From a1cd1db13586c438239b8dc523c92c991aaca9dd Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Fri, 14 Oct 2022 01:29:40 -0400 Subject: [PATCH 1/6] Add a FreeBSD network role. --- .../environments/home/host_vars/homeserver | 1 + .../network/files/homeserver_network.conf | 3 ++ ansible/roles/network/tasks/common.yaml | 14 +++++++ ansible/roles/network/tasks/freebsd.yaml | 37 +++++++++++++++++++ ansible/roles/network/tasks/linux.yaml | 6 +++ ansible/roles/network/tasks/main.yaml | 2 + ansible/roles/network/tasks/peruser.yaml | 29 +++++++++++++++ .../roles/network/tasks/peruser_freebsd.yaml | 0 .../roles/network/tasks/peruser_linux.yaml | 0 9 files changed, 92 insertions(+) create mode 100644 ansible/roles/network/files/homeserver_network.conf create mode 100644 ansible/roles/network/tasks/common.yaml create mode 100644 ansible/roles/network/tasks/freebsd.yaml create mode 100644 ansible/roles/network/tasks/linux.yaml create mode 100644 ansible/roles/network/tasks/main.yaml create mode 100644 ansible/roles/network/tasks/peruser.yaml create mode 100644 ansible/roles/network/tasks/peruser_freebsd.yaml create mode 100644 ansible/roles/network/tasks/peruser_linux.yaml diff --git a/ansible/environments/home/host_vars/homeserver b/ansible/environments/home/host_vars/homeserver index d13c4a6..290af65 100644 --- a/ansible/environments/home/host_vars/homeserver +++ b/ansible/environments/home/host_vars/homeserver @@ -7,3 +7,4 @@ pf_config: "homeserver_pf.conf" pflog_conf: - name: 0 dev: pflog0 +network_rc: "homeserver_network.conf" diff --git a/ansible/roles/network/files/homeserver_network.conf b/ansible/roles/network/files/homeserver_network.conf new file mode 100644 index 0000000..88469c6 --- /dev/null +++ b/ansible/roles/network/files/homeserver_network.conf @@ -0,0 +1,3 @@ +wlans_run0="wlan0" +ifconfig_wlan0="WPA DHCP" +ifconfig_wlan0_ipv6="inet6 accept_rtadv" diff --git a/ansible/roles/network/tasks/common.yaml b/ansible/roles/network/tasks/common.yaml new file mode 100644 index 0000000..d7c1735 --- /dev/null +++ b/ansible/roles/network/tasks/common.yaml @@ -0,0 +1,14 @@ +- import_tasks: tasks/freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/linux.yaml + when: 'os_flavor == "linux"' + +- include_tasks: + file: tasks/peruser.yaml + apply: + become: yes + become_user: "{{ initialize_user }}" + loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}" + loop_control: + loop_var: initialize_user diff --git a/ansible/roles/network/tasks/freebsd.yaml b/ansible/roles/network/tasks/freebsd.yaml new file mode 100644 index 0000000..6bc4e2e --- /dev/null +++ b/ansible/roles/network/tasks/freebsd.yaml @@ -0,0 +1,37 @@ +- name: Install configuration + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0644 + owner: root + group: wheel + when: network_rc is defined + loop: + - src: "{{ network_rc }}" + dest: /etc/rc.conf.d/network + +- name: Install configuration + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0644 + owner: root + group: wheel + when: rtsold_rc is defined + loop: + - src: "{{ rtsold_rc }}" + dest: /etc/rc.conf.d/rtsold + +- name: Configure sysctls + sysctl: + name: "{{ item.name }}" + value: "{{ item.value }}" + state: present + sysctl_file: "/etc/sysctl.conf.local" + loop: + [] + # - name: net.inet6.ip6.accept_rtadv # Enable stateless autoconfiguration (SLAAC) + # value: "1" + # - name: net.inet6.ip6.use_tempaddr # Enable privacy addresses + # value: "1" + # - name: net.inet6.ip6.prefer_tempaddr # Prefer privacy addresses diff --git a/ansible/roles/network/tasks/linux.yaml b/ansible/roles/network/tasks/linux.yaml new file mode 100644 index 0000000..e1835f0 --- /dev/null +++ b/ansible/roles/network/tasks/linux.yaml @@ -0,0 +1,6 @@ +# - name: Install packages +# pacman: +# name: +# - foo +# state: present +# update_cache: true diff --git a/ansible/roles/network/tasks/main.yaml b/ansible/roles/network/tasks/main.yaml new file mode 100644 index 0000000..c7a170c --- /dev/null +++ b/ansible/roles/network/tasks/main.yaml @@ -0,0 +1,2 @@ +- import_tasks: tasks/common.yaml + when: foo is defined diff --git a/ansible/roles/network/tasks/peruser.yaml b/ansible/roles/network/tasks/peruser.yaml new file mode 100644 index 0000000..111e886 --- /dev/null +++ b/ansible/roles/network/tasks/peruser.yaml @@ -0,0 +1,29 @@ +- include_role: + name: per_user + +# - name: Create directories +# file: +# name: "{{ account_homedir.stdout }}/{{ item }}" +# state: directory +# mode: 0700 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - ".config/foo" + +# - name: Copy files +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ account_homedir.stdout }}/{{ item.dest }}" +# mode: 0600 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - src: foo.conf +# dest: .config/foo/foo.conf + +- import_tasks: tasks/peruser_freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/peruser_linux.yaml + when: 'os_flavor == "linux"' diff --git a/ansible/roles/network/tasks/peruser_freebsd.yaml b/ansible/roles/network/tasks/peruser_freebsd.yaml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/network/tasks/peruser_linux.yaml b/ansible/roles/network/tasks/peruser_linux.yaml new file mode 100644 index 0000000..e69de29 From 8dfac5cb65f7c322424ccf6a04efffb741b462e8 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Fri, 14 Oct 2022 01:30:31 -0400 Subject: [PATCH 2/6] Invoke the network role. --- ansible/playbook.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index c91cc75..9205049 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -6,6 +6,7 @@ - users - zrepl - zsh + - network - sshd - base - firewall From 244fe811119fb1840a2a2701b4277baeece30bff Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Fri, 14 Oct 2022 01:44:29 -0400 Subject: [PATCH 3/6] Configure login.conf. --- ansible/roles/base/files/login.conf | 332 ++++++++++++++++++++++++++ ansible/roles/base/tasks/freebsd.yaml | 38 +++ 2 files changed, 370 insertions(+) create mode 100644 ansible/roles/base/files/login.conf diff --git a/ansible/roles/base/files/login.conf b/ansible/roles/base/files/login.conf new file mode 100644 index 0000000..6778ed4 --- /dev/null +++ b/ansible/roles/base/files/login.conf @@ -0,0 +1,332 @@ +# login.conf - login class capabilities database. +# +# Remember to rebuild the database after each change to this file: +# +# cap_mkdb /etc/login.conf +# +# This file controls resource limits, accounting limits and +# default user environment settings. +# +# $FreeBSD$ +# + +# Default settings effectively disable resource limits, see the +# examples below for a starting point to enable them. + +# defaults +# These settings are used by login(1) by default for classless users +# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" +# +# Note that since a colon ':' is used to separate capability entries, +# a \c escape sequence must be used to embed a literal colon in the +# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX +# AND SEMANTICS'' section of getcap(3) for more escape sequences). + +default:\ + :passwd_format=blf:\ + :copyright=/etc/COPYRIGHT:\ + :welcome=/var/run/motd:\ + :setenv=BLOCKSIZE=K:\ + :mail=/var/mail/$:\ + :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\ + :nologin=/var/run/nologin:\ + :cputime=unlimited:\ + :datasize=unlimited:\ + :stacksize=unlimited:\ + :memorylocked=64K:\ + :memoryuse=unlimited:\ + :filesize=unlimited:\ + :coredumpsize=unlimited:\ + :openfiles=unlimited:\ + :maxproc=unlimited:\ + :sbsize=unlimited:\ + :vmemoryuse=unlimited:\ + :swapuse=unlimited:\ + :pseudoterminals=unlimited:\ + :kqueues=unlimited:\ + :umtxp=unlimited:\ + :priority=0:\ + :ignoretime@:\ + :umask=022:\ + :charset=UTF-8:\ + :lang=en_US.UTF-8: + +# +# A collection of common class names - forward them all to 'default' +# (login would normally do this anyway, but having a class name +# here suppresses the diagnostic) +# +standard:\ + :tc=default: +xuser:\ + :tc=default: +staff:\ + :tc=default: + +# This PATH may be clobbered by individual applications. Notably, by default, +# rc(8), service(8), and cron(8) will all override it with a default PATH that +# may not include /usr/local/sbin and /usr/local/bin when starting services or +# jobs. +daemon:\ + :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin:\ + :mail@:\ + :memorylocked=128M:\ + :tc=default: +news:\ + :tc=default: +dialer:\ + :tc=default: + +# +# Root can always login +# +# N.B. login_getpwclass(3) will use this entry for the root account, +# in preference to 'default'. +root:\ + :ignorenologin:\ + :memorylocked=unlimited:\ + :tc=default: + +# +# Russian Users Accounts. Setup proper environment variables. +# +russian|Russian Users Accounts:\ + :charset=UTF-8:\ + :lang=ru_RU.UTF-8:\ + :tc=default: + + +###################################################################### +###################################################################### +## +## Example entries +## +###################################################################### +###################################################################### + +## Example defaults +## These settings are used by login(1) by default for classless users +## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" +# +#default:\ +# :cputime=infinity:\ +# :datasize-cur=22M:\ +# :stacksize-cur=8M:\ +# :memorylocked-cur=10M:\ +# :memoryuse-cur=30M:\ +# :filesize=infinity:\ +# :coredumpsize=infinity:\ +# :maxproc-cur=64:\ +# :openfiles-cur=64:\ +# :priority=0:\ +# :requirehome@:\ +# :umask=022:\ +# :tc=auth-defaults: +# +# +## +## standard - standard user defaults +## +#standard:\ +# :copyright=/etc/COPYRIGHT:\ +# :welcome=/var/run/motd:\ +# :setenv=BLOCKSIZE=K:\ +# :mail=/var/mail/$:\ +# :path=~/bin /bin /usr/bin /usr/local/bin:\ +# :manpath=/usr/share/man /usr/local/man:\ +# :nologin=/var/run/nologin:\ +# :cputime=1h30m:\ +# :datasize=8M:\ +# :vmemoryuse=100M:\ +# :stacksize=2M:\ +# :memorylocked=4M:\ +# :memoryuse=8M:\ +# :filesize=8M:\ +# :coredumpsize=8M:\ +# :openfiles=24:\ +# :maxproc=32:\ +# :priority=0:\ +# :requirehome:\ +# :passwordtime=90d:\ +# :umask=002:\ +# :ignoretime@:\ +# :tc=default: +# +# +## +## users of X (needs more resources!) +## +#xuser:\ +# :manpath=/usr/share/man /usr/local/man:\ +# :cputime=4h:\ +# :datasize=12M:\ +# :vmemoryuse=infinity:\ +# :stacksize=4M:\ +# :filesize=8M:\ +# :memoryuse=16M:\ +# :openfiles=32:\ +# :maxproc=48:\ +# :tc=standard: +# +# +## +## Staff users - few restrictions and allow login anytime +## +#staff:\ +# :ignorenologin:\ +# :ignoretime:\ +# :requirehome@:\ +# :accounted@:\ +# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ +# :umask=022:\ +# :tc=standard: +# +# +## +## root - fallback for root logins +## +#root:\ +# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ +# :cputime=infinity:\ +# :datasize=infinity:\ +# :stacksize=infinity:\ +# :memorylocked=infinity:\ +# :memoryuse=infinity:\ +# :filesize=infinity:\ +# :coredumpsize=infinity:\ +# :openfiles=infinity:\ +# :maxproc=infinity:\ +# :memoryuse-cur=32M:\ +# :maxproc-cur=64:\ +# :openfiles-cur=1024:\ +# :priority=0:\ +# :requirehome@:\ +# :umask=022:\ +# :tc=auth-root-defaults: +# +# +## +## Settings used by /etc/rc +## +#daemon:\ +# :coredumpsize@:\ +# :coredumpsize-cur=0:\ +# :datasize=infinity:\ +# :datasize-cur@:\ +# :maxproc=512:\ +# :maxproc-cur@:\ +# :memoryuse-cur=64M:\ +# :memorylocked-cur=64M:\ +# :openfiles=1024:\ +# :openfiles-cur@:\ +# :stacksize=16M:\ +# :stacksize-cur@:\ +# :tc=default: +# +# +## +## Settings used by news subsystem +## +#news:\ +# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ +# :cputime=infinity:\ +# :filesize=128M:\ +# :datasize-cur=64M:\ +# :stacksize-cur=32M:\ +# :coredumpsize-cur=0:\ +# :maxmemorysize-cur=128M:\ +# :memorylocked=32M:\ +# :maxproc=128:\ +# :openfiles=256:\ +# :tc=default: +# +# +## +## The dialer class should be used for a dialup PPP account +## Welcome messages/news suppressed +## +#dialer:\ +# :hushlogin:\ +# :requirehome@:\ +# :cputime=unlimited:\ +# :filesize=2M:\ +# :datasize=2M:\ +# :stacksize=4M:\ +# :coredumpsize=0:\ +# :memoryuse=4M:\ +# :memorylocked=1M:\ +# :maxproc=16:\ +# :openfiles=32:\ +# :tc=standard: +# +# +## +## Site full-time 24/7 PPP connection +## - no time accounting, restricted to access via dialin lines +## +#site:\ +# :ignoretime:\ +# :passwordtime@:\ +# :refreshtime@:\ +# :refreshperiod@:\ +# :sessionlimit@:\ +# :autodelete@:\ +# :expireperiod@:\ +# :graceexpire@:\ +# :gracetime@:\ +# :warnexpire@:\ +# :warnpassword@:\ +# :idletime@:\ +# :sessiontime@:\ +# :daytime@:\ +# :weektime@:\ +# :monthtime@:\ +# :warntime@:\ +# :accounted@:\ +# :tc=dialer:\ +# :tc=staff: +# +# +## +## Example standard accounting entries for subscriber levels +## +# +#subscriber|Subscribers:\ +# :accounted:\ +# :refreshtime=180d:\ +# :refreshperiod@:\ +# :sessionlimit@:\ +# :autodelete=30d:\ +# :expireperiod=180d:\ +# :graceexpire=7d:\ +# :gracetime=10m:\ +# :warnexpire=7d:\ +# :warnpassword=7d:\ +# :idletime=30m:\ +# :sessiontime=4h:\ +# :daytime=6h:\ +# :weektime=40h:\ +# :monthtime=120h:\ +# :warntime=4h:\ +# :tc=standard: +# +# +## +## Subscriber accounts. These accounts have their login times +## accounted and have access limits applied. +## +#subppp|PPP Subscriber Accounts:\ +# :tc=dialer:\ +# :tc=subscriber: +# +# +#subshell|Shell Subscriber Accounts:\ +# :tc=subscriber: +# +## +## If you want some of the accounts to use traditional UNIX DES based +## password hashes. +## +#des_users:\ +# :passwd_format=des:\ +# :tc=default: diff --git a/ansible/roles/base/tasks/freebsd.yaml b/ansible/roles/base/tasks/freebsd.yaml index bea6e27..ca93b39 100644 --- a/ansible/roles/base/tasks/freebsd.yaml +++ b/ansible/roles/base/tasks/freebsd.yaml @@ -34,3 +34,41 @@ - name: Update cap_mkdb command: cap_mkdb /usr/share/misc/termcap when: wrote_alacritty_cap.changed + +- name: Install login.conf + copy: + src: login.conf + dest: /etc/login.conf + owner: root + group: wheel + mode: 0644 + register: login_config + +- name: Update cap_mkdb + command: cap_mkdb /etc/login.conf + when: login_config.changed +# - name: Install periodic.conf.local +# copy: +# src: periodic.conf.local +# dest: /etc/periodic.conf.local +# owner: root +# group: wheel +# mode: 0644 + +# - name: Install loader.conf +# copy: +# src: "{{loader_conf}}" +# dest: /boot/loader.conf +# owner: root +# group: wheel +# mode: 0644 +# when: loader_conf is defined + +# - name: Install rc.conf +# copy: +# src: "{{rc_conf}}" +# dest: /etc/rc.conf +# mode: 0644 +# owner: root +# group: wheel +# when: rc_conf is defined From dcba0af7c1c0becd1204820f9bc99889ae0d9df0 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Fri, 14 Oct 2022 01:52:42 -0400 Subject: [PATCH 4/6] Enable periodic crub. --- ansible/roles/base/tasks/freebsd.yaml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/ansible/roles/base/tasks/freebsd.yaml b/ansible/roles/base/tasks/freebsd.yaml index ca93b39..075e95b 100644 --- a/ansible/roles/base/tasks/freebsd.yaml +++ b/ansible/roles/base/tasks/freebsd.yaml @@ -47,14 +47,18 @@ - name: Update cap_mkdb command: cap_mkdb /etc/login.conf when: login_config.changed -# - name: Install periodic.conf.local -# copy: -# src: periodic.conf.local -# dest: /etc/periodic.conf.local -# owner: root -# group: wheel -# mode: 0644 +- name: Enable periodic scrub + community.general.sysrc: + name: daily_scrub_zfs_enable + value: "YES" + path: /etc/periodic.conf.local + +- name: Set scrub interval + community.general.sysrc: + name: daily_scrub_zfs_default_threshold + value: "7" + path: /etc/periodic.conf.local # - name: Install loader.conf # copy: # src: "{{loader_conf}}" From c34aab16af183e21eaa09f5e3965eb56659f4e7b Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Fri, 14 Oct 2022 01:55:15 -0400 Subject: [PATCH 5/6] Add copying of rc.conf. --- .../environments/home/host_vars/homeserver | 1 + ansible/roles/base/files/homeserver_rc.conf | 15 +++++++++++++ ansible/roles/base/tasks/freebsd.yaml | 22 ++++++++++++------- 3 files changed, 30 insertions(+), 8 deletions(-) create mode 100644 ansible/roles/base/files/homeserver_rc.conf diff --git a/ansible/environments/home/host_vars/homeserver b/ansible/environments/home/host_vars/homeserver index 290af65..3d49d2a 100644 --- a/ansible/environments/home/host_vars/homeserver +++ b/ansible/environments/home/host_vars/homeserver @@ -8,3 +8,4 @@ pflog_conf: - name: 0 dev: pflog0 network_rc: "homeserver_network.conf" +rc_conf: "homeserver_rc.conf" diff --git a/ansible/roles/base/files/homeserver_rc.conf b/ansible/roles/base/files/homeserver_rc.conf new file mode 100644 index 0000000..65cf777 --- /dev/null +++ b/ansible/roles/base/files/homeserver_rc.conf @@ -0,0 +1,15 @@ +clear_tmp_enable="YES" +syslogd_flags="-ss" +sendmail_enable="NONE" +hostname="computer" +# wlans_ath0="wlan0" +wlans_run0="wlan0" +ifconfig_wlan0="WPA DHCP" +ifconfig_wlan0_ipv6="inet6 accept_rtadv" +local_unbound_enable="YES" +sshd_enable="YES" +ntpd_enable="YES" +powerd_enable="YES" +# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable +dumpdev="NO" +zfs_enable="YES" diff --git a/ansible/roles/base/tasks/freebsd.yaml b/ansible/roles/base/tasks/freebsd.yaml index 075e95b..9aeb453 100644 --- a/ansible/roles/base/tasks/freebsd.yaml +++ b/ansible/roles/base/tasks/freebsd.yaml @@ -68,11 +68,17 @@ # mode: 0644 # when: loader_conf is defined -# - name: Install rc.conf -# copy: -# src: "{{rc_conf}}" -# dest: /etc/rc.conf -# mode: 0644 -# owner: root -# group: wheel -# when: rc_conf is defined +- name: Install rc.conf + copy: + src: "{{rc_conf}}" + dest: /etc/rc.conf + mode: 0644 + owner: root + group: wheel + when: rc_conf is defined + +- name: Delete rc.conf + file: + path: /etc/rc.conf + start: absent + when: rc_conf is not defined From ae6673e18270d4c1674a80084721fad4c02a2981 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Fri, 14 Oct 2022 01:59:15 -0400 Subject: [PATCH 6/6] Add loader.conf. --- .../environments/home/host_vars/homeserver | 1 + .../roles/base/files/homeserver_loader.conf | 5 ++++ ansible/roles/base/files/homeserver_rc.conf | 5 ---- ansible/roles/base/tasks/freebsd.yaml | 23 ++++++++++++------- 4 files changed, 21 insertions(+), 13 deletions(-) create mode 100644 ansible/roles/base/files/homeserver_loader.conf diff --git a/ansible/environments/home/host_vars/homeserver b/ansible/environments/home/host_vars/homeserver index 3d49d2a..efe2156 100644 --- a/ansible/environments/home/host_vars/homeserver +++ b/ansible/environments/home/host_vars/homeserver @@ -9,3 +9,4 @@ pflog_conf: dev: pflog0 network_rc: "homeserver_network.conf" rc_conf: "homeserver_rc.conf" +loader_conf: "homeserver_loader.conf" diff --git a/ansible/roles/base/files/homeserver_loader.conf b/ansible/roles/base/files/homeserver_loader.conf new file mode 100644 index 0000000..76d1466 --- /dev/null +++ b/ansible/roles/base/files/homeserver_loader.conf @@ -0,0 +1,5 @@ +security.bsd.allow_destructive_dtrace=0 +kern.geom.label.disk_ident.enable="0" +kern.geom.label.gptid.enable="0" +cryptodev_load="YES" +zfs_load="YES" diff --git a/ansible/roles/base/files/homeserver_rc.conf b/ansible/roles/base/files/homeserver_rc.conf index 65cf777..080e10b 100644 --- a/ansible/roles/base/files/homeserver_rc.conf +++ b/ansible/roles/base/files/homeserver_rc.conf @@ -2,14 +2,9 @@ clear_tmp_enable="YES" syslogd_flags="-ss" sendmail_enable="NONE" hostname="computer" -# wlans_ath0="wlan0" -wlans_run0="wlan0" -ifconfig_wlan0="WPA DHCP" -ifconfig_wlan0_ipv6="inet6 accept_rtadv" local_unbound_enable="YES" sshd_enable="YES" ntpd_enable="YES" powerd_enable="YES" -# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev="NO" zfs_enable="YES" diff --git a/ansible/roles/base/tasks/freebsd.yaml b/ansible/roles/base/tasks/freebsd.yaml index 9aeb453..379f3be 100644 --- a/ansible/roles/base/tasks/freebsd.yaml +++ b/ansible/roles/base/tasks/freebsd.yaml @@ -59,14 +59,21 @@ name: daily_scrub_zfs_default_threshold value: "7" path: /etc/periodic.conf.local -# - name: Install loader.conf -# copy: -# src: "{{loader_conf}}" -# dest: /boot/loader.conf -# owner: root -# group: wheel -# mode: 0644 -# when: loader_conf is defined + +- name: Install loader.conf + copy: + src: "{{loader_conf}}" + dest: /boot/loader.conf + owner: root + group: wheel + mode: 0644 + when: loader_conf is defined + +- name: Delete loader.conf + file: + path: /boot/loader.conf + state: absent + when: loader_conf is not defined - name: Install rc.conf copy: