2017-03-09 17:17:13 +01:00
|
|
|
---
|
|
|
|
zroot_name: tank/root
|
|
|
|
template_dataset_name: >-
|
|
|
|
{{ zroot_name }}/templatejail
|
|
|
|
template_dataset_root_name: >-
|
|
|
|
{{ template_dataset_name }}/root
|
|
|
|
|
|
|
|
jail_path: /usr/jails
|
|
|
|
template_jail_path: >-
|
|
|
|
{{ jail_path|quote }}/template
|
|
|
|
template_jail_root_path: >-
|
|
|
|
{{ template_jail_path }}/root
|
|
|
|
|
|
|
|
latest_snapshot: >-
|
|
|
|
{{
|
|
|
|
lookup(
|
|
|
|
'pipe', '/usr/sbin/chroot "{{ template_jail_root_path|quote }}" /bin/freebsd-version -u'
|
|
|
|
)
|
|
|
|
}}
|
|
|
|
|
|
|
|
dynamic_jails_dataset_name: >-
|
|
|
|
{{ zroot_name }}/dynamic-jails-root
|
|
|
|
dynamic_jails_path: >-
|
|
|
|
{{ jail_path }}/dynamic-jails
|
2017-03-12 23:28:05 +01:00
|
|
|
pf_include_macros_path: '{{ dynamic_jails_path }}/configs/pf-include-macros.conf'
|
|
|
|
pf_include_translation_path: '{{ dynamic_jails_path }}/configs/pf-include-translation.conf'
|
|
|
|
pf_include_filtering_path: '{{ dynamic_jails_path }}/configs/pf-include-filtering.conf'
|
2017-03-09 17:17:13 +01:00
|
|
|
|
|
|
|
valid_jail_ips: "{{ lookup('pipe', 'seq -f 127.0.0.%g 2 254').split() }}"
|
|
|
|
used_jail_ips: >-
|
|
|
|
{{ lookup('pipe', 'jls -q ip4.addr').split() }}
|
|
|
|
available_jail_ip: >-
|
2017-03-10 01:37:42 +01:00
|
|
|
{{ valid_jail_ips|difference(used_jail_ips)|first }}
|
2017-03-09 17:17:13 +01:00
|
|
|
running_jail_ids: >-
|
|
|
|
{{ lookup('pipe', '/usr/sbin/jls -q name').split() }}
|
|
|
|
|
|
|
|
ansible_roles_path: /usr/local/etc/ansible/roles
|
|
|
|
|
|
|
|
default_timezone: Europe/Budapest
|
|
|
|
|
2017-03-10 01:16:38 +01:00
|
|
|
jail_default_config_opts:
|
|
|
|
devfs_ruleset: 4
|
|
|
|
enforce_statfs: 2
|
|
|
|
host: new
|
|
|
|
ip4: disable
|
|
|
|
ip6: disable
|
|
|
|
securelevel: -1
|
|
|
|
sysvmsg: disable
|
|
|
|
sysvsem: disable
|
|
|
|
sysvshm: disable
|
|
|
|
allow.chflags: false
|
|
|
|
allow.mount: false
|
|
|
|
allow.mount.devfs: false
|
|
|
|
allow.mount.fdescfs: false
|
|
|
|
allow.mount.linprocfs: false
|
|
|
|
allow.mount.linsysfs: false
|
|
|
|
allow.mount.nullfs: false
|
|
|
|
allow.mount.procfs: false
|
|
|
|
allow.mount.tmpfs: false
|
|
|
|
allow.mount.zfs: false
|
|
|
|
allow.quotas: false
|
|
|
|
allow.raw_sockets: false
|
|
|
|
allow.set_hostname: false
|
|
|
|
allow.socket_af: false
|
|
|
|
allow.sysvipc: false
|
|
|
|
children.max: 0
|
2017-03-10 01:37:42 +01:00
|
|
|
exec.clean: true
|
2017-03-10 01:16:38 +01:00
|
|
|
host.domainname: ''
|
|
|
|
host.hostid: 0
|
|
|
|
ip4.saddrsel: ''
|
|
|
|
ip6.addr: ''
|
|
|
|
ip6.saddrsel: ''
|
2017-03-10 01:37:42 +01:00
|
|
|
mount.devfs: true
|
2017-03-10 01:16:38 +01:00
|
|
|
exec.start: /bin/sh /etc/rc
|
|
|
|
exec.stop: /bin/sh /etc/rc.shutdown
|
|
|
|
|
2017-03-09 17:17:13 +01:00
|
|
|
|
|
|
|
# DONT'T USE JAIL SPECIFIC VARIABLE VARIABLE ASSIGNMENTS HERE !!! ANSIBLE CAN'T RESOLVE THEM
|
|
|
|
jail_name: MODIFY_ME
|
|
|
|
jail_prefix: MODIFY-ME-
|
|
|
|
jail_MODIFY_ME_force_recreate: false
|
|
|
|
jail_MODIFY_ME_timezone: Europe/Budapest
|
|
|
|
|
|
|
|
# Include file places, override in your role config with absolute paths to your tasks
|
2017-03-09 18:54:57 +01:00
|
|
|
jail_include_noop: '{{ vars["ansible_roles_path"] }}/karolyi.ansible-freebsd-jailhost-tools/tasks/noop.yml'
|