2024-07-11 22:20:45 +02:00
---
2024-03-19 23:02:50 +01:00
- name : Configuration
block :
- name : Generate fstab
2024-07-11 22:20:45 +02:00
ansible.builtin.shell : genfstab -LU /mnt > /mnt/etc/fstab
2024-03-19 23:02:50 +01:00
- name : Append TempFS to fstab
2024-07-11 22:20:45 +02:00
ansible.builtin.lineinfile :
2024-03-19 23:02:50 +01:00
path : /mnt/etc/fstab
line : "{{ item }}"
insertafter : EOF
with_items :
- ""
- "# TempFS"
2024-07-11 22:20:45 +02:00
- tmpfs /tmp tmpfs defaults,nosuid,nodev,noexec 0 0
- tmpfs /var/tmp tmpfs defaults,nosuid,nodev,noexec 0 0
- tmpfs /dev/shm tmpfs defaults,noexec 0 0
2024-03-19 23:02:50 +01:00
- name : Set local timezone
2024-07-11 22:20:45 +02:00
ansible.builtin.command : "{{ item }}"
2024-03-19 23:02:50 +01:00
with_items :
- systemctl daemon-reload
- arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime
- name : Setup locales
block :
- name : Configure locale.gen
2024-04-17 05:06:45 +02:00
when : os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
2024-07-11 22:20:45 +02:00
ansible.builtin.lineinfile :
2024-03-19 23:02:50 +01:00
dest : /mnt/etc/locale.gen
2024-07-11 22:20:45 +02:00
regexp : "{{ item.regex }}"
line : "{{ item.line }}"
2024-03-19 23:02:50 +01:00
loop :
2024-07-11 22:20:45 +02:00
- { regex: en_US\.UTF-8 UTF-8, line : en_US.UTF-8 UTF-8 }
2024-03-19 23:02:50 +01:00
2024-04-16 01:14:05 +02:00
- name : Generate locales\
2024-04-17 05:06:45 +02:00
when : os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
2024-07-11 22:20:45 +02:00
ansible.builtin.command : arch-chroot /mnt /usr/sbin/locale-gen
2024-03-19 23:02:50 +01:00
- name : Set hostname
2024-07-11 22:20:45 +02:00
ansible.builtin.copy :
2024-03-19 23:02:50 +01:00
content : "{{ hostname }}"
dest : /mnt/etc/hostname
- name : Add host entry to /etc/hosts
2024-07-11 22:20:45 +02:00
ansible.builtin.lineinfile :
2024-03-19 23:02:50 +01:00
path : /mnt/etc/hosts
line : "{{ ansible_host }} {{ hostname }}"
state : present
- name : Create vconsole.conf
2024-07-11 22:20:45 +02:00
ansible.builtin.copy :
content : KEYMAP=us-intl
2024-03-19 23:02:50 +01:00
dest : /mnt/etc/vconsole.conf
- name : Create locale.conf
2024-07-11 22:20:45 +02:00
ansible.builtin.copy :
content : LANG=en_US.UTF-8
2024-03-19 23:02:50 +01:00
dest : /mnt/etc/locale.conf
- name : SSH permit Password
2024-07-11 22:20:45 +02:00
ansible.builtin.replace :
2024-03-19 23:02:50 +01:00
path : /mnt/etc/ssh/sshd_config
2024-07-11 22:20:45 +02:00
regexp : "#PasswordAuthentication yes"
replace : PasswordAuthentication yes
2024-03-19 23:02:50 +01:00
- name : Enable Systemd Services
block :
2024-07-11 22:20:45 +02:00
- name : Enable sshd
when : os | lower == "archlinux"
ansible.builtin.command : arch-chroot /mnt systemctl enable sshd logrotate systemd-resolved systemd-timesyncd NetworkManager
2024-03-19 23:02:50 +01:00
- name : Configure grub
2024-04-16 01:14:05 +02:00
when : os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
2024-03-19 23:02:50 +01:00
block :
- name : Add commandline information to grub config
2024-07-11 22:20:45 +02:00
ansible.builtin.lineinfile :
2024-03-19 23:02:50 +01:00
dest : /mnt/etc/default/grub
regexp : ^GRUB_CMDLINE_LINUX_DEFAULT=
2024-07-11 22:20:45 +02:00
line : GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3"
2024-03-19 23:02:50 +01:00
- name : Change Grub time
2024-07-11 22:20:45 +02:00
ansible.builtin.lineinfile :
2024-03-19 23:02:50 +01:00
dest : /mnt/etc/default/grub
regexp : ^GRUB_TIMEOUT=
2024-07-11 22:20:45 +02:00
line : GRUB_TIMEOUT=1
2024-03-19 23:02:50 +01:00
- name : Configure Bootloader
block :
- name : Install Bootloader
2024-07-11 22:20:45 +02:00
ansible.builtin.command : arch-chroot /mnt {% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %}/usr/sbin/efibootmgr -c
-L '{{ os }}' -d "{{ install_drive }}" -p 1 -l '\efi\EFI\{{ os }}\shimx64.efi'{% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory={{
"/boot/efi" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot" }} --bootloader-id={{ "ubuntu" if os | lower in ["ubuntu", "ubuntu-lts"] else os }}{%
endif %}
2024-03-19 23:02:50 +01:00
- name : Generate grub config
2024-07-11 22:20:45 +02:00
ansible.builtin.command : arch-chroot /mnt {% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %}/usr/sbin/grub2-mkconfig
-o /boot/efi/EFI/{{ os }}/grub.cfg{% else %}/usr/sbin/grub-mkconfig -o {{ "/boot/efi/EFI/ubuntu/grub.cfg" if os | lower in ["ubuntu", "ubuntu-lts"] else
"/boot/grub/grub.cfg" }}{% endif %}
2024-04-16 01:14:05 +02:00
- name : Regenerate initramfs
2024-04-17 10:53:09 +02:00
when : os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"]
2024-07-11 22:20:45 +02:00
ansible.builtin.command : arch-chroot /mnt {% if os | lower == "archlinux" %}/usr/sbin/mkinitcpio -P{% elif os | lower not in ["debian11", "debian12", "ubuntu",
"ubuntu-lts" , "archlinux" ] %}/usr/bin/dracut --regenerate-all --force{% else %}echo "Skipping initramfs regeneration"{% endif %}
2024-03-19 23:02:50 +01:00
- name : Extra Configuration
block :
- name : Append lines to vimrc
2024-04-16 01:14:05 +02:00
ignore_errors : true
2024-07-11 22:20:45 +02:00
ansible.builtin.lineinfile :
2024-07-11 22:03:15 +02:00
path : "{{ '/mnt/etc/vim/vimrc' if os | lower in ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts'] else '/mnt/etc/vimrc' }}"
2024-03-19 23:02:50 +01:00
line : "{{ item }}"
insertafter : EOF
with_items :
2024-07-11 22:20:45 +02:00
- set encoding=utf-8
- set number
- set autoindent
- set smartindent
- set mouse=a
2024-03-19 23:02:50 +01:00
- name : Copy FirstRun Script
2024-04-17 14:09:32 +02:00
when : os | lower != "archlinux"
2024-07-11 22:20:45 +02:00
ansible.builtin.template :
2024-03-19 23:02:50 +01:00
src : firstrun.sh.j2
dest : /mnt/root/firstrun.sh
2024-07-11 22:20:45 +02:00
mode : "0755"
2024-03-19 23:02:50 +01:00
- name : Copy Custom Shell config
2024-07-11 22:20:45 +02:00
ansible.builtin.template :
2024-03-19 23:02:50 +01:00
src : custom.sh.j2
dest : /mnt/etc/profile.d/custom.sh
- name : Setup Network
block :
2024-07-11 22:20:45 +02:00
- name : Generate UUID for Network Profile
ansible.builtin.command : uuidgen
register : net_uuid
- name : Retrieve Network Interface Name
ansible.builtin.shell : ip r | awk 'NR==1 {print $5}'
register : net_inf
- name : Copy NetworkManager keyfile
ansible.builtin.template :
src : network.j2
dest : /mnt/etc/NetworkManager/system-connections/LAN.nmconnection
mode : "0600"
2024-03-19 23:02:50 +01:00
- name : Setup user account
block :
- name : Create user account
2024-07-11 22:20:45 +02:00
ansible.builtin.command : "{{ item }}"
2024-03-19 23:02:50 +01:00
with_items :
2024-07-11 22:20:45 +02:00
- arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups {{ "sudo" if os | lower in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else
"wheel" }} {{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash
- arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash
2024-03-19 23:02:50 +01:00
- name : Add SSH public key to authorized_keys
when : user_public_key is defined
2024-07-11 22:20:45 +02:00
ansible.builtin.lineinfile :
path : /mnt/home/{{ user_name }}/.ssh/authorized_keys
2024-03-19 23:02:50 +01:00
line : "{{ user_public_key }}"
owner : 1000
group : 1000
mode : "0600"
2024-07-11 22:09:58 +02:00
create : true
2024-03-19 23:02:50 +01:00
- name : Give sudo access to wheel group
2024-07-11 22:20:45 +02:00
ansible.builtin.copy :
2024-07-11 22:03:15 +02:00
content : "{{ '%sudo ALL=(ALL) ALL' if os | lower in ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts'] else '%wheel ALL=(ALL) ALL' }}"
2024-03-19 23:02:50 +01:00
dest : /mnt/etc/sudoers.d/01-wheel
2024-07-11 22:20:45 +02:00
mode : "0440"
2024-03-19 23:02:50 +01:00
validate : /usr/sbin/visudo --check --file=%s
- name : Fix SELinux
2024-04-17 06:02:32 +02:00
block :
2024-07-11 22:20:45 +02:00
- name : Relabel the filesystem
when : os | lower in ['almalinux', 'rhel8', 'rhel9', 'rocky']
ansible.builtin.command : touch /mnt/.autorelabel
- name : Disable SELinux
when : os | lower == "fedora"
ansible.builtin.lineinfile :
path : /mnt/etc/selinux/config
regexp : ^SELINUX=
line : SELINUX=permissive