debops-contrib.kernel_module default variables

Configuration presets

kernel_module__security_list

A preset of kernel module configuration intended to increase the security of the system against known attacks.

kernel_module__security_list:

  ## Protecting against Firewire DMA:
  ## * https://security.stackexchange.com/a/49158/79474
  ## * https://github.com/lfit/itpol/blob/master/linux-workstation-security.md#blacklisting-modules
  - name: 'firewire-sbp2'
    blacklist: True
  - name: 'firewire-ohci'
    blacklist: True
  - name: 'firewire-core'
    blacklist: True
  - name: 'thunderbolt'
    blacklist: True
kernel_module__common_list

A preset of kernel module configuration which is often chosen.

kernel_module__common_list:
  - name: 'pcspkr'
    blacklist: True

Lists of module definitions

kernel_module__list

"Global" kernel module configuration.

For more details refer to kernel_module__list in the Default variable details section.

kernel_module__list: |
  {{
    kernel_module__security_list|list +
    kernel_module__common_list|list
  }}
kernel_module__group_list

"Host group" kernel module configuration.

kernel_module__group_list: []
kernel_module__host_list

"Host" kernel module configuration.

kernel_module__host_list: []
kernel_module__combined_list

List of combined kernel module configuration as it is used by the role internally.

kernel_module__combined_list: '{{
  (kernel_module__list       | list) +
  (kernel_module__group_list | list) +
  (kernel_module__host_list  | list) }}'

Default options

kernel_module__params_force

If True, force that the module parameters are applied (via unloading and loading of the module).

kernel_module__params_force: False

Configuration files used for configuring

kernel_module__blacklist_file

File path where the role maintains blacklisted modules.

kernel_module__blacklist_file: '/etc/modprobe.d/blacklist-ansible-kernel_module-role.conf'
kernel_module__options_file

File path where the role maintains module options.

kernel_module__options_file: '/etc/modprobe.d/options-ansible-kernel_module-role.conf'
kernel_module__load_file

File path where the role maintains modules to be loaded on system start.

kernel_module__load_file: '/etc/modules-load.d/ansible-kernel_module-role.conf'