diff options
| author | Albert Cervin <albert@acervin.com> | 2023-03-19 17:18:01 +0100 |
|---|---|---|
| committer | Albert Cervin <albert@acervin.com> | 2023-03-19 17:18:01 +0100 |
| commit | c6f2fd36e0a8188e1f6b2a15b292e3d0a5610ac4 (patch) | |
| tree | d1c21cf0d9a2529154b33438bd91821268be5eb4 /roles/jail | |
| download | datagubbe-setup-c6f2fd36e0a8188e1f6b2a15b292e3d0a5610ac4.tar.gz datagubbe-setup-c6f2fd36e0a8188e1f6b2a15b292e3d0a5610ac4.tar.xz datagubbe-setup-c6f2fd36e0a8188e1f6b2a15b292e3d0a5610ac4.zip | |
Diffstat (limited to 'roles/jail')
| -rw-r--r-- | roles/jail/meta/main.yml | 2 | ||||
| -rw-r--r-- | roles/jail/tasks/main.yml | 34 | ||||
| -rw-r--r-- | roles/jail/templates/jail.conf.j2 | 18 |
3 files changed, 54 insertions, 0 deletions
diff --git a/roles/jail/meta/main.yml b/roles/jail/meta/main.yml new file mode 100644 index 0000000..574a987 --- /dev/null +++ b/roles/jail/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: +# - role: jailhost diff --git a/roles/jail/tasks/main.yml b/roles/jail/tasks/main.yml new file mode 100644 index 0000000..670a886 --- /dev/null +++ b/roles/jail/tasks/main.yml @@ -0,0 +1,34 @@ +- name: create dataset for jail + community.general.zfs: + name: "{{ jailset }}/{{ jail.name }}" + state: present + origin: "{{ jailset }}/base@{{ base_jail_patch_level }}" + +- name: make sure jail conf dir exists + file: + path: "{{ jailbase }}/conf" + state: directory + mode: '0755' + +- name: create jail conf {{ jail.name }} + ansible.builtin.template: + src: jail.conf.j2 + dest: "{{ jailbase }}/conf/{{ jail.name }}.conf" + +- name: create additional datasets + community.general.zfs: + name: "{{ jailset }}/tank/{{ item }}" + state: present + extra_zfs_properties: + jailed: on + loop: "{{ jail.additional_data_sets | default([]) }}" + +- name: start jail + shell: + cmd: jls -j {{ jail.name }} || jail -f {{ jailbase }}/conf/{{ jail.name }}.conf -c {{ jail.name }} + +- name: Make sure packages are up to date in {{ jail.name }} + community.general.pkgng: + name: "*" + state: latest + jail: "{{ jail.name }}" diff --git a/roles/jail/templates/jail.conf.j2 b/roles/jail/templates/jail.conf.j2 new file mode 100644 index 0000000..0b55078 --- /dev/null +++ b/roles/jail/templates/jail.conf.j2 @@ -0,0 +1,18 @@ +{{ jail.name }} { + exec.start = '/bin/sh /etc/rc'; + exec.stop = '/bin/sh /etc/rc.shutdown jail'; + mount.devfs; + host.hostname={{ jail.name }}.in.prison; + allow.raw_sockets; + allow.mount; + allow.mount.devfs; + allow.mount.zfs; + devfs_ruleset = 4; + enforce_statfs = 1; + ip6.addr='em0|{{ jail.ip }}'; + path=/usr/local/jails/{{ jail.name }}; + + {% for dataset in jail.additional_data_sets | default([]) -%} + exec.poststart+="zfs jail ${name} poolen/jails/tank/{{ dataset }}"; + {% endfor -%} +} |