From c6f2fd36e0a8188e1f6b2a15b292e3d0a5610ac4 Mon Sep 17 00:00:00 2001
From: Albert Cervin <albert@acervin.com>
Date: Sun, 19 Mar 2023 17:18:01 +0100
Subject: =?UTF-8?q?=F0=9F=8E=89=20Initial=20commit=20of=20infra?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 roles/jail/meta/main.yml          |  2 ++
 roles/jail/tasks/main.yml         | 34 ++++++++++++++++++++++++++++++++++
 roles/jail/templates/jail.conf.j2 | 18 ++++++++++++++++++
 3 files changed, 54 insertions(+)
 create mode 100644 roles/jail/meta/main.yml
 create mode 100644 roles/jail/tasks/main.yml
 create mode 100644 roles/jail/templates/jail.conf.j2

(limited to 'roles/jail')

diff --git a/roles/jail/meta/main.yml b/roles/jail/meta/main.yml
new file mode 100644
index 0000000..574a987
--- /dev/null
+++ b/roles/jail/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+#  - role: jailhost
diff --git a/roles/jail/tasks/main.yml b/roles/jail/tasks/main.yml
new file mode 100644
index 0000000..670a886
--- /dev/null
+++ b/roles/jail/tasks/main.yml
@@ -0,0 +1,34 @@
+- name: create dataset for jail
+  community.general.zfs:
+    name: "{{ jailset }}/{{ jail.name }}"
+    state: present
+    origin: "{{ jailset }}/base@{{ base_jail_patch_level }}"
+
+- name: make sure jail conf dir exists
+  file:
+    path: "{{ jailbase }}/conf"
+    state: directory
+    mode: '0755'
+
+- name: create jail conf {{ jail.name }}
+  ansible.builtin.template:
+    src: jail.conf.j2
+    dest: "{{ jailbase }}/conf/{{ jail.name }}.conf"
+
+- name: create additional datasets
+  community.general.zfs:
+    name: "{{ jailset }}/tank/{{ item }}"
+    state: present
+    extra_zfs_properties:
+      jailed: on
+  loop: "{{ jail.additional_data_sets | default([]) }}"
+
+- name: start jail
+  shell:
+    cmd: jls -j {{ jail.name }} || jail -f {{ jailbase }}/conf/{{ jail.name }}.conf -c {{ jail.name }}
+
+- name: Make sure packages are up to date in {{ jail.name }}
+  community.general.pkgng:
+    name: "*"
+    state: latest
+    jail: "{{ jail.name }}"
diff --git a/roles/jail/templates/jail.conf.j2 b/roles/jail/templates/jail.conf.j2
new file mode 100644
index 0000000..0b55078
--- /dev/null
+++ b/roles/jail/templates/jail.conf.j2
@@ -0,0 +1,18 @@
+{{ jail.name }} {
+   exec.start = '/bin/sh /etc/rc';
+   exec.stop = '/bin/sh /etc/rc.shutdown jail';
+   mount.devfs;
+   host.hostname={{ jail.name }}.in.prison;
+   allow.raw_sockets;
+   allow.mount;
+   allow.mount.devfs;
+   allow.mount.zfs;
+   devfs_ruleset = 4;
+   enforce_statfs = 1;
+   ip6.addr='em0|{{ jail.ip }}';
+   path=/usr/local/jails/{{ jail.name }};
+
+   {% for dataset in jail.additional_data_sets | default([]) -%}
+   exec.poststart+="zfs jail ${name} poolen/jails/tank/{{ dataset }}";
+   {% endfor -%}
+}
-- 
cgit v1.2.3