From 0a49fc16b65304b4f1998cb6b1f0bac382a458a1 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 12 Nov 2022 17:04:25 -0500 Subject: [PATCH] Make canmount configurable for bhyve and jails. --- .../environments/home/host_vars/homeserver | 4 ++ ansible/playbook.yaml | 46 +++++++++---------- ansible/roles/bhyve/tasks/freebsd.yaml | 4 +- ansible/roles/jail/tasks/freebsd.yaml | 4 +- 4 files changed, 31 insertions(+), 27 deletions(-) diff --git a/ansible/environments/home/host_vars/homeserver b/ansible/environments/home/host_vars/homeserver index 6340227..049a3c0 100644 --- a/ansible/environments/home/host_vars/homeserver +++ b/ansible/environments/home/host_vars/homeserver @@ -19,6 +19,8 @@ build_user: group: talexander jail_zfs_dataset: zmass/encrypted/jails jail_zfs_dataset_mountpoint: /jail/main +jail_canmount: "on" +jail_bemount: "on" jail_list: - name: cloak conf: @@ -34,3 +36,5 @@ jail_list: mount: /var/db/murmur bhyve_dataset: zmass/encrypted/vm bhyve_list: [] +bhyve_canmount: "on" +bhyve_bemount: "on" diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index 716378b..7e25133 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -2,29 +2,29 @@ vars: ansible_become: True roles: - - sudo + # - sudo - users - - package_manager - - zrepl - - zsh - - network - - sshd - - base - - firewall - - cpu - - ntp - - build - - graphics - - gpg - - fonts - - alacritty - - sway - - emacs - - firefox - - devfs - - ssh_client + # - package_manager + # - zrepl + # - zsh + # - network + # - sshd + # - base + # - firewall + # - cpu + # - ntp + # - build + # - graphics + # - gpg + # - fonts + # - alacritty + # - sway + # - emacs + # - firefox + # - devfs + # - ssh_client - jail - - fuse - - autofs - - exfat + # - fuse + # - autofs + # - exfat - bhyve diff --git a/ansible/roles/bhyve/tasks/freebsd.yaml b/ansible/roles/bhyve/tasks/freebsd.yaml index 79f02a5..dc5b243 100644 --- a/ansible/roles/bhyve/tasks/freebsd.yaml +++ b/ansible/roles/bhyve/tasks/freebsd.yaml @@ -19,8 +19,8 @@ state: present extra_zfs_properties: mountpoint: "{{ bhyve_mountpoint }}" - canmount: "noauto" - "ta:bemount": "on" + canmount: "{{ bhyve_canmount|default('noauto') }}" + "ta:bemount": "{{ bhyve_bemount|default('on') }}" - name: Enable bhyve community.general.sysrc: diff --git a/ansible/roles/jail/tasks/freebsd.yaml b/ansible/roles/jail/tasks/freebsd.yaml index 39368bd..86f83f6 100644 --- a/ansible/roles/jail/tasks/freebsd.yaml +++ b/ansible/roles/jail/tasks/freebsd.yaml @@ -10,7 +10,7 @@ zfs: name: "{{ item.dataset|default(jail_zfs_dataset) }}/jails/{{ item.name }}" state: present - extra_zfs_properties: '{{ {''mountpoint'': item.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/jails/" + item.name}|combine(item.properties|default({}))|combine({''canmount'': ''noauto'', ''ta:bemount'': ''on''}) }}' + extra_zfs_properties: '{{ {''mountpoint'': item.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/jails/" + item.name}|combine({''canmount'': jail_canmount|default(''noauto''), ''ta:bemount'': jail_bemount|default(''on'')})|combine(item.properties|default({})) }}' loop: "{{ jail_list }}" @@ -27,7 +27,7 @@ zfs: name: "{{ item.0.dataset|default(jail_zfs_dataset) }}/persistent/{{ item.0.name }}/{{ item.1.name }}" state: present - extra_zfs_properties: '{{ {''mountpoint'': item.0.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/jails/" + item.0.name + item.1.mount }|combine(item.1.properties|default({}))|combine({''canmount'': ''noauto'', ''ta:bemount'': ''on''}) }}' + extra_zfs_properties: '{{ {''mountpoint'': item.0.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/jails/" + item.0.name + item.1.mount }|combine({''canmount'': jail_canmount|default(''noauto''), ''ta:bemount'': jail_bemount|default(''on'')})|combine(item.1.properties|default({})) }}' loop: "{{ jail_list|subelements('persist', skip_missing=True) }}" - name: Install scripts