170 lines
4.8 KiB
YAML
170 lines
4.8 KiB
YAML
- name: Create common zfs datasets
|
|
zfs:
|
|
name: "{{ item }}"
|
|
state: present
|
|
extra_zfs_properties:
|
|
mountpoint: "none"
|
|
loop: "{{ ((jail_list | community.general.json_query('[*].dataset')) + [jail_zfs_dataset]) | product(['', '/persistent', '/jails']) | map('join', '') }}"
|
|
|
|
- name: Create jail zfs datasets
|
|
zfs:
|
|
name: "{{ item.dataset|default(jail_zfs_dataset) }}/jails/{{ item.name }}"
|
|
state: present
|
|
extra_zfs_properties: '{{ {''mountpoint'': item.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/" + item.name}|combine({''canmount'': jail_canmount|default(''noauto'')})|combine(item.properties|default({})) }}'
|
|
|
|
loop: "{{ jail_list }}"
|
|
|
|
- name: Create persistent jail zfs datasets
|
|
zfs:
|
|
name: "{{ item.dataset|default(jail_zfs_dataset) }}/persistent/{{ item.name }}"
|
|
state: present
|
|
extra_zfs_properties:
|
|
mountpoint: "none"
|
|
when: item.persist|default([])|length > 0
|
|
loop: "{{ jail_list }}"
|
|
|
|
- name: Create jail specific zfs datasets
|
|
zfs:
|
|
name: "{{ item.0.dataset|default(jail_zfs_dataset) }}/persistent/{{ item.0.name }}/{{ item.1.name }}"
|
|
state: present
|
|
extra_zfs_properties: '{{ {''mountpoint'': item.0.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/" + item.0.name + item.1.mount }|combine({''canmount'': jail_canmount|default(''noauto'')})|combine(item.1.properties|default({})) }}'
|
|
loop: "{{ jail_list|subelements('persist', skip_missing=True) }}"
|
|
|
|
- name: Install scripts
|
|
template:
|
|
src: "templates/{{ item.src }}.j2"
|
|
dest: "{{ item.dest }}"
|
|
mode: 0755
|
|
owner: root
|
|
group: wheel
|
|
loop:
|
|
- src: new_jail.bash
|
|
dest: /usr/local/bin/new_jail
|
|
|
|
- name: Install config files
|
|
when: item.fstab is defined
|
|
copy:
|
|
src: 'files/{{ item.fstab }}'
|
|
dest: '{{ item.fstab_dest|default("/etc/fstab." + item.name) }}'
|
|
mode: 0644
|
|
owner: root
|
|
group: wheel
|
|
loop: "{{ jail_list }}"
|
|
|
|
- name: Install config files
|
|
when: item.fstab is not defined
|
|
template:
|
|
src: 'templates/fstab_default.j2'
|
|
dest: '{{ item.fstab_dest|default("/etc/fstab." + item.name) }}'
|
|
mode: 0644
|
|
owner: root
|
|
group: wheel
|
|
loop: "{{ jail_list }}"
|
|
|
|
- name: Install persistent files
|
|
copy:
|
|
src: "files/{{ item.1.src }}"
|
|
dest: "{{ item.0.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) }}/jails/{{ item.0.name }}{{ item.1.dest }}"
|
|
mode: '{{ item.1.mode|default("0644") }}'
|
|
owner: root
|
|
group: wheel
|
|
loop: "{{ jail_list|subelements('files', skip_missing=True) }}"
|
|
|
|
- name: Install jail.conf files
|
|
when: item.conf.src is defined
|
|
copy:
|
|
src: "files/jails/{{ item.conf.src }}.conf"
|
|
dest: "/etc/jail.conf.d/{{ item.conf.dest|default(item.conf.src) }}.conf"
|
|
mode: "0644"
|
|
owner: root
|
|
group: wheel
|
|
loop: "{{ jail_list }}"
|
|
|
|
- name: Enable Jails
|
|
community.general.sysrc:
|
|
name: jail_enable
|
|
value: "YES"
|
|
path: /etc/rc.conf.d/jail
|
|
when: jail_list|community.general.json_query('[?enabled==`true`]')|length > 0
|
|
|
|
- name: Set enabled jail list
|
|
community.general.sysrc:
|
|
name: jail_list
|
|
value: "{{ jail_list|community.general.json_query('[?enabled==`true`].name')|join(' ') }}"
|
|
path: /etc/rc.conf.d/jail
|
|
when: jail_list|community.general.json_query('[?enabled==`true`]')|length > 0
|
|
|
|
- name: Disable Jails
|
|
file:
|
|
path: /etc/rc.conf.d/jail
|
|
state: absent
|
|
when: jail_list|community.general.json_query('[?enabled==`true`]')|length == 0
|
|
|
|
- name: Install scripts
|
|
when: install_graphics
|
|
copy:
|
|
src: "files/{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
mode: 0755
|
|
owner: root
|
|
group: wheel
|
|
loop:
|
|
- src: netgraph_view
|
|
dest: /usr/local/bin/netgraph_view
|
|
|
|
- name: Install rc script
|
|
when: netgraph_config is defined
|
|
copy:
|
|
src: "files/{{ item.src }}"
|
|
dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}"
|
|
owner: root
|
|
group: wheel
|
|
mode: 0755
|
|
loop:
|
|
- src: setup_netgraph
|
|
|
|
- name: Install scripts
|
|
when: netgraph_config is defined
|
|
copy:
|
|
src: "files/{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
mode: 0755
|
|
owner: root
|
|
group: wheel
|
|
loop:
|
|
- src: "{{ netgraph_config }}"
|
|
dest: /usr/local/bin/setup_netgraph
|
|
|
|
- name: Install scripts
|
|
copy:
|
|
src: "files/{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
mode: 0755
|
|
owner: root
|
|
group: wheel
|
|
loop:
|
|
- src: jail_netgraph_bridge.bash
|
|
dest: /usr/local/bin/jail_netgraph_bridge
|
|
|
|
- name: Enable setup_netgraph
|
|
when: netgraph_config is defined
|
|
community.general.sysrc:
|
|
name: setup_netgraph_enable
|
|
value: "YES"
|
|
path: /etc/rc.conf.d/setup_netgraph
|
|
|
|
- name: Disable setup_netgraph
|
|
when: netgraph_config is not defined
|
|
file:
|
|
path: /etc/rc.conf.d/setup_netgraph
|
|
state: absent
|
|
|
|
- name: Enable gateway
|
|
community.general.sysrc:
|
|
name: "{{ item }}"
|
|
value: "YES"
|
|
path: /etc/rc.conf.d/routing
|
|
loop:
|
|
- gateway_enable
|
|
- ipv6_gateway_enable
|