bsdnix/roles/pubnix/tasks/main.yaml

---
- name: create services template dir
  file:
    path: "/usr/local/bastille/templates/services/{{ role_name }}"
    state: directory
    recurse: yes

- name: copy template config files
  template:
    src: Bastillefile.j2
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/Bastillefile"

- name: create config paths
  file:
    path: "/usr/local/bastille/templates/services/{{ role_name }}/{{ item }}/"
    state: directory
    recurse: yes
  loop:
    - etc/ssh
    - usr/share/skel

- name: copy sshd config file
  copy:
    src: sshd_config
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"

- name: copy skel files
  copy:
    src: "skel/{{ item }}"
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/usr/share/skel/{{ item }}"
  loop:
    - dot.bashrc
    - dot.cshrc
    - dot.emacs
    - dot.login
    - dot.login_conf
    - dot.profile
    - dot.shrc

- name: copy resolv.conf file
  template:
    src: resolv.conf.j2
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/resolv.conf"
    
- name: create jail
  shell: "bastille create -B {{ role_name }} {{ release }} {{ jailip.stdout }}/64 bridge0"
  args:
    creates: /usr/local/bastille/jails/{{ role_name }}

- name: start jail
  # https://github.com/BastilleBSD/bastille/issues/342
  shell: bastille start {{ role_name }} || true

- name: template jail
  shell: "bastille template {{ role_name }} services/{{ role_name }}"

# The normal  ansible user  module can't be  used here,  because we're
# talking  about jail  users  here. I  tried to  patch  the module  to
# support the  -R flag (https://github.com/ansible/ansible/pull/84371)
# but it makes no sense. Every  single function needs to be patched so
# that it works for jails.
#
# So, instead I'm just using this simple script, which does the job as
# well.
- name: Create users
  loop: "{{ users }}"
  shell: |
    if pw -V {{ item.rootdir }}/etc user show {{ item.name }} > /dev/null 2>&1; then \
       pw -V {{ item.rootdir }}/etc user mod  {{ item.name }} -d /home/{{ item.name }} -G {{ item.groups }} -m -s {{ item.shell }}; \
       echo "user {{ item.name }} modified"; \
    else \
       pw -V {{ item.rootdir }}/etc user add  {{ item.name }} -d /home/{{ item.name }} -G {{ item.groups }} -m -s {{ item.shell }}; \
       echo "user {{ item.name }} created"; \
    fi