-
Notifications
You must be signed in to change notification settings - Fork 705
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hint about debops.sysctl #96
Comments
Hi @ypid, thanks for the suggestion. However I don't think a dependency is a good idea. I'd really like to keep this role as simple as possible. And looking at the code of your sysctl-role, it does not seem very simple (I did not test it, though!). However I'd really like to here more about why you choose to use template+command instead of the sysctl-module! Maybe in our gitter channel? |
Hi. Actually, I decided to switch to a template-based approach instead of using the
This means that in the event that other Ansible roles apply their own configuration that might override the parameters specified by the Setting all desired variables in a templated file at once is also faster than configuring individual variables one at a time using As for the role complexity - this is how all DebOps roles are designed, in essence. The user is supposed to configure a role through Ansible inventory variables, which have a defined, easy to use format specified in the role documentation. The internal code used by the role in the tasks and templates is more complex but should be treated as a "private" code (think public and private functions in OOP model). Users are not supposed to modify DebOps roles on their own; instead a given role behaviour can be influenced through Ansible inventory. |
While I like the template approach in debops,sysctl, the role is not appropriate for inclusion as a dependency because it targets Debian-based distros specifically, whereas the dev-sec.os-hardening role works on a wide variety of Linux distros. |
Closing this as I'm not comfortable with injecting the another role as a dependency here. I want to try to keep this role lightweight and easily understandable. |
Add Ed25519 SSH host key to match commit 28b4df3 in ssh-baseline
Add Ed25519 SSH host key to match commit 28b4df3 in ssh-baseline
I just wanted to drop a line that we at @debops have written debops.sysctl. I added the
sysctl_config
and made it configurable. Maybedebops.sysctl
could be used as dependency role forhardening.os-hardening
?The text was updated successfully, but these errors were encountered: