scip/bsdnix
1
0
Fork 0
Code Issues Pull Requests Activity
bsdnix/roles/server/tasks/main.yaml
Thomas von Dein 8e23c090d9 added: 
- set file permissions
- setup sysctls
- set root password from vault var
- added doas + config
2024-11-18 18:33:33 +01:00

77 lines
1.8 KiB
YAML
Raw Blame History

---
- name: Install Packages
community.general.pkgng:
state: present
name: "{{ packages }}"
# FIXME: remove the symlink in the next release snapshot
- name: Remove old home sym link
shell: |
rm /home
touch /tmp/.ansible.home
args:
creates: "/tmp/.ansible.home"
- name: Remove original cron tab dir
shell: |
rm -rf /var/cron/tabs
touch /tmp/.ansible.crontabs
args:
creates: "/tmp/.ansible.crontabs"
- name: Setup home volume partition
shell: |
gpart create -s GPT da1
touch /tmp/.ansible.gpt
args:
creates: "/tmp/.ansible.gpt"
- name: Setup home fs type
shell: |
gpart add -t freebsd-zfs -l {{ storage.volume.name }} -a 1M {{ storage.volume.device }}
touch /tmp/.ansible.add
args:
creates: "/tmp/.ansible.add"
- name: Create zpool using home volume
shell: "zpool create -f {{ storage.volume.name }} {{ storage.volume.device }}"
args:
creates: "/{{ storage.volume.name }}"
- name: Create zfs home dataset
loop: "{{ storage.mounts }}"
shell: "zfs create -o mountpoint={{ item.mount }} {{ storage.volume.name }}{{ item.name }}"
args:
creates: "{{ item.mount }}"
- name: Change permissions
loop: "{{ permissions }}"
ansible.builtin.file:
path: "{{ item.name }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode }}"
- name: Change root password
user:
name: root
password: "{{ root_password | password_hash('sha512') }}"
- name: Setup sysctls
loop: "{{ kernel.sysctls | dict2items }}"
ansible.posix.sysctl:
name: "{{ item.key }}"
value: "{{ item.value }}"
sysctl_set: true
state: present
reload: true
- name: Install doas config
ansible.builtin.copy:
src: roles/server/files/doas.conf
dest: /usr/local/etc/doas.conf
owner: root
group: wheel
mode: '0600'
Reference in New Issue View Git Blame Copy Permalink