diff --git a/CHANGELOG b/CHANGELOG index 7d0557f..a70c975 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -47,6 +47,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * nagios-nrpe: multiples IP can now be checked with check_ipsecctl_critiques.sh * base: use a variable for /etc/installurl content * base: use "servers" option instead of "server" option for ntpd.conf +* base: fstab options can be activated or not ### Fixed diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml index e8a79a2..fc0adc3 100644 --- a/roles/base/defaults/main.yml +++ b/roles/base/defaults/main.yml @@ -9,4 +9,8 @@ evobsd_system_timeout: 36000 evobsd_path: "$HOME/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" cron_root_path: "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" +evobsd_fstab_softdep: true +evobsd_fstab_noatime: true +evobsd_fstab_noaxec: true + install_url: "https://cdn.openbsd.org/pub/OpenBSD" diff --git a/roles/base/tasks/fstab_entry.yml b/roles/base/tasks/fstab_entry.yml index b916d69..a3b7a63 100644 --- a/roles/base/tasks/fstab_entry.yml +++ b/roles/base/tasks/fstab_entry.yml @@ -5,6 +5,7 @@ regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(.*)' replace: '\1,softdep\2' when: + - evobsd_fstab_softdep | bool - fstab_content.stdout | regex_search('\s' + fstab_path + '\s') - not (fstab_content.stdout | regex_search('\s+' + fstab_path + '\s+ffs\s+rw,softdep')) tags: @@ -17,6 +18,7 @@ replace: '\1\2,noatime\3' notify: remount {{ fstab_path }} noatime when: + - evobsd_fstab_noatime | bool - fstab_content.stdout | regex_search('\s' + fstab_path + '\s') - not (fstab_content.stdout | regex_search('\s+' + fstab_path + '\s+ffs\s+rw\S*noatime')) tags: @@ -29,6 +31,7 @@ replace: '\1,noexec\3' notify: remount {{ fstab_path }} noexec when: + - evobsd_fstab_noaxec | bool - fstab_path == "/tmp" - fstab_content.stdout | regex_search('\s' + fstab_path + '\s') - not (fstab_content.stdout | regex_search('\s+' + fstab_path + '\s+ffs\s+rw,(softdep,)*noexec'))