scip/bsdnix
1
0
Fork 0
Code Issues Pull Requests Activity
bsdnix/group_vars/all/all.yaml

130 lines
2.1 KiB
YAML
Raw Blame History

type: cx22
# resolved on startup in Makefile
image: "{{ lookup('ansible.builtin.env', 'SNAPSHOT') }}"
# extranous general packages we might need
packages:
- cpdup
- bash
- doas
- knot-resolver
# used by bastille to build a base
release: 14.1-RELEASE
# snapshot to install in new vps
snapshot: FreeBSD-14.1-RELEASE-p5-1-hcloud-init
location: fsn1
# must already exist in group project
ssh_keys:
- scip@e3
- scip@tripod
- scip@pixel8
jails:
pubnix:
pkgs:
- bash
- zsh
- tcsh
- fish
- vim
- emacs-nox
- git
- htop
- tmux
- bind-tools
- coreutils
- fzf
- nnn
- eza
- fd
- jq
- yq
- ruby
- rubygem-irb
- go121
- go122
- go123
- lua51
- rust
defaults:
group: bsdnix
jailbase: /usr/local/bastille/jails
users:
- name: scip
state: present
groups: wheel,bsdnix
- name: tom
state: present
storage:
volume:
size: 10
name: zhcloud # zfs pool name
device: da1
mounts:
- mount: /home
name: /home
- mount: /var/cron/tabs
name: /crontabs
netif:
primary: bridge0
kernel:
sysctls:
security.bsd.see_other_uids: 0
security.bsd.see_other_gids: 0
security.bsd.see_jail_proc: 0
net.inet6.ip6.forwarding: 1
sysctlsoff:
security.bsd.unprivileged_read_msgbuf: 0
security.bsd.unprivileged_proc_debug: 0
kern.randompid: 1
net.inet.ip.random_id: 1
hw.spec_store_bypass_disable: 1
kern.elf64.allow_wx: 0
kern.elf32.aslr.stack: 3
kern.elf32.aslr.pie_enable: 1
vfs.zfs.min_auto_ashift: 12
kern.securelevel: 2
permissions:
- name: /home
owner: root
group: wheel
mode: '0711'
- name: /etc
owner: root
group: wheel
mode: '0711'
- name: /usr/local/etc
owner: root
group: wheel
mode: '0711'
- name: /root
owner: root
group: wheel
mode: '0700'
- name: /var/log
owner: root
group: wheel
mode: '0711'
- name: /var/cron/tabs
owner: root
group: wheel
mode: '0700'
- name: /var/log
owner: root
group: wheel
mode: '0711'
Reference in New Issue View Git Blame Copy Permalink