imprived base role module blacklist config

author: Christian Pointner <equinox@spreadspace.org> 2020-04-29 01:33:09 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2020-04-29 01:33:09 +0200
commit: 5f96a0cd117f3def3d55853d85dc867e26817984 (patch)
tree: 9199fcbf054445b584074f2a4f75e5427ada5e60 /roles/base/tasks/Debian.yml
parent: kubeguard: split up role (diff)
1 files changed, 6 insertions, 5 deletions
diff --git a/roles/base/tasks/Debian.yml b/roles/base/tasks/Debian.yml
index 25195ad2..185c3616 100644
--- a/roles/base/tasks/Debian.yml
+++ b/roles/base/tasks/Debian.yml
@@ -81,17 +81,18 @@
     state: directory
 
 - name: disable net/fs/misc kernel modules
-  loop: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}"
-  lineinfile:
+  copy:
+    content: |
+      {% for item in (base_modules_blacklist | map('extract', base_modules_blacklist_) | flatten | sort | list) %}
+      install {{ item }} /bin/true
+      {% endfor %}
     dest: /etc/modprobe.d/disablemod.conf
-    line: "install {{ item }} /bin/true"
-    create: yes
     owner: root
     group: root
     mode: 0644
 
 - name: Change various sysctl-settings, look at the sysctl-vars file for documentation
-  loop: "{{ sysctl_config | combine(sysctl_config_user) | dict2items }}"
+  loop: "{{ base_sysctl_config | combine(base_sysctl_config_user) | dict2items }}"
   loop_control:
     label: "{{ item.key }} = {{ item.value }}"
   sysctl:
author	Christian Pointner <equinox@spreadspace.org>	2020-04-29 01:33:09 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2020-04-29 01:33:09 +0200
commit	5f96a0cd117f3def3d55853d85dc867e26817984 (patch)
tree	9199fcbf054445b584074f2a4f75e5427ada5e60 /roles/base/tasks/Debian.yml
parent	kubeguard: split up role (diff)