type: cx22 # resolved on startup in Makefile image: "{{ lookup('ansible.builtin.env', 'SNAPSHOT') }}" # extranous general packages we might need packages: - cpdup - bash - doas - knot-resolver # used by bastille to build a base release: 14.1-RELEASE # snapshot to install in new vps snapshot: FreeBSD-14.1-RELEASE-p5-1-hcloud-init location: fsn1 # must already exist in group project ssh_keys: - scip@e3 - scip@tripod - scip@pixel8 jails: pubnix: pkgs: - bash - zsh - vim - git - htop - tmux - bind-tools - coreutils - emacs-nox - fzf users: - name: scip groups: wheel shell: /usr/local/bin/bash rootdir: /usr/local/bastille/jails/pubnix/root - name: tom groups: nobody shell: /usr/local/bin/bash rootdir: /usr/local/bastille/jails/pubnix/root storage: volume: size: 10 name: zhcloud # zfs pool name device: da1 mounts: - mount: /home name: /home - mount: /var/cron/tabs name: /crontabs netif: primary: bridge0 kernel: sysctls: security.bsd.see_other_uids: 0 security.bsd.see_other_gids: 0 security.bsd.see_jail_proc: 0 net.inet6.ip6.forwarding: 1 sysctlsoff: security.bsd.unprivileged_read_msgbuf: 0 security.bsd.unprivileged_proc_debug: 0 kern.randompid: 1 net.inet.ip.random_id: 1 hw.spec_store_bypass_disable: 1 kern.elf64.allow_wx: 0 kern.elf32.aslr.stack: 3 kern.elf32.aslr.pie_enable: 1 vfs.zfs.min_auto_ashift: 12 kern.securelevel: 2 permissions: - name: /home owner: root group: wheel mode: '0711' - name: /etc owner: root group: wheel mode: '0711' - name: /usr/local/etc owner: root group: wheel mode: '0711' - name: /root owner: root group: wheel mode: '0700' - name: /var/log owner: root group: wheel mode: '0711' - name: /var/cron/tabs owner: root group: wheel mode: '0700' - name: /var/log owner: root group: wheel mode: '0711'