sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make chroot command configurable

Browse Source
This commit is contained in:
Sandwich
2026-01-02 18:53:55 +01:00
parent ce972e55dd
commit fe0b72c9d8
14 changed files with 26 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/cis/tasks/crypto.yml
View File

@@ -1,12 +1,12 @@
---
- name: Configure System Cryptography Policy
when: os in ["almalinux", "rhel9", "rhel10", "rocky"]
ansible.builtin.command: arch-chroot /mnt /usr/bin/update-crypto-policies --set DEFAULT:NO-SHA1
ansible.builtin.command: "{{ chroot_command }} /mnt /usr/bin/update-crypto-policies --set DEFAULT:NO-SHA1"
register: cis_crypto_policy_result
changed_when: "'Setting system-wide crypto-policies to' in cis_crypto_policy_result.stdout"
- name: Mask Systemd Services
ansible.builtin.command: >
arch-chroot /mnt systemctl mask nftables bluetooth rpcbind
{{ chroot_command }} /mnt systemctl mask nftables bluetooth rpcbind
register: cis_mask_services_result
changed_when: cis_mask_services_result.rc == 0