From 9237e4e56fd6898e808ded82ef01b5aa26b2e24d Mon Sep 17 00:00:00 2001
From: FlatKey <FlatKey@users.noreply.github.com>
Date: Fri, 6 May 2016 01:16:52 +0200
Subject: [PATCH] inital role with config options for policy, state and
 booleans

---
 README.md      | 67 ++++++++++++++++++++++++++++++++++++++++++++++++--
 meta/main.yml  | 19 ++++++++++++++
 tasks/main.yml | 10 ++++++++
 3 files changed, 94 insertions(+), 2 deletions(-)
 create mode 100644 meta/main.yml
 create mode 100644 tasks/main.yml

diff --git a/README.md b/README.md
index cf6352a..4f14a49 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,65 @@
-# ansible-selinux-role
-Advanced Base role to configure selinux through variables.
+ansible-selinux-role
+=========
+
+Allows you to configure SELinux.
+
+Config options:
+* policy
+* state
+* booleans
+
+Requirements
+------------
+
+Tested on RHEL 7 and CentOS 7 only. 
+
+Ansible 2.0 or above 
+
+Role Variables
+--------------
+
+The following variables are used to configure SELinux policy and state:
+
+```
+    selinux_config: (optional, default: /etc/selinux/config)
+    selinux_policy: (optional, default: targeted)
+    selinux_state:  (optional, only values: enforcing|permissive|disabled, default: enforcing)
+```
+
+---
+
+The following variables are used to toggle SELinux booleans: 
+
+```
+    selinux_boolean: 
+      name_of_selinux_boolean:
+        state: (optional, only values: yes|no default: yes)
+        persistent: (optional, only values: yes|no, default: yes)
+```
+
+Example Playbook
+----------------
+
+```
+    - hosts: server
+      become: yes
+      become_user: root
+      become_method: su
+      roles:
+        - { role: ansible-selinux-role }
+      vars:
+        selinux_policy: "targeted"
+        selinux_state: "enforcing"
+        selinux_boolean:
+          antivirus_can_scan_system:
+            state: yes
+            persistent: yes
+          httpd_can_sendmail:
+            state: yes
+            persistent: yes
+```
+
+License
+-------
+
+MIT
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..e4d48dc
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,19 @@
+---
+galaxy_info:
+  author: FlatKey
+  description: Advanced Base role to configure SELinux through variables. You can configure the SELinux policy, state and booleans.
+  license: MIT
+  min_ansible_version: 2.0
+  platforms:
+    - name: EL
+      versions:
+        - 7
+  galaxy_tags:
+    - selinux
+    - system
+    - security
+    - centos
+    - centos7
+    - rhel
+    - rhel7
+dependencies: []
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..d5ec0a5
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+- name: ensure libselinux-python is installed
+  yum: name=libselinux-python state=present
+
+- name: configure selinux policy and state
+  selinux: conf={{selinux_config|default('/etc/selinux/config')}} policy={{selinux_policy|default('targeted')}} state={{selinux_state|default('enforcing')}}
+
+- name: toggle selinux booleans
+  seboolean: name={{item.key}} state={{item.value.state|default('yes')}} persistent={{item.value.persistent|default('yes')}}
+  with_dict: "{{selinux_boolean|default({})}}"