Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 01:04:13 +00:00
Code Issues Projects Releases Packages Wiki Activity
ansible-collection-hardening/molecule/os_hardening_vm/converge.yml
Martin Schurz e73f36d20b Add special vars for Fedora 40 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2024-07-29 22:04:51 +02:00

44 lines
1.5 KiB
YAML
Raw Permalink Blame History

---
- name: Wrapper playbook for kitchen testing "ansible-os-hardening" with custom vars for testing
hosts: all
become: true
environment:
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
tasks:
- name: Override for arch
ansible.builtin.set_fact:
os_mnt_boot_enabled: false
os_mnt_tmp_enabled: true
os_mnt_tmp_src: tmpfs
os_mnt_tmp_filesystem: tmpfs
when: ansible_facts.os_family == 'Archlinux'
- name: Overrides for Fedora image
ansible.builtin.set_fact:
os_mnt_tmp_enabled: true
os_mnt_tmp_src: tmpfs
os_mnt_tmp_filesystem: tmpfs
when: ansible_facts.distribution == 'Fedora'
- name: Overrides for Fedora 40 image
ansible.builtin.set_fact:
os_mnt_var_enabled: true
os_mnt_var_src: UUID=282c6d73-afc2-4113-9856-c7679ad51920
os_mnt_var_filesystem: btrfs
os_mnt_var_options: rw,nosuid,nodev,compress=zstd:1,subvol=var
when:
- ansible_facts.distribution == 'Fedora'
- ansible_distribution_major_version|int == 40
- name: Include os_hardening role
ansible.builtin.include_role:
name: devsec.hardening.os_hardening
vars:
os_auth_pam_passwdqc_enable: false
os_auth_lockout_time: 15
os_yum_repo_file_whitelist: [foo.repo]
os_mnt_boot_enabled: true
os_mnt_home_enabled: true
os_mnt_boot_src: /dev/vda1
Reference in a new issue View git blame Copy permalink