- name: Create common zfs datasets zfs: name: "{{ item }}" state: present extra_zfs_properties: mountpoint: "none" loop: "{{ ((jail_list | community.general.json_query('[*].dataset')) + [jail_zfs_dataset]) | product(['', '/persistent', '/jails']) | map('join', '') }}" - name: Create jail zfs datasets zfs: name: "{{ item.dataset|default(jail_zfs_dataset) }}/jails/{{ item.name }}" state: present extra_zfs_properties: '{{ {''mountpoint'': item.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/jails/" + item.name}|combine(item.properties|default({}))|combine({''canmount'': ''noauto'', ''ta:bemount'': ''on''}) }}' loop: "{{ jail_list }}" - name: Create persistent jail zfs datasets zfs: name: "{{ item.dataset|default(jail_zfs_dataset) }}/persistent/{{ item.name }}" state: present extra_zfs_properties: mountpoint: "none" when: item.persist|default([])|length > 0 loop: "{{ jail_list }}" - name: Create jail specific zfs datasets zfs: name: "{{ item.0.dataset|default(jail_zfs_dataset) }}/persistent/{{ item.0.name }}/{{ item.1.name }}" state: present extra_zfs_properties: '{{ {''mountpoint'': item.0.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/jails/" + item.0.name + item.1.mount }|combine(item.1.properties|default({}))|combine({''canmount'': ''noauto'', ''ta:bemount'': ''on''}) }}' loop: "{{ jail_list|subelements('persist', skip_missing=True) }}" - name: Install scripts template: src: "templates/{{ item.src }}.j2" dest: "{{ item.dest }}" mode: 0755 owner: root group: wheel loop: - src: new_jail.bash dest: /usr/local/bin/new_jail - name: Install config files copy: src: "files/{{ item.fstab }}" dest: '{{ item.fstab_dest|default("/etc/fstab." + item.name) }}' mode: 0644 owner: root group: wheel when: item.fstab is defined loop: "{{ jail_list }}" - name: Install persistent files copy: src: "files/{{ item.1.src }}" dest: "{{ item.0.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) }}/jails/{{ item.0.name }}{{ item.1.dest }}" mode: '{{ item.1.mode|default("0644") }}' owner: root group: wheel loop: "{{ jail_list|subelements('files', skip_missing=True) }}" - name: Install jail.conf files when: item.conf.src is defined copy: src: "files/jails/{{ item.conf.src }}.conf" dest: "/etc/jail.conf.d/{{ item.conf.dest|default(item.conf.src) }}.conf" mode: "0644" owner: root group: wheel loop: "{{ jail_list }}" - name: Enable Jails community.general.sysrc: name: jail_enable value: "YES" path: /etc/rc.conf.d/jail when: jail_list|community.general.json_query('[?enabled==`true`]')|length > 0 - name: Set enabled jail list community.general.sysrc: name: jail_list value: "{{ jail_list|community.general.json_query('[?enabled==`true`].name')|join(' ') }}" path: /etc/rc.conf.d/jail when: jail_list|community.general.json_query('[?enabled==`true`]')|length > 0 - name: Disable Jails file: path: /etc/rc.conf.d/jail state: absent when: jail_list|community.general.json_query('[?enabled==`true`]')|length == 0 - name: Install rc script when: netgraph_config is defined copy: src: "files/{{ item.src }}" dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}" owner: root group: wheel mode: 0755 loop: - src: setup_netgraph - name: Install scripts when: netgraph_config is defined copy: src: "files/{{ item.src }}" dest: "{{ item.dest }}" mode: 0755 owner: root group: wheel loop: - src: "{{ netgraph_config }}" dest: /usr/local/bin/setup_netgraph - name: Enable setup_netgraph when: netgraph_config is defined community.general.sysrc: name: setup_netgraph_enable value: "YES" path: /etc/rc.conf.d/setup_netgraph - name: Disable setup_netgraph when: netgraph_config is not defined file: path: /etc/rc.conf.d/setup_netgraph state: absent - name: Enable gateway community.general.sysrc: name: "{{ item }}" value: "YES" path: /etc/rc.conf.d/routing loop: - gateway_enable - ipv6_gateway_enable