##################### ## [ BastilleBSD ] ## ##################### ## default paths bastille_prefix="/usr/local/bastille" ## default: "/usr/local/bastille" bastille_backupsdir="${bastille_prefix}/backups" ## default: "${bastille_prefix}/backups" bastille_cachedir="${bastille_prefix}/cache" ## default: "${bastille_prefix}/cache" bastille_jailsdir="${bastille_prefix}/jails" ## default: "${bastille_prefix}/jails" bastille_releasesdir="${bastille_prefix}/releases" ## default: "${bastille_prefix}/releases" bastille_templatesdir="${bastille_prefix}/templates" ## default: "${bastille_prefix}/templates" bastille_logsdir="/var/log/bastille" ## default: "/var/log/bastille" ## pf configuration path bastille_pf_conf="/etc/pf.conf" ## default: "/etc/pf.conf" ## bastille scripts directory (assumed by bastille pkg) bastille_sharedir="/usr/local/share/bastille" ## default: "/usr/local/share/bastille" ## bootstrap archives, which components of the OS to install. ## base - The base OS, kernel + userland ## lib32 - Libraries for compatibility with 32 bit binaries ## ports - The FreeBSD ports (3rd party applications) tree ## src - The source code to the kernel + userland ## test - The FreeBSD test suite ## this is a whitespace separated list: ## bastille_bootstrap_archives="base lib32 ports src test" bastille_bootstrap_archives="base" ## default: "base" ## default timezone bastille_tzdata="" ## default: empty to use host's time zone ## default jail resolv.conf bastille_resolv_conf="/etc/resolv.conf" ## default: "/etc/resolv.conf" ## bootstrap urls bastille_url_freebsd="http://ftp.freebsd.org/pub/FreeBSD/releases/" ## default: "http://ftp.freebsd.org/pub/FreeBSD/releases/" bastille_url_hardenedbsd="https://installers.hardenedbsd.org/pub/" ## default: "https://installer.hardenedbsd.org/pub/HardenedBSD/releases/" bastille_url_midnightbsd="https://www.midnightbsd.org/ftp/MidnightBSD/releases/" ## default: "https://www.midnightbsd.org/pub/MidnightBSD/releases/" ## ZFS options bastille_zfs_enable="YES" ## default: "" bastille_zfs_zpool="zroot" ## default: "" bastille_zfs_prefix="bastille" ## default: "${bastille_zfs_zpool}/bastille" bastille_zfs_options="-o compress=lz4 -o atime=off" ## default: "-o compress=lz4 -o atime=off" ## Export/Import options bastille_compress_xz_options="-0 -v" ## default "-0 -v" bastille_decompress_xz_options="-c -d -v" ## default "-c -d -v" bastille_compress_gz_options="-1 -v" ## default "-1 -v" bastille_decompress_gz_options="-k -d -c -v" ## default "-k -d -c -v" bastille_export_options="" ## default "" predefined export options, e.g. "--safe --gz" ## Networking bastille_network_loopback="bastille0" ## default: "bastille0" bastille_network_pf_ext_if="ext_if" ## default: "ext_if" bastille_network_pf_table="jails" ## default: "jails" bastille_network_shared="" ## default: "" bastille_network_gateway="" ## default: "" bastille_network_gateway6="{{ ansible_default_ipv6.address }}" ## default: "" ## Default Templates bastille_template_base="default/base" ## default: "default/base" bastille_template_empty="" ## default: "default/empty" bastille_template_thick="default/thick" ## default: "default/thick" bastille_template_clone="default/clone" ## default: "default/clone" bastille_template_thin="default/thin" ## default: "default/thin" bastille_template_vnet="default/vnet" ## default: "default/vnet"