evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 19 Releases 33 Wiki Activity

evolinux-base: fstab is more customizable

Browse source
This commit is contained in:
Jérémy Lecour 2017-04-05 17:50:50 +02:00 committed by Jérémy Lecour
parent 6bdbceba7b
commit c30e6b189c
2 changed files with 36 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
evolinux-base/defaults/main.yml
View file

@ -50,7 +50,16 @@ evolinux_apt_repositories_components: "main"
evolinux_fstab_include: True evolinux_fstab_include: True
evolinux_fstab_tmp: True
evolinux_fstab_tmp_options: defaults,noexec,nosuid,nodev
evolinux_fstab_usr: True
evolinux_fstab_usr_options: defaults,ro
evolinux_fstab_var: True
evolinux_fstab_var_options: defaults,nosuid
evolinux_fstab_home: True
evolinux_fstab_home_options: defaults,noexec,nosuid,nodev
evolinux_fstab_var_tmp: True evolinux_fstab_var_tmp: True
evolinux_fstab_var_tmp_options: defaults,noexec,nosuid,nodev,size=1024m
# packages # packages

46
evolinux-base/tasks/fstab.yml
View file

@ -5,52 +5,60 @@
- name: Fetch fstab content - name: Fetch fstab content
command: "grep -v '^#' /etc/fstab" command: "grep -v '^#' /etc/fstab"
check_mode: no check_mode: no
register: fstab_content register: fstab_content
failed_when: False failed_when: False
changed_when: False changed_when: False
- name: /home partition is customized (noexec,nosuid,nodev) - name: /home partition is customized
replace: replace:
dest: /etc/fstab dest: /etc/fstab
regexp: '(\s+/home\s+\w+\s+defaults)(\s+)' regexp: '(\s+/home\s+\w+\s+)([a-z,]+)(\s+)'
replace: '\1,noexec,nosuid,nodev\2' replace: '\1{{ evolinux_fstab_home_options | mandatory }}\3'
backup: yes backup: yes
notify: remount /home notify: remount /home
when: "' /home ' in fstab_content.stdout" when:
- "' /home ' in fstab_content.stdout"
- evolinux_fstab_home
- name: /tmp partition is customized (noexec,nosuid,nodev) - name: /tmp partition is customized
replace: replace:
dest: /etc/fstab dest: /etc/fstab
regexp: '(\s+/tmp\s+\w+\s+defaults)(\s+)' regexp: '(\s+/tmp\s+\w+\s+)([a-z,]+)(\s+)'
replace: '\1,noexec,nosuid,nodev\2' replace: '\1{{ evolinux_fstab_tmp_options | mandatory }}\3'
backup: yes backup: yes
when: "' /tmp ' in fstab_content.stdout" when:
- "' /tmp ' in fstab_content.stdout"
- evolinux_fstab_tmp
- name: /usr partition is customized (ro) - name: /usr partition is customized
replace: replace:
dest: /etc/fstab dest: /etc/fstab
regexp: '(\s+/usr\s+\w+\s+defaults)(\s+)' regexp: '(\s+/usr\s+\w+\s+)([a-z,]+)(\s+)'
replace: '\1,ro\2' replace: '\1{{ evolinux_fstab_usr_options | mandatory }}\3'
backup: yes backup: yes
when: "' /usr ' in fstab_content.stdout" when:
- "' /usr ' in fstab_content.stdout"
- evolinux_fstab_usr
- name: /var partition is customized (nosuid) - name: /var partition is customized
replace: replace:
dest: /etc/fstab dest: /etc/fstab
regexp: '(\s+/var\s+\w+\s+defaults)(\s+)' regexp: '(\s+/var\s+\w+\s+)([a-z,]+)(\s+)'
replace: '\1,nosuid\2' replace: '\1{{ evolinux_fstab_var_options | mandatory }}\3'
backup: yes backup: yes
notify: remount /var notify: remount /var
when: "' /var ' in fstab_content.stdout" when:
- "' /var ' in fstab_content.stdout"
- evolinux_fstab_var
- name: /var/tmp is created - name: /var/tmp is created
mount: mount:
src: tmpfs src: tmpfs
name: /var/tmp name: /var/tmp
fstype: tmpfs fstype: tmpfs
opts: defaults,noexec,nosuid,nodev,size=1024m opts: "{{ evolinux_fstab_var_tmp_options | mandatory }}"
state: mounted state: mounted
when: evolinux_fstab_var_tmp when:
- evolinux_fstab_var_tmp
- meta: flush_handlers - meta: flush_handlers