2017-03-09 17:17:13 +01:00
|
|
|
---
|
2018-10-03 19:00:29 +02:00
|
|
|
zroot_name: zroot/jails
|
2017-03-09 17:17:13 +01:00
|
|
|
template_dataset_name: >-
|
2018-10-03 19:00:29 +02:00
|
|
|
{{ zroot_name }}/template
|
2017-03-09 17:17:13 +01:00
|
|
|
template_dataset_root_name: >-
|
|
|
|
|
{{ template_dataset_name }}/root
|
|
|
|
|
|
2018-10-03 19:00:29 +02:00
|
|
|
jail_path: /jails
|
2017-03-09 17:17:13 +01:00
|
|
|
template_jail_path: >-
|
|
|
|
|
{{ jail_path|quote }}/template
|
|
|
|
|
template_jail_root_path: >-
|
|
|
|
|
{{ template_jail_path }}/root
|
|
|
|
|
|
|
|
|
|
latest_snapshot: >-
|
|
|
|
|
{{
|
|
|
|
|
lookup(
|
|
|
|
|
'pipe', '/usr/sbin/chroot "{{ template_jail_root_path|quote }}" /bin/freebsd-version -u'
|
|
|
|
|
)
|
|
|
|
|
}}
|
|
|
|
|
|
|
|
|
|
dynamic_jails_dataset_name: >-
|
2018-10-03 19:00:29 +02:00
|
|
|
{{ zroot_name }}/dynamic
|
2017-03-09 17:17:13 +01:00
|
|
|
dynamic_jails_path: >-
|
2018-10-03 19:00:29 +02:00
|
|
|
{{ jail_path }}/dynamic
|
|
|
|
|
static_jails_path: >-
|
|
|
|
|
{{ jail_path }}/static
|
2017-03-12 23:28:05 +01:00
|
|
|
pf_include_macros_path: '{{ dynamic_jails_path }}/configs/pf-include-macros.conf'
|
|
|
|
|
pf_include_translation_path: '{{ dynamic_jails_path }}/configs/pf-include-translation.conf'
|
|
|
|
|
pf_include_filtering_path: '{{ dynamic_jails_path }}/configs/pf-include-filtering.conf'
|
2017-03-09 17:17:13 +01:00
|
|
|
|
2018-10-03 19:00:29 +02:00
|
|
|
valid_jail_ip4s: "{{ lookup('pipe', 'seq -f 127.0.0.%g 2 254').split() }}"
|
|
|
|
|
used_jail_ip4s: >-
|
2017-03-09 17:17:13 +01:00
|
|
|
{{ lookup('pipe', 'jls -q ip4.addr').split() }}
|
2018-10-03 19:00:29 +02:00
|
|
|
available_jail_ip4: >-
|
|
|
|
|
{{ valid_jail_ip4s|difference(used_jail_ip4s)|first }}
|
2017-03-09 17:17:13 +01:00
|
|
|
running_jail_ids: >-
|
|
|
|
|
{{ lookup('pipe', '/usr/sbin/jls -q name').split() }}
|
|
|
|
|
|
|
|
|
|
ansible_roles_path: /usr/local/etc/ansible/roles
|
|
|
|
|
|
2018-10-03 19:00:29 +02:00
|
|
|
default_timezone: Europe/Berlin
|
2017-03-09 17:17:13 +01:00
|
|
|
|
2017-03-10 01:16:38 +01:00
|
|
|
jail_default_config_opts:
|
|
|
|
|
devfs_ruleset: 4
|
|
|
|
|
enforce_statfs: 2
|
2019-01-08 19:09:11 +01:00
|
|
|
host.domainname: ''
|
|
|
|
|
host.hostid: 0
|
2018-10-03 19:00:29 +02:00
|
|
|
# ip4: disable
|
|
|
|
|
# ip6: disable
|
|
|
|
|
# securelevel: -1
|
|
|
|
|
# sysvmsg: disable
|
|
|
|
|
# sysvsem: disable
|
|
|
|
|
# sysvshm: disable
|
|
|
|
|
# allow.chflags: false
|
|
|
|
|
# allow.mount: false
|
|
|
|
|
# allow.mount.devfs: false
|
|
|
|
|
# allow.mount.fdescfs: false
|
|
|
|
|
# allow.mount.linprocfs: false
|
|
|
|
|
# allow.mount.linsysfs: false
|
|
|
|
|
# allow.mount.nullfs: false
|
|
|
|
|
# allow.mount.procfs: false
|
|
|
|
|
# allow.mount.tmpfs: false
|
|
|
|
|
# allow.mount.zfs: false
|
|
|
|
|
# allow.quotas: false
|
|
|
|
|
# allow.raw_sockets: false
|
|
|
|
|
# allow.set_hostname: false
|
|
|
|
|
# allow.socket_af: false
|
|
|
|
|
# allow.sysvipc: false
|
|
|
|
|
# children.max: 0
|
|
|
|
|
# exec.clean: true
|
|
|
|
|
# ip4.saddrsel: ''
|
|
|
|
|
# ip6.addr: ''
|
|
|
|
|
# ip6.saddrsel: ''
|
|
|
|
|
# mount.devfs: true
|
|
|
|
|
# exec.start: /bin/sh /etc/rc
|
|
|
|
|
# exec.stop: /bin/sh /etc/rc.shutdown
|
2017-03-10 01:16:38 +01:00
|
|
|
|
2017-03-09 17:17:13 +01:00
|
|
|
|
|
|
|
|
# DONT'T USE JAIL SPECIFIC VARIABLE VARIABLE ASSIGNMENTS HERE !!! ANSIBLE CAN'T RESOLVE THEM
|
|
|
|
|
jail_name: MODIFY_ME
|
|
|
|
|
jail_prefix: MODIFY-ME-
|
|
|
|
|
jail_MODIFY_ME_force_recreate: false
|
2018-10-03 19:00:29 +02:00
|
|
|
jail_MODIFY_ME_timezone: Europe/Berlin
|
2017-03-09 17:17:13 +01:00
|
|
|
|
|
|
|
|
# Include file places, override in your role config with absolute paths to your tasks
|
2017-03-09 18:54:57 +01:00
|
|
|
jail_include_noop: '{{ vars["ansible_roles_path"] }}/karolyi.ansible-freebsd-jailhost-tools/tasks/noop.yml'
|
2020-09-19 10:06:25 +02:00
|
|
|
|
|
|
|
|
# vim: sw=2
|
