scip/bsdnix
1
0
Fork 0
Code Issues Pull Requests Activity
bsdnix/group_vars/all/all.yaml

115 lines
2.0 KiB
YAML
Raw Blame History

type: cx22
# resolved on startup in Makefile
image: "{{ lookup('ansible.builtin.env', 'SNAPSHOT') }}"
# extranous general packages we might need
packages:
- cpdup
- bash
- doas
- knot-resolver
# used by bastille to build a base
release: 14.1-RELEASE
# snapshot to install in new vps
snapshot: FreeBSD-14.1-RELEASE-p5-1-hcloud-init
location: fsn1
# must already exist in group project
ssh_keys:
- scip@e3
- scip@tripod
- scip@pixel8
jails:
pubnix:
pkgs:
- bash
- zsh
- vim
- git
- htop
- tmux
- bind-tools
- coreutils
- emacs-nox
- fzf
users:
- name: scip
groups: wheel
shell: /usr/local/bin/bash
rootdir: /usr/local/bastille/jails/pubnix/root
- name: tom
groups: nobody
shell: /usr/local/bin/bash
rootdir: /usr/local/bastille/jails/pubnix/root
storage:
volume:
size: 10
name: zhcloud # zfs pool name
device: da1
mounts:
- mount: /home
name: /home
- mount: /var/cron/tabs
name: /crontabs
netif:
primary: bridge0
kernel:
sysctls:
security.bsd.see_other_uids: 0
security.bsd.see_other_gids: 0
security.bsd.see_jail_proc: 0
net.inet6.ip6.forwarding: 1
sysctlsoff:
security.bsd.unprivileged_read_msgbuf: 0
security.bsd.unprivileged_proc_debug: 0
kern.randompid: 1
net.inet.ip.random_id: 1
hw.spec_store_bypass_disable: 1
kern.elf64.allow_wx: 0
kern.elf32.aslr.stack: 3
kern.elf32.aslr.pie_enable: 1
vfs.zfs.min_auto_ashift: 12
kern.securelevel: 2
permissions:
- name: /home
owner: root
group: wheel
mode: '0711'
- name: /etc
owner: root
group: wheel
mode: '0711'
- name: /usr/local/etc
owner: root
group: wheel
mode: '0711'
- name: /root
owner: root
group: wheel
mode: '0700'
- name: /var/log
owner: root
group: wheel
mode: '0711'
- name: /var/cron/tabs
owner: root
group: wheel
mode: '0700'
- name: /var/log
owner: root
group: wheel
mode: '0711'
Reference in New Issue View Git Blame Copy Permalink