enhanced makefile, added pubnix jail role, fixed knownhosts issue

roles/pubnix/files/Bastillefile

@@ -0,0 +1,6 @@
+PKG bash
+SYSRC sshd_enable=YES
+CMD mkdir -p /data/home
+SERVICE nginx restart
+FSTAB /data/home data/home nullfs ro 0 0
+RDR tcp 22 22

roles/pubnix/files/sshd_config

@@ -0,0 +1,14 @@
+LogLevel INFO
+LoginGraceTime 1m
+PermitRootLogin no
+StrictModes yes
+MaxAuthTries 3
+MaxSessions 2
+PubkeyAuthentication yes
+PasswordAuthentication no
+KbdInteractiveAuthentication no
+AllowAgentForwarding no
+AllowTcpForwarding no
+GatewayPorts no
+X11Forwarding no
+

roles/pubnix/tasks/main.yaml

@@ -0,0 +1,42 @@
+---
+- name: create services template dir
+  file:
+    path: "/usr/local/bastille/templates/services/{{ role_name }}"
+    state: directory
+    recurse: yes
+
+- name: copy template config files
+  copy:
+    src: Bastillefile
+    dest: "/usr/local/bastille/templates/services/{{ role_name }}/"
+
+- name: create config path
+  file:
+    path: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"
+    state: directory
+    recurse: yes
+
+- name: copy config file
+  copy:
+    src: sshd_config
+    dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"
+
+- name: create data/home dataset
+  community.general.zfs:
+    name: zroot/home
+    state: present
+    extra_zfs_properties:
+      mountpoint: /data/home
+
+- name: create jail
+  shell: "bastille create {{ role_name }} {{ release }} {{ jails[role_name] }}"
+  args:
+    creates: /usr/local/bastille/jails/{{ role_name }}
+
+- name: start jail
+  # https://github.com/BastilleBSD/bastille/issues/342
+  shell: bastille start {{ role_name }} || true
+
+# FIXME: fails, /etc/resolv.conf in jail is wrong, no working nameserver in there or outgoing dns forbidden
+- name: template jail
+  shell: "bastille template {{ role_name }} services/{{ role_name }}"