113 lines
3.3 KiB
YAML
113 lines
3.3 KiB
YAML
---
|
||
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
|
||
|
||
# ipr-cnrs.debian_security default variables [[[
|
||
# ==============================================
|
||
|
||
# Packages and installation [[[
|
||
# -----------------------------
|
||
|
||
# .. envvar:: deb_sec__base_packages [[[
|
||
#
|
||
# List of base packages to install.
|
||
deb_sec__required_packages:
|
||
- 'debsecan'
|
||
# ]]]
|
||
# .. envvar:: deb_sec__deploy_state [[[
|
||
#
|
||
# What is the desired state which this role should achieve? Possible options:
|
||
#
|
||
# ``present``
|
||
# Default. Ensure that required packages are installed and configured as
|
||
# requested.
|
||
#
|
||
# ``absent``
|
||
# Ensure that required packages are uninstalled and configuration removed.
|
||
#
|
||
deb_sec__deploy_state: 'present'
|
||
# ]]]
|
||
# ]]]
|
||
# Debsecan [[[
|
||
# ------------
|
||
|
||
# .. envvar:: deb_sec__debsecan_report [[[
|
||
#
|
||
# If daily reports should be enable. Possible options :
|
||
#
|
||
# ``true``
|
||
# Default.
|
||
#
|
||
# ``false``
|
||
#
|
||
deb_sec__debsecan_report: true
|
||
# ]]]
|
||
# .. envvar:: deb_sec__debsecan_suite [[[
|
||
#
|
||
# The suite name used to produce more informative output. Possible options are
|
||
# all Debian (and derivative) codename (eg. stretch) not the temporal
|
||
# name (eg. stable,…).
|
||
#
|
||
# ``ansible_distribution_release``
|
||
# Default. Use ansible variable to determine the current codename.
|
||
#
|
||
deb_sec__debsecan_suite: '{{ ansible_distribution_release }}'
|
||
# ]]]
|
||
# .. envvar:: deb_sec__debsecan_mailto [[[
|
||
#
|
||
# Mail address to which reports are sent.
|
||
#
|
||
# ``root``
|
||
# Default.
|
||
#
|
||
deb_sec__debsecan_mailto: 'root'
|
||
# ]]]
|
||
# .. envvar:: deb_sec__debsecan_source [[[
|
||
#
|
||
# The URL from which vulnerability data is downloaded.
|
||
#
|
||
# ``''``
|
||
# Default. Empty for the built-in default.
|
||
#
|
||
deb_sec__debsecan_source: ''
|
||
# ]]]
|
||
# .. envvar:: deb_sec__debsecan_cron_disabled [[[
|
||
#
|
||
# If the Debsecan job should be disabled. Possible options :
|
||
#
|
||
# ``false``
|
||
# Default. According to Debsecan package.
|
||
#
|
||
# ``true``
|
||
# Comment the job in the cron file.
|
||
#
|
||
deb_sec__debsecan_cron_disabled: false
|
||
# ]]]
|
||
# .. envvar:: deb_sec__debsecan_cron_job [[[
|
||
#
|
||
# The command to execute for Debsecan cron.
|
||
#
|
||
# ``test -x /usr/bin/debsecan && /usr/bin/debsecan --cron``
|
||
# Default. According to Debsecan package.
|
||
#
|
||
deb_sec__debsecan_cron_job: 'test -x /usr/bin/debsecan && /usr/bin/debsecan --cron'
|
||
# ]]]
|
||
# .. envvar:: deb_sec__debsecan_cron_special_time [[[
|
||
#
|
||
# Periodicity of the cron job for Debsecan.
|
||
#
|
||
# ``daily``
|
||
# Default. Run the job everyday.
|
||
#
|
||
deb_sec__debsecan_cron_special_time: 'daily'
|
||
# ]]]
|
||
# .. envvar:: deb_sec__debsecan_cron_user [[[
|
||
#
|
||
# User whose run the job.
|
||
#
|
||
# ``daemon``
|
||
# Default. According to Debsecan package.
|
||
#
|
||
deb_sec__debsecan_cron_user: 'daemon'
|
||
# ]]]
|
||
# ]]]
|