Tasks
main.yml
Synopsis: Main task.
Import tasks if enabled.
1---
2# tasks for freebsd_postinstall
3
4- name: Import vars.yml
5 ansible.builtin.import_tasks: vars.yml
6 when: fp_vars | bool
7 tags: [fp_vars, always]
8
9- name: Import debug.yml
10 ansible.builtin.import_tasks: debug.yml
11 when: fp_debug | bool
12 tags: fp_debug
13
14- name: Import sanity.yml
15 ansible.builtin.import_tasks: sanity.yml
16 when: fp_sanity | bool
17 tags: always
18
19- name: Import cloud-providers.yml
20 ansible.builtin.import_tasks: cloud-providers.yml
21 tags: fp_cloud_proividers
22
23- name: Import loader.yml
24 ansible.builtin.import_tasks: loader.yml
25 when: fp_loader | bool
26 tags: fp_loader
27
28- name: Import sysctl.yml
29 ansible.builtin.import_tasks: sysctl.yml
30 when: fp_sysctl | bool
31 tags: fp_sysctl
32
33- name: Import tmpmfs.yml
34 ansible.builtin.import_tasks: tmpmfs.yml
35 when: fp_tmpmfs | bool
36 tags: fp_tmpmfs
37
38- name: Import devd.yml
39 ansible.builtin.import_tasks: devd.yml
40 when: fp_devd | bool
41 tags: fp_devd
42
43- name: Import devfs.yml
44 ansible.builtin.import_tasks: devfs.yml
45 when: fp_devfs | bool
46 tags: fp_devfs
47
48- name: Import rcd.yml
49 ansible.builtin.import_tasks: rcd.yml
50 when: fp_rcd | bool
51 tags: fp_rcd
52
53- name: Import dhclient.yml
54 ansible.builtin.import_tasks: dhclient.yml
55 when: fp_dhclient | bool
56 tags: fp_dhclient
57
58- name: Import make.yml
59 ansible.builtin.import_tasks: make.yml
60 when: fp_make | bool
61 tags: fp_make
62
63- name: Import swap.yml
64 ansible.builtin.import_tasks: swap.yml
65 when: fp_swap | bool
66 tags: fp_swap
67
68- name: Import flush_handlers
69 ansible.builtin.meta: flush_handlers
70
71- name: Import fstab.yml
72 ansible.builtin.import_tasks: fstab.yml
73 when: fp_fstab | bool
74 tags: fp_fstab
75
76- name: Import mount-iso.yml
77 ansible.builtin.import_tasks: mount-iso.yml
78 when: fp_mount_iso | bool
79 tags: fp_mount_iso
80
81- name: Import mount-img.yml
82 ansible.builtin.import_tasks: mount-img.yml
83 when: fp_mount_img | bool
84 tags: fp_mount_img
85
86- name: Import packages.yml
87 ansible.builtin.import_tasks: packages.yml
88 when: fp_install | bool
89 tags: fp_packages
90
91- name: Import copy.yml
92 ansible.builtin.import_tasks: copy.yml
93 when: fp_copy | bool
94 tags: fp_copy
95
96- name: Import libmap.yml
97 ansible.builtin.import_tasks: libmap.yml
98 when: fp_libmap | bool
99 tags: fp_libmap
100
101- name: Import groupwrappers.yml
102 ansible.builtin.import_tasks: groupwrappers.yml
103 when: fp_groupwrappers | bool
104 tags: fp_groupwrappers
105
106- name: Import groups.yml
107 ansible.builtin.import_tasks: groups.yml
108 when: fp_groups | bool
109 tags: fp_groups
110
111- name: Import users.yml
112 ansible.builtin.import_tasks: users.yml
113 when: fp_users | bool
114 tags: fp_users
115
116- name: Import passwords.yml
117 ansible.builtin.import_tasks: passwords.yml
118 when: fp_passwords | bool
119 tags: fp_passwords
120
121- name: Import hostname.yml
122 ansible.builtin.import_tasks: hostname.yml
123 when: fp_hostname | bool
124 tags: fp_hostname
125
126- name: Import hosts.yml
127 ansible.builtin.import_tasks: hosts.yml
128 when: fp_hosts | bool
129 tags: fp_hosts
130
131- name: Import inetd.yml
132 ansible.builtin.import_tasks: inetd.yml
133 when: fp_inetd | bool
134 tags: fp_inetd
135
136- name: Import ssh.yml
137 ansible.builtin.import_tasks: ssh.yml
138 when: fp_ssh | bool
139 tags: fp_ssh
140
141- name: Import sshd.yml
142 ansible.builtin.import_tasks: sshd.yml
143 when: fp_sshd | bool
144 tags: fp_sshd
145
146- name: Import authorized-key.yml
147 ansible.builtin.import_tasks: authorized-key.yml
148 when: fp_authorized_key | bool
149 tags: fp_authorized_key
150
151- name: Import timezone.yml
152 ansible.builtin.import_tasks: timezone.yml
153 when: fp_timezone | bool
154 tags: fp_timezone
155
156- name: Import ntp.yml
157 ansible.builtin.import_tasks: ntp.yml
158 when: fp_ntp | bool
159 tags: fp_ntp
160
161- name: Import ntpdate.yml
162 ansible.builtin.import_tasks: ntpdate.yml
163 when: fp_ntpdate | bool
164 tags: fp_ntpdate
165
166- name: Import nfs.yml
167 ansible.builtin.import_tasks: nfs.yml
168 when: fp_nfs | bool
169 tags: fp_nfs
170
171- name: Import nfsd.yml
172 ansible.builtin.import_tasks: nfsd.yml
173 when: fp_nfsd | bool
174 tags: fp_nfsd
175
176- name: Import smartd.yml
177 ansible.builtin.import_tasks: smartd.yml
178 when: fp_smartd | bool
179 tags: fp_smartd
180
181- name: Import apcupsd.yml
182 ansible.builtin.import_tasks: apcupsd.yml
183 when: fp_apcupsd | bool
184 tags: fp_apcupsd
185
186- name: Import hostapd.yml
187 ansible.builtin.import_tasks: hostapd.yml
188 when: fp_hostapd | bool
189 tags: fp_hostapd
190
191- name: Import procmail.yml
192 ansible.builtin.import_tasks: procmail.yml
193 when: fp_procmail | bool
194 tags: fp_procmail
195
196- name: Import motd.yml
197 ansible.builtin.import_tasks: motd.yml
198 when: fp_motd | bool
199 tags: fp_motd
200
201- name: Import gitserver.yml
202 ansible.builtin.import_tasks: gitserver.yml
203 when: fp_gitserver | bool
204 tags: fp_gitserver
205
206- name: Import sudoers.yml
207 ansible.builtin.import_tasks: sudoers.yml
208 when: fp_sudoers | bool
209 tags: fp_sudoers
210
211- name: Import cron.yml
212 ansible.builtin.import_tasks: cron.yml
213 when: fp_cron | bool
214 tags: fp_cron
215
216- name: Import resolvconf.yml
217 ansible.builtin.import_tasks: resolvconf.yml
218 when: fp_resolvconf | bool
219 tags: fp_resolvconf
220
221- name: Import aliases.yml
222 ansible.builtin.import_tasks: aliases.yml
223 when: fp_aliases | bool
224 tags: fp_aliases
225
226- name: Import periodic.yml
227 ansible.builtin.import_tasks: periodic.yml
228 when: fp_periodic | bool
229 tags: fp_periodic
230
231- name: Import wpasupplicant.yml
232 ansible.builtin.import_tasks: wpasupplicant.yml
233 when: fp_wpasupplicant | bool
234 tags: fp_wpasupplicant
235
236- name: Import linux.yml
237 ansible.builtin.import_tasks: linux.yml
238 when: fp_linux | bool
239 tags: fp_linux
240
241- name: Import login.yml
242 ansible.builtin.import_tasks: login.yml
243 when: fp_login | bool
244 tags: fp_login
245
246- name: Import snmpd.yml
247 ansible.builtin.import_tasks: snmpd.yml
248 when: fp_snmpd | bool
249 tags: fp_snmpd
250
251- name: Import qemu.yml
252 ansible.builtin.import_tasks: qemu.yml
253 when: fp_qemu | bool
254 tags: fp_qemu
255
256- name: Import freebsd-update.yml
257 ansible.builtin.import_tasks: freebsd-update.yml
258 when: fp_freebsd_update | bool
259 tags: fp_freebsd_update
260
261- name: Import syslogd.yml
262 ansible.builtin.import_tasks: syslogd.yml
263 when: fp_syslogd | bool
264 tags: fp_syslogd
265
266- name: Import syslog-ng.yml
267 ansible.builtin.import_tasks: syslog-ng.yml
268 when: fp_syslogng | bool
269 tags: fp_syslogng
270
271# EOF
aliases.yml
Synopsis: Configure aliases
Description of the task.
1---
2- name: "Aliases: Configure {{ fp_aliases_conf_file }}"
3 notify: newaliases
4 ansible.builtin.lineinfile:
5 dest: "{{ fp_aliases_conf_file }}"
6 regexp: ^\s*{{ item.alias }}:(.*)$
7 line: "{{ item.alias }}: {{ item.user }}"
8 backup: "{{ fp_backup }}"
9 loop: "{{ fp_aliases_conf }}"
10
11# EOF
apcupsd.yml
Synopsis: Configure apcupsd
Description of the task.
1---
2- name: Configure apcupsd
3 tags: fp_apcupsd_conf
4 block:
5
6 - name: "Apcupsd: Create directory {{ fp_apcupsd_conf_dir }}"
7 ansible.builtin.file:
8 state: directory
9 path: "{{ fp_apcupsd_conf_dir }}"
10 mode: "{{ fp_apcupsd_conf_dir_mode }}"
11
12 - name: "Apcupsd: Configure apcupsd.conf"
13 notify: restart apcupsd
14 ansible.builtin.template:
15 src: apcupsd.conf.j2
16 dest: "{{ fp_apcupsd_conf_file }}"
17 owner: "{{ fp_apcupsd_conf_owner }}"
18 group: "{{ fp_apcupsd_conf_group }}"
19 mode: "{{ fp_apcupsd_conf_mode }}"
20 backup: "{{ fp_backup }}"
21
22- name: "Apcupsd: Configure rc.conf"
23 tags: fp_apcupsd_rcconf
24 vars:
25 _service: apcupsd
26 ansible.builtin.import_tasks: fn/rcconf.yml
27
28# EOF
cloud-providers.yml
Synopsis: Configure cloud-providers
Description of the task.
1---
2- name: Import cloud-providers/digitalocean.yml
3 when: digitalocean | bool
4 tags: fp_do
5 ansible.builtin.import_tasks: cloud-providers/digitalocean.yml
6
7# EOF
copy.yml
Synopsis: Configure copy
Description of the task.
1---
2- name: "Copy: Debug fp_copy_debug={{ fp_copy_debug }}"
3 when: fp_copy_debug | bool
4 tags: fp_copy_debug
5 vars:
6 msg: |-
7 fp_unarch_default: {{ fp_unarch_default }}
8 fp_unarch_optional: {{ fp_unarch_optional }}
9 fp_synchronize_default:
10 {{ fp_synchronize_default | to_nice_yaml(indent=2) | indent(2) }}
11 fp_synchronize_optional:
12 {{ fp_synchronize_optional | to_nice_yaml(indent=2) | indent(2) }}
13 fp_copy_dir: {{ fp_copy_dir }}
14 fp_copy_dir_default: {{ fp_copy_dir_default }}
15 fp_copy_arch_defaul: {{ fp_copy_arch_default }}
16 fp_copy_dir_optional: {{ fp_copy_dir_optional }}
17 fp_copy_arch_optional: {{ fp_copy_arch_optional }}
18 fp_unarchive_keep_newer: {{ fp_unarchive_keep_newer }}
19 fp_synchronize_delete: {{ fp_synchronize_delete }}
20 fp_synchronize_archive: {{ fp_synchronize_archive }}
21 fp_synchronize_checksum: {{ fp_synchronize_checksum }}
22 fp_synchronize_compress: {{ fp_synchronize_compress }}
23 fp_synchronize_copy_links: {{ fp_synchronize_copy_links }}
24 fp_synchronize_dirs: {{ fp_synchronize_dirs }}
25 fp_synchronize_existing_only: {{ fp_synchronize_existing_only }}
26 fp_synchronize_group: {{ fp_synchronize_group }}
27 fp_synchronize_mode: {{ fp_synchronize_mode }}
28 fp_synchronize_owner: {{ fp_synchronize_owner }}
29 fp_synchronize_perms: {{ fp_synchronize_perms }}
30 fp_synchronize_times: {{ fp_synchronize_times }}
31 fp_synchronize_verify_host: {{ fp_synchronize_verify_host }}
32 ansible.builtin.debug:
33 msg: "{{ '{}'.format(msg) }}"
34
35 # Sync default
36- name: "Copy: Synchronize default files {{ fp_copy_dir ~ '/' ~ fp_copy_dir_default }}"
37 when: fp_synchronize_default | length > 0
38 tags: fp_copy_sync_default
39 ansible.builtin.import_tasks: copy/sync-default.yml
40
41 # Sync optional
42- name: "Copy: Synchronize optional files {{ fp_copy_dir ~ '/' ~ fp_copy_dir_optional }}"
43 when: fp_synchronize_optional | length > 0
44 tags: fp_copy_sync_optional
45 ansible.builtin.import_tasks: copy/sync-optional.yml
46
47 # Unarch default
48- name: "Copy: Extract default files {{ fp_copy_dir ~ '/' ~ fp_copy_arch_defaul }}"
49 when: fp_unarch_default | bool
50 tags: fp_copy_unarch_default
51 ansible.builtin.import_tasks: copy/unarch-default.yml
52
53 # Unarch optional
54- name: "Copy: Extract optional files {{ fp_copy_dir ~ '/' ~ fp_copy_arch_optional }}"
55 when: fp_unarch_optional | bool
56 tags: fp_copy_unarch_optional
57 ansible.builtin.import_tasks: copy/unarch-optional.yml
58
59# EOF
cron.yml
Synopsis: Configure cron
Description of the task.
1---
2- name: "Cron: Debug (fp_cron_debug={{ fp_cron_debug }})"
3 when: fp_cron_debug | bool
4 tags: fp_cron_debug
5 vars:
6 msg: |-
7 fp_cron_dir: {{ fp_cron_dir }}
8 fp_cron_var:
9 {{ fp_cron_var | to_yaml(indent=2) | indent(2) }}
10 fp_cron_tab:
11 {{ fp_cron_tab | to_nice_yaml(indent=2) | indent(2) }}
12 fp_cron_file_system: {{ fp_cron_file_system }}
13 fp_cron_var_system:
14 {{ fp_cron_var_system | to_yaml(indent=2) | indent(2) }}
15 fp_cron_tab_system:
16 {{ fp_cron_tab_system | to_nice_yaml(indent=2) | indent(2) }}
17 ansible.builtin.debug:
18 msg: "{{ '{}'.format(msg) }}"
19
20# Note on "cron – Manage cron.d and crontab entries"
21# https://docs.ansible.com/ansible/latest/modules/cron_module.html
22# Quoting from Synopsis: "When crontab jobs are managed: the module
23# includes one line with the description of the crontab entry
24# "#Ansible: <name>" corresponding to the “name” passed to the module,
25# which is used by future ansible/module calls to find/check the
26# state. The “name” parameter should be unique, and changing the
27# “name” value will result in a new cron task being created (or a
28# different one being removed).
29
30# If "# <name>" entry is present change it to "#Ansible: <name>" to
31# avoid double-entries
32
33- name: "Cron: Rename present crontab entries"
34 tags: fp_cron_rename_entries
35 ansible.builtin.include_tasks:
36 file: fn/cron-rename-entry.yml
37 loop: "{{ fp_cron_tab }}"
38
39- name: "Cron: Rename present crontab entries system"
40 tags: fp_cron_rename_entries_system
41 ansible.builtin.replace:
42 path: "{{ fp_cron_file_system }}"
43 regexp: ^\s*#\s*{{ item.name }}$
44 replace: "#Ansible: {{ item.name }}"
45 backup: "{{ fp_backup }}"
46 loop: "{{ fp_cron_tab }}"
47 loop_control:
48 label: "{{ item.name }}"
49
50- name: "Cron: Configure cron variables"
51 tags: fp_cron_var
52 community.general.cronvar:
53 name: "{{ item.name }}"
54 value: "{{ item.value }}"
55 user: "{{ item.user }}"
56 loop: "{{ fp_cron_var }}"
57
58- name: "Cron: Configure crontab entries"
59 tags: fp_cron_tab
60 ansible.builtin.cron:
61 state: "{{ item.state }}"
62 user: "{{ item.user }}"
63 name: "{{ item.name }}"
64 minute: "{{ item.minute }}"
65 hour: "{{ item.hour }}"
66 day: "{{ item.day }}"
67 month: "{{ item.month }}"
68 weekday: "{{ item.weekday }}"
69 job: "{{ item.command }}"
70 loop: "{{ fp_cron_tab }}"
71 loop_control:
72 label: "{{ item.name }}"
73
74- name: "Cron: Configure cron variables system"
75 tags: fp_cron_var_system
76 community.general.cronvar:
77 cron_file: "{{ fp_cron_file_system }}"
78 name: "{{ item.name }}"
79 value: "{{ item.value }}"
80 loop: "{{ fp_cron_var_system }}"
81
82- name: "Cron: Configure crontab entries system"
83 tags: fp_cron_tab_system
84 ansible.builtin.cron:
85 cron_file: "{{ fp_cron_file_system }}"
86 state: "{{ item.state }}"
87 user: "{{ item.user }}"
88 name: "{{ item.name }}"
89 minute: "{{ item.minute }}"
90 hour: "{{ item.hour }}"
91 day: "{{ item.day }}"
92 month: "{{ item.month }}"
93 weekday: "{{ item.weekday }}"
94 job: "{{ item.command }}"
95 loop: "{{ fp_cron_tab_system }}"
96 loop_control:
97 label: "{{ item.name }}"
98
99# TODO:
100# /etc/cron.d
101# /usr/local/etc/cron.d
102
103# EOF
debug.yml
Synopsis: Configure debug
Description of the task.
1---
2- name: FreeBSD postinstall Debug
3 vars:
4 _fp_qemu_install_varnames: "{{ query('varnames', '^fp_qemu_(.*)install$') }}"
5 _fp_qemu_install_values: "{{ _fp_qemu_install_varnames | map('extract', vars) | list }}"
6 _fp_qemu_install_dict: "{{ dict(_fp_qemu_install_varnames | zip(_fp_qemu_install_values)) }}"
7 msg: |-
8 fp_role_version: {{ fp_role_version }}
9 ansible_role_name: {{ ansible_role_name }}
10 ansible_facts.architecture: {{ ansible_facts.architecture }}
11 ansible_facts.os_family: {{ ansible_facts.os_family }}
12 ansible_facts.distribution: {{ ansible_facts.distribution }}
13 ansible_facts.distribution_major_version: {{ ansible_facts.distribution_major_version }}
14 ansible_facts.distribution_version: {{ ansible_facts.distribution_version }}
15 ansible_facts.distribution_release: {{ ansible_facts.distribution_release }}
16 ansible_facts.python_version: {{ ansible_facts.python_version }}
17
18 rc_conf_hostname: {{ rc_conf_hostname }}
19 fp_domain: {{ fp_domain }}
20 aws: {{ aws }}
21 digitalocean: {{ digitalocean }}
22 gcp: {{ gcp }}
23
24 freebsd_install_method: {{ freebsd_install_method }}
25 freebsd_use_packages: {{ freebsd_use_packages | d('UNDEFINED') }}
26 freebsd_install_retries: {{ freebsd_install_retries }}
27 freebsd_install_delay: {{ freebsd_install_delay }}
28
29 fp_install: {{ fp_install }}
30 fp_backup: {{ fp_backup }}
31 fp_vars: {{ fp_vars }} fp_vars_default_versions: {{ fp_vars_default_versions }}
32 fp_sanity: {{ fp_sanity }} fp_sanity_tags_fatal: {{ fp_sanity_tags_fatal }}
33
34 fp_aliases: {{ fp_aliases }}
35 fp_apcupsd: {{ fp_apcupsd }} fp_apcupsd_install: {{ fp_apcupsd_install }} fp_apcupsd_enable: {{ fp_apcupsd_enable }}
36 fp_authorized_key: {{ fp_authorized_key }}
37 fp_copy: {{ fp_copy }} fp_unarch_default: {{ fp_unarch_default }} fp_unarch_optional: {{ fp_unarch_optional }}
38 fp_cron: {{ fp_cron }}
39 fp_devfs: {{ fp_devfs }} fp_devfs_enable: {{ fp_devfs_enable }}
40 fp_dhclient: {{ fp_dhclient }}
41 fp_freebsd_update: {{ fp_freebsd_update }}
42 fp_fstab: {{ fp_fstab }}
43 fp_gitserver: {{ fp_gitserver }} fp_gitserver_install: {{ fp_gitserver_install }}
44 fp_groups: {{ fp_groups }}
45 fp_groupwrappers: {{ fp_groupwrappers }} fp_groupwrappers_install: {{ fp_groupwrappers_install }}
46 fp_hostapd: {{ fp_hostapd }} fp_hostapd_install: {{ fp_hostapd_install }} fp_hostapd_enable: {{ fp_hostapd_enable }}
47 fp_hostname: {{ fp_hostname }}
48 fp_hosts: {{ fp_hosts }}
49 fp_inetd: {{ fp_inetd }} fp_inetd_enable: {{ fp_inetd_enable }}
50 fp_libmap: {{ fp_libmap }}
51 fp_linux: {{ fp_linux }} fp_linux_install: {{ fp_linux_install }} fp_linux_enable: {{ fp_linux_enable }}
52 fp_loader: {{ fp_loader }} fp_loader_load_modules: {{ fp_loader_load_modules }}
53 fp_login: {{ fp_login }} fp_login_conf_global: {{ fp_login_conf_global }}
54 fp_make: {{ fp_make }}
55 fp_motd: {{ fp_motd }}
56 fp_mount_img: {{ fp_mount_img }}
57 fp_mount_iso: {{ fp_mount_iso }}
58 fp_nfs: {{ fp_nfs }} fp_nfs_enable: {{ fp_nfs_enable }}
59 fp_nfsd: {{ fp_nfsd }} fp_nfsd_enable: {{ fp_nfsd_enable }}
60 fp_ntp: {{ fp_ntp }} fp_ntpd_enable: {{ fp_ntpd_enable }}
61 fp_ntpdate: {{ fp_ntpdate }} fp_ntpdate_enable: {{ fp_ntpdate_enable }}
62 fp_passwords: {{ fp_passwords }}
63 fp_periodic: {{ fp_periodic }}
64 fp_procmail: {{ fp_procmail }} fp_procmail_install: {{ fp_procmail_install }}
65 fp_qemu: {{ fp_qemu }} fp_qemu_enable: {{ fp_qemu_enable }}{% for k, v in _fp_qemu_install_dict.items() %} {{ k }}: {{ v }}{% endfor %}
66
67 fp_rcd: {{ fp_rcd }}
68 fp_resolvconf: {{ fp_resolvconf }}
69 fp_smartd: {{ fp_smartd }} fp_smartd_install: {{ fp_smartd_install }} fp_smartd_enable: {{ fp_smartd_enable }}
70 fp_snmpd: {{ fp_snmpd }} fp_snmpd_install: {{ fp_snmpd_install }} fp_snmpd_enable: {{ fp_snmpd_enable }}
71 fp_ssh: {{ fp_ssh }}
72 fp_sshd: {{ fp_sshd }} fp_sshd_enable: {{ fp_sshd_enable }}
73 fp_sudoers: {{ fp_sudoers }}
74 fp_swap: {{ fp_swap }} fp_swap_enable: {{ fp_swap_enable }}
75 fp_sysctl: {{ fp_sysctl }}
76 fp_syslogd: {{ fp_syslogd }} fp_syslogd_enable: {{ fp_syslogd_enable }}
77 fp_syslogng: {{ fp_syslogng }} fp_syslogng_install: {{ fp_syslogng_install }} fp_syslogng_enable: {{ fp_syslogng_enable }}
78 fp_timezone: {{ fp_timezone }}
79 fp_tmpmfs: {{ fp_tmpmfs }}
80 fp_users: {{ fp_users }}
81 fp_wpasuppliant: {{ fp_wpasupplicant }} fp_wpasuppliant_install: {{ fp_wpasupplicant_install }}
82
83 fp_mountd_enable: {{ fp_mountd_enable }}
84 fp_rpcbind_enable: {{ fp_rpcbind_enable }}
85 fp_rpc_lockd_enable: {{ fp_rpc_lockd_enable }}
86 fp_rpc_statd_enable: {{ fp_rpc_statd_enable }}
87 ansible.builtin.debug:
88 msg: "{{ '{}'.format(msg) }}"
89
90# EOF
devd.yml
Synopsis: Configure devd
Description of the task.
1---
2- name: "Devd: Debug fp_devd_debug={{ fp_devd_debug }}"
3 when: fp_devd_debug | bool
4 tags: fp_devd_debug
5 vars:
6 msg: |-
7 fp_devd_enable: {{ fp_devd_enable }}
8 fp_devd_notify: {{ fp_devd_notify }}
9 fp_devd_service_task: {{ fp_devd_service_task }}
10
11 fp_devd_rcconf:
12 {{ fp_devd_rcconf | to_yaml(indent=2) | indent(2) }}
13 fp_devd_flags: {{ fp_devd_flags }}
14 fp_devd_conf_path: {{ fp_devd_conf_path }}
15 fp_devd_conf_blocks:
16 {{ fp_devd_conf_blocks | to_nice_yaml(indent=2) | indent(2) }}
17 fp_devd_dir: {{ fp_devd_dir }}
18 fp_devd_files:
19 {{ fp_devd_files | to_nice_yaml(indent=2) | indent(2) }}
20 fp_devd_local_dir: {{ fp_devd_local_dir }}
21 fp_devd_local_files:
22 {{ fp_devd_local_files | to_nice_yaml(indent=2) | indent(2) }}
23 fp_devd_action_scripts:
24 {{ fp_devd_action_scripts | to_nice_yaml(indent=2) | indent(2) }}
25 fp_devd_misc_files:
26 {{ fp_devd_misc_files | to_nice_yaml(indent=2) | indent(2) }}
27 fp_devd_owner: {{ fp_devd_owner }}
28 fp_devd_group: {{ fp_devd_group }}
29 fp_devd_dir_mode: {{ fp_devd_dir_mode }}
30 fp_devd_file_mode: {{ fp_devd_file_mode }}
31 ansible.builtin.debug:
32 msg: "{{ '{}'.format(msg) }}"
33
34 # TODO:
35 # - Configure /etc/devd.conf
36 # - Configure /etc/devd
37
38- name: "Devd: Create {{ fp_devd_local_dir }}"
39 tags: fp_devd_local_dir
40 ansible.builtin.file:
41 state: directory
42 path: "{{ fp_devd_local_dir }}"
43 owner: "{{ fp_devd_owner }}"
44 group: "{{ fp_devd_group }}"
45 mode: "{{ fp_devd_dir_mode }}"
46
47- name: "Devd: Configure files in {{ fp_devd_local_dir }}"
48 tags: fp_devd_local_files
49 notify: restart devd
50 ansible.builtin.copy:
51 dest: "{{ fp_devd_local_dir }}/{{ item.key }}.conf"
52 content: "{{ item.value }}"
53 owner: "{{ fp_devd_owner }}"
54 group: "{{ fp_devd_group }}"
55 mode: "{{ fp_devd_file_mode }}"
56 backup: "{{ fp_backup }}"
57 loop: "{{ fp_devd_local_files | dict2items }}"
58 loop_control:
59 label: "{{ item.key }}"
60
61- name: "Devd: Create action scripts."
62 tags: fp_devd_action_scripts
63 ansible.builtin.copy:
64 dest: "{{ item.key }}"
65 src: "{{ item.value.src | d(omit) }}"
66 content: "{{ item.value.content | d(omit) }}"
67 owner: "{{ item.value.owner | d(omit) }}"
68 group: "{{ item.value.group | d(omit) }}"
69 mode: "{{ item.value.mode | d(omit) }}"
70 backup: "{{ fp_backup }}"
71 loop: "{{ fp_devd_action_scripts | dict2items }}"
72 loop_control:
73 label: "{{ item.key }}"
74
75- name: "Devd: Create misc files."
76 tags: fp_devd_misc_files
77 ansible.builtin.copy:
78 dest: "{{ item.key }}"
79 src: "{{ item.value.src | d(omit) }}"
80 content: "{{ item.value.content | d(omit) }}"
81 owner: "{{ item.value.owner | d(omit) }}"
82 group: "{{ item.value.group | d(omit) }}"
83 mode: "{{ item.value.mode | d(omit) }}"
84 backup: "{{ fp_backup }}"
85 loop: "{{ fp_devd_misc_files | dict2items }}"
86 loop_control:
87 label: "{{ item.key }}"
88
89- name: "Devd: Configure rc.conf"
90 tags: fp_devd_rcconf
91 vars:
92 _service: devd
93 ansible.builtin.import_tasks: fn/rcconf.yml
94
95# EOF
devfs.yml
Synopsis: Configure devfs
Description of the task.
1---
2- name: "Devfs: Debug fp_devfs_debug={{ fp_devfs_debug }}"
3 when: fp_devfs_debug | bool
4 tags: fp_devfs_debug
5 vars:
6 msg: |-
7 fp_devfs_enable: {{ fp_devfs_enable }}
8 fp_devfs_notify: {{ fp_devfs_notify }}
9 fp_devfs_service_task: {{ fp_devfs_service_task }}
10 fp_devfs_rcconf:
11 {{ fp_devfs_rcconf | to_yaml(indent=2) | indent(2) }}
12
13 fp_devfs_load_rulesets: {{ fp_devfs_load_rulesets }}
14 fp_devfs_system_ruleset: {{ fp_devfs_system_ruleset }}
15 fp_devfs_rulesets: {{ fp_devfs_rulesets }}
16 fp_devfs_set_rulesets: {{ fp_devfs_set_rulesets }}
17 fp_devfs_conf_path: {{ fp_devfs_conf_path }}
18 fp_devfs_conf:
19 {{ fp_devfs_conf | to_yaml(indent=2) | indent(2) }}
20 fp_devfs_rules_path: {{ fp_devfs_rules_path }}
21 fp_devfs_rules_mode: {{ fp_devfs_rules_mode }}
22 fp_devfs_rules:
23 {{ fp_devfs_rules | to_yaml(indent=2) | indent(2) }}
24 ansible.builtin.debug:
25 msg: "{{ '{}'.format(msg) }}"
26
27- name: "Devfs: Configure {{ fp_devfs_conf_path }}"
28 tags: fp_devfs_conf
29 ansible.builtin.lineinfile:
30 dest: "{{ fp_devfs_conf_path }}"
31 regexp: ^\s*{{ item.action }}\s+{{ item.devname }}\s+{{ item.arg }}
32 line: "{{ item.action }} {{ item.devname }} {{ item.arg }}"
33 backup: "{{ fp_backup }}"
34 loop: "{{ fp_devfs_conf }}"
35
36- name: "Devfs: Configure {{ fp_devfs_rules_path }}"
37 tags: fp_devfs_rules
38 community.general.ini_file:
39 path: "{{ fp_devfs_rules_path }}"
40 create: true
41 mode: "{{ fp_devfs_rules_mode }}"
42 allow_no_value: true
43 owner: "{{ fp_devfs_owner }}"
44 group: "{{ fp_devfs_group }}"
45 section: "{{ item.section }}"
46 option: "{{ item.option }}"
47 value: "{{ item.value | d(omit) }}"
48 state: "{{ item.state | d('present') }}"
49 backup: "{{ fp_backup }}"
50 loop: "{{ fp_devfs_rules }}"
51
52- name: "Devfs: Configure rc.conf"
53 tags: fp_devfs_rcconf
54 vars:
55 _service: devfs
56 ansible.builtin.import_tasks: fn/rcconf.yml
57
58# EOF
dhclient.yml
Synopsis: Configure dhclient
Description of the task.
1---
2- name: "Dhclient: Debug fp_dhclient_debug={{ fp_dhclient_debug }}"
3 when: fp_dhclient_debug | bool
4 tags: fp_dhclient_debug
5 vars:
6 msg: |-
7 fp_dhclient_ifn: {{ fp_dhclient_ifn }}
8 fp_dhclient_ifn_rcconf: {{ fp_dhclient_ifn_rcconf }}
9 fp_dhclient_ifn_rcconfd: {{ fp_dhclient_ifn_rcconfd }}
10 fp_dhclient_ifn_leases: {{ fp_dhclient_ifn_leases }}
11 fp_dhclient_sanity: {{ fp_dhclient_sanity }}
12 fp_dhclient_sanity_quiet: {{ fp_dhclient_sanity_quiet }}
13 fp_dhclient_etc_dir: {{ fp_dhclient_etc_dir }}
14 fp_dhclient_conf_path: {{ fp_dhclient_conf_path }}
15
16 fp_dhclient_conf_defaults:
17 {{ fp_dhclient_conf_defaults | to_yaml(indent=2) | indent(2) }}
18 fp_dhclient_conf_blocks:
19 {{ fp_dhclient_conf_blocks | to_nice_yaml(indent=2) | indent(2) }}
20 fp_dhclient_hooks:
21 {{ fp_dhclient_hooks | to_nice_yaml(indent=2) | indent(2) }}
22 ansible.builtin.debug:
23 msg: "{{ '{}'.format(msg) }}"
24
25- name: Sanity
26 when: fp_dhclient_sanity | bool
27 tags: fp_dhclient_sanity
28 block:
29
30 - name: "Dhclient: Sanity: List fp_dhclient_ifn empty."
31 vars:
32 fp_dhclient_ifn_rc: "{{ fp_dhclient_ifn_rcconf | bool or fp_dhclient_ifn_rcconfd | bool }}"
33 ansible.builtin.assert:
34 that: (fp_dhclient_ifn | length == 0) | ternary(fp_dhclient_ifn_rc != fp_dhclient_ifn_leases, true)
35 quiet: "{{ fp_dhclient_sanity_quiet | bool }}"
36 fail_msg: |
37 The list of interfaces fp_dhclient_ifn is empty. One of the below options must be True,
38 but not both
39 - fp_dhclient_ifn_leases
40 - fp_dhclient_ifn_rcconf or fp_dhclient_ifn_rcconfd
41
42 - name: "Dhclient: Sanity: List fp_dhclient_ifn not empty."
43 vars:
44 fp_dhclient_ifn_rc: "{{ fp_dhclient_ifn_rcconf | bool or fp_dhclient_ifn_rcconfd | bool }}"
45 ansible.builtin.assert:
46 that: (fp_dhclient_ifn | length > 0) | ternary(not(fp_dhclient_ifn_rc or fp_dhclient_ifn_leases), true)
47 quiet: "{{ fp_dhclient_sanity_quiet | bool }}"
48 fail_msg: |
49 The list of interfaces fp_dhclient_ifn is not empty. Both below options must be False
50 - fp_dhclient_ifn_leases
51 - fp_dhclient_ifn_rcconf or fp_dhclient_ifn_rcconfd
52
53- name: Get interfaces from /var/db/dhclient.leases.*
54 when: fp_dhclient_ifn_leases | bool
55 tags: fp_dhclient_ifn_leases
56 block:
57
58 - name: "Dhclient: Get interfaces /var/db/dhclient.leases.*"
59 register: result
60 changed_when: false
61 ansible.builtin.shell:
62 cmd: set -o pipefail && ls -1 /var/db/dhclient.leases.* | rev | cut -d . -f 1 | rev
63
64 - name: "Dhclient: Debug interfaces /var/db/dhclient.leases.* fp_dhclient_debug2={{ fp_dhclient_debug2 }}"
65 when: fp_dhclient_debug2 | bool
66 ansible.builtin.debug:
67 var: result
68
69 - name: "Dhclient: Get status of dhclients."
70 register: result
71 changed_when: false
72 failed_when: false
73 ansible.builtin.command:
74 cmd: /etc/rc.d/dhclient status {{ item }}
75 loop: "{{ result.stdout_lines }}"
76
77 - name: "Dhclient: Set fp_dhclient_ifn"
78 ansible.builtin.set_fact:
79 fp_dhclient_ifn: "{{ result.results | rejectattr('rc', 'gt', 0) | map(attribute='item') | list }}"
80
81 - name: "Dhclient: Debug fp_dhclient_ifn fp_dhclient_debug={{ fp_dhclient_debug }}"
82 when: fp_dhclient_debug | bool
83 ansible.builtin.debug:
84 var: fp_dhclient_ifn
85
86- name: Get interfaces from /etc/rc.conf
87 when: fp_dhclient_ifn_rcconf | bool
88 tags: fp_dhclient_ifn_rcconf
89 block:
90
91 - name: "Dhclient: Get interfaces from /etc/rc.conf"
92 register: result
93 changed_when: false
94 ansible.builtin.command:
95 cmd: grep '^ifconfig_.*$' /etc/rc.conf
96
97 - name: "Dhclient: Debug interfaces from /etc/rc.conf fp_dhclient_debug2={{ fp_dhclient_debug2 }}"
98 when: fp_dhclient_debug2 | bool
99 ansible.builtin.debug:
100 var: result
101
102 - name: "Dhclient: Set fp_dhclient_ifn"
103 vars:
104 _regex: ^ifconfig_.*\s*=.*DHCP.*$
105 _arr: "{{ result.stdout_lines
106 | select('match', _regex)
107 | map('split', '=')
108 | list }}"
109 _keys: "{{ _arr
110 | map('first')
111 | map('split', '_')
112 | map('last')
113 | list }}"
114 ansible.builtin.set_fact:
115 fp_dhclient_ifn: "{{ _keys }}"
116
117 - name: "Dhclient: Debug fp_dhclient_ifn fp_dhclient_debug={{ fp_dhclient_debug }}"
118 when: fp_dhclient_debug | bool
119 ansible.builtin.debug:
120 var: fp_dhclient_ifn
121
122- name: Stat /etc/rc.conf.d
123 when: fp_dhclient_ifn_rcconfd | bool
124 tags: fp_dhclient_ifn_rcconfd
125 block:
126
127 - name: "Dhclient: Stat /etc/rc.conf.d"
128 register: result_stat
129 ansible.builtin.stat:
130 path: /etc/rc.conf.d
131
132 - name: "Dhclient: Debug stat fp_dhclient_debug2={{ fp_dhclient_debug2 }}"
133 when: fp_dhclient_debug2 | bool
134 ansible.builtin.debug:
135 var: result_stat
136
137- name: Get interfaces from /etc/rc.conf.d
138 when:
139 - fp_dhclient_ifn_rcconfd | bool
140 - result_stat.stat.exists
141 tags: fp_dhclient_ifn_rcconfd
142 block:
143
144 - name: "Dhclient: Get interfaces from /etc/rc.conf.d"
145 register: result
146 changed_when: false
147 failed_when: false
148 ansible.builtin.command:
149 cmd: grep -r '^ifconfig_.*$' /etc/rc.conf.d
150
151 - name: "Dhclient: Debug interfaces from /etc/rc.conf.d fp_dhclient_debug2={{ fp_dhclient_debug2 }}"
152 when: fp_dhclient_debug2 | bool
153 ansible.builtin.debug:
154 var: result
155
156 - name: "Dhclient: Set fp_dhclient_ifn"
157 vars:
158 _regex: ^ifconfig_.*\s*=.*DHCP.*$
159 _arr: "{{ result.stdout_lines
160 | map('split', ':')
161 | map('last')
162 | select('match', _regex)
163 | map('split', '=')
164 | list }}"
165 _keys: "{{ _arr
166 | map('first')
167 | map('split', '_')
168 | map('last')
169 | list }}"
170 ansible.builtin.set_fact:
171 fp_dhclient_ifn: "{{ (fp_dhclient_ifn | d([]) + _keys) | unique }}"
172
173 - name: "Dhclient: Debug fp_dhclient_ifn fp_dhclient_debug={{ fp_dhclient_debug }}"
174 when: fp_dhclient_debug | bool
175 ansible.builtin.debug:
176 var: fp_dhclient_ifn
177
178- name: "Dhclient: Change owner, group and permissions {{ fp_dhclient_conf_path }}"
179 tags: fp_dhclient_conf_create
180 ansible.builtin.file:
181 path: "{{ fp_dhclient_conf_path }}"
182 owner: root
183 group: wheel
184 mode: "0644"
185
186- name: "Dhclient: Configure defaults in {{ fp_dhclient_conf_path }}"
187 tags: fp_dhclient_conf_defaults
188 notify: restart dhclient all
189 ansible.builtin.lineinfile:
190 dest: "{{ fp_dhclient_conf_path }}"
191 insertbefore: BOF
192 regexp: "{{ item.key }}\\s+(.*)$"
193 line: "{{ item.key }} {{ item.value }};"
194 backup: "{{ fp_backup }}"
195 loop: "{{ fp_dhclient_conf_defaults }}"
196
197- name: Configure blocks
198 tags: fp_dhclient_conf_blocks
199 block:
200
201 - name: "Dhclient: Configure blocks in {{ fp_dhclient_conf_path }}"
202 register: fp_dhclient_conf_changes
203 notify: restart dhclient blocks
204 ansible.builtin.blockinfile:
205 dest: "{{ fp_dhclient_conf_path }}"
206 insertafter: EOF
207 marker: "# {mark} {{ item.type }} {{ item.ifn }}"
208 block: "{{ item.block }}"
209 backup: "{{ fp_backup }}"
210 loop: "{{ fp_dhclient_conf_blocks }}"
211 loop_control:
212 label: "{{ item.type }} {{ item.ifn }}"
213
214 - name: "Dhclient: Debug changed interfaces to be restarted fp_dhclient_debug={{ fp_dhclient_debug }}"
215 when: fp_dhclient_debug | bool
216 ansible.builtin.debug:
217 msg: "{{ fp_dhclient_conf_changes.results | selectattr('changed') | map(attribute='item.ifn') | unique }}"
218
219- name: "Dhclient: Create hooks."
220 tags: fp_dhclient_hooks
221 ansible.builtin.copy:
222 dest: "{{ fp_dhclient_etc_dir }}/{{ item.key }}"
223 content: "{{ item.value }}"
224 owner: root
225 group: wheel
226 mode: "0644"
227 backup: "{{ fp_backup }}"
228 loop: "{{ fp_dhclient_hooks | dict2items }}"
229 loop_control:
230 label: "{{ item.key }}"
231
232# EOF
freebsd-update.yml
Synopsis: Configure freebsd-update
Description of the task.
1---
2- name: Get current config and create fp_freebsd_update_conf_current
3 tags:
4 - fp_freebsd_update_conf
5 - fp_freebsd_update_debug
6 - fp_freebsd_update_protect_keyprint
7 - fp_freebsd_update_sanity
8 block:
9
10 - name: "Freebsd-update: Read /etc/freebsd-update.conf"
11 changed_when: false
12 check_mode: false
13 register: out
14 ansible.builtin.shell:
15 cmd: set -o pipefail && freebsd-update showconfig | grep .*=.* | sort
16
17 - name: "Freebsd-update: Create fp_freebsd_update_conf_current"
18 ansible.builtin.set_fact:
19 fp_freebsd_update_conf_current: "{{ dict(out.stdout_lines | map('split', '=') | map('map', 'trim')) }}"
20 # fp_freebsd_update_conf_current: "{{ out.stdout | community.general.jc('ini') }}"
21
22 - name: "Freebsd-update: Debug fp_freebsd_update_debug={{ fp_freebsd_update_debug }}"
23 when: fp_freebsd_update_debug | bool
24 ansible.builtin.debug:
25 var: fp_freebsd_update_conf_current
26
27- name: "Freebsd-update: Debug fp_freebsd_update_debug={{ fp_freebsd_update_debug }}"
28 when: fp_freebsd_update_debug | bool
29 tags: fp_freebsd_update_debug
30 vars:
31 msg: |-
32 fp_freebsd_update_sanity: {{ fp_freebsd_update_sanity }}
33 fp_freebsd_update_sanity_quiet: {{ fp_freebsd_update_sanity_quiet }}
34 fp_freebsd_update_protect_keyprint: {{ fp_freebsd_update_protect_keyprint }}
35 fp_freebsd_update_valid_keyprint: {{ fp_freebsd_update_valid_keyprint }}
36 fp_freebsd_update_conf_orig: {{ fp_freebsd_update_conf_orig }}
37 fp_freebsd_update_conf_template: {{ fp_freebsd_update_conf_template }}
38
39 fp_freebsd_update_conf:
40 {{ fp_freebsd_update_conf | to_nice_yaml(indent=2) | indent(2) }}
41 fp_freebsd_update_conf_target:
42 {{ fp_freebsd_update_conf_target | to_nice_yaml(indent=2) | indent(2) }}
43 ansible.builtin.debug:
44 msg: "{{ '{}'.format(msg) }}"
45
46- name: Sanity
47 when: fp_freebsd_update_sanity | bool
48 tags: fp_freebsd_update_sanity
49 vars:
50 fp_default_keyprint: "{{ fp_freebsd_update_conf_current.KEYPRINT }}"
51 block:
52
53 - name: "Freebsd-update: Protect trusted keyprint"
54 when: fp_freebsd_update_protect_keyprint | bool
55 ansible.builtin.assert:
56 quiet: "{{ fp_freebsd_update_sanity_quiet }}"
57 that: fp_freebsd_update_conf_current.KEYPRINT == fp_freebsd_update_conf.KeyPrint | d(fp_default_keyprint)
58 fail_msg: "[ERR] Changing KeyPrint not allowed."
59 success_msg: "[OK] KeyPrint will not change."
60
61 - name: "Freebsd-update: Valid trusted keyprint"
62 vars:
63 state: "{{ fp_freebsd_update_conf.KeyPrint is defined | ternary('New', 'Current') }}"
64 when: fp_freebsd_update_valid_keyprint | bool
65 ansible.builtin.assert:
66 quiet: "{{ fp_freebsd_update_sanity_quiet }}"
67 that: fp_freebsd_update_conf.KeyPrint | d(fp_default_keyprint) is regex('^[0-9a-fA-F]{64}$')
68 fail_msg: "[ERR] {{ state }} KeyPrint not valid."
69 success_msg: "[OK] {{ state }} KeyPrint is valid."
70
71- name: "Freebsd-update: Backup origin /etc/freebsd-update.conf"
72 when: fp_freebsd_update_conf_orig | bool
73 tags: fp_freebsd_update_conf_orig
74 ansible.builtin.command:
75 cmd: cp /etc/freebsd-update.conf /etc/freebsd-update.conf.orig
76 creates: /etc/freebsd-update.conf.orig
77
78- name: Combine fp_freebsd_update_conf and update /etc/freebsd-update.conf
79 tags: fp_freebsd_update_conf
80 block:
81
82 - name: "Combine fp_freebsd_update_conf"
83 vars:
84 target: "{{ fp_freebsd_update_conf_target | dict2items(key_name='before', value_name='after') }}"
85 ansible.builtin.set_fact:
86 fp_freebsd_update_conf: "{{ [fp_freebsd_update_conf_current] |
87 community.general.replace_keys(target=target) |
88 first |
89 combine(fp_freebsd_update_conf) }}"
90
91 - name: "Freebsd-update: Debug fp_freebsd_update_debug={{ fp_freebsd_update_debug }}"
92 when: fp_freebsd_update_debug | bool
93 ansible.builtin.debug:
94 var: fp_freebsd_update_conf
95
96 - name: "Freebsd-update: Create /etc/freebsd-update.conf from template"
97 ansible.builtin.template:
98 src: "{{ fp_freebsd_update_conf_template }}"
99 dest: /etc/freebsd-update.conf
100 owner: root
101 group: wheel
102 mode: "0644"
103 backup: "{{ fp_backup }}"
104 validate: freebsd-update -f %s showconfig
105
106# EOF
fstab.yml
Synopsis: Configure fstab
Description of the task.
1---
2- name: "Fstab: Configure fstab entries by mount"
3 ansible.posix.mount:
4 name: "{{ item.name }}"
5 src: "{{ item.src }}"
6 fstype: "{{ item.fstype }}"
7 opts: "{{ item.opts }}"
8 dump: "{{ item.dump | d('0') }}"
9 passno: "{{ item.passno | d('0') }}"
10 state: "{{ item.state | d('mounted') }}"
11 backup: "{{ fp_backup }}"
12 loop: "{{ fp_fstab_entries | rejectattr('fstype', 'in', fp_fstab_fstype_blacklist) }}"
13
14- name: "Fstab: Configure fstab swap entries."
15 notify: mount swap
16 ansible.builtin.lineinfile:
17 path: /etc/fstab
18 regexp: ^\s*{{ item.src }}\s+(.*)$
19 line: "{{ item.src }} none swap {{ item.opts }} 0 0"
20 state: "{{ item.state | d('present') }}"
21 backup: "{{ fp_backup }}"
22 loop: "{{ fp_fstab_entries | selectattr('fstype', 'eq', 'swap') }}"
23
24# NOTE:
25# The module ansible.posix.mount do not mount swap
26# SEE:
27# * Add support for swap management #106
28# https://github.com/ansible-collections/ansible.posix/issues/106
29# * New module swap: manage ... swap partitions #49455
30# https://github.com/ansible/ansible/pull/49455
31
32# EOF
gitserver.yml
Synopsis: Configure gitserver
Description of the task.
1---
2- name: "Gitserver: Debug fp_gitserver_debug={{ fp_gitserver_debug }}"
3 when: fp_gitserver_debug | bool
4 tags: fp_gitserver_debug
5 vars:
6 msg: |-
7 fp_gitserver_install: {{ fp_gitserver_install }}
8 fp_gitserver_notify: {{ fp_gitserver_notify }}
9 fp_gitserver_service_task: {{ fp_gitserver_service_task }}
10
11 fp_gitserver_dir: {{ fp_gitserver_dir }}
12 fp_gitserver_owner: {{ fp_gitserver_owner }}
13 fp_gitserver_group: {{ fp_gitserver_group }}
14
15 fp_git_daemon_enable: {{ fp_git_daemon_enable }}
16 fp_git_daemon_rcconf:
17 {{ fp_git_daemon_rcconf | to_nice_yaml(indent=2) | indent(2) }}
18 ansible.builtin.debug:
19 msg: "{{ '{}'.format(msg) }}"
20
21- name: "Gitserver: Create {{ fp_gitserver_dir }}"
22 tags: fp_gitserver_dir
23 ansible.builtin.file:
24 state: directory
25 path: "{{ fp_gitserver_dir }}"
26 owner: "{{ fp_gitserver_owner }}"
27 group: "{{ fp_gitserver_group }}"
28 mode: "{{ fp_gitserver_dir_mode }}"
29
30- name: "Gitserver: Configure rc.conf"
31 tags: fp_gitserver_rcconf
32 vars:
33 _service: git_daemon
34 ansible.builtin.import_tasks: fn/rcconf.yml
35
36# EOF
groups.yml
Synopsis: Configure groups
Description of the task.
1---
2- name: "Groups: Debug fp_groups_debug={{ fp_groups_debug }}"
3 when: fp_groups_debug | bool
4 tags: fp_groups_debug
5 vars:
6 msg: |-
7 fp_groups_conf:
8 {{ fp_groups_conf | to_nice_yaml(indent=2) | indent(2) }}
9 ansible.builtin.debug:
10 msg: "{{ '{}'.format(msg) }}"
11
12- name: "Groups: Manage groups"
13 tags: fp_groups_conf
14 ansible.builtin.group:
15 name: "{{ item.name }}"
16 gid: "{{ item.gid | d(omit) }}"
17 local: "{{ item.local | d(omit) }}"
18 state: "{{ item.state | d(omit) }}"
19 system: "{{ item.system | d(omit) }}"
20 loop: "{{ fp_groups_conf }}"
21
22# EOF
groupwrappers.yml
Synopsis: Configure groupwrappers
Description of the task.
1---
2# Ansible module users needs utilities groupadd, groupdel, groupmod. There are
3# no such utililities in BSD. Let us create them.
4
5- name: "Groupwrappers: Create directory for wrappers {{ fp_groupwrappers_dir }}"
6 tags: fp_groupwrappers_dir
7 ansible.builtin.file:
8 state: directory
9 path: "{{ fp_groupwrappers_dir }}"
10 mode: "{{ fp_groupwrappers_dir_mode }}"
11 owner: "{{ fp_groupwrappers_owner }}"
12 group: "{{ fp_groupwrappers_group }}"
13
14- name: "Groupwrappers: Create groupadd wrapper in {{ fp_groupwrappers_dir }}"
15 tags: fp_groupwrappers_groupadd
16 ansible.builtin.template:
17 src: groupadd.j2
18 dest: "{{ fp_groupwrappers_dir }}/groupadd"
19 owner: "{{ fp_groupwrappers_owner }}"
20 group: "{{ fp_groupwrappers_group }}"
21 mode: "{{ fp_groupwrappers_mode }}"
22 backup: "{{ fp_backup }}"
23
24- name: "Groupwrappers: Create groupdel wrapper in {{ fp_groupwrappers_dir }}"
25 tags: fp_groupwrappers_groupdel
26 ansible.builtin.template:
27 src: groupdel.j2
28 dest: "{{ fp_groupwrappers_dir }}/groupdel"
29 owner: "{{ fp_groupwrappers_owner }}"
30 group: "{{ fp_groupwrappers_group }}"
31 mode: "{{ fp_groupwrappers_mode }}"
32 backup: "{{ fp_backup }}"
33
34- name: "Groupwrappers: Create groupmod wrapper in {{ fp_groupwrappers_dir }}"
35 tags: fp_groupwrappers_groupmod
36 ansible.builtin.template:
37 src: groupmod.j2
38 dest: "{{ fp_groupwrappers_dir }}/groupmod"
39 owner: "{{ fp_groupwrappers_owner }}"
40 group: "{{ fp_groupwrappers_group }}"
41 mode: "{{ fp_groupwrappers_mode }}"
42 backup: "{{ fp_backup }}"
43
44# EOF
hostapd.yml
Synopsis: Configure hostapd
Description of the task.
1---
2- name: "Hostapd: Configure {{ fp_hostapd_conf_file }}"
3 notify: restart hostapd
4 tags: fp_hostapd_conf
5 ansible.builtin.template:
6 src: "{{ fp_hostapd_conf_template }}"
7 dest: "{{ fp_hostapd_conf_file }}"
8 owner: "{{ fp_hostapd_conf_owner }}"
9 group: "{{ fp_hostapd_conf_group }}"
10 mode: "{{ fp_hostapd_conf_mode }}"
11 backup: "{{ fp_backup }}"
12
13- name: "Hostapd: Configure rc.conf"
14 tags: fp_hostapd_rcconf
15 vars:
16 _service: hostapd
17 ansible.builtin.import_tasks: fn/rcconf.yml
18
19# EOF
hostname.yml
Synopsis: Configure hostname
Description of the task.
1---
2- name: "Hostname: Configure hostname in {{ _path }}"
3 vars:
4 _path: "{{ fp_rcconfd | bool | ternary(fp_rcconfd_path.hostname, '/etc/rc.conf') }}"
5 notify: set hostname
6 community.general.sysrc:
7 path: "{{ _path }}"
8 name: "{{ item.key }}"
9 value: "{{ item.value | d(omit) }}"
10 state: "{{ item.state | d(omit) }}"
11 loop: "{{ fp_hostname_rcconf }}"
12
13# EOF
hosts.yml
Synopsis: Configure hosts
Description of the task.
1---
2- name: "Hosts: Debug fp_hosts_debug={{ fp_hosts_debug }}"
3 when: fp_hosts_debug | bool
4 tags: fp_hosts_debug
5 vars:
6 msg: |-
7 fp_hosts_sanity: {{ fp_hosts_sanity }}
8 fp_hosts_sanity_quiet: {{ fp_hosts_sanity_quiet }}
9 fp_hosts_sanity_valid_ip: {{ fp_hosts_sanity_valid_ip }}
10 fp_hosts_sanity_unique_fqdn: {{ fp_hosts_sanity_unique_fqdn }}
11 fp_hosts_sanity_valid_fqdn: {{ fp_hosts_sanity_valid_fqdn }}
12 fp_hosts_fqdn_allow_underscores: {{ fp_hosts_fqdn_allow_underscores }}
13 fp_hosts_conf_file: {{ fp_hosts_conf_file }}
14 fp_hosts_conf_template: {{ fp_hosts_conf_template }}
15 fp_hosts_localhost_ipv4: {{ fp_hosts_localhost_ipv4 }}
16 fp_hosts_localhost_ipv6: {{ fp_hosts_localhost_ipv6 }}
17 fp_hosts_localhost_ipv4_hosts: {{ fp_hosts_localhost_ipv4_hosts }}
18 fp_hosts_localhost_ipv6_hosts: {{ fp_hosts_localhost_ipv6_hosts }}
19 fp_hosts_conf:
20 {{ fp_hosts_conf | to_yaml(indent=2) | indent(2) }}
21 ansible.builtin.debug:
22 msg: "{{ '{}'.format(msg) }}"
23
24- name: Sanity
25 when: fp_hosts_sanity | bool
26 tags: fp_hosts_sanity
27 block:
28
29 - name: "Hosts: Sanity valid IP"
30 when: fp_hosts_sanity_valid_ip | bool
31 vars:
32 valid_ip: "{{ fp_hosts_conf | map(attribute='ip') | map('ansible.utils.ipaddr') }}"
33 ansible.builtin.assert:
34 that: valid_ip is all
35 quiet: "{{ fp_hosts_sanity_quiet | bool }}"
36 fail_msg: "[ERR] Invalid IP address."
37 success_msg: "[OK] All IP addresses are valid."
38
39 - name: "Hosts: Sanity unique FQDN"
40 when: fp_hosts_sanity_unique_fqdn | bool
41 vars:
42 fqdn_no: "{{ fp_hosts_conf | map(attribute='fqdn') | list }}"
43 ansible.builtin.assert:
44 that: fqdn_no | length == fqdn_no | unique | length
45 quiet: "{{ fp_hosts_sanity_quiet | bool }}"
46 fail_msg: "[ERR] FQDN not unique."
47 success_msg: "[OK] All FQDN are unique."
48
49 - name: "Hosts: Sanity valid FQDN"
50 when: fp_hosts_sanity_valid_fqdn | bool
51 vars:
52 allow_underscores: "{{ fp_hosts_fqdn_allow_underscores | bool }}"
53 fqdn_invalid: "{{ fp_hosts_conf |
54 map(attribute='fqdn') |
55 reject('community.general.fqdn_valid', allow_underscores=allow_underscores) }}"
56 ansible.builtin.assert:
57 that: fqdn_invalid | length == 0
58 quiet: "{{ fp_hosts_sanity_quiet }}"
59 fail_msg: "[ERR] Invalid FQDN: {{ fqdn_invalid }}"
60 success_msg: "[OK] All FQDN are valid."
61
62- name: "Hosts: Configure hosts in {{ fp_hosts_conf_file }}"
63 tags: fp_hosts_conf
64 ansible.builtin.template:
65 src: "{{ fp_hosts_conf_template }}"
66 dest: "{{ fp_hosts_conf_file }}"
67 owner: root
68 group: wheel
69 mode: "0644"
70 backup: "{{ fp_backup }}"
71
72# EOF
inetd.yml
Synopsis: Configure inetd
Description of the task.
1---
2- name: "Inetd: Debug fp_inetd_debug={{ fp_inetd_debug }}"
3 when: fp_inetd_debug | bool
4 tags: fp_inetd_debug
5 vars:
6 msg: |-
7 fp_inetd_enable: {{ fp_inetd_enable }}
8 fp_inetd_notify: {{ fp_inetd_notify }}
9 fp_inetd_service_task: {{ fp_inetd_service_task }}
10
11 fp_inetd_rcconf:
12 {{ fp_inetd_rcconf | to_nice_yaml(indent=2) | indent(2) }}
13 fp_inetd_conf_orig: {{ fp_inetd_conf_orig }}
14 fp_inetd_conf:
15 {{ fp_inetd_conf | to_nice_yaml(indent=2) | indent(2) }}
16 fp_inetd_hosts_allow_file: {{ fp_inetd_hosts_allow_file }}
17 fp_inetd_hosts_allow_orig: {{ fp_inetd_hosts_allow_orig }}
18 fp_inetd_hosts_allow_template: {{ fp_inetd_hosts_allow_template }}
19 fp_inetd_hosts_allow_conf:
20 {{ fp_inetd_hosts_allow_conf | to_yaml(indent=2) | indent(2) }}
21 fp_inetd_syslogd_confd:
22 {{ fp_inetd_syslogd_confd | to_nice_yaml(indent=2) | indent(2) }}
23 fp_inetd_syslogd_newconfd:
24 {{ fp_inetd_syslogd_newconfd | to_nice_yaml(indent=2) | indent(2) }}
25 ansible.builtin.debug:
26 msg: "{{ '{}'.format(msg) }}"
27
28- name: Configure syslog
29 block:
30
31 - name: "Inetd: Create logfile {{ fp_inetd_logfile }}"
32 when: fp_inetd_logfile | length > 0
33 tags: fp_inetd_logfile
34 ansible.builtin.file:
35 state: touch
36 access_time: preserve
37 modification_time: preserve
38 path: "{{ fp_inetd_logfile }}"
39 owner: root
40 group: wheel
41 mode: "0644"
42
43 - name: "Inetd: Create files in /etc/syslog.d/"
44 tags: fp_inetd_syslogd
45 notify: reload syslogd
46 vars:
47 fp_syslogd_conf: "{{ item.conf }}"
48 ansible.builtin.template:
49 src: "{{ item.template }}"
50 dest: /etc/syslog.d/{{ item.path }}
51 owner: root
52 group: wheel
53 mode: "0644"
54 backup: "{{ fp_backup }}"
55 loop: "{{ fp_inetd_syslogd_confd }}"
56 loop_control:
57 label: "{{ item.path }}"
58
59 - name: "Inetd: Create files in /etc/newsyslog.conf.d/"
60 tags: fp_inetd_syslogd_newconfd
61 notify: create newsyslog
62 vars:
63 fp_syslogd_newconf: "{{ item.conf }}"
64 ansible.builtin.template:
65 src: "{{ item.template }}"
66 dest: /etc/newsyslog.conf.d/{{ item.path }}
67 owner: root
68 group: wheel
69 mode: "0644"
70 backup: "{{ fp_backup }}"
71 loop: "{{ fp_inetd_syslogd_newconfd }}"
72 loop_control:
73 label: "{{ item.path }}"
74
75- name: Backup orig files
76 block:
77
78 - name: "Inetd: Backup origin /etc/inetd.conf"
79 when: fp_inetd_conf_orig | bool
80 tags: fp_inetd_conf_orig
81 ansible.builtin.command:
82 cmd: cp /etc/inetd.conf /etc/inetd.conf.orig
83 creates: /etc/inetd.conf.orig
84
85 # TODO:
86 # - name: "inetd: Configure /etc/inetd.conf"
87 # ansible.builtin.template:
88 # src: inetd.conf.j2
89 # dest: /etc/inetd.conf
90 # owner: root
91 # group: wheel
92 # mode: '0644'
93 # backup: "{{ fp_backup }}"
94 # notify: reload inetd
95 # when: fp_inetd_conf|length > 0
96 # tags: fp_inetd_conf
97
98 - name: "Inetd: Backup origin {{ fp_inetd_hosts_allow_file }}"
99 when: fp_inetd_hosts_allow_orig | bool
100 tags: fp_inetd_hosts_allow_orig
101 ansible.builtin.command:
102 cmd: cp {{ fp_inetd_hosts_allow_file }} {{ fp_inetd_hosts_allow_file }}.orig
103 creates: "{{ fp_inetd_hosts_allow_file }}.orig"
104
105- name: "Inetd: Configure {{ fp_inetd_hosts_allow_file }}"
106 when: fp_inetd_hosts_allow_conf | length > 0
107 tags: fp_inetd_hosts_allow
108 notify: reload inetd
109 ansible.builtin.template:
110 src: "{{ fp_inetd_hosts_allow_template }}"
111 dest: "{{ fp_inetd_hosts_allow_file }}"
112 owner: root
113 group: wheel
114 mode: "0644"
115 backup: "{{ fp_backup }}"
116
117
118- name: "Inetd: Configure rc.conf"
119 tags: fp_inetd_rcconf
120 vars:
121 _service: inetd
122 ansible.builtin.import_tasks: fn/rcconf.yml
123
124# EOF
libmap.yml
Synopsis: Configure libmap
Description of the task.
1---
2- name: "Libmap: Configure {{ fp_libmap_conf_file }}"
3 ansible.builtin.lineinfile:
4 dest: "{{ fp_libmap_conf_file }}"
5 regexp: ^\s*{{ item.origin }}\s+(.*)$
6 line: "{{ item.origin }} {{ item.target }}"
7 backup: "{{ fp_backup }}"
8 loop: "{{ fp_libmap_entries }}"
9
10# TODO: includedir /usr/local/etc/libmap.d
11
12# EOF
linux.yml
Synopsis: Configure linux
Description of the task.
1---
2- name: "Linux: Debug fp_linux_debug={{ fp_linux_debug }}"
3 when: fp_linux_debug | bool
4 tags: fp_linux_debug
5 vars:
6 msg: |-
7 fp_linux_enable: {{ fp_linux_enable }}
8 fp_linux_install: {{ fp_linux_install }}
9 fp_linux_notify: {{ fp_linux_notify }}
10 fp_linux_service_task: {{ fp_linux_service_task }}
11
12 fp_linux_fstab:
13 {{ fp_linux_fstab | to_yaml(indent=2) | indent(2) }}
14 fp_linux_lib_dir: {{ fp_linux_lib_dir }}
15 fp_linux_lib:
16 {{ fp_linux_lib | to_yaml(indent=2) | indent(2) }}
17 ansible.builtin.debug:
18 msg: "{{ '{}'.format(msg) }}"
19
20- name: "Linux: Configure fstab"
21 tags: fp_linux_fstab
22 ansible.posix.mount:
23 name: "{{ item.name }}"
24 src: "{{ item.src }}"
25 fstype: "{{ item.fstype }}"
26 opts: "{{ item.opts }}"
27 state: mounted
28 loop: "{{ fp_linux_fstab }}"
29
30- name: "Linux: Create dirs for libraries"
31 tags: fp_linux_lib_dir
32 ansible.builtin.file:
33 state: directory
34 path: /compat/linux{{ item.src | dirname }}
35 mode: "{{ item.dirmode | d('0755') }}"
36 loop: "{{ fp_linux_lib }}"
37
38- name: "Linux: Copy libraries to /compat/linux from {{ fp_linux_lib_dir }}"
39 tags: fp_linux_lib_copy
40 ansible.builtin.copy:
41 src: "{{ fp_linux_lib_dir }}{{ item.src }}"
42 dest: /compat/linux{{ item.src }}
43 mode: preserve
44 loop: "{{ fp_linux_lib }}"
45
46- name: "Linux: Link libraries"
47 tags: fp_linux_lib_link
48 ansible.builtin.file:
49 state: link
50 src: /compat/linux{{ item.src }}
51 dest: /compat/linux{{ item.link }}
52 loop: "{{ fp_linux_lib }}"
53
54- name: "Linux: Configure rc.conf"
55 tags: fp_linux_rcconf
56 vars:
57 _service: linux
58 ansible.builtin.import_tasks: fn/rcconf.yml
59
60# EOF
loader.yml
Synopsis: Configure loader
Description of the task.
1---
2- name: "Loader: Debug fp_loader_debug={{ fp_loader_debug }}"
3 when: fp_loader_debug | bool
4 tags: fp_loader_debug
5 vars:
6 msg: |-
7 fp_loader_tuneables_warning: {{ fp_loader_tuneables_warning }}
8 fp_loader_load_modules: {{ fp_loader_load_modules }}
9 fp_loader_conf_file_backup_orig: {{ fp_loader_conf_file_backup_orig }}
10 fp_loader_conf_file: {{ fp_loader_conf_file }}
11 fp_loader_conf_template: {{ fp_loader_conf_template }}
12 fp_loader_conf:
13 {{ fp_loader_conf | to_yaml(indent=2) | indent(2) }}
14 fp_loader_conf_modules:
15 {{ fp_loader_conf_modules | to_yaml(indent=2) | indent(2) }}
16 fp_loader_modules:
17 {{ fp_loader_modules | to_yaml(indent=2) | indent(2) }}
18 ansible.builtin.debug:
19 msg: "{{ '{}'.format(msg) }}"
20
21- name: "Loader: Backup orig {{ fp_loader_conf_file }}"
22 when: fp_loader_conf_file_backup_orig | bool
23 tags: fp_loader_conf_file_backup_orig
24 ansible.builtin.command:
25 cmd: cp loader.conf loader.conf.orig
26 chdir: /boot
27 creates: /boot/loader.conf.orig
28
29- name: Configure loader.conf by sysctl
30 when: fp_loader_conf_template | length == 0
31 tags: fp_loader_conf
32 notify: loader message reboot
33 block:
34
35 - name: "Loader: Configure by sysctl {{ fp_loader_conf_file }}"
36 ansible.posix.sysctl:
37 sysctl_file: "{{ fp_loader_conf_file }}"
38 name: "{{ item.name }}"
39 value: '"{{ item.value | d(omit) }}"'
40 state: "{{ item.state | d(omit) }}"
41 ignoreerrors: "{{ item.ignoreerrors | d(omit) }}"
42 reload: false
43 loop: "{{ fp_loader_conf }}"
44
45 - name: "Loader: Configure modules by sysctl {{ fp_loader_conf_file }}"
46 ansible.posix.sysctl:
47 sysctl_file: "{{ fp_loader_conf_file }}"
48 name: "{{ item.name }}_load"
49 value: '"{{ item.value | d(omit) }}"'
50 state: "{{ item.state | d(omit) }}"
51 ignoreerrors: "{{ item.ignoreerrors | d(omit) }}"
52 reload: false
53 loop: "{{ fp_loader_conf_modules }}"
54
55- name: "Loader: Configure by template {{ fp_loader_conf_file }}"
56 when: fp_loader_conf_template | length > 0
57 tags: fp_loader_conf
58 notify: loader message reboot
59 ansible.builtin.template:
60 src: "{{ fp_loader_conf_template }}"
61 dest: "{{ fp_loader_conf_file }}"
62 owner: root
63 group: wheel
64 mode: "0644"
65 backup: "{{ fp_backup }}"
66
67- name: "Loader: Load modules"
68 when: fp_loader_load_modules | bool
69 changed_when: false
70 tags: fp_loader_load_modules
71 ansible.builtin.shell:
72 cmd: >
73 kldstat -q -n {{ item }} || kldload -n {{ item }}
74 loop: "{{ fp_loader_modules }}"
75
76- name: Warn when fp_loader_conf keeps also non boot-time tuneables settable via loader.
77 when: fp_loader_tuneables_warning | bool
78 tags: fp_loader_tuneables_warning
79 block:
80
81 - name: "Loader: Get sysctls settable via loader."
82 register: result
83 changed_when: false
84 check_mode: false
85 ansible.builtin.command: sysctl -aNT
86
87 - name: "Loader: Warn when fp_sysctl_conf keeps also non boot-time tuneables settable via loader."
88 when: fp_loader_non_tuneables | length > 0
89 vars:
90 fp_loader_non_tuneables: "{{ fp_loader_conf |
91 map(attribute='name') |
92 reject('in', result.stdout_lines) | sort }}"
93 ansible.builtin.debug:
94 msg: >-
95 [WARNING] Non boot-time tuneables in fp_loader_conf:
96 {{ fp_loader_non_tuneables | to_yaml }}
97
98# EOF
login.yml
Synopsis: Configure login
Description of the task.
1---
2- name: "Login: Create {{ fp_login_conf_file }}"
3 when: fp_login_conf_global | bool
4 notify: rebuild login_conf
5 ansible.builtin.template:
6 src: "{{ fp_login_conf_template }}"
7 dest: "{{ fp_login_conf_file }}"
8 owner: root
9 group: wheel
10 mode: "0644"
11 backup: "{{ fp_backup }}"
12
13- name: "Login: Create local .login_conf"
14 ansible.builtin.template:
15 src: "{{ fp_login_conf_template_local }}"
16 dest: /home/{{ item.user }}/.login_conf
17 owner: "{{ item.user }}"
18 group: "{{ item.group | d(item.user) }}"
19 mode: "0644"
20 backup: "{{ fp_backup }}"
21 loop: "{{ fp_login_conf_local }}"
22 loop_control:
23 label: "{{ item.user }}"
24
25# EOF
make.yml
Synopsis: Configure make
Description of the task.
1---
2- name: "Make: Debug fp_make_debug={{ fp_make_debug }}"
3 when: fp_make_debug | bool
4 tags: fp_make_debug
5 vars:
6 msg: |-
7 fp_make_conf_template: {{ fp_make_conf_template }}
8 fp_make_conf_file: {{ fp_make_conf_file }}
9 fp_make_conf_owner: {{ fp_make_conf_owner }}
10 fp_make_conf_group: {{ fp_make_conf_group }}
11 fp_make_conf_mode: {{ fp_make_conf_mode }}
12 fp_make_conf:
13 {{ fp_make_conf | to_nice_yaml(indent=2) | indent(2) }}
14 ansible.builtin.debug:
15 msg: "{{ '{}'.format(msg) }}"
16
17- name: "Make: Configure {{ fp_make_conf_file }}"
18 tags: fp_make_conf
19 ansible.builtin.template:
20 src: "{{ fp_make_conf_template }}"
21 dest: "{{ fp_make_conf_file }}"
22 owner: "{{ fp_make_conf_owner }}"
23 group: "{{ fp_make_conf_group }}"
24 mode: "{{ fp_make_conf_mode }}"
25 backup: "{{ fp_backup }}"
26
27# EOF
motd.yml
Synopsis: Configure motd
Description of the task.
1---
2- name: "Motd: Configure /etc/motd"
3 tags: fp_motd_create
4 ansible.builtin.template:
5 src: "{{ fp_motd_conf_template }}"
6 dest: "{{ fp_motd_conf_file }}"
7 mode: "{{ fp_motd_conf_mode }}"
8 backup: "{{ fp_backup }}"
9
10- name: "Motd: Configure rc.conf"
11 tags: fp_motd_rcconf
12 vars:
13 _rcconfd_path: "{{ fp_rcconfd_path[_service] }}"
14 _path: "{{ fp_rcconfd | bool | ternary(_rcconfd_path, '/etc/rc.conf') }}"
15 community.general.sysrc:
16 path: "{{ _path }}"
17 name: update_motd
18 value: "{{ fp_motd_update | bool | ternary('YES', 'NO') }}"
19
20# EOF
mount-img.yml
Synopsis: Configure mount-img
Description of the task.
1---
2- name: "Mount-img: Set facts."
3 ansible.builtin.set_fact:
4 _fp_mount_task: img
5 _fp_mount_fstype_default: ufs
6 _fp_mount_points_create: "{{ fp_mount_img_points_create }}"
7 _fp_mount_entries: "{{ fp_mount_img_entries }}"
8 _fp_mount_debug: "{{ fp_mount_img_debug }}"
9
10- name: "Mount-img: Debug fp_mount_img_debug={{ fp_mount_img_debug }}"
11 when: fp_mount_img_debug | bool
12 vars:
13 msg: |-
14 _fp_mount_fstype_default: {{ _fp_mount_fstype_default }}
15 _fp_mount_points_create: {{ _fp_mount_points_create }}
16 _fp_mount_entries:
17 {{ _fp_mount_entries | to_nice_yaml(indent=2) | indent(2) }}
18 ansible.builtin.debug:
19 msg: "{{ '{}'.format(msg) }}"
20
21- name: "Mount-img: Create mount points"
22 when:
23 - item.state | d("mounted") == "mounted"
24 - _fp_mount_points_create | bool # Note 2.
25 ansible.builtin.file:
26 state: directory
27 path: "{{ item.mount }}"
28 mode: "{{ item.dirmode | d('0755') }}"
29 loop: "{{ _fp_mount_entries }}"
30
31- name: "Mount-img: Attach memory disks"
32 when: item.state | d("mounted") == "mounted"
33 ansible.builtin.include_tasks:
34 file: fn/mdconfig-attach-disk.yml
35 loop: "{{ _fp_mount_entries }}"
36
37- name: "Mount-img: Debug attach memory disks."
38 when: _fp_mount_debug | bool
39 ansible.builtin.debug:
40 var: al_mdconfig_devs
41
42 # TODO: Sanity al_mdconfig_devs[_vnode] is defined; not in check-mode
43
44- name: "Mount-img: Mount"
45 when:
46 - item.state | d("mounted") == "mounted"
47 - al_mdconfig_devs[_vnode] is defined
48 register: result
49 vars:
50 _vnode: "{{ item[_fp_mount_task] }}"
51 ansible.posix.mount:
52 src: /dev/md{{ al_mdconfig_devs[_vnode]['unit'] }}{{ item.partition | d('') }}
53 path: "{{ item.mount }}" # Note 2.
54 fstype: "{{ item.fstype | d(_fp_mount_fstype_default) }}"
55 opts: "{{ item.opts | d(omit) }}"
56 state: mounted
57 fstab: /tmp/tmp.fstab # Note 1.
58 loop: "{{ _fp_mount_entries }}"
59
60- name: "Mount-img: Debug mount."
61 when: _fp_mount_debug | bool
62 ansible.builtin.debug:
63 var: result
64
65- name: "Mount-img: Unmount"
66 when: item.state | d("mounted") == "unmounted"
67 register: result
68 ansible.posix.mount:
69 path: "{{ item.mount }}" # Note 2.
70 state: unmounted
71 fstab: /tmp/tmp.fstab # Note 1.
72 loop: "{{ _fp_mount_entries }}"
73
74- name: "Mount-img: Debug unmount."
75 when: _fp_mount_debug | bool
76 ansible.builtin.debug:
77 var: result
78
79- name: "Mount-img: Detach memory disks"
80 when: item.state | d("mounted") == "unmounted"
81 ansible.builtin.include_tasks:
82 file: fn/mdconfig-detach-disk.yml
83 loop: "{{ _fp_mount_entries }}"
84
85- name: "Mount-img: Debug detach memory disks."
86 when: _fp_mount_debug | bool
87 ansible.builtin.debug:
88 var: al_mdconfig_devs
89
90# NOTES
91# Note 1: It's not possible to mount a device without touching fstab. Temporary fstab is a
92# workaround.
93# https://github.com/ansible-collections/ansible.posix/issues/84#issuecomment-742420345
94# Note 2: Ansible module *mount* will create/remove non-existent mountpoint
95
96# TODO: Permanent mount entry in fstab
97# state: present, absent (See ansible.posix.mount parameter *state*)
98# See /etc/rc.d/mdconfig2
99# Ex: mdconfig_md0="-t vnode -f /usr/local/data/vdisks/devltd.net"
100# https://forums.freebsd.org/threads/mounting-vnode-backed-memory-disks-at-startup.21002/
101
102# EOF
mount-iso.yml
Synopsis: Configure mount-iso
Description of the task.
1---
2- name: "Mount-iso: Set facts."
3 ansible.builtin.set_fact:
4 _fp_mount_task: iso
5 _fp_mount_fstype_default: cd9660
6 _fp_mount_points_create: "{{ fp_mount_iso_points_create }}"
7 _fp_mount_entries: "{{ fp_mount_iso_entries }}"
8 _fp_mount_debug: "{{ fp_mount_iso_debug }}"
9
10- name: "Mount-iso: Debug."
11 when: fp_mount_iso_debug | bool
12 vars:
13 msg: |-
14 _fp_mount_fstype_default: {{ _fp_mount_fstype_default }}
15 _fp_mount_points_create: {{ _fp_mount_points_create }}
16 _fp_mount_entries:
17 {{ _fp_mount_entries | to_nice_yaml(indent=2) | indent(2) }}
18 ansible.builtin.debug:
19 msg: "{{ '{}'.format(msg) }}"
20
21- name: "Mount-iso: Create mount points"
22 when:
23 - item.state | d("mounted") == "mounted"
24 - _fp_mount_points_create | bool # Note 2.
25 ansible.builtin.file:
26 state: directory
27 path: "{{ item.mount }}"
28 mode: "{{ item.dirmode | d('0755') }}"
29 loop: "{{ _fp_mount_entries }}"
30
31- name: "Mount-iso: Attach memory disks"
32 when: item.state | d("mounted") == "mounted"
33 ansible.builtin.include_tasks:
34 file: fn/mdconfig-attach-disk.yml
35 loop: "{{ _fp_mount_entries }}"
36
37- name: "Mount-iso: Debug attach memory disks."
38 when: _fp_mount_debug | bool
39 ansible.builtin.debug:
40 var: al_mdconfig_devs
41
42 # TODO: Sanity al_mdconfig_devs[_vnode] is defined; not in check-mode
43
44- name: "Mount-iso: Mount"
45 when:
46 - item.state | d("mounted") == "mounted"
47 - al_mdconfig_devs[_vnode] is defined
48 register: result
49 vars:
50 _vnode: "{{ item[_fp_mount_task] }}"
51 ansible.posix.mount:
52 src: /dev/md{{ al_mdconfig_devs[_vnode]['unit'] }}{{ item.partition | d('') }}
53 path: "{{ item.mount }}" # Note 2.
54 fstype: "{{ item.fstype | d(_fp_mount_fstype_default) }}"
55 opts: "{{ item.opts | d(omit) }}"
56 state: mounted
57 fstab: /tmp/tmp.fstab # Note 1.
58 loop: "{{ _fp_mount_entries }}"
59
60- name: "Mount-iso: Debug mount."
61 when: _fp_mount_debug | bool
62 ansible.builtin.debug:
63 var: result
64
65- name: "Mount-iso: Unmount"
66 when: item.state | d("mounted") == "unmounted"
67 register: result
68 ansible.posix.mount:
69 path: "{{ item.mount }}" # Note 2.
70 state: unmounted
71 fstab: /tmp/tmp.fstab # Note 1.
72 loop: "{{ _fp_mount_entries }}"
73
74- name: "Mount-iso: Debug unmount."
75 when: _fp_mount_debug | bool
76 ansible.builtin.debug:
77 var: result
78
79- name: "Mount-iso: Detach memory disks."
80 when: item.state | d("mounted") == "unmounted"
81 ansible.builtin.include_tasks:
82 file: fn/mdconfig-detach-disk.yml
83 loop: "{{ _fp_mount_entries }}"
84
85- name: "Mount-iso: Debug detach memory disks."
86 when: _fp_mount_debug | bool
87 ansible.builtin.debug:
88 var: al_mdconfig_devs
89
90# NOTES
91# Note 1: It's not possible to mount a device without touching fstab. Temporary fstab is a
92# workaround.
93# https://github.com/ansible-collections/ansible.posix/issues/84#issuecomment-742420345
94# Note 2: Ansible module *mount* will create/remove non-existent mountpoint
95
96# TODO: Permanent mount entry in fstab
97# state: present, absent (See ansible.posix.mount parameter *state*)
98# See /etc/rc.d/mdconfig2
99# Ex: mdconfig_md0="-t vnode -f /usr/local/data/vdisks/devltd.net"
100# https://forums.freebsd.org/threads/mounting-vnode-backed-memory-disks-at-startup.21002/
101
102# EOF
nfs.yml
Synopsis: Configure NFS client.
- 2:
Display variables.
- 3:
Enable
fp_nfs_debug=true.- 35:
Collect status of the services stored in the list
fp_nfs_services.- 42:
Create dictionary
fp_nfs_services_status.- 55:
Test the existence of the file
var/db/nounttab. There is no status option of the servicenfsclient. Instead of starting the service, restart it if there are any nfs mountpoints. This means if the file/var/db/mounttabexists.- 60:
Display the result
fp_nfs_var_db_mounttab.stat.exists. This variable will be used to select the handler in the dictionaryfp_nfs_handlers.- 65:
Display the dictionary
fp_nfsd_handlers. The defaults are used in check mode because of empty dictionaryfp_nfs_services_status.- 70:
Enable services.
- 79:
Disable services.
1---
2- name: "Nfs: Debug fp_nfs_debug={{ fp_nfs_debug }}"
3 when: fp_nfs_debug | bool
4 tags: fp_nfs_debug
5 vars:
6 msg: |-
7 fp_nfs_enable: {{ fp_nfs_enable }}
8 fp_nfs_enable_rcconf:
9 {{ fp_nfs_enable_rcconf | to_yaml(indent=2) | indent(2) }}
10 fp_nfs_disable_rcconf:
11 {{ fp_nfs_disable_rcconf | to_yaml(indent=2) | indent(2) }}
12 fp_rpc_lockd_enable: {{ fp_rpc_lockd_enable }}
13 fp_rpc_lockd_flags: {{ fp_rpc_lockd_flags }}
14 fp_rpc_lockd_enable_rcconf:
15 {{ fp_rpc_lockd_enable_rcconf | to_yaml(indent=2) | indent(2) }}
16 fp_rpc_lockd_disable_rcconf:
17 {{ fp_rpc_lockd_disable_rcconf | to_yaml(indent=2) | indent(2) }}
18 fp_rpc_statd_enable: {{ fp_rpc_statd_enable }}
19 fp_rpc_statd_flags: {{ fp_rpc_statd_flags }}
20 fp_rpc_statd_enable_rcconf:
21 {{ fp_rpc_statd_enable_rcconf | to_yaml(indent=2) | indent(2) }}
22 fp_rpc_statd_disable_rcconf:
23 {{ fp_rpc_statd_disable_rcconf | to_yaml(indent=2) | indent(2) }}
24 fp_nfs_services: {{ fp_nfs_services | to_yaml(indent=2) | indent(2) }}
25 ansible.builtin.debug:
26 msg: "{{ '{}'.format(msg) }}"
27
28- name: Get services status.
29 tags:
30 - fp_nfs_services
31 - fp_nfs_enable
32 - fp_nfs_disable
33 block:
34
35 - name: "Nfs: Get services status."
36 register: out
37 vbotka.freebsd.service:
38 script: "{{ item }}"
39 command: status
40 loop: "{{ fp_nfs_services }}"
41
42 - name: "Nfs: Set services status."
43 vars:
44 _query: '[].[item, status]'
45 ansible.builtin.set_fact:
46 fp_nfs_services_status: "{{ dict(out.results | community.general.json_query(_query)) }}"
47
48 - name: "Nfs: Debug services status fp_nfs_debug={{ fp_nfs_debug }}"
49 when: fp_nfs_debug | bool
50 ansible.builtin.debug:
51 var: fp_nfs_services_status
52
53 # Note: There is no status option of nfsclient. If needed, restart the
54 # service when /var/db/mounttab exists.
55 - name: "Nfs: Stat /var/db/mounttab"
56 register: fp_nfs_var_db_mounttab
57 ansible.builtin.stat:
58 path: /var/db/mounttab
59
60 - name: "Nfs: Debug stat /var/db/mounttab fp_nfs_debug={{ fp_nfs_debug }}"
61 when: fp_nfs_debug | bool
62 ansible.builtin.debug:
63 var: fp_nfs_var_db_mounttab.stat.exists
64
65 - name: "Nfs: Debug handlers fp_nfs_debug={{ fp_nfs_debug }}"
66 when: fp_nfs_debug | bool
67 ansible.builtin.debug:
68 var: fp_nfs_handlers
69
70- name: "Nfs: Enable services"
71 tags: fp_nfs_enable
72 ansible.builtin.include_tasks:
73 file: fn/rcconf-item.yml
74 loop: "{{ fp_nfs_services_enable | selectattr('when') }}"
75 loop_control:
76 loop_var: oi
77 label: "{{ oi.label }}"
78
79- name: "Nfs: Disable services"
80 tags: fp_nfs_disable
81 ansible.builtin.include_tasks:
82 file: fn/rcconf-item.yml
83 loop: "{{ fp_nfs_services_disable | selectattr('when') }}"
84 loop_control:
85 loop_var: oi
86 label: "{{ oi.label }}"
87
88# EOF
See also
Handler nfsclient.yml
Handler nfsd.yml
<TBD>
Note
The variables
fp_nfs_services_enable(74) andfp_nfs_services_disable(83) are created by the playbook.configure.yml
Hint
<TBD>
Warning
<TBD>
nfsd.yml
Synopsis: Configure NFS server.
- 2:
Display variables.
- 3:
enable
fp_nfsd_debug=true.- 60:
Collect status of the services stored in the list
fp_nfsd_services.- 67:
Create dictionary
fp_nfsd_services_status.- 73:
Display this dictionary. This dictionary is used to select the handlers in the dictionary
fp_nfsd_handlers.- 78:
Display the dictionary
fp_nfsd_handlers. The defaults are used in check mode because of empty dictionaryfp_nfsd_services_status.- 83:
Configure
/etc/exportsand notify handlerreload mountd.- 92:
Enable services.
- 101:
Disable services.
1---
2- name: "Nfsd: Debug fp_nfsd_debug={{ fp_nfsd_debug }}"
3 when: fp_nfsd_debug | bool
4 tags: fp_nfsd_debug
5 vars:
6 msg: |-
7 fp_nfsd_exports:
8 {{ fp_nfsd_exports | to_yaml(indent=2) | indent(2) }}
9 fp_nfsd_enable: {{ fp_nfsd_enable }}
10 fp_nfs_server_flags: {{ fp_nfs_server_flags }}
11 fp_nfs_server_managegids: {{ fp_nfs_server_managegids }}
12 fp_nfs_reserved_port_only: {{ fp_nfs_reserved_port_only }}
13 fp_nfs_bufpackets: {{ fp_nfs_bufpackets }}
14 fp_weak_mountd_authentication: {{ fp_weak_mountd_authentication }}
15 fp_nfsv4_server_enable: {{ fp_nfsv4_server_enable }}
16 fp_nfscbd_enable: {{ fp_nfscbd_enable }}
17 fp_nfscbd_flags: {{ fp_nfscbd_flags }}
18 fp_nfsuserd_enable: {{ fp_nfsuserd_enable }}
19 fp_nfsuserd_flags: {{ fp_nfsuserd_flags }}
20 fp_nfsd_enable_rcconf:
21 {{ fp_nfsd_enable_rcconf | to_yaml(indent=2) | indent(2) }}
22 fp_nfsd_disable_rcconf:
23 {{ fp_nfsd_disable_rcconf | to_yaml(indent=2) | indent(2) }}
24 fp_mountd_enable: {{ fp_mountd_enable }}
25 fp_mountd_flags: {{ fp_mountd_flags }}
26 fp_mountd_enable_rcconf:
27 {{ fp_mountd_enable_rcconf | to_yaml(indent=2) | indent(2) }}
28 fp_mountd_disable_rcconf:
29 {{ fp_mountd_disable_rcconf | to_yaml(indent=2) | indent(2) }}
30 fp_rpcbind_enable: {{ fp_rpcbind_enable }}
31 fp_rpcbind_flags: {{ fp_rpcbind_flags }}
32 fp_rpcbind_enable_rcconf:
33 {{ fp_rpcbind_enable_rcconf | to_yaml(indent=2) | indent(2) }}
34 fp_rpcbind_disable_rcconf:
35 {{ fp_rpcbind_disable_rcconf | to_yaml(indent=2) | indent(2) }}
36 fp_rpc_lockd_enable: {{ fp_rpc_lockd_enable }}
37 fp_rpc_lockd_flags: {{ fp_rpc_lockd_flags }}
38 fp_rpc_lockd_enable_rcconf:
39 {{ fp_rpc_lockd_enable_rcconf | to_yaml(indent=2) | indent(2) }}
40 fp_rpc_lockd_disable_rcconf:
41 {{ fp_rpc_lockd_disable_rcconf | to_yaml(indent=2) | indent(2) }}
42 fp_rpc_statd_enable: {{ fp_rpc_statd_enable }}
43 fp_rpc_statd_flags: {{ fp_rpc_statd_flags }}
44 fp_rpc_statd_enable_rcconf:
45 {{ fp_rpc_statd_enable_rcconf | to_yaml(indent=2) | indent(2) }}
46 fp_rpc_statd_disable_rcconf:
47 {{ fp_rpc_statd_disable_rcconf | to_yaml(indent=2) | indent(2) }}
48 fp_nfsd_services:
49 {{ fp_nfsd_services | to_nice_yaml(indent=2) | indent(2) }}
50 ansible.builtin.debug:
51 msg: "{{ '{}'.format(msg) }}"
52
53- name: Get services status.
54 tags:
55 - fp_nfsd_services
56 - fp_nfsd_enable
57 - fp_nfsd_disable
58 block:
59
60 - name: "Nfsd: Get services status."
61 register: out
62 vbotka.freebsd.service:
63 script: "{{ item }}"
64 command: status
65 loop: "{{ fp_nfsd_services }}"
66
67 - name: "Nfsd: Set services status."
68 vars:
69 _query: '[].[item, status]'
70 ansible.builtin.set_fact:
71 fp_nfsd_services_status: "{{ dict(out.results | community.general.json_query(_query)) }}"
72
73 - name: "Nfsd: Debug services status fp_nfsd_debug={{ fp_nfsd_debug }}"
74 when: fp_nfsd_debug | bool
75 ansible.builtin.debug:
76 var: fp_nfsd_services_status
77
78 - name: "Nfsd: Debug handlers fp_nfsd_debug={{ fp_nfsd_debug }}"
79 when: fp_nfsd_debug | bool
80 ansible.builtin.debug:
81 var: fp_nfsd_handlers
82
83- name: "Nfsd: Configure /etc/exports"
84 tags: fp_nfsd_exports
85 notify: reload mountd
86 ansible.builtin.template:
87 src: exports.j2
88 dest: /etc/exports
89 mode: "0644"
90 backup: "{{ fp_backup }}"
91
92- name: "Nfsd: Enable services"
93 tags: fp_nfsd_enable
94 ansible.builtin.include_tasks:
95 file: fn/rcconf-item.yml
96 loop: "{{ fp_nfsd_services_enable | selectattr('when') }}"
97 loop_control:
98 loop_var: oi
99 label: "{{ oi.label }}"
100
101- name: "Nfsd: Disable services"
102 tags: fp_nfsd_disable
103 ansible.builtin.include_tasks:
104 file: fn/rcconf-item.yml
105 loop: "{{ fp_nfsd_services_disable | selectattr('when') }}"
106 loop_control:
107 loop_var: oi
108 label: "{{ oi.label }}"
109
110# EOF
See also
Handler nfsd.yml
Template exports.j2
<TBD>
Note
The variables
fp_nfsd_services_enable(96) andfp_nfsd_services_disable(105) are created by the playbook.configure.yml
Hint
<TBD>
Warning
<TBD>
ntp.yml
Synopsis: Configure ntp
Description of the task.
1---
2- name: "Ntp: Create /etc/ntp.conf from template"
3 tags: fp_ntp_conf
4 notify: restart ntpd
5 ansible.builtin.template:
6 src: "{{ fp_ntp_conf_template }}"
7 dest: "{{ fp_ntp_conf_file }}"
8 mode: "{{ fp_ntp_conf_mode }}"
9 backup: "{{ fp_backup }}"
10
11- name: "Ntp: Configure rc.conf"
12 tags: fp_ntp_rcconf
13 vars:
14 _service: ntpd
15 ansible.builtin.import_tasks: fn/rcconf.yml
16
17# EOF
ntpdate.yml
Synopsis: Configure ntpdate
Description of the task.
1---
2- name: "Ntpdate: Configure rc.conf"
3 tags: fp_ntpdate_rcconf
4 vars:
5 _service: ntpdate
6 ansible.builtin.import_tasks: fn/rcconf.yml
7
8# EOF
packages-install.yml
Synopsis: Configure packages-install
Description of the task.
1---
2- name: Install packages
3 when: freebsd_install_method | lower == 'packages'
4 block:
5
6 - name: "Packages-install: Install packages list {{ item }}"
7 delegate_to: "{{ (fp_install_delegate | length > 0) | ternary(fp_install_delegate, omit) }}"
8 community.general.pkgng:
9 name: "{{ _fp_pkg_dict[item] }}"
10 annotation: "{{ fp_pkg_annotation | d(omit) }}"
11 autoremove: "{{ fp_pkg_autoremove | d(omit) }}"
12 cached: "{{ fp_pkg_cached | d(omit) }}"
13 chroot: "{{ fp_pkg_chroot | d(omit) }}"
14 ignore_osver: "{{ fp_pkg_ignore_osver | d(omit) }}"
15 jail: "{{ fp_pkg_jail | d(omit) }}"
16 pkgsite: "{{ fp_pkg_pkgsite | d(omit) }}"
17 rootdir: "{{ fp_pkg_rootdir | d(omit) }}"
18 state: "{{ fp_pkg_state | d(omit) }}"
19 use_globs: "{{ fp_pkg_use_globs | d(omit) }}"
20 register: result
21 retries: "{{ freebsd_install_retries }}"
22 until: result is succeeded
23 delay: "{{ freebsd_install_delay }}"
24
25 - name: "Packages-install: Debug installation packages fp_packages_debug2={{ fp_packages_debug2 }}"
26 when: fp_packages_debug2 | bool
27 ansible.builtin.debug:
28 var: result
29
30- name: Install ports
31 when: freebsd_install_method | lower == 'ports'
32 block:
33
34 - name: "Packages-install: Install ports list {{ item }}"
35 community.general.portinstall:
36 name: "{{ local_item }}"
37 use_packages: "{{ freebsd_use_packages | d(omit) }}"
38 loop: "{{ _fp_pkg_dict[item] }}"
39 loop_control:
40 loop_var: local_item
41 register: result
42 retries: "{{ freebsd_install_retries }}"
43 until: result is succeeded
44 delay: "{{ freebsd_install_delay }}"
45
46 - name: "Packages-install: Debug installation ports fp_packages_debug2={{ fp_packages_debug2 }}"
47 when: fp_packages_debug2 | bool
48 ansible.builtin.debug:
49 var: result
50
51# EOF
packages.yml
Synopsis: Configure packages
Description of the task.
1---
2- name: "Packages: Set _fp_pkg_enabled and _fp_pkg_dict for {{ ansible_facts.architecture }}"
3 vars:
4 _fp_pkg_arch: "pkg_dict_{{ ansible_facts.architecture }}"
5 ansible.builtin.set_fact:
6 _fp_pkg_dict: "{{ lookup('vars', _fp_pkg_arch, default=[]) |
7 items2dict(key_name='pkglist', value_name='packages') }}"
8 _fp_pkg_enabled: "{{ fp_packages | selectattr('enabled') | map(attribute='list') }}"
9
10- name: "Packages: Debug fp_packages_debug={{ fp_packages_debug }}"
11 when: fp_packages_debug | bool
12 vars:
13 msg: |-
14 ansible_facts.architecture: {{ ansible_facts.architecture }}
15 freebsd_install_method: {{ freebsd_install_method }}
16 freebsd_use_packages: {{ freebsd_use_packages | d('UNDEFINED') }}
17 freebsd_install_retries: {{ freebsd_install_retries }}
18 freebsd_install_delay: {{ freebsd_install_delay }}
19
20 fp_install: {{ fp_install }}
21 fp_install_delegate: {{ fp_install_delegate }}
22 fp_pkg_annotation: {{ fp_pkg_annotation | d('UNDEFINED') }}
23 fp_pkg_autoremove: {{ fp_pkg_autoremove | d('UNDEFINED') }}
24 fp_pkg_cached: {{ fp_pkg_cached | d('UNDEFINED') }}
25 fp_pkg_chroot: {{ fp_pkg_chroot | d('UNDEFINED') }}
26 fp_pkg_jail: {{ fp_pkg_jail | d('UNDEFINED') }}
27 fp_pkg_pkgsite: {{ fp_pkg_pkgsite | d('UNDEFINED') }}
28 fp_pkg_rootdir: {{ fp_pkg_rootdir | d('UNDEFINED') }}
29 fp_pkg_state: {{ fp_pkg_state | d('UNDEFINED') }}
30 fp_pkg_use_globs: {{ fp_pkg_use_globs | d('UNDEFINED') }}
31
32 apache_version: {{ apache_version | d('UNDEFINED') }}
33 apache_php_version: {{ apache_php_version | d('UNDEFINED') }}
34 bsd_bind_version: {{ bsd_bind_version | d('UNDEFINED') }}
35 bsd_dhcp_version: {{ bsd_dhcp_version | d('UNDEFINED') }}
36 bsd_gcc_version: {{ bsd_gcc_version | d('UNDEFINED') }}
37 bsd_linux_version: {{ bsd_linux_version | d('UNDEFINED') }}
38 bsd_mysql_version: {{ bsd_mysql_version | d('UNDEFINED') }}
39 bsd_perl_version: {{ bsd_perl_version | d('UNDEFINED') }}
40 bsd_php_version: {{ bsd_php_version | d('UNDEFINED') }}
41 bsd_python_version: {{ bsd_python_version | d('UNDEFINED') }}
42 bsd_ssl_version: {{ bsd_ssl_version | d('UNDEFINED') }}
43
44 fp_links:
45 {{ fp_links | to_yaml(indent=2) | indent(2) }}
46 fp_packages:
47 {{ fp_packages | to_yaml(indent=2) | indent(2) }}
48 _fp_pkg_dict:
49 {{ _fp_pkg_dict | to_yaml(indent=2) | indent(2) }}
50 ansible.builtin.debug:
51 msg: "{{ '{}'.format(msg) }}"
52
53- name: Sanity
54 block:
55
56 - name: "Packages: Assert all items in _fp_pkg_enabled are available in _fp_pkg_dict"
57 vars:
58 _fp_pkg_missing: "{{ _fp_pkg_enabled | difference(_fp_pkg_dict.keys()) }}"
59 ansible.builtin.assert:
60 quiet: true
61 that: _fp_pkg_missing | length == 0
62 fail_msg: |
63 [ERR] The packages list(s): {{ _fp_pkg_missing }} missing in _fp_pkg_dict
64
65 - name: "Packages: Assert freebsd_install_method in [packages, ports]"
66 ansible.builtin.assert:
67 quiet: true
68 that: freebsd_install_method in ['packages', 'ports']
69 fail_msg: |
70 [ERR] freebsd_install_method must be 'packages' or 'ports'. Is '{{ freebsd_install_method }}'
71
72 - name: "Packages: Installation by pkgng required when fp_install_delegate"
73 when: fp_install_delegate | length > 0
74 ansible.builtin.assert:
75 quiet: true
76 that: freebsd_install_method | lower == 'packages'
77 fail_msg: |
78 [ERR] freebsd_install_method='packages' is required to delegate to {{ fp_install_delegate }}
79
80 - name: "Packages: Required variable fp_pkg_jail when fp_install_delegate"
81 when: fp_install_delegate | length > 0
82 ansible.builtin.assert:
83 quiet: true
84 that: fp_pkg_jail is defined
85 fail_msg: |
86 [ERR] Variable fp_pkg_jail is required to delegate to {{ fp_install_delegate }}
87
88- name: "Packages: Install packages"
89 ansible.builtin.include_tasks: packages-install.yml
90 loop: "{{ _fp_pkg_enabled }}"
91
92- name: "Packages: Create symbolic links"
93 tags: fp_packages_links
94 ansible.builtin.file:
95 src: "{{ item.target }}"
96 dest: "{{ item.link }}"
97 state: link
98 force: true
99 loop: "{{ fp_links }}"
100
101# EOF
passwords.yml
Synopsis: Configure passwords
Description of the task.
1---
2- name: "Passwords: Debug (fp_passwords_debug={{ fp_passwords_debug }})"
3 when: fp_passwords_debug | bool
4 tags: fp_passwords_debug
5 vars:
6 msg: |-
7 fp_passwords_debug_classified: {{ fp_passwords_debug_classified }}
8 fp_passwords_fail_gracefully: {{ fp_passwords_fail_gracefully }}
9 fp_passwords_update_password: {{ fp_passwords_update_password }}
10
11 fp_users_conf:
12 {% if fp_passwords_debug_classified | bool %}
13 {{ fp_users_conf | d([]) | to_nice_yaml(indent=2) | indent(2) }}
14 {% else %}
15 {% for user in fp_users_conf | d([]) %}
16 - userpass: ************
17 {% for k, v in user.items() %}
18 {% if k not in ['userpass'] %}
19 {{ k }}: {{ v }}
20 {% endif %}
21 {% endfor %}
22 {% endfor %}
23 {% endif %}
24
25 fp_passwordstore: {{ fp_passwordstore }}
26 fp_passwordstore_backup: {{ fp_passwordstore_backup }}
27 fp_passwordstore_create: {{ fp_passwordstore_create }}
28 fp_passwordstore_debug: {{ fp_passwordstore_debug }}
29 fp_passwordstore_hostname_var: {{ fp_passwordstore_hostname_var }}
30 fp_passwordstore_idempotent_password_hash: {{ fp_passwordstore_idempotent_password_hash }}
31 fp_passwordstore_length: {{ fp_passwordstore_length }}
32 fp_passwordstore_nosymbols: {{ fp_passwordstore_nosymbols }}
33 fp_passwordstore_overwrite: {{ fp_passwordstore_overwrite }}
34 fp_passwordstore_passwordstore: {{ fp_passwordstore_passwordstore }}
35 fp_passwordstore_returnall: {{ fp_passwordstore_returnall }}
36 fp_passwordstore_subkey: {{ fp_passwordstore_subkey }}
37
38 fp_passwordstore_install: {{ fp_passwordstore_install }}
39 fp_passwordstore_packages:
40 {{ fp_passwordstore_packages | to_nice_yaml(indent=2) | indent(2) }}
41 ansible.builtin.debug:
42 msg: "{{ '{}'.format(msg) }}"
43
44- name: Passwordstore
45 when: fp_passwordstore | bool
46 tags: fp_passwords_passwordstore
47 block:
48
49 # TODO
50 # - name: "Passwords: Passwordstore: Install packages"
51 # when: fp_passwordstore_install | bool
52 # ansible.builtin.include_tasks:
53 # file: packages-install.yml
54 # loop:
55 # - "{{ fp_passwordstore_packages }}"
56 # - "{{ fp_gpg_packages }}"
57 # - "{{ fp_gpg_packages_extra }}"
58 # vars:
59 # my_delegate_to_localhost: true
60 # run_once: true
61
62 - name: "Passwords: Passwordstore: Retrieve, create, or update userpass" # noqa: var-naming[no-role-prefix]
63 vars:
64 al_pws_backup: "{{ fp_passwordstore_backup }}"
65 al_pws_create: "{{ fp_passwordstore_create }}"
66 al_pws_debug: "{{ fp_passwordstore_debug }}"
67 al_pws_hostname_var: "{{ fp_passwordstore_hostname_var }}"
68 al_pws_idempotent_password_hash: "{{ fp_passwordstore_idempotent_password_hash }}"
69 al_pws_length: "{{ fp_passwordstore_length }}"
70 al_pws_nosymbols: "{{ fp_passwordstore_nosymbols }}"
71 al_pws_overwrite: "{{ fp_passwordstore_overwrite }}"
72 al_pws_passwordstore: "{{ fp_passwordstore_passwordstore }}"
73 al_pws_query: "{{ fp_users_conf }}"
74 al_pws_returnall: "{{ fp_passwordstore_returnall }}"
75 al_pws_subkey: "{{ fp_passwordstore_subkey }}"
76 register: fp_result
77 ansible.builtin.include_role:
78 name: "{{ fp_ansible_lib[ansible_role_name] }}"
79 tasks_from: al_pws_user_host.yml
80
81 - name: "Passwords: Passwordstore: Create fp_passwordstore_users"
82 no_log: "{{ not fp_passwords_debug_classified | bool }}"
83 ansible.builtin.set_fact:
84 fp_passwordstore_users: "{{ al_pws_query_result |
85 community.general.remove_keys(target=['userpass']) |
86 map('combine', {'update_password': fp_passwords_update_password}) }}"
87
88 - name: "Passwords: Passwordstore: Debug fp_passwords_debug={{ fp_passwords_debug }}"
89 when: fp_passwords_debug | bool
90 ansible.builtin.debug:
91 var: fp_passwordstore_users
92
93 - name: "Passwords: Passwordstore: Include users"
94 vars:
95 fp_users: "{{ fp_passwordstore_users }}"
96 fp_users_debug: "{{ fp_passwords_debug | bool }}"
97 fp_users_debug_classified: "{{ fp_passwords_debug_classified | bool }}"
98 ansible.builtin.include_tasks:
99 file: users.yml
100
101 rescue:
102
103 - name: "Passwords: Passwordstore: Debug fp_passwords_debug_classified={{ fp_passwords_debug_classified }}"
104 when: fp_passwords_debug_classified | bool
105 ansible.builtin.debug:
106 msg: |
107 [ERR] Passwordstore failed.
108 {{ ansible_failed_task | to_nice_yaml(indent=2) | indent(2) }}
109 {{ ansible_failed_result | to_nice_yaml(indent=2) | indent(2) }}
110
111 - name: "Passwords: Passwordstore: failed"
112 when: not fp_passwords_fail_gracefully | bool
113 ansible.builtin.fail:
114 msg: "[ERR] Passwordstore failed."
115
116 - name: "Passwords: Passwordstore: end host"
117 ansible.builtin.meta: end_host
118
119# EOF
periodic.yml
Synopsis: Configure periodic
Description of the task.
1---
2- name: "Periodic: Debug fp_periodic_debug={{ fp_periodic_debug }}"
3 when: fp_periodic_debug | bool
4 tags: fp_periodic_debug
5 vars:
6 msg: |-
7 fp_periodic_conf_local_file: {{ fp_periodic_conf_local_file }}
8 fp_periodic_conf_local:
9 {{ fp_periodic_conf_local | to_yaml(indent=2) | indent(2) }}
10 ansible.builtin.debug:
11 msg: "{{ '{}'.format(msg) }}"
12
13- name: "Periodic: Configure {{ fp_periodic_conf_local_file }}"
14 tags: fp_periodic_conf_local
15 ansible.builtin.lineinfile:
16 create: true
17 mode: "0644"
18 dest: "{{ fp_periodic_conf_local_file }}"
19 regexp: ^\s*{{ item.key }}\s*=(.*)$
20 line: '{{ item.key }}="{{ item.value }}"'
21 backup: "{{ fp_backup }}"
22 loop: "{{ fp_periodic_conf_local }}"
23
24# NOTES
25#
26# 13.10. Monitoring Third Party Security Issues
27# https://www.freebsd.org/doc/handbook/security-pkg.html
28#
29# Not Getting Security Reports
30# https://forums.freebsd.org/threads/not-getting-security-reports.21841/
31#
32# Daily security scripts: best practice for jails?
33# https://forums.freebsd.org/threads/daily-security-scripts-best-practice-for-jails.55868/
34
35# EOF
procmail.yml
Synopsis: Configure procmail
Description of the task.
1---
2- name: Forwarders
3 tags: fp_procmail_forwarders
4 block:
5
6 - name: "Procmail: Remove forwarders"
7 when: fp_procmail_forwarders_rebuild | bool
8 ansible.builtin.file:
9 state: absent
10 dest: /home/{{ item.user }}/.forward
11 loop: "{{ fp_procmail_forwarders }}"
12
13 - name: "Procmail: Configure forwarders"
14 ansible.builtin.blockinfile:
15 create: true
16 dest: /home/{{ item.user }}/.forward
17 owner: "{{ item.user }}"
18 mode: "0644"
19 marker: "# {mark} ANSIBLE MANAGED BLOCK"
20 backup: "{{ fp_backup }}"
21 block: |
22 "{{ item.forward }}"
23 loop: "{{ fp_procmail_forwarders }}"
24
25- name: "Procmail: Configure .procmailrc"
26 tags: fp_procmail_procmailrc
27 ansible.builtin.blockinfile:
28 create: true
29 dest: /home/{{ item.user }}/.procmailrc
30 owner: "{{ item.user }}"
31 mode: "0644"
32 marker: "# {mark} ANSIBLE MANAGED BLOCK"
33 backup: "{{ fp_backup }}"
34 block: |
35 SHELL={{ fp_procmail_shell }}
36 VERBOSE={{ fp_procmail_verbose }}
37 PATH={{ fp_procmail_path }}
38 MAILDIR={{ fp_procmail_maildir }}
39 DEFAULT=/var/mail/{{ item.user }}
40 PMDIR={{ fp_procmail_pmdir }}
41 LOGFILE=$PMDIR/pm.log
42 LOCKFILE=$PMDIR/.lockfile
43 SENDMAIL=/usr/sbin/sendmail
44 loop: "{{ fp_procmail_forwarders }}"
45
46- name: "Procmail: Create .procmail directory"
47 tags: fp_procmail_dir
48 ansible.builtin.file:
49 state: directory
50 mode: "0755"
51 path: /home/{{ item.user }}/.procmail
52 owner: "{{ item.user }}"
53 loop: "{{ fp_procmail_forwarders }}"
54
55- name: Includerc files
56 tags: fp_procmail_includerc
57 block:
58
59 - name: "Procmail: Create includerc files"
60 ansible.builtin.template:
61 src: procmailrc-includerc-{{ item.template }}.j2
62 dest: /home/{{ item.user }}/.procmail/{{ item.template }}.rc
63 owner: "{{ item.user }}"
64 mode: "0644"
65 backup: "{{ fp_backup }}"
66 loop: "{{ fp_procmail_includerc }}"
67 loop_control:
68 label: "{{ item.user }} {{ item.template }}"
69
70 - name: "Procmail: Include rc files in .procmailrc"
71 ansible.builtin.lineinfile:
72 create: true
73 dest: /home/{{ item.user }}/.procmailrc
74 owner: "{{ item.user }}"
75 mode: "0644"
76 line: INCLUDERC=$PMDIR/{{ item.template }}.rc
77 insertafter: EOF
78 backup: "{{ fp_backup }}"
79 loop: "{{ fp_procmail_includerc }}"
80 loop_control:
81 label: "{{ item.user }} {{ item.template }}"
82
83- name: "Procmail: Configure {{ fp_procmail_rc_file }}"
84 when: fp_procmail_rc_conf | length > 0
85 tags: fp_procmail_rc
86 ansible.builtin.template:
87 dest: "{{ fp_procmail_rc_file }}"
88 owner: root
89 mode: "0644"
90 src: procmailrc.j2
91 vars:
92 config: "{{ fp_procmail_rc_conf }}"
93
94# EOF
qemu.yml
Synopsis: Configure qemu
Description of the task.
1---
2- name: "Qemu: Configure rc.conf"
3 tags: fp_qemu_rcconf
4 vars:
5 _service: "{{ fp_qemu_service }}"
6 ansible.builtin.import_tasks: fn/rcconf.yml
7
8# EOF
rcd.yml
Synopsis: Configure rcd
Description of the task.
1---
2- name: "Rcd: Debug fp_rcd_debug={{ fp_rcd_debug }}"
3 when: fp_rcd_debug | bool
4 tags: fp_rcd_debug
5 vars:
6 msg: |-
7 fp_rcd_scripts_owner: {{ fp_rcd_scripts_owner }}
8 fp_rcd_scripts_group: {{ fp_rcd_scripts_group }}
9 fp_rcd_scripts_mode: {{ fp_rcd_scripts_mode }}
10 fp_rcd_scripts:
11 {{ fp_rcd_scripts | to_nice_yaml(indent=2) | indent(2) }}
12 fp_rcd_scripts_absent:
13 {{ fp_rcd_scripts_absent | to_nice_yaml(indent=2) | indent(2) }}
14 ansible.builtin.debug:
15 msg: "{{ '{}'.format(msg) }}"
16
17- name: "Rcd: Delete rc.d scripts"
18 tags: fp_rcd_scripts_absent
19 ansible.builtin.file:
20 state: absent
21 dest: "/etc/rc.d/{{ item }}"
22 loop: "{{ fp_rcd_scripts_absent }}"
23
24- name: "Rcd: Create rc.d scripts"
25 tags: fp_rcd_scripts
26 ansible.builtin.copy:
27 dest: "/etc/rc.d/{{ item.key }}"
28 content: |
29 {{ item.value.script }}
30 owner: "{{ item.value.owner | d(fp_rcd_scripts_owner) }}"
31 group: "{{ item.value.group | d(fp_rcd_scripts_group) }}"
32 mode: "{{ item.value.mode | d(fp_rcd_scripts_mode) }}"
33 backup: "{{ fp_backup }}"
34 loop: "{{ fp_rcd_scripts | dict2items }}"
35 loop_control:
36 label: "{{ item.key }}"
37
38# EOF
resolvconf.yml
Synopsis: Configure resolvconf
Description of the task.
1---
2- name: Clean resolv.conf
3 when: fp_resolv_conf_clean | bool
4 tags: fp_resolv_conf_clean
5 block:
6
7 - name: "Resolvconf: Stat file {{ fp_resolv_conf_file }}"
8 register: out
9 ansible.builtin.stat:
10 path: "{{ fp_resolv_conf_file }}"
11
12 - name: "Resolvconf: Clean file {{ fp_resolv_conf_file }}" # noqa: no-changed-when
13 when: out.stat.size > 0
14 ansible.builtin.shell: "cat /dev/null > {{ fp_resolv_conf_file }}"
15
16- name: Configuration of resolv.conf
17 block:
18
19 - name: "Resolvconf: Absent lines in {{ fp_resolv_conf_file }}"
20 tags: fp_resolv_conf_absent
21 ansible.builtin.lineinfile:
22 create: true
23 state: absent
24 dest: "{{ fp_resolv_conf_file }}"
25 owner: "{{ fp_resolv_conf_owner }}"
26 group: "{{ fp_resolv_conf_group }}"
27 mode: "{{ fp_resolv_conf_mode }}"
28 regexp: ^\s*{{ item }}\s*$
29 backup: "{{ fp_backup }}"
30 loop: "{{ fp_resolv_conf_absent }}"
31
32 - name: "Resolvconf: Present lines in {{ fp_resolv_conf_file }}"
33 tags: fp_resolv_conf
34 ansible.builtin.lineinfile:
35 create: true
36 dest: "{{ fp_resolv_conf_file }}"
37 owner: "{{ fp_resolv_conf_owner }}"
38 group: "{{ fp_resolv_conf_group }}"
39 mode: "{{ fp_resolv_conf_mode }}"
40 regexp: ^\s*{{ item.key }}\s+(.*)$
41 line: "{{ item.key }} {{ item.value }}"
42 backup: "{{ fp_backup }}"
43 loop: "{{ fp_resolv_conf }}"
44
45 rescue:
46
47 - name: "Resolvconf: Configuration of resolv.conf failed."
48 ansible.builtin.debug:
49 msg: |
50 ansible_failed_task:
51 {{ ansible_failed_task | to_nice_yaml(indent=2) | indent(2) }}
52 ansible_failed_result:
53 {{ ansible_failed_result | to_nice_yaml(indent=2) | indent(2) }}
54
55 - name: "Resolvconf: End host."
56 ansible.builtin.meta: end_host
57
58- name: Clean resolvconf.conf
59 when: fp_resolvconf_conf_clean | bool
60 tags: fp_resolvconf_conf_clean
61 block:
62
63 - name: "Resolvconf: Stat file {{ fp_resolvconf_conf_file }}"
64 register: out
65 ansible.builtin.stat:
66 path: "{{ fp_resolvconf_conf_file }}"
67
68 - name: "Resolvconf: Clean file {{ fp_resolvconf_conf_file }}" # noqa: no-changed-when
69 when: out.stat.size > 0
70 ansible.builtin.shell: "cat /dev/null > {{ fp_resolvconf_conf_file }}"
71
72- name: Configuration of resolvconf.conf
73 notify: resolvconf apply
74 block:
75
76 - name: "Resolvconf: Absent lines in {{ fp_resolvconf_conf_file }}"
77 tags: fp_resolvconf_conf_absent
78 community.general.sysrc:
79 path: "{{ fp_resolvconf_conf_file }}"
80 name: "{{ item }}"
81 state: absent
82 loop: "{{ fp_resolvconf_conf_absent }}"
83
84 - name: "Resolvconf: Present lines in {{ fp_resolvconf_conf_file }}"
85 tags: fp_resolvconf_conf
86 community.general.sysrc:
87 path: "{{ fp_resolvconf_conf_file }}"
88 name: "{{ item.key }}"
89 value: "{{ item.value }}"
90 loop: "{{ fp_resolvconf_conf }}"
91
92 rescue:
93
94 - name: "Resolvconf: Configuration of resolvconf.conf failed."
95 ansible.builtin.debug:
96 msg: |
97 ansible_failed_task:
98 {{ ansible_failed_task | to_nice_yaml(indent=2) | indent(2) }}
99 ansible_failed_result:
100 {{ ansible_failed_result | to_nice_yaml(indent=2) | indent(2) }}
101
102 - name: "Resolvconf: End host."
103 ansible.builtin.meta: end_host
104
105# EOF
sanity.yml
Synopsis: Configure sanity
Description of the task.
1---
2- name: "Sanity: Debug fp_sanity_debug={{ fp_sanity_debug }}"
3 when: fp_sanity_debug | bool
4 tags: fp_sanity_debug
5 ansible.builtin.debug:
6 msg: |-
7 fp_sanity_quiet: {{ fp_sanity_quiet }}
8 fp_sanity_tags_fatal: {{ fp_sanity_tags_fatal }}
9 ansible_run_tags:
10 {{ ansible_run_tags | to_yaml(indent=2) | indent(2) }}
11 ansible_skip_tags:
12 {{ ansible_skip_tags | to_yaml(indent=2) | indent(2) }}
13 fp_sanity_tags:
14 {{ fp_sanity_tags | to_yaml(indent=2) | indent(2) }}
15
16- name: Tags
17 when: fp_sanity_tags_fatal | bool
18 tags: fp_sanity_tags
19 vars:
20 _ansible_run_tags: "{{ ansible_run_tags | difference(['all']) }}"
21 block:
22
23 - name: "Sanity: Unknown run tags"
24 when: _ansible_run_tags | length > 0
25 vars:
26 tags_unknown: "{{ _ansible_run_tags | difference(fp_sanity_tags) }}"
27 ansible.builtin.assert:
28 that: tags_unknown | length == 0
29 quiet: "{{ fp_sanity_quiet }}"
30 fail_msg: "[ERR] Unknown run tag(s): {{ tags_unknown }}"
31
32 - name: "Sanity: Unknown skip tags"
33 when: ansible_skip_tags | length > 0
34 vars:
35 tags_unknown: "{{ ansible_skip_tags | difference(fp_sanity_tags) }}"
36 ansible.builtin.assert:
37 that: tags_unknown | length == 0
38 quiet: "{{ fp_sanity_quiet }}"
39 fail_msg: "[ERR] Unknown skip tag(s): {{ tags_unknown }}"
40
41# EOF
smartd.yml
Synopsis: Configure smartd
Description of the task.
1---
2- name: Configure smartd
3 tags: fp_smartd_conf
4 notify: reload smartd
5 block:
6
7 - name: "Smartd: Configure smartd.conf"
8 ansible.builtin.lineinfile:
9 dest: "{{ fp_smartd_conf_file }}"
10 regexp: ^\s*DEVICESCAN(.*)$
11 state: absent
12 backup: "{{ fp_backup }}"
13
14 - name: "Smartd: Configure devices in {{ fp_smartd_conf_file }}"
15 ansible.builtin.lineinfile:
16 create: true
17 dest: "{{ fp_smartd_conf_file }}"
18 regexp: "{{ item.regexp }}"
19 line: "{{ item.line }}"
20 state: "{{ item.state | d(omit) }}"
21 owner: "{{ fp_smartd_conf_owner }}"
22 group: "{{ fp_smartd_conf_group }}"
23 mode: "{{ fp_smartd_conf_mode }}"
24 backup: "{{ fp_backup }}"
25 loop: "{{ fp_smartd_devices }}"
26
27- name: "Smartd: Configure rc.conf"
28 tags: fp_smartd_rcconf
29 vars:
30 _service: smartd
31 ansible.builtin.import_tasks: fn/rcconf.yml
32
33# EOF
snmpd.yml
Synopsis: Configure snmpd
Description of the task.
1---
2- name: Configure /usr/local/etc/snmpd.conf
3 tags: fp_snmpd_conf
4 notify: restart snmpd
5 block:
6
7 - name: "Snmpd: Copy snmpd.conf.example to snmpd.conf if not exist"
8 ansible.builtin.copy:
9 force: false
10 remote_src: true
11 src: /usr/local/share/snmp/snmpd.conf.example
12 dest: /usr/local/etc/snmpd.conf
13 owner: root
14 group: wheel
15 mode: "0644"
16
17 - name: "Snmpd: Configure /usr/local/etc/snmpd.conf"
18 ansible.builtin.lineinfile:
19 path: /usr/local/etc/snmpd.conf
20 regexp: ^\s*{{ item.key }}\s*=(.*)$
21 line: "{{ item.key }} {{ item.value }}"
22 state: "{{ item.state | d(omit) }}"
23 backup: "{{ fp_backup }}"
24 loop: "{{ fp_snmpd_conf }}"
25
26- name: "Snmpd: Configure rc.conf"
27 tags: fp_snmpd_rcconf
28 vars:
29 _service: snmpd
30 ansible.builtin.import_tasks: fn/rcconf.yml
31
32# EOF
ssh.yml
Synopsis: Configure ssh
Description of the task.
1---
2- name: "Ssh: Debug fp_ssh_debug={{ fp_ssh_debug }}"
3 when: fp_ssh_debug | bool
4 tags: fp_ssh_debug
5 vars:
6 msg: |-
7 fp_ssh_conf_file: {{ fp_ssh_conf_file }}
8 fp_ssh_conf:
9 {{ fp_ssh_conf | to_yaml(indent=2) | indent(2) }}
10 ansible.builtin.debug:
11 msg: "{{ '{}'.format(msg) }}"
12
13- name: "Ssh: Configure {{ fp_ssh_conf_file }}"
14 tags: fp_ssh_config
15 ansible.builtin.template:
16 src: "{{ fp_ssh_conf_template }}"
17 dest: "{{ fp_ssh_conf_file }}"
18 owner: "{{ fp_ssh_conf_owner }}"
19 group: "{{ fp_ssh_conf_group }}"
20 mode: "{{ fp_ssh_conf_mode }}"
21 backup: "{{ fp_backup }}"
22
23# EOF
sshd.yml
Synopsis: Configure sshd
Description of the task.
1---
2- name: "Sshd: Debug fp_sshd_debug={{ fp_sshd_debug }}"
3 when: fp_sshd_debug | bool
4 tags: fp_sshd_debug
5 vars:
6 msg: |-
7 fp_sshd_enable: {{ fp_sshd_enable }}
8 fp_sshd_notify: {{ fp_sshd_notify }}
9 fp_sshd_service_task: {{ fp_sshd_service_task }}
10
11 fp_sshd_rcconf:
12 {{ fp_sshd_rcconf | to_yaml(indent=2) | indent(2) }}
13 fp_sshd_bin: {{ fp_sshd_bin }}
14 fp_sshd_conf_file: {{ fp_sshd_conf_file }}
15 fp_sshd_conf:
16 {{ fp_sshd_conf | to_yaml(indent=2) | indent(2) }}
17 ansible.builtin.debug:
18 msg: "{{ '{}'.format(msg) }}"
19
20- name: "Sshd: Configure {{ fp_sshd_conf_file }}"
21 tags: fp_sshd_config
22 notify: reload sshd
23 ansible.builtin.lineinfile:
24 dest: "{{ fp_sshd_conf_file }}"
25 regexp: ^\s*{{ item.key }}\s+(.*)$
26 insertbefore: ^\s*#\s*{{ item.key }}
27 line: "{{ item.key }} {{ item.value }}"
28 backup: "{{ fp_backup }}"
29 validate: "{{ fp_sshd_bin }} -t -f %s"
30 loop: "{{ fp_sshd_conf }}"
31
32- name: "Sshd: Configure rc.conf"
33 tags: fp_sshd_rcconf
34 vars:
35 _service: sshd
36 ansible.builtin.import_tasks: fn/rcconf.yml
37
38# EOF
sudoers.yml
Synopsis: Configure sudoers
Description of the task.
1---
2- name: "Sudoers: Configure {{ fp_sudoers_conf_file }}"
3 tags: fp_sudoers_conf
4 ansible.builtin.lineinfile:
5 dest: "{{ fp_sudoers_conf_file }}"
6 create: "{{ fp_sudoers_conf_file_create }}"
7 regexp: ^\s*{{ item.key }}\s+(.*)$
8 line: "{{ item.key }} {{ item.value }}"
9 state: "{{ item.state | d(omit) }}"
10 insertafter: EOF
11 owner: "{{ fp_sudoers_conf_owner }}"
12 group: "{{ fp_sudoers_conf_group }}"
13 mode: "{{ fp_sudoers_conf_mode }}"
14 backup: "{{ fp_backup }}"
15 loop: "{{ fp_sudoers_conf }}"
16
17# TODO:
18# (1) configure /usr/local/etc/sudoers.d
19# (2) configure /usr/local/etc/sudoers.dist
20
21# EOF
swap.yml
Synopsis: Configure swap
Description of the task.
1---
2- name: "Swap: Debug (fp_swap_debug={{ fp_swap_debug }})"
3 when: fp_swap_debug | bool
4 tags: fp_swap_debug
5 vars:
6 msg: |-
7 fp_swap_enable: {{ fp_swap_enable }}
8 fp_swap_file: {{ fp_swap_file | d('UNDEFINED') }}
9 fp_swap_md: {{ fp_swap_md | d('UNDEFINED') }}
10 fp_swap_size: {{ fp_swap_size | d('UNDEFINED') }}
11 fp_swap_stsize: {{ fp_swap_stsize | d('UNDEFINED') }}
12 ansible.builtin.debug:
13 msg: "{{ '{}'.format(msg) }}"
14
15- name: "Swap: Enable swap and add entry in /etc/fstab"
16 when: fp_swap_enable | bool
17 tags: fp_swap_enable
18 block:
19
20 - name: "Swap: Create swapfile {{ fp_swap_file }}"
21 register: command_result
22 notify: create swap
23 ansible.builtin.shell:
24 cmd: >
25 sh -c
26 'if [ ! -e {{ fp_swap_file }} ]; then
27 printf "create";
28 fi'
29 changed_when: command_result.stdout | d('none') == 'create'
30
31 - name: "Swap: Create swap entry in /etc/fstab"
32 notify: mount swap
33 ansible.builtin.lineinfile:
34 path: /etc/fstab
35 regexp: ^\s*{{ fp_swap_md }}\s+(.*)$
36 line: "{{ fp_swap_md }} none swap sw,file={{ fp_swap_file }},late 0 0"
37 backup: "{{ fp_backup }}"
38
39 # - ansible.posix.mount:
40 # name: 'none'
41 # src: "{{ fp_swap_md }}"
42 # fstype: swap
43 # opts: "sw,file={{ fp_swap_file }},late"
44 # passno: '0'
45 # dump: '0'
46 # state: mounted
47 # backup: true
48 #
49 # Note: ansible.posix.mount module can't mount fstype swap
50 # https://github.com/ansible/ansible/pull/49390
51 # https://github.com/ansible-collections/ansible.posix/issues/106
52
53 - name: "Swap: Change swapfile {{ fp_swap_file }}"
54 register: command_result
55 notify: change and mount swap
56 ansible.builtin.shell:
57 cmd: >
58 sh -c
59 'if [ -e {{ fp_swap_file }} ] &&
60 [ "`stat -f %z {{ fp_swap_file }}`" -ne "{{ fp_swap_stsize }}" ]; then
61 printf "change";
62 fi'
63 changed_when: command_result.stdout | d('none') == 'change'
64
65- name: "Swap: Disable swap and remove entry from /etc/fstab"
66 tags: fp_swap_disable
67 when:
68 - not fp_swap_enable | bool
69 - fp_swap_md is defined
70 notify: umount and delete swap
71 ansible.builtin.lineinfile:
72 path: /etc/fstab
73 regexp: ^\s*{{ fp_swap_md }}\s+(.*)$
74 state: absent
75 backup: "{{ fp_backup }}"
76
77# EOF
sysctl.yml
Synopsis: Configure sysctl
Description of the task.
1---
2- name: "Sysctl: Debug fp_sysctl_debug={{ fp_sysctl_debug }}"
3 when: fp_sysctl_debug | bool
4 tags: fp_sysctl_debug
5 vars:
6 msg: |-
7 fp_sysctl_tuneables_warning: {{ fp_sysctl_tuneables_warning }}
8 fp_sysctl_conf_file: {{ fp_sysctl_conf_file }}
9 fp_sysctl_ignoreerrors: {{ fp_sysctl_ignoreerrors }}
10 fp_sysctl_conf:
11 {{ fp_sysctl_conf | to_yaml(indent=2) | indent(2) }}
12 ansible.builtin.debug:
13 msg: "{{ '{}'.format(msg) }}"
14
15- name: "Sysctl: Configure {{ fp_sysctl_conf_file }}"
16 tags: fp_sysctl_conf
17 ansible.posix.sysctl:
18 sysctl_file: "{{ fp_sysctl_conf_file }}"
19 name: "{{ item.name }}"
20 value: "{{ item.value }}"
21 state: "{{ item.state | d(omit) }}"
22 reload: "{{ item.reload | d(omit) }}"
23 sysctl_set: "{{ item.set | d(omit) }}"
24 ignoreerrors: "{{ fp_sysctl_ignoreerrors | d(omit) }}"
25 loop: "{{ fp_sysctl_conf }}"
26
27- name: Warn when fp_sysctl_conf keeps boot-time tuneables settable via loader.
28 when: fp_sysctl_tuneables_warning | bool
29 tags: fp_sysctl_tuneables_warning
30 block:
31
32 - name: "Sysctl: Get sysctls settable via loader."
33 register: result
34 ansible.builtin.command: sysctl -aNT
35 changed_when: false
36 check_mode: false
37
38 - name: "Sysctl: Warn when fp_sysctl_conf keeps boot-time tuneables settable via loader."
39 when: fp_sysctl_tuneables | length > 0
40 vars:
41 fp_sysctl_tuneables: "{{ fp_sysctl_conf | map(attribute='name') | select('in', result.stdout_lines) | sort }}"
42 ansible.builtin.debug:
43 msg: >-
44 [WARNING] Loader boot-time tuneables in fp_sysctl_conf:
45 {{ fp_sysctl_tuneables | to_yaml }}
46
47# NOTES
48# 1) As of v2.6 module sysctl 'optionally performs a /sbin/sysctl -p'
49# http://ansible-manual.readthedocs.io/en/latest/sysctl_module.html
50# 2) freebsd doesn't support -p, so reload the sysctl service
51# rc,out,err = self.module.run_command('/etc/rc.d/sysctl reload')
52# https://github.com/ansible/ansible-modules-core/blob/devel/system/sysctl.py
53# 3) See loader.yml how tuneables are settable via loader.
54# https://forums.freebsd.org/threads/reload-loader-conf.72010/
55
56# EOF
syslogd.yml
Synopsis: Configure syslogd
Description of the task.
1---
2- name: "Syslogd: Debug fp_syslogd_debug={{ fp_syslogd_debug }}"
3 when: fp_syslogd_debug | bool
4 tags: fp_syslogd_debug
5 vars:
6 msg: |-
7 fp_syslogd_enable: {{ fp_syslogd_enable }}
8 fp_syslogd_notify: {{ fp_syslogd_notify }}
9 fp_syslogd_service_task: {{ fp_syslogd_service_task }}
10
11 fp_syslogd_rcconf:
12 {{ fp_syslogd_rcconf | to_yaml(indent=2) | indent(2) }}
13 fp_syslogd_conf_orig: {{ fp_syslogd_conf_orig }}
14 fp_syslogd_conf_sanity: {{ fp_syslogd_conf_sanity }}
15 fp_syslogd_conf_template: {{ fp_syslogd_conf_template }}
16 fp_syslogd_conf_file: {{ fp_syslogd_conf_file }}
17 fp_syslogd_conf:
18 {{ fp_syslogd_conf | to_yaml(indent=2) | indent(2) }}
19 fp_syslogd_confd:
20 {{ fp_syslogd_confd | to_yaml(indent=2) | indent(2) }}
21 fp_syslogd_newconf_orig: {{ fp_syslogd_newconf_orig }}
22 fp_syslogd_newconf:
23 {{ fp_syslogd_newconf | to_yaml(indent=2) | indent(2) }}
24 ansible.builtin.debug:
25 msg: "{{ '{}'.format(msg) }}"
26
27- name: Configure syslogd
28 tags: fp_syslogd_conf
29 block:
30
31 - name: "Syslogd: Backup origin {{ fp_syslogd_conf_file }}"
32 when: fp_syslogd_conf_orig | bool
33 ansible.builtin.command:
34 cmd: "cp {{ fp_syslogd_conf_file }} {{ fp_syslogd_conf_file }}.orig"
35 creates: "{{ fp_syslogd_conf_file }}.orig"
36
37 - name: "Syslogd: Sanity fp_syslogd_conf is empty."
38 when: fp_syslogd_conf_sanity | bool
39 ansible.builtin.assert:
40 that: fp_syslogd_conf | length > 0
41 fail_msg: "[ERR] fp_syslogd_conf is empty."
42 quiet: true
43
44 - name: "Syslogd: Configure {{ fp_syslogd_conf_file }}"
45 when: fp_syslogd_conf | length > 0
46 notify: reload syslogd
47 ansible.builtin.template:
48 src: "{{ fp_syslogd_conf_template }}"
49 dest: "{{ fp_syslogd_conf_file }}"
50 owner: root
51 group: wheel
52 mode: "0644"
53 backup: "{{ fp_backup }}"
54
55 - name: "Syslogd: Create files in /etc/syslog.d/"
56 notify: reload syslogd
57 ansible.builtin.template:
58 src: "{{ item.template }}"
59 dest: /etc/syslog.d/{{ item.path }}
60 owner: root
61 group: wheel
62 mode: "0644"
63 backup: "{{ fp_backup }}"
64 loop: "{{ fp_syslogd_confd }}"
65 loop_control:
66 label: "{{ item.path }}"
67 vars:
68 fp_syslogd_conf: "{{ item.conf }}"
69
70- name: Configure newsyslog
71 tags: fp_syslogd_newconf
72 block:
73
74 - name: "Syslogd: Backup origin /etc/newsyslog.conf"
75 when: fp_syslogd_newconf_orig | bool
76 ansible.builtin.command:
77 cmd: cp /etc/newsyslog.conf /etc/newsyslog.conf.orig
78 creates: /etc/newsyslog.conf.orig
79
80 - name: "Syslogd: Configure /etc/newsyslog.conf"
81 when: fp_syslogd_newconf | length > 0
82 notify: create newsyslog
83 ansible.builtin.template:
84 src: newsyslog.conf.j2
85 dest: /etc/newsyslog.conf
86 owner: root
87 group: wheel
88 mode: "0644"
89 backup: "{{ fp_backup }}"
90
91- name: "Syslogd: Configure rc.conf"
92 tags: fp_syslogd_rcconf
93 vars:
94 _service: syslogd
95 ansible.builtin.import_tasks: fn/rcconf.yml
96
97# EOF
syslog-ng.yml
Synopsis: Configure syslog-ng
Description of the task.
1---
2- name: "Syslog-ng: Debug fp_syslogng_debug={{ fp_syslogng_debug }}"
3 when: fp_syslogng_debug | bool
4 tags: fp_syslogng_debug
5 vars:
6 msg: |-
7 fp_syslogng_install: {{ fp_syslogng_install }}
8 fp_syslogng_enable: {{ fp_syslogng_enable }}
9 fp_syslogng_notify: {{ fp_syslogng_notify }}
10 fp_syslogng_service_task: {{ fp_syslogng_service_task }}
11
12 fp_syslogng_rcconf:
13 {{ fp_syslogng_rcconf | to_yaml(indent=2) | indent(2) }}
14 fp_syslogng_conf_orig: {{ fp_syslogng_conf_orig }}
15 fp_syslogng_conf_sanity: {{ fp_syslogng_conf_sanity }}
16 fp_syslogng_conf_template: {{ fp_syslogng_conf_template }}
17 fp_syslogng_conf_file: {{ fp_syslogng_conf_file }}
18 fp_syslogng_conf:
19 {{ fp_syslogng_conf | to_yaml(indent=2) | indent(2) }}
20 ansible.builtin.debug:
21 msg: "{{ '{}'.format(msg) }}"
22
23- name: Configure syslog-ng
24 tags: fp_syslogng_conf
25 block:
26
27 - name: "Syslog-ng: Backup origin {{ fp_syslogng_conf_file }}"
28 when: fp_syslogng_conf_orig | bool
29 ansible.builtin.command:
30 cmd: "cp {{ fp_syslogng_conf_file }} {{ fp_syslogng_conf_file }}.orig"
31 creates: "{{ fp_syslogng_conf_file }}.orig"
32
33 - name: "Syslog-ng: Sanity fp_syslogng_conf is empty."
34 when: fp_syslogng_conf_sanity | bool
35 ansible.builtin.assert:
36 that: fp_syslogng_conf | length > 0
37 fail_msg: "[ERR] fp_syslogng_conf is empty."
38 quiet: true
39
40 - name: "Syslog-ng: Configure {{ fp_syslogng_conf_file }}"
41 when: fp_syslogng_conf | length > 0
42 notify: reload syslog-ng
43 ansible.builtin.template:
44 src: "{{ fp_syslogng_conf_template }}"
45 dest: "{{ fp_syslogng_conf_file }}"
46 owner: root
47 group: wheel
48 mode: "0644"
49 backup: "{{ fp_backup }}"
50 validate: syslog-ng --syntax-only --cfgfile %s
51
52- name: "Syslog-ng: Configure rc.conf"
53 tags: fp_syslogng_rcconf
54 vars:
55 _service: syslog-ng
56 ansible.builtin.import_tasks: fn/rcconf.yml
57
58# EOF
timezone.yml
Synopsis: Configure timezone
Description of the task.
1---
2- name: "Timezone: Debug fp_timezone_debug={{ fp_timezone_debug }}"
3 when: fp_timezone_debug | bool
4 tags: fp_timezone_debug
5 ansible.builtin.debug:
6 msg: |-
7 fp_zoneinfo: {{ fp_zoneinfo }}
8
9- name: "Timezone: set timezone to {{ fp_zoneinfo }}"
10 notify: adjust CMOS
11 community.general.timezone:
12 name: "{{ fp_zoneinfo }}"
13
14# EOF
tmpmfs.yml
Synopsis: Configure tmpmfs
Description of the task.
1---
2- name: "Tmpmfs: Debug fp_tmpmfs_debug={{ fp_tmpmfs_debug }}"
3 when: fp_tmpmfs_debug | bool
4 tags: fp_tmpmfs_debug
5 vars:
6 msg: |-
7 fp_tmpmfs_rcconf:
8 {{ fp_tmpmfs_rcconf | to_yaml(indent=2) | indent(2) }}
9 ansible.builtin.debug:
10 msg: "{{ '{}'.format(msg) }}"
11
12- name: "Tmpmfs: Configure tmpmfs in {{ _path }}"
13 vars:
14 _service: tmpmfs
15 _rcconfd_path: "{{ fp_rcconfd_path[_service] }}"
16 _path: "{{ fp_rcconfd | bool | ternary(_rcconfd_path, '/etc/rc.conf') }}"
17 tags: fp_tmpmfs_rcconf
18 community.general.sysrc:
19 path: "{{ _path }}"
20 name: "{{ item.name }}"
21 value: "{{ item.value | d(omit) }}"
22 state: "{{ item.state | d(omit) }}"
23 loop: "{{ fp_tmpmfs_rcconf }}"
24
25# EOF
users.yml
Synopsis: Configure users
Description of the task.
1---
2- name: "Users: Debug (fp_users_debug={{ fp_users_debug }})"
3 when: fp_users_debug|bool
4 tags: fp_users_debug
5 vars:
6 msg: |-
7 fp_users_debug_classified: {{ fp_users_debug_classified }}
8 fp_users_conf:
9 {{ fp_users_conf | to_nice_yaml(indent=2) | indent(2) }}
10 ansible.builtin.debug:
11 msg: "{{ '{}'.format(msg) }}"
12
13- name: "Users: Manage user accounts"
14 no_log: "{{ not fp_users_debug_classified }}"
15 ansible.builtin.user:
16 name: "{{ item.name }}"
17 append: "{{ item.append | d(omit) }}"
18 authorization: "{{ item.authorization | d(omit) }}"
19 comment: "{{ item.comment | d(omit) }}"
20 create_home: "{{ item.create_home | d(omit) }}"
21 expires: "{{ item.expires | d(omit) }}"
22 force: "{{ item.force | d(omit) }}"
23 generate_ssh_key: "{{ item.generate_ssh_key | d(omit) }}"
24 group: "{{ item.group | d(omit) }}"
25 groups: "{{ item.groups | d(omit) }}"
26 hidden: "{{ item.hidden | d(omit) }}"
27 home: "{{ item.home | d(omit) }}"
28 local: "{{ item.local | d(omit) }}"
29 login_class: "{{ item.login_class | d(omit) }}"
30 move_home: "{{ item.move_home | d(omit) }}"
31 non_unique: "{{ item.non_unique | d(omit) }}"
32 password: "{{ item.password | d(omit) }}"
33 password_lock: "{{ item.password_lock | d(omit) }}"
34 profile: "{{ item.profile | d(omit) }}"
35 remove: "{{ item.remove | d(omit) }}"
36 role: "{{ item.role | d(omit) }}"
37 seuser: "{{ item.seuser | d(omit) }}"
38 shell: "{{ item.shell | d(omit) }}"
39 skeleton: "{{ item.skeleton | d(omit) }}"
40 ssh_key_bits: "{{ item.ssh_key_bits | d(omit) }}"
41 ssh_key_comment: "{{ item.ssh_key_comment | d(omit) }}"
42 ssh_key_file: "{{ item.ssh_key_file | d(omit) }}"
43 ssh_key_passphrase: "{{ item.ssh_key_passphrase | d(omit) }}"
44 ssh_key_type: "{{ item.ssh_key_type | d(omit) }}"
45 state: "{{ item.state | d(omit) }}"
46 system: "{{ item.system | d(omit) }}"
47 uid: "{{ item.uid | d(omit) }}"
48 update_password: "{{ item.update_password | d(omit) }}"
49 loop: "{{ fp_users_conf }}"
50 loop_control:
51 label: "{{ item.name }}"
52
53# EOF
vars.yml
Synopsis: Configure vars
Description of the task.
1---
2- name: Get default versions
3 when: fp_vars_default_versions | bool
4 tags: fp_vars_default_versions
5 block:
6
7 - name: "Vars: Copy Makefile"
8 ansible.builtin.copy:
9 src: Makefile.default-versions
10 dest: "{{ fp_vars_makefile }}"
11 mode: "0644"
12
13 - name: "Vars: Get default versions"
14 register: result
15 ansible.builtin.command:
16 cmd: "make -f {{ fp_vars_makefile }} default-versions"
17 changed_when: false
18
19 - name: "Vars: Create dictionary pf_default_versions"
20 ansible.builtin.set_fact:
21 pf_default_versions: "{{ result.stdout | from_yaml }}"
22
23 - name: "Vars: Debug default versions (fp_vars_debug={{ fp_vars_debug }})"
24 when: fp_vars_debug | bool
25 ansible.builtin.debug:
26 var: pf_default_versions
wpasupplicant.yml
Synopsis: Configure wpasupplicant
Description of the task.
1---
2- name: "Wpasupplicant: Debug fp_wpasupplicant_debug={{ fp_wpasupplicant_debug }}"
3 when: fp_wpasupplicant_debug | bool
4 tags: fp_wpasupplicant_debug
5 vars:
6 msg: |-
7 fp_wpasupplicant_backup: {{ fp_wpasupplicant_backup }}
8 fp_wpasupplicant_program: {{ fp_wpasupplicant_program }}
9 fp_wpasupplicant_flags: {{ fp_wpasupplicant_flags }}
10 fp_wpasupplicant_conf_file: {{ fp_wpasupplicant_conf_file }}
11 fp_wpasupplicant_rcconf:
12 {{ fp_wpasupplicant_rcconf | to_yaml(indent=2) | indent(2) }}
13 fp_wpasupplicant_conf_file_link: {{ fp_wpasupplicant_conf_file_link }}
14 fp_wpasupplicant_conf_owner: {{ fp_wpasupplicant_conf_owner }}
15 fp_wpasupplicant_conf_group: {{ fp_wpasupplicant_conf_group }}
16 fp_wpasupplicant_conf_mode: {{ fp_wpasupplicant_conf_mode }}
17 fp_wpasupplicant_conf_dir: {{ fp_wpasupplicant_conf_dir }}
18 fp_wpasupplicant_conf_template: {{ fp_wpasupplicant_conf_template }}
19 fp_wpasupplicant_conf_ctrl_interface: {{ fp_wpasupplicant_conf_ctrl_interface }}
20 fp_wpasupplicant_conf_global:
21 {{ fp_wpasupplicant_conf_global | to_yaml(indent=2) | indent(2) }}
22 fp_wpasupplicant_rcd: {{ fp_wpasupplicant_rcd }}
23 fp_wpasupplicant_rcd_conf:
24 {{ fp_wpasupplicant_rcd_conf | to_yaml(indent=2) | indent(2) }}
25 {% if fp_wpasupplicant_debug_classified %}
26 fp_wpasupplicant_conf:
27 {{ fp_wpasupplicant_conf | to_yaml(indent=2) | indent(2) }}
28 {% endif %}
29 ansible.builtin.debug:
30 msg: "{{ '{}'.format(msg) }}"
31
32- name: "Wpasupplicant: Configure {{ _path }}"
33 vars:
34 _path: "{{ fp_rcconfd | bool | ternary(fp_rcconfd_path.wpasupplicant, '/etc/rc.conf') }}"
35 notify: restart netif
36 tags: fp_wpasupplicant_rcconf
37 community.general.sysrc:
38 path: "{{ _path }}"
39 name: "{{ item.key }}"
40 value: "{{ item.value | d(omit) }}"
41 state: "{{ item.state | d(omit) }}"
42 loop: "{{ fp_wpasupplicant_rcconf }}"
43
44- name: "Wpasupplicant: Configure {{ fp_wpasupplicant_conf_file ~ '.DEV' }}"
45 no_log: "{{ not fp_wpasupplicant_debug_classified }}"
46 register: fp_wpa_supplicant_conf_changes
47 tags: fp_wpasupplicant_conf
48 ansible.builtin.template:
49 src: "{{ fp_wpasupplicant_conf_template }}"
50 dest: "{{ fp_wpasupplicant_conf_file }}.{{ item.dev }}"
51 owner: "{{ fp_wpasupplicant_conf_owner }}"
52 group: "{{ fp_wpasupplicant_conf_group }}"
53 mode: "{{ fp_wpasupplicant_conf_mode }}"
54 backup: "{{ fp_wpasupplicant_backup }}"
55 loop: "{{ fp_wpasupplicant_conf }}"
56 loop_control:
57 label: "{{ item.dev }}"
58
59- name: "Wpasupplicant: Debug: registered to fp_wpa_supplicant_conf_changes"
60 when: fp_wpasupplicant_debug | bool
61 no_log: "{{ not fp_wpasupplicant_debug_classified }}"
62 tags: fp_wpasupplicant_conf
63 ansible.builtin.debug:
64 msg: "{{ fp_wpa_supplicant_conf_changes }}"
65
66- name: "Wpasupplicant: Link {{ fp_wpasupplicant_conf_file }}"
67 when: fp_wpasupplicant_conf_file_link | length > 0
68 tags: fp_wpasupplicant_conf_file_link
69 ansible.builtin.file:
70 state: link
71 src: "{{ fp_wpasupplicant_conf_file }}.{{ fp_wpasupplicant_conf_file_link }}"
72 dest: "{{ fp_wpasupplicant_conf_file }}"
73 force: true
74
75# Use device specific configuration. Example:
76# /usr/local/sbin/wpa_supplicant -s -B -i wlan1 -c /etc/wpa_supplicant.conf.wlan1
77- name: "Wpasupplicant: Configure /etc/rc.d/wpa_supplicant"
78 when: fp_wpasupplicant_rcd | bool
79 tags: fp_wpasupplicant_rcd
80 community.general.sysrc:
81 path: /etc/rc.d/wpa_supplicant
82 name: "{{ item.name }}"
83 value: "{{ item.value | d(omit) }}"
84 state: "{{ item.state | d(omit) }}"
85 loop: "{{ fp_wpasupplicant_rcd_conf }}"
86
87# EOF
digitalocean.yml
Synopsis: Configure digitalocean
Description of the task.
[tasks/cloud-providers/digitalocean.yml]
1---
2- name: "Digitalocean: Debug fp_do_debug={{ fp_do_debug }}"
3 when: fp_do_debug | bool
4 tags: fp_do_debug
5 vars:
6 msg: |-
7 ansible_facts.distribution_major_version: {{ ansible_facts.distribution_major_version }}
8 fp_do_default_user: {{ fp_do_default_user }}
9 fp_do_default_user_remove: {{ fp_do_default_user_remove }}
10 fp_do_default_user_remove_home: {{ fp_do_default_user_remove_home }}
11 fp_do_rcconf_cloudinit_enable: {{ fp_do_rcconf_cloudinit_enable }}
12 fp_do_rcconf_digitaloceanpre_enable: {{ fp_do_rcconf_digitaloceanpre_enable }}
13 fp_do_rcconf_digitalocean_enable: {{ fp_do_rcconf_digitalocean_enable }}
14 fp_do_rcconf:
15 {{ fp_do_rcconf | to_yaml | indent(2) }}
16 ansible.builtin.debug:
17 msg: "{{ '{}'.format(msg) }}"
18
19- name: "Digitalocean: Configure {{ _path }}"
20 vars:
21 _path: "{{ fp_rcconfd | bool | ternary(fp_rcconfd_path.digitalocean, '/etc/rc.conf') }}"
22 tags: fp_do_rcconf
23 community.general.sysrc:
24 path: "{{ _path }}"
25 name: "{{ item.key }}"
26 value: "{{ item.value | d(omit) }}"
27 state: "{{ item.state | d(omit) }}"
28 loop: "{{ fp_do_rcconf }}"
29
30- name: "Digitalocean: Remove default user"
31 when: fp_do_default_user_remove | bool
32 tags: fp_do_defaul_user_remove
33 ansible.builtin.user:
34 name: "{{ fp_do_default_user }}"
35 state: absent
36 remove: "{{ fp_do_default_user_remove_home }}"
37
38 # DO overwrites hostname from rc.conf
39- name: "Hostname: Configure hostname in /etc/rc.digitalocean.d/droplet.conf"
40 when: ansible_facts.distribution_major_version | int < 11
41 tags: fp_do_hostname_rcconf
42 ansible.builtin.lineinfile:
43 dest: /etc/rc.digitalocean.d/droplet.conf
44 regexp: ^\s*{{ item.key }}\s*=(.*)$
45 line: '{{ item.key }}="{{ item.value }}"'
46 backup: "{{ fp_backup }}"
47 loop: "{{ fp_do_legacy_rcconf }}"
48
49# EOF
sync-default.yml
Synopsis: Configure sync-default
Description of the task.
1---
2- name: "Copy:sync-default: Debug default directory exists fp_copy_debug={{ fp_copy_debug }}"
3 when: fp_copy_debug | bool
4 vars:
5 mypath: "{{ fp_copy_dir }}/{{ fp_copy_dir_default }}"
6 mystat: "{{ mypath is exists }}"
7 ansible.builtin.debug:
8 msg: "Directory {{ mypath }} exists: {{ mystat }}"
9
10- name: "Copy:sync-default: Synchronize default files {{ fp_copy_dir ~ '/' ~ fp_copy_dir_default }}"
11 when: mypath is exists
12 register: result
13 vars:
14 mypath: "{{ fp_copy_dir }}/{{ fp_copy_dir_default }}/{{ item.src }}"
15 ansible.posix.synchronize:
16 src: "{{ mypath_src }}"
17 dest: "{{ item.dest }}"
18 archive: "{{ item.archive | d(fp_synchronize_archive) }}"
19 checksum: "{{ item.checksum | d(fp_synchronize_checksum) }}"
20 compress: "{{ item.compress | d(fp_synchronize_compress) }}"
21 copy_links: "{{ item.copy_links | d(fp_synchronize_copy_links) }}"
22 delete: "{{ item.delete | d(fp_synchronize_delete) }}"
23 dirs: "{{ item.dirs | d(fp_synchronize_dirs) }}"
24 existing_only: "{{ item.existing_only | d(fp_synchronize_existing_only) }}"
25 mode: "{{ item.mode | d(fp_synchronize_mode) }}"
26 group: "{{ item.group | d(omit) }}"
27 owner: "{{ item.owner | d(omit) }}"
28 perms: "{{ item.synchronize_perms | d(omit) }}"
29 times: "{{ item.synchronize_times | d(omit) }}"
30 recursive: "{{ item.recursive | d(omit) }}"
31 verify_host: "{{ item.verify_host | d(fp_synchronize_verify_host) }}"
32 loop: "{{ fp_synchronize_default }}"
33 loop_control:
34 label: "{{ item.dest }}"
35
36- name: "Copy:sync-optional: Debug synchronize default files result fp_copy_debug={{ fp_copy_debug }}"
37 when: fp_copy_debug | bool
38 ansible.builtin.debug:
39 var: result
40
41# EOF
sync-optional.yml
Synopsis: Configure sync-optional
Description of the task.
[tasks/copy/sync-optional.yml]
1---
2- name: "Copy:sync-optional: Debug optional directory exists fp_copy_debug={{ fp_copy_debug }}"
3 when: fp_copy_debug | bool
4 vars:
5 mypath: "{{ fp_copy_dir }}/{{ fp_copy_dir_optional }}"
6 mystat: "{{ mypath is exists }}"
7 ansible.builtin.debug:
8 msg: "Directory {{ mypath }} exists: {{ mystat }}"
9
10- name: "Copy:sync-optional: Synchronize optional files {{ fp_copy_dir ~ '/' ~ fp_copy_dir_optional }}"
11 when: mypath is exists
12 register: result
13 vars:
14 mypath: "{{ fp_copy_dir }}/{{ fp_copy_dir_optional }}/{{ item.src }}"
15 ansible.posix.synchronize:
16 src: "{{ mypath }}"
17 dest: "{{ item.dest }}"
18 archive: "{{ item.archive | d(fp_synchronize_archive) }}"
19 checksum: "{{ item.checksum | d(fp_synchronize_checksum) }}"
20 compress: "{{ item.compress | d(fp_synchronize_compress) }}"
21 copy_links: "{{ item.copy_links | d(fp_synchronize_copy_links) }}"
22 delete: "{{ item.delete | d(fp_synchronize_delete) }}"
23 dirs: "{{ item.dirs | d(fp_synchronize_dirs) }}"
24 existing_only: "{{ item.existing_only | d(fp_synchronize_existing_only) }}"
25 mode: "{{ item.mode | d(fp_synchronize_mode) }}"
26 group: "{{ item.group | d(omit) }}"
27 owner: "{{ item.owner | d(omit) }}"
28 perms: "{{ item.synchronize_perms | d(omit) }}"
29 times: "{{ item.synchronize_times | d(omit) }}"
30 recursive: "{{ item.recursive | d(omit) }}"
31 verify_host: "{{ item.verify_host | d(fp_synchronize_verify_host) }}"
32 loop: "{{ fp_synchronize_optional }}"
33 loop_control:
34 label: "{{ item.dest }}"
35
36- name: "Copy:sync-optional: Debug synchronize optional files result fp_copy_debug={{ fp_copy_debug }}"
37 when: fp_copy_debug | bool
38 ansible.builtin.debug:
39 var: result
40
41# EOF
unarch-default.yml
Synopsis: Configure unarch-default
Description of the task.
[tasks/copy/unarch-default.yml]
1---
2- name: "Copy:unarch-default: Debug default archive exists fp_copy_debug={{ fp_copy_debug }}"
3 when: fp_copy_debug | bool
4 vars:
5 mypath: "{{ fp_copy_dir }}/{{ fp_copy_arch_default }}"
6 mystat: "{{ mypath is exists }}"
7 ansible.builtin.debug:
8 msg: "Archive {{ mypath }} exists: {{ mystat }}"
9
10- name: "Copy:unarch-default: Extract default archive {{ fp_copy_dir ~ '/' ~ fp_copy_arch_default }}"
11 when: mypath is exists
12 vars:
13 mypath: "{{ fp_copy_dir }}/{{ fp_copy_arch_default }}"
14 environment: "{{ fp_environment.crypto | d(fp_environment.default) }}"
15 ansible.builtin.unarchive:
16 src: "{{ fp_copy_dir }}/{{ fp_copy_arch_default }}"
17 dest: /
18 keep_newer: "{{ fp_unarchive_keep_newer }}"
19
20# EOF
unarch-optional.yml
Synopsis: Configure unarch-optional
Description of the task.
[tasks/copy/unarch-optional.yml]
1---
2- name: "Copy:unarch-optional: Debug optional archive exists fp_copy_debug={{ fp_copy_debug }}"
3 when: fp_copy_debug | bool
4 vars:
5 mypath: "{{ fp_copy_dir }}/{{ fp_copy_arch_optional }}"
6 mystat: "{{ mypath is exists }}"
7 ansible.builtin.debug:
8 msg: "Archive {{ mypath }} exists: {{ mystat }}"
9
10- name: "Copy:unarch-optional: Extract optional archive {{ fp_copy_dir ~ '/' ~ fp_copy_arch_optional }}"
11 when: mypath is exists
12 vars:
13 mypath: "{{ fp_copy_dir }}/{{ fp_copy_arch_optional }}"
14 environment: "{{ fp_environment.crypto | d(fp_environment.default) }}"
15 ansible.builtin.unarchive:
16 src: "{{ fp_copy_dir }}/{{ fp_copy_arch_optional }}"
17 dest: /
18 keep_newer: "{{ fp_unarchive_keep_newer }}"
19
20# EOF
cron-rename-entry.yml
Synopsis: Configure cron-rename-entry
Description of the task.
[tasks/fn/cron-rename-entry.yml]
1---
2- name: "Cron-rename-entry: Stat {{ fp_cron_dir ~ '/' ~ item.user }}"
3 register: result
4 ansible.builtin.stat:
5 path: "{{ fp_cron_dir }}/{{ item.user }}"
6
7- name: "Cron-rename-entry: Rename present crontab entry"
8 when: result.stat.exists
9 ansible.builtin.replace:
10 path: "{{ fp_cron_dir }}/{{ item.user }}"
11 regexp: ^\s*#\s*{{ item.name }}$
12 replace: "#Ansible: {{ item.name }}"
13 backup: "{{ fp_backup }}"
14
15# EOF
mdconfig-attach-disk.yml
Synopsis: Configure mdconfig-attach-disk
Description of the task.
[tasks/fn/mdconfig-attach-disk.yml]
1---
2- name: "Mdconfig-attach-disk: Attach memory disk"
3 vars:
4 al_mdconfig_file: "{{ item[_fp_mount_task] }}" # noqa: var-naming[no-role-prefix]
5 ansible.builtin.include_role:
6 name: "{{ fp_ansible_lib[ansible_role_name] }}"
7 tasks_from: al_mdconfig.yml
8
9# EOF
mdconfig-detach-disk.yml
Synopsis: Configure mdconfig-detach-disk
Description of the task.
[tasks/fn/mdconfig-detach-disk.yml]
1---
2- name: "Mdconfig-detach-disk: Detach memory disk"
3 vars:
4 al_mdconfig_file: "{{ item[_fp_mount_task] }}" # noqa: var-naming[no-role-prefix]
5 al_mdconfig_state: absent
6 ansible.builtin.include_role:
7 name: "{{ fp_ansible_lib[ansible_role_name] }}"
8 tasks_from: al_mdconfig.yml
9
10# EOF
rcconf-item.yml
Synopsis: Configure rcconf-item
Description of the task.
1---
2- name: "{{ oi.label }}"
3 community.general.sysrc:
4 path: "{{ oi.dest | d('/etc/rc.conf') }}"
5 name: "{{ item.key }}"
6 value: "{{ item.value | d(omit) }}"
7 state: "{{ item.state | d(omit) }}"
8 delim: "{{ item.delim | d(omit) }}"
9 loop: "{{ oi.conf }}"
10 notify: "{{ oi.notify }}"
11
12# EOF
rcconf.yml
Synopsis: Configure a service in rc.conf
- 4-24:
Declare local variables for given
_service- 27:
Display local variables if
fp_rcconf_debug=true.- 52:
Configure
_servicein rc.conf- 67:
Configure
rcvarfor the_servicein rc.conf- 80:
Optionally, start/stop
_serviceimmediately.
See How tasks/fn/rcconf.yml works
Example of _service=sshd
1shell> ansible-playbook pb.yml -t fp_sshd -e fp_sshd_debug=true -e fp_rcconf_debug=true
2...
3TASK [vbotka.freebsd_postinstall : Rcconf: Debug fp_rcconf_debug=true] *****************
4ok: [test.example.org] =>
5msg: |-
6 fp_rcconfd: False
7 fp_rcconf_sanity_rcvar: True
8 _service: sshd
9 _rcconfd_path: /etc/rc.conf.d/sshd
10 _path: /etc/rc.conf
11 _var: fp_sshd_enable
12 _val: True
13 _name: sshd_enable
14 _value: YES
15 _command: start
16 _handlers: ['start sshd']
17 _handlers_reload: ['reload sshd']
18 _rcconf_var: fp_sshd_rcconf
19 _rcconf_val: []
20 _notify_var: fp_sshd_notify
21 _notify_val: True
22 _service_task_var: fp_sshd_service_task
23 _service_task_val: False
24...
1---
2- name: Configure rc.conf
3 vars:
4 _rcconfd_path: "{{ fp_rcconfd_path[_service] }}"
5 _path: "{{ fp_rcconfd | bool | ternary(_rcconfd_path, '/etc/rc.conf') }}"
6 # default = fp_{{ _service }}_enable
7 _var: "{{ fp_rcconf_var[_service] | d(fp_rcconf_var.default) }}"
8 _val: "{{ lookup('ansible.builtin.vars', _var) | bool }}"
9 # default = {{ _service }}_enable
10 _name: "{{ fp_rcconf_rcvar[_service] | d(fp_rcconf_rcvar.default) }}"
11 _value: "{{ _val | ternary('YES', 'NO') }}"
12 _command: "{{ _val | ternary('start', 'stop') }}"
13 # default:
14 # "YES": ["start {{ _service }}"]
15 # "NO": ["stop {{ _service }}"]
16 # "RELOAD": ["reload {{ _service }}"]
17 _handlers: "{{ fp_handlers[_service][_value] | d(fp_handlers.default[_value]) }}"
18 _handlers_reload: "{{ fp_handlers[_service]['RELOAD'] | d(fp_handlers.default.RELOAD) }}"
19 _rcconf_var: "{{ fp_rcconf_rcconf[_service] | d(fp_rcconf_rcconf.default) }}"
20 _rcconf_val: "{{ lookup('ansible.builtin.vars', _rcconf_var, default=[]) }}"
21 _notify_var: "{{ fp_notify_var[_service] | d(fp_notify_var.default) }}"
22 _notify_val: "{{ lookup('ansible.builtin.vars', _notify_var, default=true) | bool }}"
23 _service_task_var: "{{ fp_service_task_var[_service] | d(fp_service_task_var.default) }}"
24 _service_task_val: "{{ lookup('ansible.builtin.vars', _service_task_var, default=false) | bool }}"
25 block:
26
27 - name: "Rcconf: Debug fp_rcconf_debug={{ fp_rcconf_debug }}"
28 when: fp_rcconf_debug | bool
29 ansible.builtin.debug:
30 msg: |
31 fp_rcconfd: {{ fp_rcconfd }}
32 fp_rcconf_sanity_rcvar: {{ fp_rcconf_sanity_rcvar }}
33 _service: {{ _service }}
34 _rcconfd_path: {{ _rcconfd_path }}
35 _path: {{ _path }}
36 _var: {{ _var }}
37 _val: {{ _val }}
38 _name: {{ _name }}
39 _value: {{ _value }}
40 _command: {{ _command }}
41 _handlers: {{ _handlers }}
42 _handlers_reload: {{ _handlers_reload }}
43 _rcconf_var: {{ _rcconf_var }}
44 _rcconf_val: {{ _rcconf_val }}
45 _notify_var: {{ _notify_var }}
46 _notify_val: {{ _notify_val }}
47 _service_task_var: {{ _service_task_var }}
48 _service_task_val: {{ _service_task_val }}
49
50 # TODO: Find conflicting vars /etc/rc.conf vs. /etc/rc.conf.d/*
51
52 - name: "Rcconf: Configure {{ _service ~ ' in ' ~ _path }}"
53 notify: "{{ _notify_val | ternary(_handlers_reload, omit) }}"
54 register: out
55 community.general.sysrc:
56 path: "{{ _path }}"
57 name: "{{ item.name }}"
58 value: "{{ item.value | d(omit) }}"
59 state: "{{ item.state | d(omit) }}"
60 loop: "{{ _rcconf_val }}"
61
62 - name: "Rcconf: Debug configure service fp_rcconf_debug={{ fp_rcconf_debug }}"
63 when: fp_rcconf_debug | bool
64 ansible.builtin.debug:
65 var: out
66
67 - name: "Rcconf: Configure {{ _name ~ ' in ' ~ _path }}"
68 notify: "{{ _notify_val | ternary(_handlers, omit) }}"
69 register: out
70 community.general.sysrc:
71 path: "{{ _path }}"
72 name: "{{ _name }}"
73 value: "{{ _value }}"
74
75 - name: "Rcconf: Debug configure name fp_rcconf_debug={{ fp_rcconf_debug }}"
76 when: fp_rcconf_debug | bool
77 ansible.builtin.debug:
78 var: out
79
80 - name: "Rcconf: Service {{ _service ~ ' ' ~ _command ~ ' ' ~ _service_task_var ~ '=' ~ _service_task_val }}"
81 when: _service_task_val
82 vbotka.freebsd.service:
83 script: "{{ _service }}"
84 command: "{{ _command }}"
85
86# EOF
See also
defaults/main/rcconf.yml
defaults/main/rcconfd.yml
defaults/main/handlers.yml