wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-04-11 11:47:08 +02:00
Code Issues Projects Releases Wiki Activity
algo/roles/common/tasks/freebsd.yml
Jack Ivanov 347f864abb
Ansible upgrade 6.1 (#14500) 
* linting

* update ansible

* linters
2022-07-30 15:01:24 +03:00

78 lines
2.1 KiB
YAML
Raw Blame History

---
- name: FreeBSD | Install prerequisites
package:
name:
- python3
- sudo
vars:
ansible_python_interpreter: /usr/local/bin/python2.7
- name: Set python3 as the interpreter to use
set_fact:
ansible_python_interpreter: /usr/local/bin/python3
- name: Gather facts
setup:
- name: Gather additional facts
import_tasks: facts.yml
- name: Set OS specific facts
set_fact:
config_prefix: /usr/local/
strongswan_shell: /usr/sbin/nologin
strongswan_home: /var/empty
root_group: wheel
ssh_service_name: sshd
apparmor_enabled: false
strongswan_additional_plugins:
- kernel-pfroute
- kernel-pfkey
tools:
- git
- subversion
- screen
- coreutils
- openssl
- bash
- wget
sysctl:
- item: net.inet.ip.forwarding
value: 1
- item: "{{ 'net.inet6.ip6.forwarding' if ipv6_support else none }}"
value: 1
- name: Install tools
package: name="{{ item }}" state=present
with_items:
- "{{ tools|default([]) }}"
- name: Loopback included into the rc config
blockinfile:
dest: /etc/rc.conf
create: true
block: |
cloned_interfaces="lo100"
ifconfig_lo100="inet {{ local_service_ip }} netmask 255.255.255.255"
ifconfig_lo100_ipv6="inet6 {{ local_service_ipv6 }}/128"
notify:
- restart loopback bsd
- name: Enable the gateway features
lineinfile: dest=/etc/rc.conf regexp='^{{ item.param }}.*' line='{{ item.param }}={{ item.value }}'
with_items:
- { param: firewall_enable, value: '"YES"' }
- { param: firewall_type, value: '"open"' }
- { param: gateway_enable, value: '"YES"' }
- { param: natd_enable, value: '"YES"' }
- { param: natd_interface, value: '"{{ ansible_default_ipv4.device|default() }}"' }
- { param: natd_flags, value: '"-dynamic -m"' }
notify:
- restart ipfw
- name: FreeBSD | Activate IPFW
shell: >
kldstat -n ipfw.ko || kldload ipfw ; sysctl net.inet.ip.fw.enable=0 &&
bash /etc/rc.firewall && sysctl net.inet.ip.fw.enable=1
changed_when: false
- meta: flush_handlers
Reference in a new issue View git blame Copy permalink