├── .gitignore
├── .travis.yml
├── LICENSE
├── README.md
├── Vagrantfile
├── ansible.cfg
├── doc
    ├── big-picture-draw.io.png
    └── big-picture-draw.io.xml
├── ec2.yml
├── group_vars
    └── all.yml
├── hosts
├── metadata.json
├── playbook
    ├── btsync.yml
    ├── fpm-multi-host.yml
    ├── nginx-multi-host.yml
    └── nginx-single-host.yml
├── roles.yml
└── site.yml


/.gitignore:
--------------------------------------------------------------------------------
1 | .vagrant
2 | roles
3 | run.log
4 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
 1 | language: python
 2 | python: '2.7'
 3 | sudo: false
 4 | 
 5 | install:
 6 | - pip install ansible==2.0.1
 7 | - pip install netaddr
 8 | 
 9 | before_script:
10 | - wget https://releases.hashicorp.com/vagrant/1.8.1/vagrant_1.8.1_x86_64.deb
11 | - dpkg -x vagrant_1.8.1_x86_64.deb /tmp/vagrant
12 | - export PATH=${PATH}:/tmp/vagrant/opt/vagrant/bin
13 | - vagrant plugin install vagrant-aws
14 | 
15 | script:
16 | - vagrant box add https://rawgit.com/JoergFiedler/freebsd-box/master/metadata.json --provider aws
17 | - vagrant up --provider aws
18 | - btsync_host=$(vagrant ssh-config btsync |grep HostName |awk '{print $2}')
19 | - http_status=$(curl -u admin:admin https://${btsync_host}:20202/gui/ --insecure -w %{http_code} -o /dev/null -s)
20 | - test $http_status -eq 200
21 | 
22 | after_script:
23 | - vagrant destroy -f
24 | 
25 | env:
26 |   global:
27 |   - secure: dWeukGEntjLZC9KRc4gwRcvQRfL7XBG8Q+WBCEsxdWCbBq2iyzK/Kd1ZvlGA+7ViSg0Q8Hfgy4/56eyYqehD10RL79Q3B9f7sv39KqcEHEFqdev4Aegc1eA3XUpiSRPf8QhtI1e2L1J3PNV7yeDUp5wVonUEAaFaHn0EJnLjEMk=
28 |   - secure: A5PSIhejokIRqzYocw9pVgnfjJ1g0n5zfWjxrh/mZk/Ebbs1MwKeVsgqjWHpHuxhmunZJVMCbEAL3etP4IG7W8BPUyfT0YyG4JaTGpdwV1dK9Vff6Zs1aYOSEQ6NJtSJFCHmK8rsy7WRUjsrtT4uynLQuig0B6x7lOuEQthmT5g=
29 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright 2014, 2015 Joerg Fiedler
 2 | Copyright 2015 Johannes Jost Meixner
 3 | 
 4 | Redistribution and use in source and binary forms, with or without
 5 | modification, are permitted provided that the following conditions are met:
 6 | 
 7 | 1. Redistributions of source code must retain the above copyright notice, this
 8 |    list of conditions and the following disclaimer.
 9 | 
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 |    this list of conditions and the following disclaimer in the documentation
12 |    and/or other materials provided with the distribution.
13 | 
14 | THIS SOFTWARE IS PROVIDED BY [COPYRIGHT HOLDER] AND CONTRIBUTORS "AS IS" AND
15 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 | DISCLAIMED. IN NO EVENT SHALL [COPYRIGHT HOLDER] OR CONTRIBUTORS BE LIABLE FOR
18 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
19 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
20 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
21 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
23 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 | 
25 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | [![Build Status](https://travis-ci.org/JoergFiedler/freebsd-ansible-demo.svg?branch=master)](https://travis-ci.org/JoergFiedler/freebsd-ansible-demo)
  2 | 
  3 | # This project is currently broken … sorry for any inconvenience
  4 | 
  5 | ### Warning
  6 | 
  7 | It seems there are [issues](https://github.com/ansible/ansible/issues/16320) with version 2.1 of Ansible regarding how variables are resolved for roles and their dependend roles. Until those are resolved the only supported version of Ansible for the roles mentioned in this demo is **2.0.1**.
  8 | 
  9 | # FreeBSD iocage Ansible
 10 | 
 11 | How to use Ansible and iocage to set up a FreeBSD jail server.
 12 | 
 13 | ![Big Picture](https://github.com/JoergFiedler/freebsd-ansible-demo/raw/master/doc/big-picture-draw.io.png)
 14 | 
 15 | ## Goals
 16 | 
 17 | - Ansible playbook that creates a FreeBSD server which hosts multiple jails.
 18 | - Travis is used to run/test the playbook.
 19 | - No service on the host is exposed externally.
 20 | - All external connections terminate within a jail.
 21 | - Roles can be reused using Ansible Galaxy.
 22 | - Combine any of those roles to create FreeBSD server, which perfectly suits you.
 23 | 
 24 | ## Requirements
 25 | 
 26 | 1. Vagrant >= 1.8.1
 27 | 1. Ansible == 2.0.1
 28 | 1. VirtualBox
 29 | 1. AWS account, with allows you to create and destroy EC2 instances (if you want to use Vagrant's aws provider)
 30 | 
 31 | ### Ansible Roles
 32 | 
 33 | The following roles are also available.
 34 | 
 35 |  1. [freebsd-build-server - Creates a FreeBSD poudriere build server](https://galaxy.ansible.com/JoergFiedler/freebsd-build-server/)
 36 |  1. [freebsd-jail-host - FreeBSD Jail host](https://galaxy.ansible.com/JoergFiedler/freebsd-jail-host/)
 37 |  1. [freebsd-jailed - Provides a jail](https://galaxy.ansible.com/JoergFiedler/freebsd-jailed/)
 38 |  1. [freebsd-jailed-nginx - Provides a jailed nginx server](https://galaxy.ansible.com/JoergFiedler/freebsd-jailed-nginx/)
 39 |  1. [freebsd-jailed-php-fpm - Creates a php-fpm pool and a ZFS dataset which is used as web root by php-fpm](https://galaxy.ansible.com/JoergFiedler/freebsd-jailed-php-fpm/)
 40 |  1. [freebsd-jailed-sftp - Installs a SFTP server](https://galaxy.ansible.com/JoergFiedler/freebsd-jailed-sftp/)
 41 |  1. [freebsd-jailed-sshd - Provides a jailed sshd server.](https://galaxy.ansible.com/JoergFiedler/freebsd-jailed-sshd/)
 42 |  1. [freebsd-jailed-syslogd - Provides a jailed syslogd](https://galaxy.ansible.com/JoergFiedler/freebsd-jailed-syslogd/)
 43 |  1. [freebsd-jailed-btsync - Provides a jailed btsync instance server](https://galaxy.ansible.com/JoergFiedler/freebsd-jailed-btsync/)
 44 |  1. [freebsd-jailed-joomla - Installs Joomla](https://galaxy.ansible.com/JoergFiedler/freebsd-jailed-joomla/)
 45 |  1. [freebsd-jailed-mariadb - Provides a jailed MariaDB server](https://galaxy.ansible.com/JoergFiedler/freebsd-jailed-mariadb/)
 46 |  1. [freebsd-jailed-wordpress - Provides a jailed Wordpress server.](https://galaxy.ansible.com/JoergFiedler/freebsd-jailed-wordpress/)
 47 | 
 48 | ## Notes
 49 | 
 50 | The box file `metadata.json` provides a box for VirtualBox and AWS. The AMI ids are preconfigured. The only thing you have to do is to choose a region `aws.region`.
 51 | 
 52 | ### FreeBSD AWS Box
 53 | 
 54 | Thanks to [FreeBSD on EC2](http://www.daemonology.net/freebsd-on-ec2/) nowadays it is very easy to use FreeBSD on EC2.
 55 | 
 56 | In order to provision those AMI's with ansible a few things need to be done first. During the initial boot of an instance, the following steps are execute using `cloud-init`:
 57 | 
 58 | * activate pf firewall
 59 | * add a `pass all keep state` rule to pf to keep track of connection states, which in turn allows you to reload the pf service without losing the connection
 60 | * install the following packages:
 61 |    * sudo
 62 |    * bash
 63 |    * python27
 64 | * allow passwordless sudo for user `ec2-user`
 65 | 
 66 | ## Howto
 67 | 
 68 | The following machines are configured (replace MACHINE with one of those names):
 69 | 
 70 | * btsync
 71 | 
 72 | ### Start machines using VirtualBox
 73 | 
 74 |     git clone https://github.com/JoergFiedler/freebsd-ansible-demo.git
 75 |     cd freebsd-ansible-demo
 76 |     for provider in aws virtualbox; do \
 77 |       vagrant box add https://rawgit.com/JoergFiedler/freebsd-box/master/metadata.json  --provider $provider; \
 78 |     done
 79 |     vagrant up MACHINE_NAME
 80 | 
 81 | ### Start machines using EC2
 82 | 
 83 |     AWS_ACCESS_KEY_ID={YOUR_KEY} AWS_SECRET_ACCESS_KEY={YOUR_SECRET_KEY} \
 84 |     vagrant up MACHINE_NAME --provider =aws
 85 | 
 86 | Note: Make sure your default security group allows incoming traffic to the following ports:
 87 | 
 88 | * http
 89 | * https
 90 | * TCP 20202 (btsync)
 91 | * UDP 10202 (btsync)
 92 | 
 93 | ### Login
 94 | 
 95 | Login into the jail host.
 96 | 
 97 |     vagrant ssh
 98 | 
 99 | ## Next Steps
100 | 
101 | 1. Create other jail roles (~~web~~, dns, mail)
102 | 1. ~~Role which uses [Tarsnap](https://www.tarsnap.com/man-tarsnap.1.html) to backup jail's user data.~~
103 | 1. Role which uses datadog for server monitoring.
104 | 1. The AMI's used come from [here](http://www.daemonology.net/freebsd-on-ec2/). I would prefer to use a more stripped down FreeBSD installation. That's why I like to create an AMI that only contains a minimal FreeBSD installation plus the packages required to run Ansible playbooks.
105 | 
106 | ## Useful Links
107 | 
108 | 1. [FreeBSD on EC2](http://www.daemonology.net/freebsd-on-ec2/)
109 | 1. [EC2 Instance IP Addressing](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html)
110 | 1. [EC2 Device Mapping](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html)
111 | 1. [unix domain socket too long](https://github.com/ansible/ansible/issues/11536)
112 | 1. [Encrypted Variables](http://docs.travis-ci.com/user/environment-variables/#Encrypted-Variables)
113 | 1. [Strong SSL Security On nginx](https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html)
114 | 1. [ZFS Performance](http://open-zfs.org/wiki/Performance_tuning#LZ4_compression)
115 | 1. [FreeBSD Network Tuning](https://calomel.org/freebsd_network_tuning.html)
116 | 
117 | ## Powered By
118 | 
119 | 1. [FreeBSD](https://www.freebsd.org)
120 | 1. [iocage](https://github.com/pannon/iocage)
121 | 1. [VirtualBox](https://www.virtualbox.org)
122 | 1. [Ansible](http://www.ansible.com)
123 | 1. [Vagrant](https://www.vagrantup.com)
124 | 


--------------------------------------------------------------------------------
/Vagrantfile:
--------------------------------------------------------------------------------
  1 | # -*- mode: ruby -*-
  2 | # vi: set ft=ruby :
  3 | 
  4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
  5 | VAGRANTFILE_API_VERSION = '2'
  6 | PROXY_COMMAND = '/usr/bin/ssh -p %p ' +
  7 |                 '-i ~/.vagrant.d/insecure_private_key ' +
  8 |                 '-o StrictHostKeyChecking=no ' +
  9 |                 '-o UserKnownHostsFile=/dev/null ' +
 10 |                 '-q ' +
 11 |                 '-W %h:22'
 12 | 
 13 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 14 |   # Every Vagrant virtual environment requires a box to build off of.
 15 |   config.vm.box = 'JoergFiedler/freebsd-box'
 16 |   config.vm.synced_folder '.', '/vagrant', disabled: true
 17 |   config.ssh.insert_key = false
 18 | 
 19 |   config.vm.define 'btsync' do |btsync|
 20 |     btsync.vm.provision 'ansible', type: 'ansible'  do |ansible|
 21 |       ansible.playbook = './playbook/btsync.yml'
 22 |     end
 23 |   end
 24 | 
 25 |   config.vm.define 'nginx-single-host' do |single|
 26 |     single.vm.provision 'ansible', type: 'ansible'  do |ansible|
 27 |       ansible.playbook = './playbook/nginx-single-host.yml'
 28 |     end
 29 |   end
 30 | 
 31 |   config.vm.define 'nginx-multi-host' do |multi|
 32 |     multi.vm.provision 'ansible', type: 'ansible'  do |ansible|
 33 |       ansible.playbook = './playbook/nginx-multi-host.yml'
 34 |     end
 35 |   end
 36 | 
 37 |   config.vm.define 'fpm-multi-host' do |btsync|
 38 |     btsync.vm.provision 'ansible', type: 'ansible'  do |ansible|
 39 |       ansible.playbook = './playbook/fpm-multi-host.yml'
 40 |     end
 41 |   end
 42 | 
 43 |   config.vm.provision 'ansible', type: 'ansible' do |ansible|
 44 |       ansible.galaxy_roles_path = ENV['ANSIBLE_ROLES_PATH'] || './playbook/roles'
 45 | #      ansible.galaxy_role_file = './roles.yml'
 46 |       ansible.galaxy_command = 'ansible-galaxy install --role-file=%{role_file} --roles-path=%{roles_path}'
 47 |       ansible.tags = ENV['ANSIBLE_TAGS']
 48 |       ansible.skip_tags = ENV['ANSIBLE_SKIP_TAGS']
 49 |       ansible.verbose = ENV['ANSIBLE_VERBOSE']
 50 |   end
 51 | 
 52 |   config.vm.provider 'virtualbox' do |vb, config|
 53 |     proxy_command = "#{PROXY_COMMAND} vagrant@%h"
 54 |     config.ssh.proxy_command = proxy_command
 55 | 
 56 |     config.vm.provision 'ansible', type: 'ansible' do |ansible|
 57 |       ansible.raw_ssh_args = ["-o ProxyCommand='#{proxy_command}'"]
 58 |     end
 59 | 
 60 |     config.vm.network 'private_network', type: 'dhcp', auto_config: false
 61 |     config.vm.network 'forwarded_port', guest: 80, host: 2080
 62 |     config.vm.network 'forwarded_port', guest: 443, host: 20443
 63 |     config.vm.network 'forwarded_port', guest: 10200, host: 10200
 64 |     config.vm.network 'forwarded_port', guest: 10201, host: 10201
 65 | 
 66 |     vb.gui = false
 67 |     vb.memory = 4096
 68 |     vb.cpus = 2
 69 |     vb.customize ['modifyvm', :id, '--hwvirtex', 'on']
 70 |     vb.customize ['modifyvm', :id, '--audio', 'none']
 71 |     vb.customize ['modifyvm', :id, '--nictype2', 'virtio']
 72 |   end
 73 | 
 74 |   config.vm.provider 'aws' do |aws, config|
 75 |     proxy_command = "#{PROXY_COMMAND} ec2-user@%h"
 76 |     config.ssh.proxy_command = proxy_command
 77 |     config.ssh.username = 'ec2-user'
 78 | 
 79 |     config.vm.provision 'ansible', type: 'ansible' do |ansible|
 80 |       ansible.extra_vars = './ec2.yml'
 81 |       ansible.raw_ssh_args = ["-o ProxyCommand='#{proxy_command}'"]
 82 |     end
 83 | 
 84 |     aws.access_key_id = ENV['AWS_ACCESS_KEY_ID']
 85 |     aws.secret_access_key = ENV['AWS_SECRET_ACCESS_KEY']
 86 |     aws.ssh_host_attribute = :dns_name
 87 |     aws.keypair_name = 'ec2-user'
 88 |     aws.region = 'eu-west-1'
 89 |     aws.user_data = "#!/bin/sh\necho 'pass all keep state' >> /etc/pf.conf\necho pf_enable=YES >> /etc/rc.conf\necho pflog_enable=YES >> /etc/rc.conf\necho 'firstboot_pkgs_list=\"awscli sudo bash python27\"' >> /etc/rc.conf\necho ifconfig_xn0=\"SYNCDHCP -tso\"\nmkdir -p /usr/local/etc/sudoers.d\necho 'ec2-user ALL=(ALL) NOPASSWD: ALL' >> /usr/local/etc/sudoers.d/ec2-user"
 90 |     aws.block_device_mapping = [
 91 |       { 'DeviceName' => '/dev/sda1',
 92 |         'Ebs.VolumeSize' => 10,
 93 |         'Ebs.VolumeType' => 'gp2',
 94 |         'Ebs.DeleteOnTermination' => true },
 95 |       { 'DeviceName' => '/dev/sdf',
 96 |         'Ebs.VolumeSize' => 10,
 97 |         'Ebs.VolumeType' => 'gp2',
 98 |         'Ebs.DeleteOnTermination' => true }
 99 |     ]
100 |     aws.terminate_on_shutdown = true
101 |   end
102 | 
103 | end
104 | 


--------------------------------------------------------------------------------
/ansible.cfg:
--------------------------------------------------------------------------------
 1 | [defaults]
 2 | command_warnings = True
 3 | hostfile = ./hosts
 4 | log_path = ./run.log
 5 | 
 6 | [ssh_connection]
 7 | control_path = %(directory)s/%%r
 8 | 
 9 | [hetzner]
10 | private_key_file = /Users/john/.ssh/id_rsa.pub
11 | remote_port = 9022
12 | remote_user = root
13 | 


--------------------------------------------------------------------------------
/doc/big-picture-draw.io.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JoergFiedler/freebsd-ansible-demo/0db6a67a744e833361f4b668af0152a16d8559db/doc/big-picture-draw.io.png


--------------------------------------------------------------------------------
/doc/big-picture-draw.io.xml:
--------------------------------------------------------------------------------
1 | <mxfile userAgent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7" type="device"><diagram>7VnbcuI4EP0aHkn5wm0eISQ7tTVbldrs9VFgYStrW15ZJGS/frrtli1fYEjhSWar4AXcklpWn9On22bk3yaHnxTLol9kwOOR5wSHkb8eeZ7rzj34QstraZkvnNIQKhHQpNrwKP7jZDTT9iLgeWOiljLWImsatzJN+VY3bDsZN7fIWGjc14bHLYu71j9FoKPSuvBmtf0zF2FktnFnn8qRDdv+Eyq5T2m/kefvik85nDDjqziVfwcRU1KCG/yVHG55jFEzASmPfn9ktLpJxVO6kdMLCIFnFu/pnCNvFsPS1U6CB8/J9StFYPbvHu+qGBjnBRhLmOC62aEexMiybXPBH1wFLGX2pFlI32/batLcqvRyrzhfPcIq52cm8GyfZQ7uStdw8tJ7c8eNaltaE8d5HgVlbOrb8p650gIosYxFmIJJywzmMrqK+Q6X5hnbijT8DcfWi9rwpRheA8TG8ivRxS1sEctwm+1+A1+r8tRroLq/CoQC+gqJm+Ryj3wpQvNId4ZzIp3EOJ+G7lkiYkwrE3xaQV5xWpcqxB48JTdJWnESspjLhGv1ClPMqEOZSAnsEtuclzpDvE9ki6zs8KdkZJSpYeW7Jiv8IL72c9cnHw3ythDjASQxXUqlIxnKlMV3tXVVZCZHl60w8oPQf1m//8YpN/Pp+RFuYwSBVq/o0rnxJ74xoN9iD7x44EpAILiiJUdBAh4oyjPPJ+1jKuQ0iyKBxz8JpOIx0+K5qXF9oBRLl0oxXGUmZFKkOrc8P6DB4sd80eCHN2moEfwoPfav9qfTfnaZ7csD06oWb6oznkclCqFFJRCADpsgLTDDLZIoDonKNhXEFBGYPV2NpmtEsBaILYCIyK7aOpKIICjIGLMNj1dVwbiVsUQm1CXDMKKTo1WVo5uplL9BnjJljubz2LlxJ5N5M+pU4N7GlA6YY6qG5HVMmxgHcrfLgbsXotgB8WmfZGB5KgpDV/pXpcp3B666f1r3KY8rjiwo9Jbuu0bibd033LpE9kkULJRfXl4qkB248x6g01Ck2Du0RsZZBPy44v9W/E2jbnTdYP0t/GcDlH3So2P4Vw3sWfg/sWdsTK8EuIwAvsnK9yAAaYhdqxONMp9zBUc4pfcZPBrsRA8Rroi/EfGJaf2/hfgQnb7pQb5zp+/cYHNf9/rmqt2UW318McXu4i9FxO7rXUoqu7GnQjtcY38uBj26+2O3yI3gmps/t20+mgfQIS9opWll6fLSBtnoWsvtoB2yYZQF4jJIRHr8vcgJiTQytk/i5VYjChVqXxCkB5kLkrKN1Fom56HXr7wfInrmEcq0uXOCyNI88xJi6CLX8zAzpOQNKVPmzmyZIp59gExN/tdxI536gLh1lWHQEvtOJbMvppS07x9Tv/t2PdIa/pxAXWnLa9nD/oDVtO+tZg9cXXgqSl1cdOG91HxCiT101W15/R5Vt+dflt/hWeVaUP2eh4iBCipc1v+ilZjVf0L6d18B</diagram></mxfile>


--------------------------------------------------------------------------------
/ec2.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # ec2 specific settings
3 | 
4 | host_sshd_user: 'ec2-user'
5 | host_ioc_zpool_devices: 'xbd5' # device settings used when creating the pool
6 | host_srv_zpool_devices: 'xbd5' # device settings used when creating the pool
7 | 


--------------------------------------------------------------------------------
/group_vars/all.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ansible_python_interpreter: '/usr/local/bin/python2.7'
3 | 


--------------------------------------------------------------------------------
/hosts:
--------------------------------------------------------------------------------
 1 | [default]
 2 | ansible_ssh_host=10.0.1.220
 3 | 
 4 | [hetzner]
 5 | 213.133.102.122 ansible_connection=ssh  ansible_ssh_user=root
 6 | 
 7 | [vbox]
 8 | vbox ansible_connection=ssh ansible_ssh_port=2222
 9 | 
10 | 


--------------------------------------------------------------------------------
/metadata.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "JoergFiedler/freebsd-box",
 3 |   "description": "This box contains FreeBSD for VB and AWS providers.",
 4 |   "versions": [{
 5 |     "version": "0.4.1",
 6 |     "providers": [{
 7 |       "name": "virtualbox",
 8 |       "url": "http://vastland.moumantai.de/FreeBSD/vagrant-box/FreeBSD-10.2-vagrant-abe25b9.box",
 9 |       "checksum_type": "sha256",
10 |       "checksum": "abe25b9b2b934053a624632323f7c62c1fe6dce0fd7453fb484cc2aba17f4056"
11 |     },
12 |     {
13 |       "name": "aws",
14 |       "url": "https://rawgit.com/JoergFiedler/freebsd-box/master/freebsd10-aws.box",
15 |       "checksum_type": "sha256",
16 |       "checksum": "5c5ff54810467e621209afe4cff8bfe8905ccd547e92bb43c13fbc9d631296d3"
17 |     }]
18 |   }]
19 | }
20 | 


--------------------------------------------------------------------------------
/playbook/btsync.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - hosts: btsync
 3 |   become: true
 4 | 
 5 |   vars:
 6 |     host_sshd_user: 'vagrant'
 7 |     host_ioc_release_version: '10.2-RELEASE'
 8 |     syslogd_server: 10.1.0.3
 9 |     ssmtp_root: 'freebsd-ansible-demo'
10 |     ssmtp_rewrite_domain: 'maildrop.cc'
11 |     ssmtp_mailhub: 'mail.maildrop.cc'
12 |     ssmtp_auth_user: 'mail.maildrop.cc'
13 |     ssmtp_auth_pass: 'mail.maildrop.cc'
14 |     mariadb_root_passwd: 'password'
15 | 
16 |   roles:
17 |     - { role: JoergFiedler.freebsd-jailed-syslogd,
18 |         tags: ['_syslogd'],
19 |         use_ssmtp: true,
20 |         jail_name: 'syslogd',
21 |         jail_net_ip: '{{ syslogd_server }}' }
22 |     - { role: JoergFiedler.freebsd-jailed-sshd,
23 |         tags: ['_sshd'],
24 |         use_ssmtp: true,
25 |         use_syslogd_server: true,
26 |         jail_name: 'sshd',
27 |         jail_net_ip: '10.1.0.2' }
28 |     - { role: JoergFiedler.freebsd-jailed-btsync,
29 |         tags: ['btsync'],
30 |         use_ssmtp: true,
31 |         use_syslogd_server: true,
32 |         jail_name: 'btsync',
33 |         jail_net_ip: '10.1.0.3' }
34 | 


--------------------------------------------------------------------------------
/playbook/fpm-multi-host.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - hosts: fpm-multi-host
 3 |   become: true
 4 | 
 5 |   vars:
 6 |     host_sshd_user: 'vagrant'
 7 |     host_ioc_release_version: '10.2-RELEASE'
 8 |     syslogd_server: 10.1.0.3
 9 |     ssmtp_root: 'freebsd-ansible-demo'
10 |     ssmtp_rewrite_domain: 'maildrop.cc'
11 |     ssmtp_mailhub: 'mail.maildrop.cc'
12 |     ssmtp_auth_user: 'mail.maildrop.cc'
13 |     ssmtp_auth_pass: 'mail.maildrop.cc'
14 |     mariadb_root_passwd: 'password'
15 | 
16 |   roles:
17 |     - { role: JoergFiedler.freebsd-jailed-syslogd,
18 |         tags: ['_syslogd'],
19 |         use_ssmtp: true,
20 |         jail_name: 'syslogd',
21 |         jail_net_ip: '{{ syslogd_server }}' }
22 |     - { role: JoergFiedler.freebsd-jailed-sshd,
23 |         tags: ['_sshd'],
24 |         use_ssmtp: true,
25 |         use_syslogd_server: true,
26 |         jail_name: 'sshd',
27 |         jail_net_ip: '10.1.0.2' }
28 |     - { role: JoergFiedler.freebsd-jailed-mariadb,
29 |         tags: ['_mariadb'],
30 |         jail_name: 'mariadb',
31 |         jail_net_ip: '10.1.0.4' }
32 |     - { role: JoergFiedler.freebsd-jailed-nginx,
33 |         tags: ['_nginx'],
34 |         jail_name: 'nginx',
35 |         jail_net_ip: '10.1.0.3',
36 |         nginx_servers: [
37 |         { default: true,
38 |           name: 'joomla.localhost',
39 |           aliases: 'default.localhost',
40 |           proxy: { host: '10.1.0.5' } },
41 |         { default: false,
42 |           name: 'wordpress.localhost',
43 |           aliases: 'non-default.localhost',
44 |           proxy: { host: '10.1.0.6' } }
45 |         ]
46 |       }
47 |     - { role: JoergFiedler.freebsd-jailed-joomla,
48 |         tags: ['_joomla'],
49 |         joomla_db_host: '10.1.0.4',
50 |         joomla_db_host_user: 'root',
51 |         joomla_db_host_password: '{{ mariadb_root_passwd }}',
52 |         joomla_sftp_port: 10200,
53 |         nginx_pf_rdrs: [],
54 |         jail_name: 'joomla',
55 |         jail_net_ip: '10.1.0.5' }
56 |     - { role: JoergFiedler.freebsd-jailed-wordpress,
57 |         tags: ['_wp'],
58 |         wp_db_host: '10.1.0.4',
59 |         wp_db_host_user: 'root',
60 |         wp_db_host_password: '{{ mariadb_root_passwd }}',
61 |         wp_sftp_port: 10201,
62 |         nginx_pf_rdrs: [],
63 |         jail_name: 'wordpress',
64 |         jail_net_ip: '10.1.0.6' }
65 | 


--------------------------------------------------------------------------------
/playbook/nginx-multi-host.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - hosts: nginx-multi-host
 3 |   become: true
 4 | 
 5 |   vars:
 6 |     host_sshd_user: 'vagrant'
 7 |     host_ioc_release_version: '10.2-RELEASE'
 8 |     syslogd_server: 10.1.0.3
 9 |     ssmtp_root: 'freebsd-ansible-demo'
10 |     ssmtp_rewrite_domain: 'maildrop.cc'
11 |     ssmtp_mailhub: 'mail.maildrop.cc'
12 |     ssmtp_auth_user: 'mail.maildrop.cc'
13 |     ssmtp_auth_pass: 'mail.maildrop.cc'
14 |     mariadb_root_passwd: 'password'
15 | 
16 |   roles:
17 |     - { role: JoergFiedler.freebsd-jailed-syslogd,
18 |         tags: ['_syslogd'],
19 |         use_ssmtp: true,
20 |         jail_name: 'syslogd',
21 |         jail_net_ip: '{{ syslogd_server }}' }
22 |     - { role: JoergFiedler.freebsd-jailed-sshd,
23 |         tags: ['_sshd'],
24 |         use_ssmtp: true,
25 |         use_syslogd_server: true,
26 |         jail_name: 'sshd',
27 |         jail_net_ip: '10.1.0.2' }
28 |     - { role: JoergFiedler.freebsd-jailed-nginx,
29 |         tags: ['_nginx'],
30 |         jail_name: 'nginx',
31 |         jail_net_ip: '10.1.0.4',
32 |         nginx_servers: [
33 |         { default: true,
34 |           name: 'default.localhost',
35 |           sftp: { port: 10022 } },
36 |         { default: false,
37 |           name: 'non-default.localhost',
38 |           sftp: { port: 10023 } }
39 |         ]
40 |       }
41 | 


--------------------------------------------------------------------------------
/playbook/nginx-single-host.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - hosts: nginx-single-host
 3 |   become: true
 4 | 
 5 |   vars:
 6 |     host_sshd_user: 'vagrant'
 7 |     host_ioc_release_version: '10.2-RELEASE'
 8 |     syslogd_server: 10.1.0.3
 9 |     ssmtp_root: 'freebsd-ansible-demo'
10 |     ssmtp_rewrite_domain: 'maildrop.cc'
11 |     ssmtp_mailhub: 'mail.maildrop.cc'
12 |     ssmtp_auth_user: 'mail.maildrop.cc'
13 |     ssmtp_auth_pass: 'mail.maildrop.cc'
14 |     mariadb_root_passwd: 'password'
15 | 
16 |   roles:
17 |     - { role: JoergFiedler.freebsd-jailed-syslogd,
18 |         tags: ['_syslogd'],
19 |         use_ssmtp: true,
20 |         jail_name: 'syslogd',
21 |         jail_net_ip: '{{ syslogd_server }}' }
22 |     - { role: JoergFiedler.freebsd-jailed-sshd,
23 |         tags: ['_sshd'],
24 |         use_ssmtp: true,
25 |         use_syslogd_server: true,
26 |         jail_name: 'sshd',
27 |         jail_net_ip: '10.1.0.2' }
28 |     - { role: JoergFiedler.freebsd-jailed-nginx,
29 |         tags: ['_nginx'],
30 |         jail_name: 'nginx',
31 |         jail_net_ip: '10.1.0.4',
32 |         nginx_servers: [
33 |         { default: true,
34 |           name: 'localhost' } ] }
35 | 


--------------------------------------------------------------------------------
/roles.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - src: JoergFiedler.freebsd-jail-host
 3 |   version: v1.0.0
 4 | - src: JoergFiedler.freebsd-jailed
 5 |   version: v1.0.0
 6 | - src: JoergFiedler.freebsd-jailed-syslogd
 7 |   version: v1.0.0
 8 | - src: JoergFiedler.freebsd-jailed-sshd
 9 |   version: v1.0.0
10 | - src: JoergFiedler.freebsd-jailed-btsync
11 |   version: v1.0.0
12 | - src: JoergFiedler.freebsd-jailed-mariadb
13 |   version: v1.0.0
14 | - src: JoergFiedler.freebsd-jailed-nginx
15 |   version: v1.0.0
16 | - src: JoergFiedler.freebsd-jailed-joomla
17 |   version: master
18 | - src: JoergFiedler.freebsd-jailed-php-fpm
19 |   version: master
20 | - src: JoergFiedler.freebsd-jailed-sftp
21 |   version: master
22 | - src: JoergFiedler.freebsd-jailed-wordpress
23 |   version: master
24 | 


--------------------------------------------------------------------------------
/site.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - hosts: default
 3 |   become: true
 4 | 
 5 |   vars:
 6 |     host_sshd_user: 'vagrant'
 7 |     host_ioc_release_version: '10.2-RELEASE'
 8 |     syslogd_server: 10.1.0.3
 9 |     ssmtp_root: 'freebsd-ansible-demo'
10 |     ssmtp_rewrite_domain: 'maildrop.cc'
11 |     ssmtp_mailhub: 'mail.maildrop.cc'
12 |     ssmtp_auth_user: 'mail.maildrop.cc'
13 |     ssmtp_auth_pass: 'mail.maildrop.cc'
14 |     mariadb_root_passwd: 'password'
15 | 
16 |   roles:
17 |     - { role: JoergFiedler.freebsd-jailed-syslogd,
18 |         tags: ['_syslogd'],
19 |         use_ssmtp: true,
20 |         jail_name: 'syslogd',
21 |         jail_net_ip: '{{ syslogd_server }}' }
22 |     - { role: JoergFiedler.freebsd-jailed-sshd,
23 |         tags: ['_sshd'],
24 |         use_ssmtp: true,
25 |         use_syslogd_server: true,
26 |         jail_name: 'sshd',
27 |         jail_net_ip: '10.1.0.2' }
28 |     - { role: JoergFiedler.freebsd-jailed-mariadb,
29 |         tags: ['_mariadb'],
30 |         use_ssmtp: true,
31 |         use_syslogd_server: true,
32 |         jail_name: 'mariadb',
33 |         jail_net_ip: '10.1.0.4' }
34 |     - { role: JoergFiedler.freebsd-jailed-nginx,
35 |         tags: ['_proxy'],
36 |         nginx_servers: [
37 |           {
38 |             name: 'localhost',
39 |             proxy: { host: '10.1.0.100' },
40 |             force_redirect: true,
41 |             https: { ocsp_server: 'ocsp.startssl.com' }
42 |           }
43 |         ],
44 |         jail_name: 'proxy',
45 |         jail_net_ip: '10.1.0.100' }
46 |     - { role: JoergFiedler.freebsd-jailed-wordpress,
47 |         tags: ['_wordpress'],
48 |         server_name: 'localhost',
49 |         nginx_pf_rdrs: [],
50 |         wp_db_password: 'wordpress',
51 |         wp_db_name: 'wordpress',
52 |         jail_name: 'wordpress',
53 |         wp_db_host_password: '{{ mariadb_root_passwd }}',
54 |         sftp_port: 40200,
55 |         jail_net_ip: '10.1.0.100' }
56 | 


--------------------------------------------------------------------------------