2024-11-08 20:08:56 +01:00
|
|
|
---
|
|
|
|
|
- name: install bastille
|
|
|
|
|
pkgng:
|
|
|
|
|
name: bastille
|
|
|
|
|
|
|
|
|
|
- name: enable bastille
|
|
|
|
|
community.general.sysrc:
|
|
|
|
|
name: bastille_enable
|
|
|
|
|
value: "YES"
|
|
|
|
|
|
|
|
|
|
- name: add bastille devfs rule
|
|
|
|
|
blockinfile:
|
|
|
|
|
path: /etc/devfs.rules
|
|
|
|
|
marker: "<!-- {mark} ANSIBLE MANAGED vnet -->"
|
|
|
|
|
create: yes
|
|
|
|
|
block: |
|
|
|
|
|
[bastille_vnet=13]
|
|
|
|
|
add path 'bpf*' unhide
|
|
|
|
|
|
|
|
|
|
- name: enable zfs for bastille
|
|
|
|
|
community.general.sysrc:
|
|
|
|
|
name: "{{ item.name }}"
|
|
|
|
|
value: "{{ item.value }}"
|
|
|
|
|
path: /usr/local/etc/bastille/bastille.conf
|
|
|
|
|
loop:
|
|
|
|
|
- { name: "bastille_zfs_enable", value: "YES" }
|
|
|
|
|
- { name: "bastille_zfs_zpool", value: "zroot" }
|
|
|
|
|
|
|
|
|
|
- name: bootstrap {{ release }} release
|
|
|
|
|
shell: "bastille bootstrap {{ release }}"
|
|
|
|
|
args:
|
|
|
|
|
creates: "/usr/local/bastille/releases/{{ release }}"
|
|
|
|
|
|
|
|
|
|
- name: configure bootstrap to use latest pkgs
|
|
|
|
|
replace:
|
|
|
|
|
path: "/usr/local/bastille/releases/{{ release }}/etc/pkg/FreeBSD.conf"
|
|
|
|
|
regexp: '^(.*)quarterly(.*)$'
|
|
|
|
|
replace: '\1latest\2'
|
|
|
|
|
|
2024-11-20 18:15:48 +01:00
|
|
|
- name: determine ipv6 address
|
|
|
|
|
shell: ifconfig {{ netif.primary }} inet6 | awk '{ if (/2a01/) { print $2 }}'
|
|
|
|
|
register: primaryip
|
|
|
|
|
|
|
|
|
|
- name: setup bastille.conf
|
|
|
|
|
template:
|
|
|
|
|
src: bastille.conf.j2
|
|
|
|
|
dest: /usr/local/etc/bastille/bastille.conf
|
|
|
|
|
|
2024-11-08 20:08:56 +01:00
|
|
|
# - name: update bootstrap
|
|
|
|
|
# shell: "bastille update {{ release }}"
|
2024-11-20 18:15:48 +01:00
|
|
|
|
