🎉 Initial commit of infraHEAD main

author: Albert Cervin <albert@acervin.com> 2023-03-19 17:18:01 +0100
committer: Albert Cervin <albert@acervin.com> 2023-03-19 17:18:01 +0100
commit: c6f2fd36e0a8188e1f6b2a15b292e3d0a5610ac4 (patch)
tree: d1c21cf0d9a2529154b33438bd91821268be5eb4 /roles/jail
download: datagubbe-setup-main.tar.gz
datagubbe-setup-main.tar.xz
datagubbe-setup-main.zip
3 files changed, 54 insertions, 0 deletions
diff --git a/roles/jail/meta/main.yml b/roles/jail/meta/main.yml
new file mode 100644
index 0000000..574a987
--- /dev/null
+++ b/roles/jail/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+#  - role: jailhost
diff --git a/roles/jail/tasks/main.yml b/roles/jail/tasks/main.yml
new file mode 100644
index 0000000..670a886
--- /dev/null
+++ b/roles/jail/tasks/main.yml
@@ -0,0 +1,34 @@
+- name: create dataset for jail
+  community.general.zfs:
+    name: "{{ jailset }}/{{ jail.name }}"
+    state: present
+    origin: "{{ jailset }}/base@{{ base_jail_patch_level }}"
+
+- name: make sure jail conf dir exists
+  file:
+    path: "{{ jailbase }}/conf"
+    state: directory
+    mode: '0755'
+
+- name: create jail conf {{ jail.name }}
+  ansible.builtin.template:
+    src: jail.conf.j2
+    dest: "{{ jailbase }}/conf/{{ jail.name }}.conf"
+
+- name: create additional datasets
+  community.general.zfs:
+    name: "{{ jailset }}/tank/{{ item }}"
+    state: present
+    extra_zfs_properties:
+      jailed: on
+  loop: "{{ jail.additional_data_sets | default([]) }}"
+
+- name: start jail
+  shell:
+    cmd: jls -j {{ jail.name }} || jail -f {{ jailbase }}/conf/{{ jail.name }}.conf -c {{ jail.name }}
+
+- name: Make sure packages are up to date in {{ jail.name }}
+  community.general.pkgng:
+    name: "*"
+    state: latest
+    jail: "{{ jail.name }}"
diff --git a/roles/jail/templates/jail.conf.j2 b/roles/jail/templates/jail.conf.j2
new file mode 100644
index 0000000..0b55078
--- /dev/null
+++ b/roles/jail/templates/jail.conf.j2
@@ -0,0 +1,18 @@
+{{ jail.name }} {
+   exec.start = '/bin/sh /etc/rc';
+   exec.stop = '/bin/sh /etc/rc.shutdown jail';
+   mount.devfs;
+   host.hostname={{ jail.name }}.in.prison;
+   allow.raw_sockets;
+   allow.mount;
+   allow.mount.devfs;
+   allow.mount.zfs;
+   devfs_ruleset = 4;
+   enforce_statfs = 1;
+   ip6.addr='em0|{{ jail.ip }}';
+   path=/usr/local/jails/{{ jail.name }};
+
+   {% for dataset in jail.additional_data_sets | default([]) -%}
+   exec.poststart+="zfs jail ${name} poolen/jails/tank/{{ dataset }}";
+   {% endfor -%}
+}
author	Albert Cervin <albert@acervin.com>	2023-03-19 17:18:01 +0100
committer	Albert Cervin <albert@acervin.com>	2023-03-19 17:18:01 +0100
commit	c6f2fd36e0a8188e1f6b2a15b292e3d0a5610ac4 (patch)
tree	d1c21cf0d9a2529154b33438bd91821268be5eb4 /roles/jail
download	datagubbe-setup-main.tar.gz datagubbe-setup-main.tar.xz datagubbe-setup-main.zip