Thomas von Dein
480111eed7
- finally fixed pf.conf - got Bastillefile working (sshd_config missing yet) - re-activated network role to set net variables - fixed make [all] - use hetzner volume for jail home - use ramdisk for /tmp inside jail
44 lines
1.2 KiB
YAML
44 lines
1.2 KiB
YAML
---
|
|
- name: create services template dir
|
|
file:
|
|
path: "/usr/local/bastille/templates/services/{{ role_name }}"
|
|
state: directory
|
|
recurse: yes
|
|
|
|
- name: copy template config files
|
|
template:
|
|
src: Bastillefile.j2
|
|
dest: "/usr/local/bastille/templates/services/{{ role_name }}/Bastillefile"
|
|
|
|
- name: create config path
|
|
file:
|
|
path: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"
|
|
state: directory
|
|
recurse: yes
|
|
|
|
- name: copy config file
|
|
copy:
|
|
src: sshd_config
|
|
dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"
|
|
|
|
# - name: create data/home dataset
|
|
# community.general.zfs:
|
|
# name: zroot/home
|
|
# state: present
|
|
# extra_zfs_properties:
|
|
# mountpoint: /data/home
|
|
|
|
|
|
- name: create jail
|
|
shell: "bastille create -B {{ role_name }} {{ release }} {{ jailip.stdout }}/64 bridge0"
|
|
args:
|
|
creates: /usr/local/bastille/jails/{{ role_name }}
|
|
|
|
- name: start jail
|
|
# https://github.com/BastilleBSD/bastille/issues/342
|
|
shell: bastille start {{ role_name }} || true
|
|
|
|
# FIXME: fails, /etc/resolv.conf in jail is wrong, no working nameserver in there or outgoing dns forbidden
|
|
- name: template jail
|
|
shell: "bastille template {{ role_name }} services/{{ role_name }}"
|