JoergFiedler.freebsd-jail-host

Panoramica Versioni Approfondimenti

freebsd-jail-host

Build Status

This role helps set up a FreeBSD system that can host one or more jails. There are additional roles available for creating jails to run web servers, databases, or mail servers. You can mix and match these jails to build a server that can host multiple WordPress sites, a dedicated mail server, or anything else you want to run inside a jail.

Requirements

This role is designed for use with a new FreeBSD installation. You can find a Vagrant Box compatible with VirtualBox and AWS.

How To

This project includes a Vagrantfile. Just type:

vagrant up

to start a clean FreeBSD machine. You can then create jails manually or use one of the other roles provided.

Role Variables

Network

host_net_ext_if

The server's external network interface. Default: '{{ ansible_default_ipv4.interface }}'.

host_net_ext_ip

The server's external IP address. Default: {{ ansible_default_ipv4.address }}'.

host_net_int_if

The internal interface for the jail's IP addresses. Default: lo0.

host_net_int_ip

The server's internal IP address, also added to the internal interface. Default: 10.1.0.1.

host_net_int_net

Netmask for the jail's internal network. This is used for allowing UDP traffic through the firewall to reach syslogd. Default: '10.1.0.1/24'.

host_net_priv_if

Set this to configure a private network interface for your host. The interface is set up via DHCP; ensure host_net_priv_ip is set to the value returned from DHCP. Default: ''.

host_net_priv_ip

Set the IP address for the private network interface. Even if it configures via DHCP, add the IP here that DHCP returns. Default: ''.

Disk/ZFS/iocage

host_home_zpool_name

The ZPool used for /home. Default: 'tank'.

host_ioc_release_version

The FreeBSD version used by iocage, defaults to the host's version. Default: {{ ansible_distribution_version }}-RELEASE.

host_ioc_zpool_name

The ZFS pool name for iocage. Default: tank.

host_ioc_zpool_devices

If you're creating the ZFS pool for iocage, specify a space-separated list of devices to use. You must provide this if the pool does not exist. Default: None.

host_srv_zpool_name

The ZFS pool name for the /srv folder. Default: tank.

host_srv_zpool_devices

If you're creating the ZFS pool for the /srv folder, specify a space-separated list of devices. You must provide this if the pool does not exist. Default: None.

SSH

host_sshd_authorized_keys_file

This file contains the public keys for sshd user authentication. Defaults to the insecure public key for vagrant: 'vagrant_pub_key'.

host_sshd_port

The port that sshd listens on. Default: 22.

host_sshd_user

The username allowed to ssh into this server. Default: vagrant.

SSMTP

This feature is active only if use_ssmtp is set.

ssmtp_auth_pass

The password for SMTP AUTH. If blank, no authentication occurs. Default: ''.

ssmtp_auth_user

The username for authenticating against the SMTP server. If blank, no SMTP AUTH occurs. Default: ''.

ssmtp_mailhub

System mails are forwarded to this mail host. See the ssmtp man page for more details.

Default: 'mail.maildrop.cc'.

ssmtp_rewrite_domain

This variable rewrites the domain part of mails sent by ssmtp. Refer to the ssmtp man page for more information.

Default: 'maildrop.cc'.

ssmtp_root

System mails are forwarded to this account. See the ssmtp man page for more details.

Default: 'freebsd-jail-host'.

ssmtp_use_starttls

Use STARTTLS before initiating SSL. Default: 'no'.

ssmtp_use_tls

Use TLS for communication with the SMTP server. Default: 'no'.

Tarsnap

tarsnap_enabled

Set this to yes to enable tarsnap for backups. Default: no.

tarsnap_keyfile

The keyfile needed for backups using tarsnap. Refer to tarsnap documentation for more information on how to create one. Default: ''.

Package Repository

host_build_server_enabled

Creates an extra repository in /usr/local/etc/pkg/repos/ using the URL and public key specified in the following two variables. Default: no.

host_build_server_pubkey

The public key for the additional repository used to verify downloaded packages. Default: None.

host_build_server_url

The URL for the additional repository. Default: None.

Misc

host_use_syslogd_server

Set to true to forward log messages from local syslog to a syslog server inside a jail. Use host_syslogd_server to specify the IP address. Default: false.

host_syslogd_server

IP address of the syslog server to send messages to, which should be running in one of the hosted jails. Default: ``

host_timezone

The timezone where the server is located. Default: 'Europe/Berlin'.

Dependencies

None.

Example Playbook

Here’s an example of a playbook using this role to set up an EC2 instance.

- hosts: all
  become: true

roles:
  - role: 'JoergFiedler.freebsd-jail-host'

Author Information

If you like this or have suggestions for improvements, please open an issue on GitHub. Thank you!

Informazioni sul progetto

FreeBSD Jail host.

role cloud ec2 freebsd iocage jail system web
Installa
ansible-galaxy install JoergFiedler.freebsd-jail-host
GitHub repository
10 stelle
6 fork
3 problemi aperti
Licenza
bsd-2-clause
Download
178
Proprietario