Ansible-Bootstrap/roles/configuration/tasks/main.yml

---
- name: Configuration
  block:
    - name: Generate fstab
      ansible.builtin.shell: genfstab -LU /mnt > /mnt/etc/fstab
      changed_when: result.rc == 0
      register: result

    - name: Remove depricated attr2 and disable large extent
      when: os in ["almalinux", "rhel8", "rhel9", "rocky"] and filesystem == "xfs"
      ansible.builtin.replace:
        path: /mnt/etc/fstab
        regexp: '(xfs.*?)(attr2)'
        replace: '\1allocsize=64m'

    - name: Replace ISO UUID entry with /dev/sr0 in fstab
      when: os in ["rhel8", "rhel9"]
      ansible.builtin.lineinfile:
        path: /mnt/etc/fstab
        regexp: '^.*\/dvd.*$'
        line: "{{ '/usr/local/install/redhat/rhel.iso /usr/local/install/redhat/dvd iso9660 loop,nofail 0 0' if hypervisor == 'vmware'
              else '/dev/sr0 /usr/local/install/redhat/dvd iso9660 ro,relatime,nojoliet,check=s,map=n,nofail 0 0' }}"
        state: present
        backrefs: true

    - name: Write image from RHEL ISO to the target machine
      when: os in ["rhel8", "rhel9"] and hypervisor == 'vmware'
      ansible.builtin.command: dd if=/dev/sr1 of=/mnt/usr/local/install/redhat/rhel.iso bs=4M
      changed_when: result.rc == 0
      register: result

    - name: Append TempFS to fstab
      ansible.builtin.lineinfile:
        path: /mnt/etc/fstab
        line: "{{ item }}"
        insertafter: EOF
      with_items:
        - ""
        - "# TempFS"
        - tmpfs           /tmp            tmpfs           defaults,nosuid,nodev,noexec    0 0
        - tmpfs           /var/tmp        tmpfs           defaults,nosuid,nodev,noexec    0 0
        - tmpfs           /dev/shm        tmpfs           defaults,noexec    0 0

    - name: Set local timezone
      ansible.builtin.command: "{{ item }}"
      changed_when: result.rc == 0
      register: result
      with_items:
        - systemctl daemon-reload
        - arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime

    - name: Setup locales
      block:
        - name: Configure locale.gen
          when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
          ansible.builtin.lineinfile:
            dest: /mnt/etc/locale.gen
            regexp: "{{ item.regex }}"
            line: "{{ item.line }}"
          loop:
            - { regex: en_US\.UTF-8 UTF-8, line: en_US.UTF-8 UTF-8 }

        - name: Generate locales
          when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
          ansible.builtin.command: arch-chroot /mnt /usr/sbin/locale-gen
          changed_when: result.rc == 0
          register: result

        - name: Set hostname
          ansible.builtin.copy:
            content: "{{ hostname }}"
            dest: /mnt/etc/hostname
            mode: '0644'

        - name: Add host entry to /etc/hosts
          ansible.builtin.lineinfile:
            path: /mnt/etc/hosts
            line: "{{ ansible_host }}    {{ hostname }}"
            state: present

        - name: Create vconsole.conf
          ansible.builtin.copy:
            content: KEYMAP=us
            dest: /mnt/etc/vconsole.conf
            mode: '0644'

        - name: Create locale.conf
          ansible.builtin.copy:
            content: LANG=en_US.UTF-8
            dest: /mnt/etc/locale.conf
            mode: '0644'

        - name: SSH permit Password
          ansible.builtin.replace:
            path: /mnt/etc/ssh/sshd_config
            regexp: "#PasswordAuthentication yes"
            replace: PasswordAuthentication yes

        - name: SSH permit root login
          ansible.builtin.replace:
            path: /mnt/etc/ssh/sshd_config
            regexp: "^#?PermitRootLogin.*"
            replace: "PermitRootLogin yes"

    - name: Enable Systemd Services
      ansible.builtin.command: >
        arch-chroot /mnt systemctl enable NetworkManager
        {{
          ' ssh' if os | lower in ['ubuntu', 'ubuntu-lts'] else
          (' sshd' if os | lower not in ['debian11', 'debian12'] else '')
        }}
        {{
          'logrotate systemd-resolved systemd-timesyncd systemd-networkd'
          if os | lower == 'archlinux' else ''
        }}
      changed_when: result.rc == 0
      register: result

    - name: Configure grub
      when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
      block:
        - name: Add commandline information to grub config
          ansible.builtin.lineinfile:
            dest: /mnt/etc/default/grub
            regexp: ^GRUB_CMDLINE_LINUX_DEFAULT=
            line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3"

        - name: Change Grub time
          ansible.builtin.lineinfile:
            dest: /mnt/etc/default/grub
            regexp: ^GRUB_TIMEOUT=
            line: GRUB_TIMEOUT=1

    - name: Configure Bootloader
      block:
        - name: Install Bootloader
          ansible.builtin.command: arch-chroot /mnt
            {% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %} /usr/sbin/efibootmgr
            -c -L '{{ os }}' -d "{{ install_drive }}" -p 1
            -l '\efi\EFI\{% if os | lower in ["rhel8", "rhel9"] %}redhat{% else %}{{ os | lower }}{% endif %}\shimx64.efi'
            {% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory={{ "/boot/efi" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot" }}
            --bootloader-id={{ "ubuntu" if os | lower in ["ubuntu", "ubuntu-lts"] else os }}
            {% endif %}
          changed_when: result.rc == 0
          register: result

        - name: Generate grub config
          ansible.builtin.command: arch-chroot /mnt
            {% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %}
            /usr/sbin/grub2-mkconfig -o /boot/efi/EFI/{% if os | lower in ["rhel8", "rhel9"] %}redhat{% else %}{{ os | lower }}{% endif %}/grub.cfg
            {% else %}
            /usr/sbin/grub-mkconfig -o {{ "/boot/efi/EFI/ubuntu/grub.cfg" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot/grub/grub.cfg" }}
            {% endif %}
          changed_when: result.rc == 0
          register: result

        - name: Ensure lvm2 for non btrfs filesystems
          when: os | lower == "archlinux" and filesystem != "btrfs"
          ansible.builtin.lineinfile:
            path: /mnt/etc/mkinitcpio.conf
            regexp: '^(HOOKS=.*block)(?!.*lvm2)(.*)'
            line: '\1 lvm2\2'
            backrefs: true

        - name: Regenerate initramfs
          when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"]
          ansible.builtin.command: arch-chroot /mnt
            {% if os | lower == "archlinux" %} /usr/sbin/mkinitcpio -P
            {% elif os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts", "archlinux"] %} /usr/bin/dracut --regenerate-all --force
            {% else %} echo "Skipping initramfs regeneration"
            {% endif %}
          changed_when: result.rc == 0
          register: result

    - name: Extra Configuration
      block:
        - name: Append vim configurations to vimrc
          failed_when: false
          ansible.builtin.blockinfile:
            path: "{{ '/mnt/etc/vim/vimrc' if os | lower in ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts']
                  else '/mnt/etc/vimrc' }}"
            block: |
              set encoding=utf-8
              set number
              set autoindent
              set smartindent
              set mouse=a
            insertafter: EOF
            marker: ""

        - name: Add memory tuning parameters
          ansible.builtin.blockinfile:
            path: /mnt/etc/sysctl.d/90-memory.conf
            create: true
            block: |
              vm.swappiness=10
              vm.vfs_cache_pressure=50
              vm.dirty_background_ratio=1
              vm.dirty_ratio=10
              vm.page-cluster=10
            marker: ""
            mode: '0644'

        - name: Create zram config
          when: os not in ['debian11', 'rhel8']
          ansible.builtin.copy:
            dest: /mnt/etc/systemd/zram-generator.conf
            content: |
              [zram0]
              zram-size  = ram / 2
              compression-algorithm = zstd
              swap-priority = 100
              fs-type = swap
            mode: '0644'

        - name: Copy FirstRun Script
          when: os | lower != "archlinux"
          ansible.builtin.template:
            src: firstrun.sh.j2
            dest: /mnt/root/firstrun.sh
            mode: "0755"

        - name: Copy Custom Shell config
          ansible.builtin.template:
            src: custom.sh.j2
            dest: /mnt/etc/profile.d/custom.sh
            mode: '0644'

    - name: Setup Network
      block:
        - name: Generate UUID for Network Profile
          ansible.builtin.command: uuidgen
          changed_when: net_uuid.rc == 0
          register: net_uuid

        - name: Retrieve Network Interface Name
          ansible.builtin.shell: set -o pipefail && ip r | awk 'NR==1 {print $5}'
          changed_when: net_inf.rc == 0
          register: net_inf

        - name: Register MAC Address of the Network Interface
          ansible.builtin.shell: set -o pipefail && ip link show "{{ net_inf.stdout }}" | awk '/link\/ether/ {print $2}' | tr '[:lower:]' '[:upper:]'
          register: net_mac
          changed_when: net_mac.rc == 0

        - name: Copy NetworkManager keyfile
          ansible.builtin.template:
            src: network.j2
            dest: /mnt/etc/NetworkManager/system-connections/LAN.nmconnection
            mode: "0600"

        - name: Fix Ubuntu unmanaged devices
          when: os | lower in ["ubuntu", "ubuntu-lts"]
          ansible.builtin.file:
            path: /mnt/etc/NetworkManager/conf.d/10-globally-managed-devices.conf
            state: touch
            mode: '0644'

    - name: Setup user account
      block:
        - name: Create user account
          ansible.builtin.command: "{{ item }}"
          with_items:
            - arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups
              {{ "sudo" if os | lower in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "wheel" }}
              {{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash
            - arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash
          changed_when: result.rc == 0
          register: result

        - name: Add SSH public key to authorized_keys
          when: user_public_key is defined
          ansible.builtin.lineinfile:
            path: /mnt/home/{{ user_name }}/.ssh/authorized_keys
            line: "{{ user_public_key }}"
            owner: 1000
            group: 1000
            mode: "0600"
            create: true

    - name: Give sudo access to wheel group
      ansible.builtin.copy:
        content: "{{ '%sudo ALL=(ALL) ALL' if os | lower in ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts'] else '%wheel ALL=(ALL) ALL' }}"
        dest: /mnt/etc/sudoers.d/01-wheel
        mode: "0440"
        validate: /usr/sbin/visudo --check --file=%s

    - name: Fix SELinux
      block:
        - name: Relabel the filesystem
          when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rocky']
          ansible.builtin.command: "arch-chroot /mnt /sbin/fixfiles onboot"
          changed_when: result.rc == 0
          register: result

        - name: Disable SELinux
          when: os | lower == "fedora"
          ansible.builtin.lineinfile:
            path: /mnt/etc/selinux/config
            regexp: ^SELINUX=
            line: SELINUX=permissive
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`---`
Initial commit 2024-03-19 23:02:50 +01:00			`- name: Configuration`
			`block:`
			`- name: Generate fstab`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.shell: genfstab -LU /mnt > /mnt/etc/fstab`
Specify changed_when for shell commands 2024-10-28 19:20:05 +01:00			`changed_when: result.rc == 0`
			`register: result`

Add RHEL8 and RHEL9 support 2024-10-30 00:29:46 +01:00			`- name: Remove depricated attr2 and disable large extent`
			`when: os in ["almalinux", "rhel8", "rhel9", "rocky"] and filesystem == "xfs"`
			`ansible.builtin.replace:`
			`path: /mnt/etc/fstab`
			`regexp: '(xfs.*?)(attr2)'`
			`replace: '\1allocsize=64m'`

			`- name: Replace ISO UUID entry with /dev/sr0 in fstab`
			`when: os in ["rhel8", "rhel9"]`
			`ansible.builtin.lineinfile:`
			`path: /mnt/etc/fstab`
			`regexp: '^.\/dvd.$'`
Fix ISO mounting for VMware Hypervisor 2024-10-30 20:25:41 +01:00			`line: "{{ '/usr/local/install/redhat/rhel.iso /usr/local/install/redhat/dvd iso9660 loop,nofail 0 0' if hypervisor == 'vmware'`
			`else '/dev/sr0 /usr/local/install/redhat/dvd iso9660 ro,relatime,nojoliet,check=s,map=n,nofail 0 0' }}"`
Add RHEL8 and RHEL9 support 2024-10-30 00:29:46 +01:00			`state: present`
			`backrefs: true`

Fix ISO mounting for VMware Hypervisor 2024-10-30 20:25:41 +01:00			`- name: Write image from RHEL ISO to the target machine`
Fix variable hierarchy 2024-10-30 22:19:00 +01:00			`when: os in ["rhel8", "rhel9"] and hypervisor == 'vmware'`
			`ansible.builtin.command: dd if=/dev/sr1 of=/mnt/usr/local/install/redhat/rhel.iso bs=4M`
Fix ISO mounting for VMware Hypervisor 2024-10-30 20:25:41 +01:00			`changed_when: result.rc == 0`
			`register: result`

Initial commit 2024-03-19 23:02:50 +01:00			`- name: Append TempFS to fstab`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.lineinfile:`
Initial commit 2024-03-19 23:02:50 +01:00			`path: /mnt/etc/fstab`
			`line: "{{ item }}"`
			`insertafter: EOF`
			`with_items:`
			`- ""`
			`- "# TempFS"`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`- tmpfs /tmp tmpfs defaults,nosuid,nodev,noexec 0 0`
			`- tmpfs /var/tmp tmpfs defaults,nosuid,nodev,noexec 0 0`
			`- tmpfs /dev/shm tmpfs defaults,noexec 0 0`
Initial commit 2024-03-19 23:02:50 +01:00
			`- name: Set local timezone`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.command: "{{ item }}"`
Specify changed_when for shell commands 2024-10-28 19:20:05 +01:00			`changed_when: result.rc == 0`
			`register: result`
Initial commit 2024-03-19 23:02:50 +01:00			`with_items:`
			`- systemctl daemon-reload`
			`- arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime`

			`- name: Setup locales`
			`block:`
			`- name: Configure locale.gen`
add essential almalinux packages 2024-04-17 05:06:45 +02:00			`when: os \| lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.lineinfile:`
Initial commit 2024-03-19 23:02:50 +01:00			`dest: /mnt/etc/locale.gen`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`regexp: "{{ item.regex }}"`
			`line: "{{ item.line }}"`
Initial commit 2024-03-19 23:02:50 +01:00			`loop:`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`- { regex: en_US\.UTF-8 UTF-8, line: en_US.UTF-8 UTF-8 }`
Initial commit 2024-03-19 23:02:50 +01:00
Specify changed_when for shell commands 2024-10-28 19:20:05 +01:00			`- name: Generate locales`
add essential almalinux packages 2024-04-17 05:06:45 +02:00			`when: os \| lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.command: arch-chroot /mnt /usr/sbin/locale-gen`
Specify changed_when for shell commands 2024-10-28 19:20:05 +01:00			`changed_when: result.rc == 0`
			`register: result`

Initial commit 2024-03-19 23:02:50 +01:00			`- name: Set hostname`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.copy:`
Initial commit 2024-03-19 23:02:50 +01:00			`content: "{{ hostname }}"`
			`dest: /mnt/etc/hostname`
Fix risky-file-permissions because of unpecified mode 2024-10-28 18:37:44 +01:00			`mode: '0644'`
Initial commit 2024-03-19 23:02:50 +01:00
			`- name: Add host entry to /etc/hosts`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.lineinfile:`
Initial commit 2024-03-19 23:02:50 +01:00			`path: /mnt/etc/hosts`
			`line: "{{ ansible_host }} {{ hostname }}"`
			`state: present`

			`- name: Create vconsole.conf`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.copy:`
Fix risky-file-permissions because of unpecified mode 2024-10-28 18:37:44 +01:00			`content: KEYMAP=us`
Initial commit 2024-03-19 23:02:50 +01:00			`dest: /mnt/etc/vconsole.conf`
Fix risky-file-permissions because of unpecified mode 2024-10-28 18:37:44 +01:00			`mode: '0644'`
Initial commit 2024-03-19 23:02:50 +01:00
			`- name: Create locale.conf`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.copy:`
			`content: LANG=en_US.UTF-8`
Initial commit 2024-03-19 23:02:50 +01:00			`dest: /mnt/etc/locale.conf`
Fix risky-file-permissions because of unpecified mode 2024-10-28 18:37:44 +01:00			`mode: '0644'`
Initial commit 2024-03-19 23:02:50 +01:00
			`- name: SSH permit Password`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.replace:`
Initial commit 2024-03-19 23:02:50 +01:00			`path: /mnt/etc/ssh/sshd_config`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`regexp: "#PasswordAuthentication yes"`
			`replace: PasswordAuthentication yes`
Initial commit 2024-03-19 23:02:50 +01:00
Enable root ssh login 2024-10-30 18:54:15 +01:00			`- name: SSH permit root login`
			`ansible.builtin.replace:`
			`path: /mnt/etc/ssh/sshd_config`
			`regexp: "^#?PermitRootLogin.*"`
			`replace: "PermitRootLogin yes"`

Initial commit 2024-03-19 23:02:50 +01:00			`- name: Enable Systemd Services`
Add RHEL8 and RHEL9 support 2024-10-30 00:29:46 +01:00			`ansible.builtin.command: >`
			`arch-chroot /mnt systemctl enable NetworkManager`
			`{{`
			`' ssh' if os \| lower in ['ubuntu', 'ubuntu-lts'] else`
			`(' sshd' if os \| lower not in ['debian11', 'debian12'] else '')`
			`}}`
			`{{`
			`'logrotate systemd-resolved systemd-timesyncd systemd-networkd'`
			`if os \| lower == 'archlinux' else ''`
			`}}`
			`changed_when: result.rc == 0`
			`register: result`
Specify changed_when for shell commands 2024-10-28 19:20:05 +01:00
Initial commit 2024-03-19 23:02:50 +01:00			`- name: Configure grub`
Add RockyLinux support 2024-04-16 01:14:05 +02:00			`when: os \| lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']`
Initial commit 2024-03-19 23:02:50 +01:00			`block:`
			`- name: Add commandline information to grub config`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.lineinfile:`
Initial commit 2024-03-19 23:02:50 +01:00			`dest: /mnt/etc/default/grub`
			`regexp: ^GRUB_CMDLINE_LINUX_DEFAULT=`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3"`
Initial commit 2024-03-19 23:02:50 +01:00
			`- name: Change Grub time`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.lineinfile:`
Initial commit 2024-03-19 23:02:50 +01:00			`dest: /mnt/etc/default/grub`
			`regexp: ^GRUB_TIMEOUT=`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`line: GRUB_TIMEOUT=1`
Initial commit 2024-03-19 23:02:50 +01:00
			`- name: Configure Bootloader`
			`block:`
			`- name: Install Bootloader`
Fix line-length 2024-10-28 18:26:54 +01:00			`ansible.builtin.command: arch-chroot /mnt`
			`{% if os \| lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %} /usr/sbin/efibootmgr`
Add RHEL8 and RHEL9 support 2024-10-30 00:29:46 +01:00			`-c -L '{{ os }}' -d "{{ install_drive }}" -p 1`
			`-l '\efi\EFI\{% if os \| lower in ["rhel8", "rhel9"] %}redhat{% else %}{{ os \| lower }}{% endif %}\shimx64.efi'`
Fix line-length 2024-10-28 18:26:54 +01:00			`{% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory={{ "/boot/efi" if os \| lower in ["ubuntu", "ubuntu-lts"] else "/boot" }}`
			`--bootloader-id={{ "ubuntu" if os \| lower in ["ubuntu", "ubuntu-lts"] else os }}`
			`{% endif %}`
Specify changed_when for shell commands 2024-10-28 19:20:05 +01:00			`changed_when: result.rc == 0`
			`register: result`

Initial commit 2024-03-19 23:02:50 +01:00			`- name: Generate grub config`
Fix line-length 2024-10-28 18:26:54 +01:00			`ansible.builtin.command: arch-chroot /mnt`
Add RHEL8 and RHEL9 support 2024-10-30 00:29:46 +01:00			`{% if os \| lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %}`
			`/usr/sbin/grub2-mkconfig -o /boot/efi/EFI/{% if os \| lower in ["rhel8", "rhel9"] %}redhat{% else %}{{ os \| lower }}{% endif %}/grub.cfg`
			`{% else %}`
			`/usr/sbin/grub-mkconfig -o {{ "/boot/efi/EFI/ubuntu/grub.cfg" if os \| lower in ["ubuntu", "ubuntu-lts"] else "/boot/grub/grub.cfg" }}`
Fix line-length 2024-10-28 18:26:54 +01:00			`{% endif %}`
Specify changed_when for shell commands 2024-10-28 19:20:05 +01:00			`changed_when: result.rc == 0`
			`register: result`

Add SWAP support 2024-10-31 05:46:33 +01:00			`- name: Ensure lvm2 for non btrfs filesystems`
			`when: os \| lower == "archlinux" and filesystem != "btrfs"`
			`ansible.builtin.lineinfile:`
			`path: /mnt/etc/mkinitcpio.conf`
			`regexp: '^(HOOKS=.block)(?!.lvm2)(.*)'`
			`line: '\1 lvm2\2'`
			`backrefs: true`

Add RockyLinux support 2024-04-16 01:14:05 +02:00			`- name: Regenerate initramfs`
add ubuntu support 2024-04-17 10:53:09 +02:00			`when: os \| lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"]`
Fix line-length 2024-10-28 18:26:54 +01:00			`ansible.builtin.command: arch-chroot /mnt`
			`{% if os \| lower == "archlinux" %} /usr/sbin/mkinitcpio -P`
			`{% elif os \| lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts", "archlinux"] %} /usr/bin/dracut --regenerate-all --force`
			`{% else %} echo "Skipping initramfs regeneration"`
			`{% endif %}`
Specify changed_when for shell commands 2024-10-28 19:20:05 +01:00			`changed_when: result.rc == 0`
			`register: result`

Initial commit 2024-03-19 23:02:50 +01:00			`- name: Extra Configuration`
			`block:`
Add swap optimalisations 2024-10-31 02:05:11 +01:00			`- name: Append vim configurations to vimrc`
Replace ignore_errors with failed_when 2024-10-28 18:56:00 +01:00			`failed_when: false`
Add swap optimalisations 2024-10-31 02:05:11 +01:00			`ansible.builtin.blockinfile:`
			`path: "{{ '/mnt/etc/vim/vimrc' if os \| lower in ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts']`
			`else '/mnt/etc/vimrc' }}"`
			`block: \|`
			`set encoding=utf-8`
			`set number`
			`set autoindent`
			`set smartindent`
			`set mouse=a`
Initial commit 2024-03-19 23:02:50 +01:00			`insertafter: EOF`
Add swap optimalisations 2024-10-31 02:05:11 +01:00			`marker: ""`

			`- name: Add memory tuning parameters`
			`ansible.builtin.blockinfile:`
			`path: /mnt/etc/sysctl.d/90-memory.conf`
			`create: true`
			`block: \|`
			`vm.swappiness=10`
			`vm.vfs_cache_pressure=50`
			`vm.dirty_background_ratio=1`
			`vm.dirty_ratio=10`
			`vm.page-cluster=10`
			`marker: ""`
			`mode: '0644'`
Initial commit 2024-03-19 23:02:50 +01:00
Add zram-generator config 2024-10-31 02:18:55 +01:00			`- name: Create zram config`
remove zram from debian11 since no support 2024-10-31 16:00:44 +01:00			`when: os not in ['debian11', 'rhel8']`
Add zram-generator config 2024-10-31 02:18:55 +01:00			`ansible.builtin.copy:`
			`dest: /mnt/etc/systemd/zram-generator.conf`
			`content: \|`
			`[zram0]`
			`zram-size = ram / 2`
			`compression-algorithm = zstd`
			`swap-priority = 100`
			`fs-type = swap`
			`mode: '0644'`

Initial commit 2024-03-19 23:02:50 +01:00			`- name: Copy FirstRun Script`
fix cis support for all distros 2024-04-17 14:09:32 +02:00			`when: os \| lower != "archlinux"`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.template:`
Initial commit 2024-03-19 23:02:50 +01:00			`src: firstrun.sh.j2`
			`dest: /mnt/root/firstrun.sh`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`mode: "0755"`
Initial commit 2024-03-19 23:02:50 +01:00
			`- name: Copy Custom Shell config`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.template:`
Initial commit 2024-03-19 23:02:50 +01:00			`src: custom.sh.j2`
			`dest: /mnt/etc/profile.d/custom.sh`
Fix risky-file-permissions because of unpecified mode 2024-10-28 18:37:44 +01:00			`mode: '0644'`
Initial commit 2024-03-19 23:02:50 +01:00
			`- name: Setup Network`
			`block:`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`- name: Generate UUID for Network Profile`
			`ansible.builtin.command: uuidgen`
Specify changed_when for shell commands 2024-10-28 19:20:05 +01:00			`changed_when: net_uuid.rc == 0`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`register: net_uuid`

			`- name: Retrieve Network Interface Name`
fix risky-shell-pipe 2024-10-28 18:47:31 +01:00			`ansible.builtin.shell: set -o pipefail && ip r \| awk 'NR==1 {print $5}'`
Specify changed_when for shell commands 2024-10-28 19:20:05 +01:00			`changed_when: net_inf.rc == 0`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`register: net_inf`

Include MAC-Address into the NetworkManager keyfile 2024-10-31 00:13:23 +01:00			`- name: Register MAC Address of the Network Interface`
Fix riski shell pipe 2024-10-31 00:43:49 +01:00			`ansible.builtin.shell: set -o pipefail && ip link show "{{ net_inf.stdout }}" \| awk '/link\/ether/ {print $2}' \| tr '[:lower:]' '[:upper:]'`
Include MAC-Address into the NetworkManager keyfile 2024-10-31 00:13:23 +01:00			`register: net_mac`
			`changed_when: net_mac.rc == 0`

ansible-lint fixes 2024-07-11 22:20:45 +02:00			`- name: Copy NetworkManager keyfile`
			`ansible.builtin.template:`
			`src: network.j2`
			`dest: /mnt/etc/NetworkManager/system-connections/LAN.nmconnection`
			`mode: "0600"`
Initial commit 2024-03-19 23:02:50 +01:00
Update Ubuntu to Oracular Oriole and Ubuntu-LTS to Noble Numbat 2024-10-29 15:08:43 +01:00			`- name: Fix Ubuntu unmanaged devices`
			`when: os \| lower in ["ubuntu", "ubuntu-lts"]`
			`ansible.builtin.file:`
			`path: /mnt/etc/NetworkManager/conf.d/10-globally-managed-devices.conf`
			`state: touch`
			`mode: '0644'`

Initial commit 2024-03-19 23:02:50 +01:00			`- name: Setup user account`
			`block:`
			`- name: Create user account`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.command: "{{ item }}"`
Initial commit 2024-03-19 23:02:50 +01:00			`with_items:`
Fix line-length 2024-10-28 18:26:54 +01:00			`- arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups`
			`{{ "sudo" if os \| lower in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "wheel" }}`
			`{{ user_name }} --password {{ user_password \| password_hash('sha512') }} --shell /bin/bash`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`- arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password \| password_hash('sha512') }}' root --shell /bin/bash`
Specify changed_when for shell commands 2024-10-28 19:20:05 +01:00			`changed_when: result.rc == 0`
			`register: result`
Initial commit 2024-03-19 23:02:50 +01:00
			`- name: Add SSH public key to authorized_keys`
			`when: user_public_key is defined`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.lineinfile:`
			`path: /mnt/home/{{ user_name }}/.ssh/authorized_keys`
Initial commit 2024-03-19 23:02:50 +01:00			`line: "{{ user_public_key }}"`
			`owner: 1000`
			`group: 1000`
			`mode: "0600"`
use correct boolean values 2024-07-11 22:09:58 +02:00			`create: true`
Initial commit 2024-03-19 23:02:50 +01:00
			`- name: Give sudo access to wheel group`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`ansible.builtin.copy:`
fix jinja formating 2024-07-11 22:03:15 +02:00			`content: "{{ '%sudo ALL=(ALL) ALL' if os \| lower in ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts'] else '%wheel ALL=(ALL) ALL' }}"`
Initial commit 2024-03-19 23:02:50 +01:00			`dest: /mnt/etc/sudoers.d/01-wheel`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`mode: "0440"`
Initial commit 2024-03-19 23:02:50 +01:00			`validate: /usr/sbin/visudo --check --file=%s`

			`- name: Fix SELinux`
fix fedora boot issue 2024-04-17 06:02:32 +02:00			`block:`
ansible-lint fixes 2024-07-11 22:20:45 +02:00			`- name: Relabel the filesystem`
			`when: os \| lower in ['almalinux', 'rhel8', 'rhel9', 'rocky']`
Add RHEL8 and RHEL9 support 2024-10-30 00:29:46 +01:00			`ansible.builtin.command: "arch-chroot /mnt /sbin/fixfiles onboot"`
Specify changed_when for shell commands 2024-10-28 19:20:05 +01:00			`changed_when: result.rc == 0`
			`register: result`

ansible-lint fixes 2024-07-11 22:20:45 +02:00			`- name: Disable SELinux`
			`when: os \| lower == "fedora"`
			`ansible.builtin.lineinfile:`
			`path: /mnt/etc/selinux/config`
			`regexp: ^SELINUX=`
			`line: SELINUX=permissive`