fixes:

- finally fixed pf.conf
- got Bastillefile working (sshd_config missing yet)
- re-activated network role to set net variables
- fixed make [all]
- use hetzner volume for jail home
- use ramdisk for /tmp inside jail

roles/pubnix/files/Bastillefile

@@ -1,6 +0,0 @@
-PKG bash
-SYSRC sshd_enable=YES
-CMD mkdir -p /data/home
-SERVICE nginx restart
-FSTAB /data/home data/home nullfs ro 0 0
-RDR tcp 22 22

roles/pubnix/tasks/main.yaml

@@ -6,9 +6,9 @@
     recurse: yes
 
 - name: copy template config files
-  copy:
-    src: Bastillefile
-    dest: "/usr/local/bastille/templates/services/{{ role_name }}/"
+  template:
+    src: Bastillefile.j2
+    dest: "/usr/local/bastille/templates/services/{{ role_name }}/Bastillefile"
 
 - name: create config path
   file:
@@ -21,17 +21,14 @@
     src: sshd_config
     dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"
 
-- name: create data/home dataset
-  community.general.zfs:
-    name: zroot/home
-    state: present
-    extra_zfs_properties:
-      mountpoint: /data/home
+# - name: create data/home dataset
+#   community.general.zfs:
+#     name: zroot/home
+#     state: present
+#     extra_zfs_properties:
+#       mountpoint: /data/home
+
 
-- name: determine ipv6 address
-  shell: ifconfig {{ netif.primary }} inet6 | awk '{ if (/2a01/) { sub(/::.$/, "::2", $2); print $2 }}'
-  register: jailip
-      
 - name: create jail
   shell: "bastille create -B {{ role_name }} {{ release }} {{ jailip.stdout }}/64 bridge0"
   args:

roles/pubnix/templates/Bastillefile.j2

@@ -0,0 +1,14 @@
+PKG {{ jails.pubnix.pkgs | join(' ') }}
+
+SYSRC sshd_enable=YES
+SYSRC sendmail_enable=NONE
+SYSRC tmpsize="500m"
+SYSRC tmpmfs="AUTO"
+SYSRC clear_tmp_enable="YES"
+
+CMD rm /home
+CMD mkdir -p /home
+
+FSTAB /home home nullfs rw 0 0
+
+SERVICE sshd start