Skip to content

Commit

Permalink
Merge remote-tracking branch 'remotes/upstream/pr/21' into bug3069
Browse files Browse the repository at this point in the history
  • Loading branch information
@djmitche
djmitche committed Dec 1, 2014
2 parents 091f75f + 1b10510 commit 15bf4e3
Show file tree
Hide file tree
Showing 7 changed files with 91 additions and 0 deletions.
7 changes: 7 additions & 0 deletions jail.yml
View file
@@ -0,0 +1,7 @@
---
- name: Jail test
hosts: servicehosts
roles:
- { role: jail, name: jailtest.buildbot.net, ip_address: ['vtnet0|192.168.122.16'] }

# vim:ft=yaml:nosi:noai:ts=2:sw=2
6 changes: 6 additions & 0 deletions roles/jail/files/flavours/base/etc/make.conf
View file
@@ -0,0 +1,6 @@
WRKDIRPREFIX=/var/ports
DISTDIR=/var/ports/distfiles
PACKAGES=/var/ports/packages
INDEXDIR=/var/ports

OPTIONS_UNSET=DOCS EXAMPLES
8 changes: 8 additions & 0 deletions roles/jail/files/flavours/base/etc/periodic.conf
View file
@@ -0,0 +1,8 @@
daily_output="/var/log/daily.log"
weekly_output="/var/log/weekly.log"
monthly_output="/var/log/monthly.log"
daily_status_security_output="/var/log/daily_status_security.log"
daily_status_network_enable="NO"
daily_status_security_ipfwlimit_enable="NO"
daily_status_security_ipfwdenied_enable="NO"
weekly_whatis_enable="NO" # our jails are read-only /usr
9 changes: 9 additions & 0 deletions roles/jail/files/flavours/base/etc/rc.conf
View file
@@ -0,0 +1,9 @@
network_interfaces=""
rpcbind_enable="NO"
cron_flags="$cron_flags -J 15"
syslogd_flags="-ss"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
sshd_enable="NO"
7 changes: 7 additions & 0 deletions roles/jail/files/flavours/base/ezjail.flavour
View file
@@ -0,0 +1,7 @@
#!/bin/sh
#
# BEFORE: DAEMON
#
# ezjail flavour base

# Everything is configured via Ansible.
38 changes: 38 additions & 0 deletions roles/jail/tasks/main.yml
View file
@@ -0,0 +1,38 @@
---
- name: ezjail config
template:
src: ezjail.conf
dest: /usr/local/etc/ezjail.conf

- name: Populate basejail
command: ezjail-admin install -p
args:
creates: /usr/local/jail/base

- name: Create base flavour directories
file:
path: '/usr/local/jail/flavours/base/{{ item }}'
state: directory
with_items:
- etc

- name: Set base flavour config
copy:
dest: '/usr/local/jail/flavours/{{ item }}'
src: 'flavours/{{ item }}'
with_items:
- base/ezjail.flavour
- base/etc/make.conf
- base/etc/periodic.conf
- base/etc/rc.conf

- name: Install jail
command: ezjail-admin create -f base {{ name }} {{ ip_address|join(',') }}
args:
creates: '/usr/local/jail/{{ name }}'

- name: Enable jails
lineinfile:
dest: /etc/rc.conf
line: 'jail_enable="YES"'
state: present
16 changes: 16 additions & 0 deletions roles/jail/templates/ezjail.conf
View file
@@ -0,0 +1,16 @@
# {{ ansible_managed }}
ezjail_jaildir=/usr/local/jail
ezjail_jailtemplate=${ezjail_jaildir}/newjail
ezjail_jailbase=${ezjail_jaildir}/base
ezjail_sourcetree=/usr/src
ezjail_ftphost=freebsd.isc.org
ezjail_default_execute="/usr/bin/login -f root"
ezjail_default_flavour="base"
ezjail_archivedir=/usr/local/jail/archived

# ezjail_uglyperlhack="YES"
ezjail_mount_enable="NO"
ezjail_devfs_enable="YES"
ezjail_devfs_ruleset="devfsrules_jail"
ezjail_procfs_enable="NO"
ezjail_fdescfs_enable="NO"

0 comments on commit 15bf4e3

Please sign in to comment.