machine_setup/ansible/roles/jail/tasks/freebsd.yaml
2024-06-29 16:58:47 -04:00

160 lines
4.6 KiB
YAML

- name: Create common zfs datasets
zfs:
name: "{{ item }}"
state: present
extra_zfs_properties:
mountpoint: "none"
loop: "{{ ((jail_list | community.general.json_query('[*].dataset')) + [jail_zfs_dataset]) | product(['', '/persistent', '/jails']) | map('join', '') }}"
- name: Create jail zfs datasets
zfs:
name: "{{ item.dataset|default(jail_zfs_dataset) }}/jails/{{ item.name }}"
state: present
extra_zfs_properties: '{{ {''mountpoint'': item.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/" + item.name}|combine({''canmount'': jail_canmount|default(''noauto'')})|combine(item.properties|default({})) }}'
loop: "{{ jail_list }}"
- name: Create persistent jail zfs datasets
zfs:
name: "{{ item.dataset|default(jail_zfs_dataset) }}/persistent/{{ item.name }}"
state: present
extra_zfs_properties:
mountpoint: "none"
when: item.persist|default([])|length > 0
loop: "{{ jail_list }}"
- name: Create jail specific zfs datasets
zfs:
name: "{{ item.0.dataset|default(jail_zfs_dataset) }}/persistent/{{ item.0.name }}/{{ item.1.name }}"
state: present
extra_zfs_properties: '{{ {''mountpoint'': item.0.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/" + item.0.name + item.1.mount }|combine({''canmount'': jail_canmount|default(''noauto'')})|combine(item.1.properties|default({})) }}'
loop: "{{ jail_list|subelements('persist', skip_missing=True) }}"
- name: Install scripts
template:
src: "templates/{{ item.src }}.j2"
dest: "{{ item.dest }}"
mode: 0755
owner: root
group: wheel
loop:
- src: new_jail.bash
dest: /usr/local/bin/new_jail
- name: Install config files
copy:
src: "files/{{ item.fstab }}"
dest: '{{ item.fstab_dest|default("/etc/fstab." + item.name) }}'
mode: 0644
owner: root
group: wheel
when: item.fstab is defined
loop: "{{ jail_list }}"
- name: Install persistent files
copy:
src: "files/{{ item.1.src }}"
dest: "{{ item.0.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) }}/jails/{{ item.0.name }}{{ item.1.dest }}"
mode: '{{ item.1.mode|default("0644") }}'
owner: root
group: wheel
loop: "{{ jail_list|subelements('files', skip_missing=True) }}"
- name: Install jail.conf files
when: item.conf.src is defined
copy:
src: "files/jails/{{ item.conf.src }}.conf"
dest: "/etc/jail.conf.d/{{ item.conf.dest|default(item.conf.src) }}.conf"
mode: "0644"
owner: root
group: wheel
loop: "{{ jail_list }}"
- name: Enable Jails
community.general.sysrc:
name: jail_enable
value: "YES"
path: /etc/rc.conf.d/jail
when: jail_list|community.general.json_query('[?enabled==`true`]')|length > 0
- name: Set enabled jail list
community.general.sysrc:
name: jail_list
value: "{{ jail_list|community.general.json_query('[?enabled==`true`].name')|join(' ') }}"
path: /etc/rc.conf.d/jail
when: jail_list|community.general.json_query('[?enabled==`true`]')|length > 0
- name: Disable Jails
file:
path: /etc/rc.conf.d/jail
state: absent
when: jail_list|community.general.json_query('[?enabled==`true`]')|length == 0
- name: Install scripts
when: install_graphics
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0755
owner: root
group: wheel
loop:
- src: netgraph_view
dest: /usr/local/bin/netgraph_view
- name: Install rc script
when: netgraph_config is defined
copy:
src: "files/{{ item.src }}"
dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}"
owner: root
group: wheel
mode: 0755
loop:
- src: setup_netgraph
- name: Install scripts
when: netgraph_config is defined
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0755
owner: root
group: wheel
loop:
- src: "{{ netgraph_config }}"
dest: /usr/local/bin/setup_netgraph
- name: Install scripts
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0755
owner: root
group: wheel
loop:
- src: jail_netgraph_bridge.bash
dest: /usr/local/bin/jail_netgraph_bridge
- name: Enable setup_netgraph
when: netgraph_config is defined
community.general.sysrc:
name: setup_netgraph_enable
value: "YES"
path: /etc/rc.conf.d/setup_netgraph
- name: Disable setup_netgraph
when: netgraph_config is not defined
file:
path: /etc/rc.conf.d/setup_netgraph
state: absent
- name: Enable gateway
community.general.sysrc:
name: "{{ item }}"
value: "YES"
path: /etc/rc.conf.d/routing
loop:
- gateway_enable
- ipv6_gateway_enable