Jeremy Dubois
5adeaa31e1
Some checks failed
continuous-integration/drone/push Build is failing
PacketFilter need to be customized only once, at the first use. After that, pf.conf will be modified on the server for the needs of the network. It must not be overwriten.
45 lines
1.1 KiB
YAML
45 lines
1.1 KiB
YAML
# yamllint disable rule:line-length
|
|
# Playbook command
|
|
# First use (become_method: su) :
|
|
# ansible-playbook evolixisation.yml --ask-vault-pass -CDki hosts -u root -l HOSTNAME
|
|
# Subsequent use (become_method: sudo) :
|
|
# ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts --skip-tags pf -l HOSTNAME
|
|
|
|
---
|
|
- name: Evolixisation of an OpenBSD system
|
|
hosts: openbsd
|
|
become: true
|
|
become_user: root
|
|
become_method: sudo
|
|
# become_method: su
|
|
|
|
|
|
vars_files:
|
|
- vars/main.yml
|
|
- vars/secrets.yml
|
|
- vars/openbsd-secret.yml
|
|
|
|
roles:
|
|
- etc-git
|
|
- base
|
|
- forwarding
|
|
- pf
|
|
- accounts
|
|
- nagios-nrpe
|
|
- evocheck
|
|
- post-install
|
|
# - openvpn
|
|
# - ospf
|
|
# - bgp
|
|
# - { role: collectd, collectd_server: "127.0.0.1" }
|
|
|
|
post_tasks:
|
|
- include: "tasks/commit_etc_git.yml"
|
|
vars:
|
|
commit_message: "Ansible - Evolixisation"
|
|
- include_role:
|
|
name: evocheck
|
|
tasks_from: exec.yml
|
|
|
|
# environment:
|
|
# PKG_PATH: "http://ftp.openbsd.org/pub/OpenBSD/{{ ansible_distribution_version }}/packages/{{ ansible_architecture }}/"
|