Hex Artifact Content
Not logged in

Artifact fda44cb3483bb4614522eb9c9107dff361efe0d0:


0000: 47 65 74 74 69 6e 67 20 73 74 61 72 74 65 64 0a  Getting started.
0010: 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a  ===============.
0020: 0a 2e 2e 20 69 6e 63 6c 75 64 65 3a 3a 20 69 6e  ... include:: in
0030: 63 6c 75 64 65 73 2f 61 6c 6c 2e 72 73 74 0a 0a  cludes/all.rst..
0040: 2e 2e 20 63 6f 6e 74 65 6e 74 73 3a 3a 0a 20 20  .. contents::.  
0050: 20 3a 6c 6f 63 61 6c 3a 0a 0a 0a 45 78 61 6d 70   :local:...Examp
0060: 6c 65 20 69 6e 76 65 6e 74 6f 72 79 0a 2d 2d 2d  le inventory.---
0070: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 0a  --------------..
0080: 54 6f 20 73 65 74 75 70 20 61 6e 64 20 63 6f 6e  To setup and con
0090: 66 69 67 75 72 65 20 46 69 72 65 6a 61 69 6c 20  figure Firejail 
00a0: 6f 6e 20 61 20 67 69 76 65 6e 20 68 6f 73 74 20  on a given host 
00b0: 69 74 20 73 68 6f 75 6c 64 20 62 65 20 69 6e 63  it should be inc
00c0: 6c 75 64 65 64 20 69 6e 20 74 68 65 0a 60 60 64  luded in the.``d
00d0: 65 62 6f 70 73 5f 73 65 72 76 69 63 65 5f 66 69  ebops_service_fi
00e0: 72 65 6a 61 69 6c 60 60 20 41 6e 73 69 62 6c 65  rejail`` Ansible
00f0: 20 69 6e 76 65 6e 74 6f 72 79 20 67 72 6f 75 70   inventory group
0100: 3a 0a 0a 2e 2e 20 63 6f 64 65 3a 3a 20 69 6e 69  :.... code:: ini
0110: 0a 0a 20 20 20 5b 64 65 62 6f 70 73 5f 73 65 72  ..   [debops_ser
0120: 76 69 63 65 5f 66 69 72 65 6a 61 69 6c 5d 0a 20  vice_firejail]. 
0130: 20 20 68 6f 73 74 6e 61 6d 65 0a 0a 45 78 61 6d    hostname..Exam
0140: 70 6c 65 20 70 6c 61 79 62 6f 6f 6b 0a 2d 2d 2d  ple playbook.---
0150: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 0a 48  -------------..H
0160: 65 72 65 27 73 20 61 6e 20 65 78 61 6d 70 6c 65  ere's an example
0170: 20 70 6c 61 79 62 6f 6f 6b 20 74 68 61 74 20 75   playbook that u
0180: 73 65 73 20 74 68 65 20 60 60 64 65 62 6f 70 73  ses the ``debops
0190: 2d 63 6f 6e 74 72 69 62 2e 66 69 72 65 6a 61 69  -contrib.firejai
01a0: 6c 60 60 20 72 6f 6c 65 3a 0a 0a 2e 2e 20 6c 69  l`` role:.... li
01b0: 74 65 72 61 6c 69 6e 63 6c 75 64 65 3a 3a 20 70  teralinclude:: p
01c0: 6c 61 79 62 6f 6f 6b 73 2f 66 69 72 65 6a 61 69  laybooks/firejai
01d0: 6c 2e 79 6d 6c 0a 20 20 20 3a 6c 61 6e 67 75 61  l.yml.   :langua
01e0: 67 65 3a 20 79 61 6d 6c 0a 0a 54 68 69 73 20 70  ge: yaml..This p
01f0: 6c 61 79 62 6f 6f 6b 73 20 69 73 20 73 68 69 70  laybooks is ship
0200: 70 65 64 20 77 69 74 68 20 74 68 69 73 20 72 6f  ped with this ro
0210: 6c 65 20 75 6e 64 65 72 0a 3a 66 69 6c 65 3a 60  le under.:file:`
0220: 2e 2f 64 6f 63 73 2f 70 6c 61 79 62 6f 6f 6b 73  ./docs/playbooks
0230: 2f 66 69 72 65 6a 61 69 6c 2e 79 6d 6c 60 20 66  /firejail.yml` f
0240: 72 6f 6d 20 77 68 69 63 68 20 79 6f 75 20 63 61  rom which you ca
0250: 6e 20 73 79 6d 6c 69 6e 6b 20 69 74 20 74 6f 20  n symlink it to 
0260: 79 6f 75 72 0a 70 6c 61 79 62 6f 6f 6b 20 64 69  your.playbook di
0270: 72 65 63 74 6f 72 79 2e 0a 49 6e 20 63 61 73 65  rectory..In case
0280: 20 79 6f 75 20 75 73 65 20 6d 75 6c 74 69 70 6c   you use multipl
0290: 65 20 60 44 65 62 4f 70 73 20 43 6f 6e 74 72 69  e `DebOps Contri
02a0: 62 60 5f 20 72 6f 6c 65 73 2c 20 63 6f 6e 73 69  b`_ roles, consi
02b0: 64 65 72 20 75 73 69 6e 67 20 74 68 65 0a 60 44  der using the.`D
02c0: 65 62 4f 70 73 20 43 6f 6e 74 72 69 62 20 70 6c  ebOps Contrib pl
02d0: 61 79 62 6f 6f 6b 73 60 5f 2e 0a 0a 41 6e 73 69  aybooks`_...Ansi
02e0: 62 6c 65 20 74 61 67 73 0a 2d 2d 2d 2d 2d 2d 2d  ble tags.-------
02f0: 2d 2d 2d 2d 2d 0a 0a 59 6f 75 20 63 61 6e 20 75  -----..You can u
0300: 73 65 20 41 6e 73 69 62 6c 65 20 60 60 2d 2d 74  se Ansible ``--t
0310: 61 67 73 60 60 20 6f 72 20 60 60 2d 2d 73 6b 69  ags`` or ``--ski
0320: 70 2d 74 61 67 73 60 60 20 70 61 72 61 6d 65 74  p-tags`` paramet
0330: 65 72 73 20 74 6f 20 6c 69 6d 69 74 20 77 68 61  ers to limit wha
0340: 74 0a 74 61 73 6b 73 20 61 72 65 20 70 65 72 66  t.tasks are perf
0350: 6f 72 6d 65 64 20 64 75 72 69 6e 67 20 41 6e 73  ormed during Ans
0360: 69 62 6c 65 20 72 75 6e 2e 20 54 68 69 73 20 63  ible run. This c
0370: 61 6e 20 62 65 20 75 73 65 64 20 61 66 74 65 72  an be used after
0380: 20 61 20 68 6f 73 74 20 77 61 73 20 66 69 72 73   a host was firs
0390: 74 0a 63 6f 6e 66 69 67 75 72 65 64 20 74 6f 20  t.configured to 
03a0: 73 70 65 65 64 20 75 70 20 70 6c 61 79 62 6f 6f  speed up playboo
03b0: 6b 20 65 78 65 63 75 74 69 6f 6e 2c 20 77 68 65  k execution, whe
03c0: 6e 20 79 6f 75 20 61 72 65 20 73 75 72 65 20 74  n you are sure t
03d0: 68 61 74 20 6d 6f 73 74 20 6f 66 20 74 68 65 0a  hat most of the.
03e0: 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 69 73  configuration is
03f0: 20 61 6c 72 65 61 64 79 20 69 6e 20 74 68 65 20   already in the 
0400: 64 65 73 69 72 65 64 20 73 74 61 74 65 2e 0a 0a  desired state...
0410: 41 76 61 69 6c 61 62 6c 65 20 72 6f 6c 65 20 74  Available role t
0420: 61 67 73 3a 0a 0a 60 60 72 6f 6c 65 3a 3a 66 69  ags:..``role::fi
0430: 72 65 6a 61 69 6c 60 60 0a 20 20 4d 61 69 6e 20  rejail``.  Main 
0440: 72 6f 6c 65 20 74 61 67 2c 20 73 68 6f 75 6c 64  role tag, should
0450: 20 62 65 20 75 73 65 64 20 69 6e 20 74 68 65 20   be used in the 
0460: 70 6c 61 79 62 6f 6f 6b 20 74 6f 20 65 78 65 63  playbook to exec
0470: 75 74 65 20 61 6c 6c 20 6f 66 20 74 68 65 20 72  ute all of the r
0480: 6f 6c 65 0a 20 20 74 61 73 6b 73 20 61 73 20 77  ole.  tasks as w
0490: 65 6c 6c 20 61 73 20 72 6f 6c 65 20 64 65 70 65  ell as role depe
04a0: 6e 64 65 6e 63 69 65 73 2e 0a 0a 60 60 72 6f 6c  ndencies...``rol
04b0: 65 3a 3a 66 69 72 65 6a 61 69 6c 3a 70 6b 67 73  e::firejail:pkgs
04c0: 60 60 0a 20 20 54 61 73 6b 73 20 72 65 6c 61 74  ``.  Tasks relat
04d0: 65 64 20 74 6f 20 73 79 73 74 65 6d 20 70 61 63  ed to system pac
04e0: 6b 61 67 65 20 6d 61 6e 61 67 65 6d 65 6e 74 20  kage management 
04f0: 6c 69 6b 65 20 69 6e 73 74 61 6c 6c 69 6e 67 20  like installing 
0500: 6f 72 0a 20 20 72 65 6d 6f 76 69 6e 67 20 70 61  or.  removing pa
0510: 63 6b 61 67 65 73 2e 0a 0a 60 60 72 6f 6c 65 3a  ckages...``role:
0520: 3a 66 69 72 65 6a 61 69 6c 3a 70 72 6f 66 69 6c  :firejail:profil
0530: 65 60 60 0a 20 20 54 61 73 6b 73 20 72 65 6c 61  e``.  Tasks rela
0540: 74 65 64 20 74 6f 20 46 69 72 65 6a 61 69 6c 20  ted to Firejail 
0550: 73 65 63 75 72 69 74 79 20 70 72 6f 66 69 6c 65  security profile
0560: 20 6d 61 6e 61 67 65 6d 65 6e 74 20 6c 69 6b 65   management like
0570: 20 63 6f 70 79 69 6e 67 20 6f 72 0a 20 20 72 65   copying or.  re
0580: 6d 6f 76 69 6e 67 20 70 72 6f 66 69 6c 65 20 66  moving profile f
0590: 69 6c 65 73 2e 0a                                iles..