ansible.debian_security/defaults/main.yml

113 lines
3.3 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
# ipr-cnrs.debian_security default variables [[[
# ==============================================
# Packages and installation [[[
# -----------------------------
# .. envvar:: deb_sec__base_packages [[[
#
# List of base packages to install.
deb_sec__required_packages:
- 'debsecan'
# ]]]
# .. envvar:: deb_sec__deploy_state [[[
#
# What is the desired state which this role should achieve? Possible options:
#
# ``present``
# Default. Ensure that required packages are installed and configured as
# requested.
#
# ``absent``
# Ensure that required packages are uninstalled and configuration removed.
#
deb_sec__deploy_state: 'present'
# ]]]
# ]]]
# Debsecan [[[
# ------------
# .. envvar:: deb_sec__debsecan_report [[[
#
# If daily reports should be enable. Possible options:
#
# ``true``
# Default.
#
# ``false``
#
deb_sec__debsecan_report: true
# ]]]
# .. envvar:: deb_sec__debsecan_suite [[[
#
# The suite name used to produce more informative output. Possible options are
# all Debian (and derivative) codename (eg. stretch) not the temporal
# name (eg. stable,…).
#
# ``ansible_distribution_release``
# Default. Use ansible variable to determine the current codename.
#
deb_sec__debsecan_suite: '{{ ansible_distribution_release }}'
# ]]]
# .. envvar:: deb_sec__debsecan_mailto [[[
#
# Mail address to which reports are sent.
#
# ``root``
# Default.
#
deb_sec__debsecan_mailto: 'root'
# ]]]
# .. envvar:: deb_sec__debsecan_source [[[
#
# The URL from which vulnerability data is downloaded.
#
# ``''``
# Default. Empty for the built-in default.
#
deb_sec__debsecan_source: ''
# ]]]
# .. envvar:: deb_sec__debsecan_cron_disabled [[[
#
# If the Debsecan job should be disabled. Possible options:
#
# ``false``
# Default. According to Debsecan package.
#
# ``true``
# Comment the job in the cron file.
#
deb_sec__debsecan_cron_disabled: false
# ]]]
# .. envvar:: deb_sec__debsecan_cron_job [[[
#
# The command to execute for Debsecan cron.
#
# ``test -x /usr/bin/debsecan && /usr/bin/debsecan --cron``
# Default. According to Debsecan package.
#
deb_sec__debsecan_cron_job: 'test -x /usr/bin/debsecan && /usr/bin/debsecan --cron'
# ]]]
# .. envvar:: deb_sec__debsecan_cron_special_time [[[
#
# Periodicity of the cron job for Debsecan.
#
# ``daily``
# Default. Run the job everyday.
#
deb_sec__debsecan_cron_special_time: 'daily'
# ]]]
# .. envvar:: deb_sec__debsecan_cron_user [[[
#
# User whose run the job.
#
# ``daemon``
# Default. According to Debsecan package.
#
deb_sec__debsecan_cron_user: 'daemon'
# ]]]
# ]]]