2024-07-11 22:20:45 +02:00
|
|
|
---
|
2024-03-19 23:02:50 +01:00
|
|
|
- name: Configuration
|
|
|
|
block:
|
|
|
|
- name: Generate fstab
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.shell: genfstab -LU /mnt > /mnt/etc/fstab
|
2024-03-19 23:02:50 +01:00
|
|
|
- name: Append TempFS to fstab
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.lineinfile:
|
2024-03-19 23:02:50 +01:00
|
|
|
path: /mnt/etc/fstab
|
|
|
|
line: "{{ item }}"
|
|
|
|
insertafter: EOF
|
|
|
|
with_items:
|
|
|
|
- ""
|
|
|
|
- "# TempFS"
|
2024-07-11 22:20:45 +02:00
|
|
|
- tmpfs /tmp tmpfs defaults,nosuid,nodev,noexec 0 0
|
|
|
|
- tmpfs /var/tmp tmpfs defaults,nosuid,nodev,noexec 0 0
|
|
|
|
- tmpfs /dev/shm tmpfs defaults,noexec 0 0
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Set local timezone
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.command: "{{ item }}"
|
2024-03-19 23:02:50 +01:00
|
|
|
with_items:
|
|
|
|
- systemctl daemon-reload
|
|
|
|
- arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime
|
|
|
|
|
|
|
|
- name: Setup locales
|
|
|
|
block:
|
|
|
|
- name: Configure locale.gen
|
2024-04-17 05:06:45 +02:00
|
|
|
when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.lineinfile:
|
2024-03-19 23:02:50 +01:00
|
|
|
dest: /mnt/etc/locale.gen
|
2024-07-11 22:20:45 +02:00
|
|
|
regexp: "{{ item.regex }}"
|
|
|
|
line: "{{ item.line }}"
|
2024-03-19 23:02:50 +01:00
|
|
|
loop:
|
2024-07-11 22:20:45 +02:00
|
|
|
- { regex: en_US\.UTF-8 UTF-8, line: en_US.UTF-8 UTF-8 }
|
2024-03-19 23:02:50 +01:00
|
|
|
|
2024-04-16 01:14:05 +02:00
|
|
|
- name: Generate locales\
|
2024-04-17 05:06:45 +02:00
|
|
|
when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.command: arch-chroot /mnt /usr/sbin/locale-gen
|
2024-03-19 23:02:50 +01:00
|
|
|
- name: Set hostname
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.copy:
|
2024-03-19 23:02:50 +01:00
|
|
|
content: "{{ hostname }}"
|
|
|
|
dest: /mnt/etc/hostname
|
2024-10-28 18:37:44 +01:00
|
|
|
mode: '0644'
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Add host entry to /etc/hosts
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.lineinfile:
|
2024-03-19 23:02:50 +01:00
|
|
|
path: /mnt/etc/hosts
|
|
|
|
line: "{{ ansible_host }} {{ hostname }}"
|
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: Create vconsole.conf
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.copy:
|
2024-10-28 18:37:44 +01:00
|
|
|
content: KEYMAP=us
|
2024-03-19 23:02:50 +01:00
|
|
|
dest: /mnt/etc/vconsole.conf
|
2024-10-28 18:37:44 +01:00
|
|
|
mode: '0644'
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Create locale.conf
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.copy:
|
|
|
|
content: LANG=en_US.UTF-8
|
2024-03-19 23:02:50 +01:00
|
|
|
dest: /mnt/etc/locale.conf
|
2024-10-28 18:37:44 +01:00
|
|
|
mode: '0644'
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: SSH permit Password
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.replace:
|
2024-03-19 23:02:50 +01:00
|
|
|
path: /mnt/etc/ssh/sshd_config
|
2024-07-11 22:20:45 +02:00
|
|
|
regexp: "#PasswordAuthentication yes"
|
|
|
|
replace: PasswordAuthentication yes
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Enable Systemd Services
|
|
|
|
block:
|
2024-07-11 22:20:45 +02:00
|
|
|
- name: Enable sshd
|
|
|
|
when: os | lower == "archlinux"
|
|
|
|
ansible.builtin.command: arch-chroot /mnt systemctl enable sshd logrotate systemd-resolved systemd-timesyncd NetworkManager
|
2024-03-19 23:02:50 +01:00
|
|
|
- name: Configure grub
|
2024-04-16 01:14:05 +02:00
|
|
|
when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
|
2024-03-19 23:02:50 +01:00
|
|
|
block:
|
|
|
|
- name: Add commandline information to grub config
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.lineinfile:
|
2024-03-19 23:02:50 +01:00
|
|
|
dest: /mnt/etc/default/grub
|
|
|
|
regexp: ^GRUB_CMDLINE_LINUX_DEFAULT=
|
2024-07-11 22:20:45 +02:00
|
|
|
line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3"
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Change Grub time
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.lineinfile:
|
2024-03-19 23:02:50 +01:00
|
|
|
dest: /mnt/etc/default/grub
|
|
|
|
regexp: ^GRUB_TIMEOUT=
|
2024-07-11 22:20:45 +02:00
|
|
|
line: GRUB_TIMEOUT=1
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Configure Bootloader
|
|
|
|
block:
|
|
|
|
- name: Install Bootloader
|
2024-10-28 18:26:54 +01:00
|
|
|
ansible.builtin.command: arch-chroot /mnt
|
|
|
|
{% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %} /usr/sbin/efibootmgr
|
|
|
|
-c -L '{{ os }}' -d "{{ install_drive }}" -p 1 -l '\efi\EFI\{{ os }}\shimx64.efi'
|
|
|
|
{% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory={{ "/boot/efi" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot" }}
|
|
|
|
--bootloader-id={{ "ubuntu" if os | lower in ["ubuntu", "ubuntu-lts"] else os }}
|
|
|
|
{% endif %}
|
2024-03-19 23:02:50 +01:00
|
|
|
- name: Generate grub config
|
2024-10-28 18:26:54 +01:00
|
|
|
ansible.builtin.command: arch-chroot /mnt
|
|
|
|
{% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %} /usr/sbin/grub2-mkconfig
|
|
|
|
-o /boot/efi/EFI/{{ os }}/grub.cfg
|
|
|
|
{% else %}/usr/sbin/grub-mkconfig -o
|
|
|
|
{{ "/boot/efi/EFI/ubuntu/grub.cfg" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot/grub/grub.cfg" }}
|
|
|
|
{% endif %}
|
2024-04-16 01:14:05 +02:00
|
|
|
- name: Regenerate initramfs
|
2024-04-17 10:53:09 +02:00
|
|
|
when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"]
|
2024-10-28 18:26:54 +01:00
|
|
|
ansible.builtin.command: arch-chroot /mnt
|
|
|
|
{% if os | lower == "archlinux" %} /usr/sbin/mkinitcpio -P
|
|
|
|
{% elif os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts", "archlinux"] %} /usr/bin/dracut --regenerate-all --force
|
|
|
|
{% else %} echo "Skipping initramfs regeneration"
|
|
|
|
{% endif %}
|
2024-03-19 23:02:50 +01:00
|
|
|
- name: Extra Configuration
|
|
|
|
block:
|
|
|
|
- name: Append lines to vimrc
|
2024-04-16 01:14:05 +02:00
|
|
|
ignore_errors: true
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.lineinfile:
|
2024-07-11 22:03:15 +02:00
|
|
|
path: "{{ '/mnt/etc/vim/vimrc' if os | lower in ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts'] else '/mnt/etc/vimrc' }}"
|
2024-03-19 23:02:50 +01:00
|
|
|
line: "{{ item }}"
|
|
|
|
insertafter: EOF
|
|
|
|
with_items:
|
2024-07-11 22:20:45 +02:00
|
|
|
- set encoding=utf-8
|
|
|
|
- set number
|
|
|
|
- set autoindent
|
|
|
|
- set smartindent
|
|
|
|
- set mouse=a
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Copy FirstRun Script
|
2024-04-17 14:09:32 +02:00
|
|
|
when: os | lower != "archlinux"
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.template:
|
2024-03-19 23:02:50 +01:00
|
|
|
src: firstrun.sh.j2
|
|
|
|
dest: /mnt/root/firstrun.sh
|
2024-07-11 22:20:45 +02:00
|
|
|
mode: "0755"
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Copy Custom Shell config
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.template:
|
2024-03-19 23:02:50 +01:00
|
|
|
src: custom.sh.j2
|
|
|
|
dest: /mnt/etc/profile.d/custom.sh
|
2024-10-28 18:37:44 +01:00
|
|
|
mode: '0644'
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Setup Network
|
|
|
|
block:
|
2024-07-11 22:20:45 +02:00
|
|
|
- name: Generate UUID for Network Profile
|
|
|
|
ansible.builtin.command: uuidgen
|
|
|
|
register: net_uuid
|
|
|
|
|
|
|
|
- name: Retrieve Network Interface Name
|
|
|
|
ansible.builtin.shell: ip r | awk 'NR==1 {print $5}'
|
|
|
|
register: net_inf
|
|
|
|
|
|
|
|
- name: Copy NetworkManager keyfile
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: network.j2
|
|
|
|
dest: /mnt/etc/NetworkManager/system-connections/LAN.nmconnection
|
|
|
|
mode: "0600"
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Setup user account
|
|
|
|
block:
|
|
|
|
- name: Create user account
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.command: "{{ item }}"
|
2024-03-19 23:02:50 +01:00
|
|
|
with_items:
|
2024-10-28 18:26:54 +01:00
|
|
|
- arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups
|
|
|
|
{{ "sudo" if os | lower in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "wheel" }}
|
|
|
|
{{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash
|
2024-07-11 22:20:45 +02:00
|
|
|
- arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Add SSH public key to authorized_keys
|
|
|
|
when: user_public_key is defined
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
path: /mnt/home/{{ user_name }}/.ssh/authorized_keys
|
2024-03-19 23:02:50 +01:00
|
|
|
line: "{{ user_public_key }}"
|
|
|
|
owner: 1000
|
|
|
|
group: 1000
|
|
|
|
mode: "0600"
|
2024-07-11 22:09:58 +02:00
|
|
|
create: true
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Give sudo access to wheel group
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.copy:
|
2024-07-11 22:03:15 +02:00
|
|
|
content: "{{ '%sudo ALL=(ALL) ALL' if os | lower in ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts'] else '%wheel ALL=(ALL) ALL' }}"
|
2024-03-19 23:02:50 +01:00
|
|
|
dest: /mnt/etc/sudoers.d/01-wheel
|
2024-07-11 22:20:45 +02:00
|
|
|
mode: "0440"
|
2024-03-19 23:02:50 +01:00
|
|
|
validate: /usr/sbin/visudo --check --file=%s
|
|
|
|
|
|
|
|
- name: Fix SELinux
|
2024-04-17 06:02:32 +02:00
|
|
|
block:
|
2024-07-11 22:20:45 +02:00
|
|
|
- name: Relabel the filesystem
|
|
|
|
when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rocky']
|
|
|
|
ansible.builtin.command: touch /mnt/.autorelabel
|
|
|
|
- name: Disable SELinux
|
|
|
|
when: os | lower == "fedora"
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
path: /mnt/etc/selinux/config
|
|
|
|
regexp: ^SELINUX=
|
|
|
|
line: SELINUX=permissive
|