debops-contrib.kernel_module default variables¶
Sections
Configuration presets¶
-
kernel_module__security_list
¶
A preset of kernel module configuration intended to increase the security of the system against known attacks.
kernel_module__security_list:
## Protecting against Firewire DMA:
## * https://security.stackexchange.com/a/49158/79474
## * https://github.com/lfit/itpol/blob/master/linux-workstation-security.md#blacklisting-modules
- name: 'firewire-sbp2'
blacklist: True
- name: 'firewire-ohci'
blacklist: True
- name: 'firewire-core'
blacklist: True
- name: 'thunderbolt'
blacklist: True
-
kernel_module__common_list
¶
A preset of kernel module configuration which is often chosen.
kernel_module__common_list:
- name: 'pcspkr'
blacklist: True
Lists of module definitions¶
-
kernel_module__list
¶
"Global" kernel module configuration.
For more details refer to kernel_module__list in the Default variable details section.
kernel_module__list: |
{{
kernel_module__security_list|list +
kernel_module__common_list|list
}}
-
kernel_module__group_list
¶
"Host group" kernel module configuration.
kernel_module__group_list: []
-
kernel_module__host_list
¶
"Host" kernel module configuration.
kernel_module__host_list: []
-
kernel_module__combined_list
¶
List of combined kernel module configuration as it is used by the role internally.
kernel_module__combined_list: '{{
(kernel_module__list | list) +
(kernel_module__group_list | list) +
(kernel_module__host_list | list) }}'
Default options¶
-
kernel_module__params_force
¶
If True
, force that the module parameters are applied (via unloading and
loading of the module).
kernel_module__params_force: False
Configuration files used for configuring¶
-
kernel_module__blacklist_file
¶
File path where the role maintains blacklisted modules.
kernel_module__blacklist_file: '/etc/modprobe.d/blacklist-ansible-kernel_module-role.conf'
-
kernel_module__options_file
¶
File path where the role maintains module options.
kernel_module__options_file: '/etc/modprobe.d/options-ansible-kernel_module-role.conf'
-
kernel_module__load_file
¶
File path where the role maintains modules to be loaded on system start.
kernel_module__load_file: '/etc/modules-load.d/ansible-kernel_module-role.conf'