bsdnix/roles/jails/templates/bastille.conf.j2

#####################
## [ BastilleBSD ] ##
#####################

## default paths
bastille_prefix="/usr/local/bastille"                                 ## default: "/usr/local/bastille"
bastille_backupsdir="${bastille_prefix}/backups"                      ## default: "${bastille_prefix}/backups"
bastille_cachedir="${bastille_prefix}/cache"                          ## default: "${bastille_prefix}/cache"
bastille_jailsdir="${bastille_prefix}/jails"                          ## default: "${bastille_prefix}/jails"
bastille_releasesdir="${bastille_prefix}/releases"                    ## default: "${bastille_prefix}/releases"
bastille_templatesdir="${bastille_prefix}/templates"                  ## default: "${bastille_prefix}/templates"
bastille_logsdir="/var/log/bastille"                                  ## default: "/var/log/bastille"

## pf configuration path
bastille_pf_conf="/etc/pf.conf"                                       ## default: "/etc/pf.conf"

## bastille scripts directory (assumed by bastille pkg)
bastille_sharedir="/usr/local/share/bastille"                         ## default: "/usr/local/share/bastille"

## bootstrap archives, which components of the OS to install.
## base  - The base OS, kernel + userland
## lib32 - Libraries for compatibility with 32 bit binaries
## ports - The FreeBSD ports (3rd party applications) tree
## src   - The source code to the kernel + userland
## test  - The FreeBSD test suite
## this is a whitespace separated list:
## bastille_bootstrap_archives="base lib32 ports src test"
bastille_bootstrap_archives="base"                                    ## default: "base"

## default timezone
bastille_tzdata=""                                                    ## default: empty to use host's time zone

## default jail resolv.conf
bastille_resolv_conf="/etc/resolv.conf"                               ## default: "/etc/resolv.conf"

## bootstrap urls
bastille_url_freebsd="http://ftp.freebsd.org/pub/FreeBSD/releases/"          ## default: "http://ftp.freebsd.org/pub/FreeBSD/releases/"
bastille_url_hardenedbsd="https://installers.hardenedbsd.org/pub/" ## default: "https://installer.hardenedbsd.org/pub/HardenedBSD/releases/"
bastille_url_midnightbsd="https://www.midnightbsd.org/ftp/MidnightBSD/releases/"          ## default: "https://www.midnightbsd.org/pub/MidnightBSD/releases/"

## ZFS options
bastille_zfs_enable="YES"                                                ## default: ""
bastille_zfs_zpool="zroot"                                                 ## default: ""
bastille_zfs_prefix="bastille"                                        ## default: "${bastille_zfs_zpool}/bastille"
bastille_zfs_options="-o compress=lz4 -o atime=off"                   ## default: "-o compress=lz4 -o atime=off"

## Export/Import options
bastille_compress_xz_options="-0 -v"                                  ## default "-0 -v"
bastille_decompress_xz_options="-c -d -v"                             ## default "-c -d -v"
bastille_compress_gz_options="-1 -v"                                  ## default "-1 -v"
bastille_decompress_gz_options="-k -d -c -v"                          ## default "-k -d -c -v"
bastille_export_options=""                                            ## default "" predefined export options, e.g. "--safe --gz"

## Networking
bastille_network_loopback="bastille0"                                 ## default: "bastille0"
bastille_network_pf_ext_if="ext_if"                                   ## default: "ext_if"
bastille_network_pf_table="jails"                                     ## default: "jails"
bastille_network_shared=""                                            ## default: ""
bastille_network_gateway=""                                           ## default: ""
bastille_network_gateway6="{{ ansible_default_ipv6.address }}"        ## default: ""

## Default Templates
bastille_template_base="default/base"                                 ## default: "default/base"
bastille_template_empty=""                                            ## default: "default/empty"
bastille_template_thick="default/thick"                               ## default: "default/thick"
bastille_template_clone="default/clone"                               ## default: "default/clone"
bastille_template_thin="default/thin"                                 ## default: "default/thin"
bastille_template_vnet="default/vnet"                                 ## default: "default/vnet"
finally got the ipv6 jail stuff working, yeah 2024-11-20 18:15:48 +01:00			`#####################`
			`## [ BastilleBSD ] ##`
			`#####################`

			`## default paths`
			`bastille_prefix="/usr/local/bastille" ## default: "/usr/local/bastille"`
			`bastille_backupsdir="${bastille_prefix}/backups" ## default: "${bastille_prefix}/backups"`
			`bastille_cachedir="${bastille_prefix}/cache" ## default: "${bastille_prefix}/cache"`
			`bastille_jailsdir="${bastille_prefix}/jails" ## default: "${bastille_prefix}/jails"`
			`bastille_releasesdir="${bastille_prefix}/releases" ## default: "${bastille_prefix}/releases"`
			`bastille_templatesdir="${bastille_prefix}/templates" ## default: "${bastille_prefix}/templates"`
			`bastille_logsdir="/var/log/bastille" ## default: "/var/log/bastille"`

			`## pf configuration path`
			`bastille_pf_conf="/etc/pf.conf" ## default: "/etc/pf.conf"`

			`## bastille scripts directory (assumed by bastille pkg)`
			`bastille_sharedir="/usr/local/share/bastille" ## default: "/usr/local/share/bastille"`

			`## bootstrap archives, which components of the OS to install.`
			`## base - The base OS, kernel + userland`
			`## lib32 - Libraries for compatibility with 32 bit binaries`
			`## ports - The FreeBSD ports (3rd party applications) tree`
			`## src - The source code to the kernel + userland`
			`## test - The FreeBSD test suite`
			`## this is a whitespace separated list:`
			`## bastille_bootstrap_archives="base lib32 ports src test"`
			`bastille_bootstrap_archives="base" ## default: "base"`

			`## default timezone`
			`bastille_tzdata="" ## default: empty to use host's time zone`

			`## default jail resolv.conf`
			`bastille_resolv_conf="/etc/resolv.conf" ## default: "/etc/resolv.conf"`

			`## bootstrap urls`
			`bastille_url_freebsd="http://ftp.freebsd.org/pub/FreeBSD/releases/" ## default: "http://ftp.freebsd.org/pub/FreeBSD/releases/"`
			`bastille_url_hardenedbsd="https://installers.hardenedbsd.org/pub/" ## default: "https://installer.hardenedbsd.org/pub/HardenedBSD/releases/"`
			`bastille_url_midnightbsd="https://www.midnightbsd.org/ftp/MidnightBSD/releases/" ## default: "https://www.midnightbsd.org/pub/MidnightBSD/releases/"`

			`## ZFS options`
			`bastille_zfs_enable="YES" ## default: ""`
			`bastille_zfs_zpool="zroot" ## default: ""`
			`bastille_zfs_prefix="bastille" ## default: "${bastille_zfs_zpool}/bastille"`
			`bastille_zfs_options="-o compress=lz4 -o atime=off" ## default: "-o compress=lz4 -o atime=off"`

			`## Export/Import options`
			`bastille_compress_xz_options="-0 -v" ## default "-0 -v"`
			`bastille_decompress_xz_options="-c -d -v" ## default "-c -d -v"`
			`bastille_compress_gz_options="-1 -v" ## default "-1 -v"`
			`bastille_decompress_gz_options="-k -d -c -v" ## default "-k -d -c -v"`
			`bastille_export_options="" ## default "" predefined export options, e.g. "--safe --gz"`

			`## Networking`
			`bastille_network_loopback="bastille0" ## default: "bastille0"`
			`bastille_network_pf_ext_if="ext_if" ## default: "ext_if"`
			`bastille_network_pf_table="jails" ## default: "jails"`
			`bastille_network_shared="" ## default: ""`
			`bastille_network_gateway="" ## default: ""`
replace unbound w/ kresd, add user (needs ansible users bugfix for pw) 2024-11-22 18:43:35 +01:00			`bastille_network_gateway6="{{ ansible_default_ipv6.address }}" ## default: ""`
finally got the ipv6 jail stuff working, yeah 2024-11-20 18:15:48 +01:00
			`## Default Templates`
			`bastille_template_base="default/base" ## default: "default/base"`
			`bastille_template_empty="" ## default: "default/empty"`
			`bastille_template_thick="default/thick" ## default: "default/thick"`
			`bastille_template_clone="default/clone" ## default: "default/clone"`
			`bastille_template_thin="default/thin" ## default: "default/thin"`
			`bastille_template_vnet="default/vnet" ## default: "default/vnet"`