diff options
author | Christian Pointner <equinox@spreadspace.org> | 2020-04-29 01:33:09 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2020-04-29 01:33:09 +0200 |
commit | 5f96a0cd117f3def3d55853d85dc867e26817984 (patch) | |
tree | 9199fcbf054445b584074f2a4f75e5427ada5e60 /roles/base/tasks | |
parent | kubeguard: split up role (diff) |
imprived base role module blacklist config
Diffstat (limited to 'roles/base/tasks')
-rw-r--r-- | roles/base/tasks/Debian.yml | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/roles/base/tasks/Debian.yml b/roles/base/tasks/Debian.yml index 25195ad2..185c3616 100644 --- a/roles/base/tasks/Debian.yml +++ b/roles/base/tasks/Debian.yml @@ -81,17 +81,18 @@ state: directory - name: disable net/fs/misc kernel modules - loop: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}" - lineinfile: + copy: + content: | + {% for item in (base_modules_blacklist | map('extract', base_modules_blacklist_) | flatten | sort | list) %} + install {{ item }} /bin/true + {% endfor %} dest: /etc/modprobe.d/disablemod.conf - line: "install {{ item }} /bin/true" - create: yes owner: root group: root mode: 0644 - name: Change various sysctl-settings, look at the sysctl-vars file for documentation - loop: "{{ sysctl_config | combine(sysctl_config_user) | dict2items }}" + loop: "{{ base_sysctl_config | combine(base_sysctl_config_user) | dict2items }}" loop_control: label: "{{ item.key }} = {{ item.value }}" sysctl: |