37 lines
1003 B
YAML
37 lines
1003 B
YAML
---
|
|
- name: apparmor | Install apparmor and default profiles
|
|
community.general.apk:
|
|
name: apparmor, apparmor-profiles
|
|
state: present
|
|
|
|
- name: apparmor | Enable writing cache and faster DFA transition table compression
|
|
lineinfile:
|
|
path: /etc/apparmor/parser.conf
|
|
state: present
|
|
search_string: '{{ item }}'
|
|
line: '{{ item }}'
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
loop:
|
|
- write-cache
|
|
- Optimize=compress-fast
|
|
|
|
# Don't start it yet, as it requires the kernel parameters
|
|
- name: apparmor | Add apparmor service to runlevel 'boot'
|
|
service:
|
|
name: apparmor
|
|
runlevel: boot
|
|
enabled: true
|
|
|
|
- name: apparmor | Configure kernel parameters in GRUB config file
|
|
import_tasks: grub.yml
|
|
when: bootloader == 'grub'
|
|
|
|
# TODO: handle limine and efistub better
|
|
- name: apparmor | Notify about kernel parameters update
|
|
debug:
|
|
msg: Notify about kernel parameters update for apparmor
|
|
notify: Notify apparmor kernel parameters
|
|
when: bootloader != 'grub'
|