bsdnix/roles/pubnix/tasks/main.yaml

---
- name: create services template dir
  file:
    path: "/usr/local/bastille/templates/services/{{ role_name }}"
    state: directory
    recurse: yes

- name: copy template config files
  copy:
    src: Bastillefile
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/"

- name: create config path
  file:
    path: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"
    state: directory
    recurse: yes

- name: copy config file
  copy:
    src: sshd_config
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"

- name: create data/home dataset
  community.general.zfs:
    name: zroot/home
    state: present
    extra_zfs_properties:
      mountpoint: /data/home

- name: create jail
  shell: "bastille create {{ role_name }} {{ release }} {{ jails[role_name] }}"
  args:
    creates: /usr/local/bastille/jails/{{ role_name }}

- name: start jail
  # https://github.com/BastilleBSD/bastille/issues/342
  shell: bastille start {{ role_name }} || true

# FIXME: fails, /etc/resolv.conf in jail is wrong, no working nameserver in there or outgoing dns forbidden
- name: template jail
  shell: "bastille template {{ role_name }} services/{{ role_name }}"
enhanced makefile, added pubnix jail role, fixed knownhosts issue 2024-11-12 14:08:53 +01:00			`---`
			`- name: create services template dir`
			`file:`
			`path: "/usr/local/bastille/templates/services/{{ role_name }}"`
			`state: directory`
			`recurse: yes`

			`- name: copy template config files`
			`copy:`
			`src: Bastillefile`
			`dest: "/usr/local/bastille/templates/services/{{ role_name }}/"`

			`- name: create config path`
			`file:`
			`path: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"`
			`state: directory`
			`recurse: yes`

			`- name: copy config file`
			`copy:`
			`src: sshd_config`
			`dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"`

			`- name: create data/home dataset`
			`community.general.zfs:`
			`name: zroot/home`
			`state: present`
			`extra_zfs_properties:`
			`mountpoint: /data/home`

			`- name: create jail`
			`shell: "bastille create {{ role_name }} {{ release }} {{ jails[role_name] }}"`
			`args:`
			`creates: /usr/local/bastille/jails/{{ role_name }}`

			`- name: start jail`
			`# https://github.com/BastilleBSD/bastille/issues/342`
			`shell: bastille start {{ role_name }} \|\| true`

			`# FIXME: fails, /etc/resolv.conf in jail is wrong, no working nameserver in there or outgoing dns forbidden`
			`- name: template jail`
			`shell: "bastille template {{ role_name }} services/{{ role_name }}"`