freebsd-jail-host

This role is used to create a FreeBSD system which in turn may be used to host one or more jails. There are roles for jails which may be used in combination with this one to create a jailed www, db, or mail server. You may combine those jails as you wish to create a server that may host a bunch of WordPress installations,a single mail server, both, or anything else you want to run inside a jail.

Requirements

This role is intent to be used with a fresh FreeBSD installation. There is a Vagrant Box with providers for VirtualBox and AWS.

HowTo

This project contains a Vagrantfile. Type

vagrant up

and you will enjoy a clean FreeBSD machine up and running. You may now create jails manually or use one of the other roles I created.

Role Variables

Network

host_net_ext_if

The servers external interface. Default: '{{ ansible_default_ipv4.interface }}'.

host_net_ext_ip

The servers external ip address: Default: {{ ansible_default_ipv4.address }}'.

host_net_int_if

The internal interface to which the jail's ip addresses will be added. Default: lo0.

host_net_int_ip

The servers internal ip address. This address is added to the internal interface as well. Default: 10.1.0.1.

host_net_int_net

The netmask for the jail's internal network. Used allow UDP pass pf in order to reach syslogd. Default: '10.1.0.1/24'.

host_net_priv_if

Set this var to configure a private network interface for your host. The interface itself is configured via DHCP, but please make sure the variable host_net_priv_ip is set to the values that is return from DHCP request. Default: ''.

host_net_priv_ip

Set the ip to be used on private network interface. Even the interface configures itself via DHCP, still add the ip here that is returned from DHCP request. Default: ''.

Disk/ZFS/iocage

host_home_zpool_name

ZPool that should be used for /home. Default: 'tank'.

host_ioc_release_version

The FreeBSD version fetched/used by iocage, defaults to host release version. Default: {{ ansible_distribution_version }}-RELEASE.

host_ioc_zpool_name

The name of the ZFS pool that should be used by iocage. Default: tank.

host_ioc_zpool_devices

If the ZFS pool used for iocage (jails home) is to be created, this specifies a space separated list of devices to use for the pool. There is no valid default. You have to specify, if the ZFS pool does not exist already. Default: None.

host_srv_zpool_name

The name of the ZFS pool that should be used by /srv folder. Default: tank.

host_srv_zpool_devices

If the ZFS pool used for /srv folder is to be created, this specifies a space separated list of devices to use for the pool. There is no valid default. You have to specify, if the ZFS pool does not exist already. Default: None.

SSH

host_sshd_authorized_keys_file

The file that contains the public keys used to authenticate the sshd user. Defaults to vagrant insecure public key: 'vagrant_pub_key'

host_sshd_port

The port sshd listens on. Default: 22.

host_sshd_user

The user name allowed to access this server via ssh. Default: vagrant.

SSMTP

This feature is only active, if the variable use_ssmtp is set.

ssmtp_auth_pass

The password which is used to perform SMTP AUTH. No authentication if blank. Default: ''.

ssmtp_auth_user

The user name which is used to authenticate against the SMTP server. No SMTP AUTH if blank. Default: ''.

ssmtp_mailhub

System mails are forwarded to this mail host. See ssmtp man page for further information.

Default: 'mail.maildrop.cc'.

ssmtp_rewrite_domain

The domain part of mails sent by ssmtp is rewritten using this variable. See ssmtp man page for further information.

Default: 'maildrop.cc'.

ssmtp_root

System mails are forwarded to this account. See ssmtp man page for further information.

Default: 'freebsd-jail-host'.

ssmtp_use_starttls

Use STARTTLS before starting SSL negotiation. Default: 'no'.

ssmtp_use_tls

Uses TLS when talking to SMTP server. Default: 'no'.

Tarsnap

tarsnap_enabled

Set this to yes to use tarsnap for backup. Default: no.

tarsnap_keyfile

The keyfile to use to backup using tarsnap. See tarsnap documentation how to create one. Default: ''.

Package Repository

host_build_server_enabled

Create an additional repository in /usr/local/etc/pkg/repos/ using the URL and public key provided by the following two variables. Default: no.

host_build_server_pubkey

The additional repositories public key used to verify downloaded packages. Default: None.

host_build_server_url

The additional repositories URL. Default: None.

Misc

host_use_syslogd_server

Set to true to forward log messages written by local syslog to a syslog server within a jail. Use host_syslogd_server variable to specify ip address. Default: false

host_syslogd_server

The ip address of the syslog server to forward messages to. Should be running within one of the hosted jails. Default: ``

host_timezone

The timezone the server is located. Default: 'Europe/Berlin'.

Dependencies

None.

Example Playbook

Playbook example with overridden defaults to use this role to setup a EC2 instance.

- hosts: all
  become: true

roles:
  - role: 'JoergFiedler.freebsd-jail-host'

Author Information

If you like it or do have ideas to improve this project, please open an issue on Github. Thanks.

Name		Name	Last commit message	Last commit date
Latest commit History 106 Commits
defaults		defaults
files		files
handlers		handlers
meta		meta
tasks		tasks
templates		templates
vars		vars
.ansible.cfg		.ansible.cfg
.ec2.yml		.ec2.yml
.gitignore		.gitignore
.playbook.yml		.playbook.yml
.requirements.txt		.requirements.txt
.travis.yml		.travis.yml
.yamllint		.yamllint
LICENSE		LICENSE
README.md		README.md
Vagrantfile		Vagrantfile

License

JoergFiedler/freebsd-jail-host

Folders and files

Latest commit

History

Repository files navigation