Thomas von Dein
480111eed7
- finally fixed pf.conf - got Bastillefile working (sshd_config missing yet) - re-activated network role to set net variables - fixed make [all] - use hetzner volume for jail home - use ramdisk for /tmp inside jail
48 lines
1.1 KiB
YAML
48 lines
1.1 KiB
YAML
---
|
|
- name: install bastille
|
|
pkgng:
|
|
name: bastille
|
|
|
|
- name: enable bastille
|
|
community.general.sysrc:
|
|
name: bastille_enable
|
|
value: "YES"
|
|
|
|
- name: add bastille devfs rule
|
|
blockinfile:
|
|
path: /etc/devfs.rules
|
|
marker: "<!-- {mark} ANSIBLE MANAGED vnet -->"
|
|
create: yes
|
|
block: |
|
|
[bastille_vnet=13]
|
|
add path 'bpf*' unhide
|
|
|
|
- name: enable zfs for bastille
|
|
community.general.sysrc:
|
|
name: "{{ item.name }}"
|
|
value: "{{ item.value }}"
|
|
path: /usr/local/etc/bastille/bastille.conf
|
|
loop:
|
|
- { name: "bastille_zfs_enable", value: "YES" }
|
|
- { name: "bastille_zfs_zpool", value: "zroot" }
|
|
|
|
- name: bootstrap {{ release }} release
|
|
shell: "bastille bootstrap {{ release }}"
|
|
args:
|
|
creates: "/usr/local/bastille/releases/{{ release }}"
|
|
|
|
- name: configure bootstrap to use latest pkgs
|
|
replace:
|
|
path: "/usr/local/bastille/releases/{{ release }}/etc/pkg/FreeBSD.conf"
|
|
regexp: '^(.*)quarterly(.*)$'
|
|
replace: '\1latest\2'
|
|
|
|
- name: setup bastille.conf
|
|
template:
|
|
src: bastille.conf.j2
|
|
dest: /usr/local/etc/bastille/bastille.conf
|
|
|
|
# - name: update bootstrap
|
|
# shell: "bastille update {{ release }}"
|
|
|