
+    <controller type='pci' index='15' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='15' port='0x1e'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x6'/>
+    </controller>
+    <controller type='pci' index='16' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='16' port='0x1f'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x7'/>
+    </controller>
+    <controller type='virtio-serial' index='0'>
+      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
+    </controller>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:01:20'/>
+      <source bridge='mgmt'/>
+      <target dev='vpp2-2-mgmt'/>
+      <model type='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:20'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-2-0'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x0' multifunction='on'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:21'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-2-1'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x1'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:22'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-2-2'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x2'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:23'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-2-3'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x3'/>
+    </interface>
+    <serial type='pty'>
+      <target type='isa-serial' port='0'>
+        <model name='isa-serial'/>
+      </target>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='unix'>
+      <target type='virtio' name='org.qemu.guest_agent.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='2'/>
+    </channel>
+    <input type='tablet' bus='usb'>
+      <address type='usb' bus='0' port='1'/>
+    </input>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <graphics type='spice' autoport='yes' listen='127.0.0.1'>
+      <listen type='address' address='127.0.0.1'/>
+      <image compression='off'/>
+    </graphics>
+    <sound model='ich9'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/>
+    </sound>
+    <video>
+      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
+    </video>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='2'/>
+    </redirdev>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='3'/>
+    </redirdev>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
+    </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+      <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
+    </rng>
+  </devices>
+  <seclabel type='dynamic' model='apparmor' relabel='yes'/>
+  <seclabel type='dynamic' model='dac' relabel='yes'/>
+</domain>

build/freebsd/hvn2.lab.ipng.ch/vpp2-3/etc/rc.conf

@@ -0,0 +1,7 @@
+hostname="vpp2-3"
+ifconfig_vtnet0="inet 198.19.5.33/24"
+defaultrouter="198.19.5.1"
+ifconfig_vtnet0_ipv6="inet6 2001:678:d78:50b::21/64"
+ipv6_defaultrouter="2001:678:d78:50b::1"
+
+sshd_enable="YES"

build/freebsd/hvn2.lab.ipng.ch/vpp2-3/etc/rc.local

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+for s in /root/lab-build/*
+do
+  echo "** Executing $s"
+  /bin/sh $s
+done

build/freebsd/hvn2.lab.ipng.ch/vpp2-3/etc/resolv.conf

@@ -0,0 +1,4 @@
+domain lab.ipng.ch
+search lab.ipng.ch net.ipng.ch ipng.ch
+nameserver 194.1.163.3
+nameserver 194.1.163.4

build/freebsd/hvn2.lab.ipng.ch/vpp2-3/etc/ssh/sshd_config

@@ -0,0 +1,121 @@
+#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+# Note that some of FreeBSD's defaults differ from OpenBSD's, and
+# FreeBSD has a few additional options.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# Change to yes to enable built-in password authentication.
+# Note that passwords may also be accepted via KbdInteractiveAuthentication.
+#PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable PAM authentication
+#KbdInteractiveAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'no' to disable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+#UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#UseBlacklist no
+#VersionAddendum FreeBSD-20231004
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/libexec/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server

build/freebsd/hvn2.lab.ipng.ch/vpp2-3/home/ipng/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# pim@ipng.nl - absynth, bfib, gripe, spongebob, homenet
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8X6oRdLn7PckWIRL+Fgp46qN+fglQLBJIvPHJ2P277v4tx/qlELaT8w45YyEPrUZ4XbbNIB4P59H63wPxIpk/d15k0C7Zx3kTESaEQuts3fne3ZFmrWm0dLD2yDTiB0zCraiQ5a0w++xuGEC3wdWPV+FHZh5Ea+WCd91g2xXPHJeosAQzBBBBaC9Shhx91h6lbCm4evvgqLnwt7JgnI2N4w2qr13lDDaRD4BXfyFrtLSTdhBgYEaFnUd6Afz5ilfDYXQW/yTSHZOIQ/vNVFpFxYrtmwHDdrSMiDpz0FE/4LLBG/rFl2VvRTmTEyjvwpGpEVaivMOLo/jRc3TA7jKB pim@ipng.nl
+
+# pim's M1 macbookpro SeKEY
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDP/hLZusPNfKTy3t9bbbOHyczX+UACc4rYstc3QEDBDfxBnCZcMKN5Mv10o+q/+ap7wyFhONlz/qcUhEMbI1k=
+

build/freebsd/hvn2.lab.ipng.ch/vpp2-3/root/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# pim@ipng.nl - absynth, bfib, gripe, spongebob, homenet
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8X6oRdLn7PckWIRL+Fgp46qN+fglQLBJIvPHJ2P277v4tx/qlELaT8w45YyEPrUZ4XbbNIB4P59H63wPxIpk/d15k0C7Zx3kTESaEQuts3fne3ZFmrWm0dLD2yDTiB0zCraiQ5a0w++xuGEC3wdWPV+FHZh5Ea+WCd91g2xXPHJeosAQzBBBBaC9Shhx91h6lbCm4evvgqLnwt7JgnI2N4w2qr13lDDaRD4BXfyFrtLSTdhBgYEaFnUd6Afz5ilfDYXQW/yTSHZOIQ/vNVFpFxYrtmwHDdrSMiDpz0FE/4LLBG/rFl2VvRTmTEyjvwpGpEVaivMOLo/jRc3TA7jKB pim@ipng.nl
+
+# pim's M1 macbookpro SeKEY
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDP/hLZusPNfKTy3t9bbbOHyczX+UACc4rYstc3QEDBDfxBnCZcMKN5Mv10o+q/+ap7wyFhONlz/qcUhEMbI1k=
+

build/freebsd/hvn2.lab.ipng.ch/vpp2-3/root/lab-build/perms

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+echo "Fixing permissions"
+chown root:wheel / /etc
+chown -R root:wheel /root
+chown -R ipng:ipng /home/ipng/

build/freebsd/hvn2.lab.ipng.ch/vpp2-3/root/lab-build/sshd

@@ -0,0 +1,9 @@
+
+#!/bin/sh
+
+echo "Fixing SSH permissions"
+chown -R root:wheel /etc/ssh
+chmod 600 /etc/ssh/ssh_host*key
+
+echo "Restarting SSH"
+/etc/rc.d/sshd restart

build/freebsd/hvn2.lab.ipng.ch/vpp2-3/root/libvirt.xml

@@ -0,0 +1,254 @@
+<domain type='kvm'>
+  <name>vpp2-3</name>
+  <uuid>369c5302-e6f1-5120-f48d-6931012dda01</uuid>
+  <metadata>
+    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+      <libosinfo:os id="http://debian.org/debian/10"/>
+    </libosinfo:libosinfo>
+  </metadata>
+  <memory unit='KiB'>8388608</memory>
+  <currentMemory unit='KiB'>8388608</currentMemory>
+  <vcpu placement='static'>2</vcpu>
+  <resource>
+    <partition>/machine</partition>
+  </resource>
+  <os>
+    <type arch='x86_64' machine='pc-q35-5.2'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='custom' match='exact' check='full'>
+    <model fallback='forbid'>SandyBridge-IBRS</model>
+    <vendor>Intel</vendor>
+    <feature policy='require' name='vme'/>
+    <feature policy='require' name='ss'/>
+    <feature policy='require' name='vmx'/>
+    <feature policy='require' name='pdcm'/>
+    <feature policy='require' name='pcid'/>
+    <feature policy='require' name='hypervisor'/>
+    <feature policy='require' name='arat'/>
+    <feature policy='require' name='tsc_adjust'/>
+    <feature policy='require' name='umip'/>
+    <feature policy='require' name='md-clear'/>
+    <feature policy='require' name='stibp'/>
+    <feature policy='require' name='arch-capabilities'/>
+    <feature policy='require' name='ssbd'/>
+    <feature policy='require' name='xsaveopt'/>
+    <feature policy='require' name='pdpe1gb'/>
+    <feature policy='require' name='ibpb'/>
+    <feature policy='require' name='amd-stibp'/>
+    <feature policy='require' name='amd-ssbd'/>
+    <feature policy='require' name='skip-l1dfl-vmentry'/>
+    <feature policy='require' name='pschange-mc-no'/>
+  </cpu>
+  <clock offset='utc'>
+    <timer name='rtc' tickpolicy='catchup'/>
+    <timer name='pit' tickpolicy='delay'/>
+    <timer name='hpet' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='block' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source dev='/dev/zvol/vol0/vpp2-3'/>
+      <backingStore/>
+      <target dev='vda' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
+    </disk>
+    <controller type='usb' index='0' model='qemu-xhci' ports='15'>
+      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
+    </controller>
+    <controller type='sata' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pcie-root'/>
+    <controller type='pci' index='1' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='1' port='0x10'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='2' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='2' port='0x11'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
+    </controller>
+    <controller type='pci' index='3' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='3' port='0x12'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
+    </controller>
+    <controller type='pci' index='4' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='4' port='0x13'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
+    </controller>
+    <controller type='pci' index='5' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='5' port='0x14'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
+    </controller>
+    <controller type='pci' index='6' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='6' port='0x15'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
+    </controller>
+    <controller type='pci' index='7' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='7' port='0x16'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
+    </controller>
+    <controller type='pci' index='8' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='8' port='0x17'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
+    </controller>
+    <controller type='pci' index='9' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='9' port='0x18'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='10' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='10' port='0x19'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x1'/>
+    </controller>
+    <controller type='pci' index='11' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='11' port='0x1a'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x2'/>
+    </controller>
+    <controller type='pci' index='12' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='12' port='0x1b'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x3'/>
+    </controller>
+    <controller type='pci' index='13' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='13' port='0x1c'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x4'/>
+    </controller>
+    <controller type='pci' index='14' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='14' port='0x1d'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x5'/>
+    </controller>
+    <controller type='pci' index='15' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='15' port='0x1e'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x6'/>
+    </controller>
+    <controller type='pci' index='16' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='16' port='0x1f'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x7'/>
+    </controller>
+    <controller type='virtio-serial' index='0'>
+      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
+    </controller>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:01:30'/>
+      <source bridge='mgmt'/>
+      <target dev='vpp2-3-mgmt'/>
+      <model type='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:30'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-3-0'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x0' multifunction='on'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:31'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-3-1'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x1'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:32'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-3-2'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x2'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:F2:11:33'/>
+      <source bridge='vpplan'/>
+      <virtualport type='openvswitch'>
+      </virtualport>
+      <target dev='vpp2-3-3'/>
+      <model type='virtio'/>
+      <mtu size='9216'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x00' function='0x3'/>
+    </interface>
+    <serial type='pty'>
+      <target type='isa-serial' port='0'>
+        <model name='isa-serial'/>
+      </target>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='unix'>
+      <target type='virtio' name='org.qemu.guest_agent.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='2'/>
+    </channel>
+    <input type='tablet' bus='usb'>
+      <address type='usb' bus='0' port='1'/>
+    </input>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <graphics type='spice' autoport='yes' listen='127.0.0.1'>
+      <listen type='address' address='127.0.0.1'/>
+      <image compression='off'/>
+    </graphics>
+    <sound model='ich9'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/>
+    </sound>
+    <video>
+      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
+    </video>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='2'/>
+    </redirdev>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='3'/>
+    </redirdev>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
+    </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+      <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
+    </rng>
+  </devices>
+  <seclabel type='dynamic' model='apparmor' relabel='yes'/>
+  <seclabel type='dynamic' model='dac' relabel='yes'/>
+</domain>

config/common/generic.yaml

@@ -7,6 +7,10 @@ overlays:
     path: overlays/frr/
     build: build/frr/
 
+  freebsd:
+    path: overlays/freebsd/
+    build: build/freebsd/
+
 lab:
   mgmt:
     ipv4: 198.19.5.16/24

create

@@ -31,15 +31,26 @@ HVN="hvn${LAB}.lab.ipng.ch"
 
 VMS=$(ls -1 build/${BUILD}/${HVN}/)
 
+PARTITION="part1"
+TARGET=LINUX
+echo $BASE | grep -q freebsd && {
+  echo "FreeBSD build."
+  MOUNTFLAGS="-w -t ufs -o ufstype=ufs2"
+  PARTITION="part4"
+  TARGET=FREEBSD
+}
+
 for VM in $VMS; do
   echo "[$VM] Cloning base"
   ssh root@$HVN "mkdir -p $STAGING/$VM; zfs clone $BASE vol0/$VM"
   echo "[$VM] Mounting in staging"
-  ssh root@$HVN "mount /dev/zvol/vol0/$VM-part1 $STAGING/$VM"
+  ssh root@$HVN "mount $MOUNTFLAGS /dev/zvol/vol0/$VM-$PARTITION $STAGING/$VM"
   echo "[$VM] Rsyncing build"
   rsync -aIcg build/$BUILD/$HVN/$VM/ root@${HVN}:$STAGING/$VM/
+  if [ "$TARGET" = "LINUX" ]; then
     echo "[$VM] Running lab-build snippets"
-  ssh root@$HVN "cd $STAGING/$VM; for s in root/lab-build/*; do chroot $STAGING/$VM /bin/bash /\$s; done"
+    ssh root@$HVN "cd $STAGING/$VM; for s in root/lab-build/*; do chroot $STAGING/$VM /bin/sh /\$s; done"
+  fi
   echo "[$VM] Unmounting and snapshotting pristine state"
   ssh root@$HVN "umount $STAGING/$VM; zfs snapshot vol0/${VM}@pristine"
   echo "[$VM] Copying libvirt config"

overlays/freebsd/common/etc/rc.conf.j2

@@ -0,0 +1,8 @@
+hostname="{{ node.hostname }}"
+ifconfig_vtnet0="inet {{ node.mgmt.ipv4 }}"
+defaultrouter="{{ lab.mgmt.gw4 }}"
+ifconfig_vtnet0_ipv6="inet6 {{ node.mgmt.ipv6 }}"
+ipv6_defaultrouter="{{ lab.mgmt.gw6 }}"
+
+sshd_enable="YES"
+

overlays/freebsd/common/etc/rc.local

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+for s in /root/lab-build/*
+do
+  echo "** Executing $s"
+  /bin/sh $s
+done
+

overlays/freebsd/common/etc/resolv.conf.j2

@@ -0,0 +1,6 @@
+domain lab.ipng.ch
+search{% for domain in lab.nameserver.search %} {{domain}}{%endfor %}
+
+nameserver 194.1.163.3
+nameserver 194.1.163.4
+

overlays/freebsd/common/etc/ssh/sshd_config

@@ -0,0 +1,121 @@
+#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+# Note that some of FreeBSD's defaults differ from OpenBSD's, and
+# FreeBSD has a few additional options.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# Change to yes to enable built-in password authentication.
+# Note that passwords may also be accepted via KbdInteractiveAuthentication.
+#PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable PAM authentication
+#KbdInteractiveAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'no' to disable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+#UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#UseBlacklist no
+#VersionAddendum FreeBSD-20231004
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/libexec/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server

overlays/freebsd/common/home/ipng/.ssh/authorized_keys

@@ -0,0 +1,11 @@
+# pim@ipng.nl - absynth, bfib, gripe, spongebob, homenet
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8X6oRdLn7PckWIRL+Fgp46qN+fglQLBJIvPHJ2P277v4tx/qlELaT8w45YyEPrUZ4XbbNIB4P59H63wPxIpk/d15k0C7Zx3kTESaEQuts3fne3ZFmrWm0dLD2yDTiB0zCraiQ5a0w++xuGEC3wdWPV+FHZh5Ea+WCd91g2xXPHJeosAQzBBBBaC9Shhx91h6lbCm4evvgqLnwt7JgnI2N4w2qr13lDDaRD4BXfyFrtLSTdhBgYEaFnUd6Afz5ilfDYXQW/yTSHZOIQ/vNVFpFxYrtmwHDdrSMiDpz0FE/4LLBG/rFl2VvRTmTEyjvwpGpEVaivMOLo/jRc3TA7jKB pim@ipng.nl
+
+# pim's M1 macbookpro SeKEY
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDP/hLZusPNfKTy3t9bbbOHyczX+UACc4rYstc3QEDBDfxBnCZcMKN5Mv10o+q/+ap7wyFhONlz/qcUhEMbI1k=
+
+{% if lab.ssh is defined and 'ipng' in lab.ssh %}
+{% for key in lab.ssh.ipng | default([]) %}
+{{ key }}
+{% endfor %}
+{% endif %}

overlays/freebsd/common/root/.ssh/authorized_keys

@@ -0,0 +1 @@
+../../../../_common/common/root/.ssh/authorized_keys

overlays/freebsd/common/root/lab-build/perms

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+echo "Fixing permissions"
+chown root:wheel / /etc
+chown -R root:wheel /root
+chown -R ipng:ipng /home/ipng/
+

overlays/freebsd/common/root/libvirt.xml.j2

@@ -0,0 +1 @@
+../../../_common/common/root/libvirt.xml.j2