ansible.debian_security/defaults/main.yml

113 lines
3.3 KiB
YAML
Raw Normal View History

2018-06-15 15:34:11 +02:00
---
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
# ipr-cnrs.debian_security default variables [[[
# ==============================================
# Packages and installation [[[
# -----------------------------
# .. envvar:: deb_sec__base_packages [[[
#
# List of base packages to install.
deb_sec__required_packages:
- 'debsecan'
# ]]]
# .. envvar:: deb_sec__deploy_state [[[
#
# What is the desired state which this role should achieve? Possible options:
#
# ``present``
# Default. Ensure that required packages are installed and configured as
# requested.
#
# ``absent``
# Ensure that required packages are uninstalled and configuration removed.
#
deb_sec__deploy_state: 'present'
# ]]]
# ]]]
2018-06-15 16:21:09 +02:00
# Debsecan [[[
# ------------
# .. envvar:: deb_sec__debsecan_report [[[
#
# If daily reports should be enable. Possible options:
#
# ``true``
# Default.
#
# ``false``
#
deb_sec__debsecan_report: true
# ]]]
# .. envvar:: deb_sec__debsecan_suite [[[
#
# The suite name used to produce more informative output. Possible options are
# all Debian (and derivative) codename (eg. stretch) not the temporal
# name (eg. stable,…).
#
# ``ansible_distribution_release``
# Default. Use ansible variable to determine the current codename.
#
deb_sec__debsecan_suite: '{{ ansible_distribution_release }}'
# ]]]
# .. envvar:: deb_sec__debsecan_mailto [[[
#
# Mail address to which reports are sent.
#
# ``root``
# Default.
#
deb_sec__debsecan_mailto: 'root'
# ]]]
# .. envvar:: deb_sec__debsecan_source [[[
#
# The URL from which vulnerability data is downloaded.
2018-06-15 17:12:30 +02:00
#
2018-06-15 16:21:09 +02:00
# ``''``
# Default. Empty for the built-in default.
#
deb_sec__debsecan_source: ''
# ]]]
2018-06-15 17:12:30 +02:00
# .. envvar:: deb_sec__debsecan_cron_disabled [[[
#
# If the Debsecan job should be disabled. Possible options:
#
# ``false``
# Default. According to Debsecan package.
#
# ``true``
# Comment the job in the cron file.
#
deb_sec__debsecan_cron_disabled: false
# ]]]
# .. envvar:: deb_sec__debsecan_cron_job [[[
#
# The command to execute for Debsecan cron.
#
# ``test -x /usr/bin/debsecan && /usr/bin/debsecan --cron``
# Default. According to Debsecan package.
#
deb_sec__debsecan_cron_job: 'test -x /usr/bin/debsecan && /usr/bin/debsecan --cron'
# ]]]
# .. envvar:: deb_sec__debsecan_cron_special_time [[[
#
# Periodicity of the cron job for Debsecan.
#
# ``daily``
# Default. Run the job everyday.
#
deb_sec__debsecan_cron_special_time: 'daily'
# ]]]
# .. envvar:: deb_sec__debsecan_cron_user [[[
#
# User whose run the job.
#
# ``daemon``
# Default. According to Debsecan package.
#
deb_sec__debsecan_cron_user: 'daemon'
# ]]]
2018-06-15 16:21:09 +02:00
# ]]]