143 lines
3.1 KiB
YAML
143 lines
3.1 KiB
YAML
---
|
|
- name: Install Packages
|
|
community.general.pkgng:
|
|
state: present
|
|
name: "{{ packages }}"
|
|
|
|
- name: Create program symlinks
|
|
shell: "ln -sf /usr/local/bin/{{ item.program }} /usr/local/bin/{{ item.link }}"
|
|
loop: "{{ versions }}"
|
|
|
|
# FIXME: remove the symlink in the next release snapshot
|
|
- name: Remove old home sym link
|
|
shell: |
|
|
rm /home
|
|
touch /tmp/.ansible.home
|
|
args:
|
|
creates: "/tmp/.ansible.home"
|
|
|
|
- name: Remove original cron tab dir
|
|
shell: |
|
|
rm -rf /var/cron/tabs
|
|
touch /tmp/.ansible.crontabs
|
|
args:
|
|
creates: "/tmp/.ansible.crontabs"
|
|
|
|
- name: Setup home volume partition
|
|
shell: |
|
|
gpart create -s GPT da1
|
|
touch /tmp/.ansible.gpt
|
|
args:
|
|
creates: "/tmp/.ansible.gpt"
|
|
|
|
- name: Setup home fs type
|
|
shell: |
|
|
gpart add -t freebsd-zfs -l {{ storage.volume.name }} -a 1M {{ storage.volume.device }}
|
|
touch /tmp/.ansible.add
|
|
args:
|
|
creates: "/tmp/.ansible.add"
|
|
|
|
- name: Create zpool using home volume
|
|
shell: "zpool create -f {{ storage.volume.name }} {{ storage.volume.device }}"
|
|
args:
|
|
creates: "/{{ storage.volume.name }}"
|
|
|
|
- name: Create zfs home dataset
|
|
loop: "{{ storage.mounts }}"
|
|
shell: "zfs create -o mountpoint={{ item.mount }} {{ storage.volume.name }}{{ item.name }}"
|
|
args:
|
|
creates: "{{ item.mount }}"
|
|
|
|
- name: Change permissions
|
|
loop: "{{ permissions }}"
|
|
ansible.builtin.file:
|
|
path: "{{ item.name }}"
|
|
owner: "{{ item.owner }}"
|
|
group: "{{ item.group }}"
|
|
mode: "{{ item.mode }}"
|
|
|
|
- name: Change root password
|
|
user:
|
|
name: root
|
|
password: "{{ root_password | password_hash('sha512') }}"
|
|
|
|
- name: Setup sysctls
|
|
loop: "{{ kernel.sysctls | dict2items }}"
|
|
ansible.posix.sysctl:
|
|
name: "{{ item.key }}"
|
|
value: "{{ item.value }}"
|
|
sysctl_set: true
|
|
state: present
|
|
reload: true
|
|
|
|
- name: Install doas config
|
|
copy:
|
|
src: doas.conf
|
|
dest: /usr/local/etc/doas.conf
|
|
owner: root
|
|
group: wheel
|
|
mode: '0600'
|
|
|
|
- name: Install knot resolver config
|
|
copy:
|
|
src: kresd.conf
|
|
dest: /usr/local/etc/knot-resolver/kresd.conf
|
|
owner: root
|
|
group: wheel
|
|
mode: '0644'
|
|
|
|
- name: Install knot resolv.conf
|
|
copy:
|
|
src: resolv.conf
|
|
dest: /etc/resolv.conf
|
|
owner: root
|
|
group: wheel
|
|
mode: '0644'
|
|
|
|
- name: Install rctl rule set
|
|
copy:
|
|
src: rctl.conf
|
|
dest: /etc/rctl.conf
|
|
owner: root
|
|
group: wheel
|
|
mode: '0644'
|
|
|
|
- name: Install /etc/hosts file
|
|
copy:
|
|
src: hosts
|
|
dest: /etc/hosts
|
|
owner: root
|
|
group: wheel
|
|
mode: '0644'
|
|
|
|
- name: Install jlogin
|
|
copy:
|
|
src: jlogin
|
|
dest: /usr/local/sbin/jlogin
|
|
owner: root
|
|
group: wheel
|
|
mode: '0755'
|
|
|
|
- name: Symlink knot dig
|
|
shell: "ln -sf /usr/local/bin/kdig /usr/local/bin/dig"
|
|
args:
|
|
creates: "/usr/local/bin/dig"
|
|
|
|
- name: disable unbound
|
|
community.general.sysrc:
|
|
name: local_unbound_enable
|
|
value: "NO"
|
|
notify: stop unbound
|
|
|
|
- name: enable knot resolver
|
|
community.general.sysrc:
|
|
name: kresd_enable
|
|
value: "YES"
|
|
notify: start kresd
|
|
|
|
- name: enable rctl
|
|
community.general.sysrc:
|
|
name: rctl_enable
|
|
value: "YES"
|
|
notify: start rctl
|