evolinux-base: fstab is more customizable
This commit is contained in:
parent
6bdbceba7b
commit
c30e6b189c
|
@ -50,7 +50,16 @@ evolinux_apt_repositories_components: "main"
|
||||||
|
|
||||||
evolinux_fstab_include: True
|
evolinux_fstab_include: True
|
||||||
|
|
||||||
|
evolinux_fstab_tmp: True
|
||||||
|
evolinux_fstab_tmp_options: defaults,noexec,nosuid,nodev
|
||||||
|
evolinux_fstab_usr: True
|
||||||
|
evolinux_fstab_usr_options: defaults,ro
|
||||||
|
evolinux_fstab_var: True
|
||||||
|
evolinux_fstab_var_options: defaults,nosuid
|
||||||
|
evolinux_fstab_home: True
|
||||||
|
evolinux_fstab_home_options: defaults,noexec,nosuid,nodev
|
||||||
evolinux_fstab_var_tmp: True
|
evolinux_fstab_var_tmp: True
|
||||||
|
evolinux_fstab_var_tmp_options: defaults,noexec,nosuid,nodev,size=1024m
|
||||||
|
|
||||||
# packages
|
# packages
|
||||||
|
|
||||||
|
|
|
@ -5,52 +5,60 @@
|
||||||
- name: Fetch fstab content
|
- name: Fetch fstab content
|
||||||
command: "grep -v '^#' /etc/fstab"
|
command: "grep -v '^#' /etc/fstab"
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
||||||
register: fstab_content
|
register: fstab_content
|
||||||
failed_when: False
|
failed_when: False
|
||||||
changed_when: False
|
changed_when: False
|
||||||
|
|
||||||
- name: /home partition is customized (noexec,nosuid,nodev)
|
- name: /home partition is customized
|
||||||
replace:
|
replace:
|
||||||
dest: /etc/fstab
|
dest: /etc/fstab
|
||||||
regexp: '(\s+/home\s+\w+\s+defaults)(\s+)'
|
regexp: '(\s+/home\s+\w+\s+)([a-z,]+)(\s+)'
|
||||||
replace: '\1,noexec,nosuid,nodev\2'
|
replace: '\1{{ evolinux_fstab_home_options | mandatory }}\3'
|
||||||
backup: yes
|
backup: yes
|
||||||
notify: remount /home
|
notify: remount /home
|
||||||
when: "' /home ' in fstab_content.stdout"
|
when:
|
||||||
|
- "' /home ' in fstab_content.stdout"
|
||||||
|
- evolinux_fstab_home
|
||||||
|
|
||||||
- name: /tmp partition is customized (noexec,nosuid,nodev)
|
- name: /tmp partition is customized
|
||||||
replace:
|
replace:
|
||||||
dest: /etc/fstab
|
dest: /etc/fstab
|
||||||
regexp: '(\s+/tmp\s+\w+\s+defaults)(\s+)'
|
regexp: '(\s+/tmp\s+\w+\s+)([a-z,]+)(\s+)'
|
||||||
replace: '\1,noexec,nosuid,nodev\2'
|
replace: '\1{{ evolinux_fstab_tmp_options | mandatory }}\3'
|
||||||
backup: yes
|
backup: yes
|
||||||
when: "' /tmp ' in fstab_content.stdout"
|
when:
|
||||||
|
- "' /tmp ' in fstab_content.stdout"
|
||||||
|
- evolinux_fstab_tmp
|
||||||
|
|
||||||
- name: /usr partition is customized (ro)
|
- name: /usr partition is customized
|
||||||
replace:
|
replace:
|
||||||
dest: /etc/fstab
|
dest: /etc/fstab
|
||||||
regexp: '(\s+/usr\s+\w+\s+defaults)(\s+)'
|
regexp: '(\s+/usr\s+\w+\s+)([a-z,]+)(\s+)'
|
||||||
replace: '\1,ro\2'
|
replace: '\1{{ evolinux_fstab_usr_options | mandatory }}\3'
|
||||||
backup: yes
|
backup: yes
|
||||||
when: "' /usr ' in fstab_content.stdout"
|
when:
|
||||||
|
- "' /usr ' in fstab_content.stdout"
|
||||||
|
- evolinux_fstab_usr
|
||||||
|
|
||||||
- name: /var partition is customized (nosuid)
|
- name: /var partition is customized
|
||||||
replace:
|
replace:
|
||||||
dest: /etc/fstab
|
dest: /etc/fstab
|
||||||
regexp: '(\s+/var\s+\w+\s+defaults)(\s+)'
|
regexp: '(\s+/var\s+\w+\s+)([a-z,]+)(\s+)'
|
||||||
replace: '\1,nosuid\2'
|
replace: '\1{{ evolinux_fstab_var_options | mandatory }}\3'
|
||||||
backup: yes
|
backup: yes
|
||||||
notify: remount /var
|
notify: remount /var
|
||||||
when: "' /var ' in fstab_content.stdout"
|
when:
|
||||||
|
- "' /var ' in fstab_content.stdout"
|
||||||
|
- evolinux_fstab_var
|
||||||
|
|
||||||
- name: /var/tmp is created
|
- name: /var/tmp is created
|
||||||
mount:
|
mount:
|
||||||
src: tmpfs
|
src: tmpfs
|
||||||
name: /var/tmp
|
name: /var/tmp
|
||||||
fstype: tmpfs
|
fstype: tmpfs
|
||||||
opts: defaults,noexec,nosuid,nodev,size=1024m
|
opts: "{{ evolinux_fstab_var_tmp_options | mandatory }}"
|
||||||
state: mounted
|
state: mounted
|
||||||
when: evolinux_fstab_var_tmp
|
when:
|
||||||
|
- evolinux_fstab_var_tmp
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
Loading…
Reference in a new issue