Blacklist modules via ansible

2026-05-16 10:50:10 +00:00 · 2026-05-08 10:50:07 -04:00 · 2026-05-08 10:50:07 -04:00 · 597651c526
commit 597651c526
parent 07995be9d9
1 changed files with 37 additions and 0 deletions
--- a/blacklist_mods.yml
+++ b/blacklist_mods.yml
@ -0,0 +1,37 @@
+- name: Blacklist kernel modules
+  hosts: all
+  become: yes
+  gather_facts: no
+
+  vars:
+    modules_to_blacklist:
+      # DirtyFrag
+      - esp4
+      - esp6
+      - rxrpc
+
+  tasks:
+    - name: Ensure blacklist directory exists
+      file:
+        path: /etc/modprobe.d
+        state: directory
+        mode: '0755'
+
+    - name: Check if module is currently loaded
+      shell: "lsmod | grep -qw '{{ item }}'"
+      loop: "{{ modules_to_blacklist }}"
+      register: lsmod_check
+      changed_when: false
+      # If rc is 0, the module is loaded -> Fail the task
+      failed_when: lsmod_check.rc == 0
+
+    - name: Blacklist kernel modules
+      # Only executes if the previous task succeeded (meaning module was NOT loaded)
+      lineinfile:
+        path: /etc/modprobe.d/blacklist.conf
+        line: "blacklist {{ item }}"
+        create: yes
+        mode: '0644'
+        state: present
+      loop: "{{ modules_to_blacklist }}"
+