2024-07-11 22:20:45 +02:00
|
|
|
---
|
2024-03-19 23:02:50 +01:00
|
|
|
- name: Configuration
|
|
|
|
block:
|
|
|
|
- name: Generate fstab
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.shell: genfstab -LU /mnt > /mnt/etc/fstab
|
2024-10-28 19:20:05 +01:00
|
|
|
changed_when: result.rc == 0
|
|
|
|
register: result
|
|
|
|
|
2024-10-30 00:29:46 +01:00
|
|
|
- name: Replace ISO UUID entry with /dev/sr0 in fstab
|
|
|
|
when: os in ["rhel8", "rhel9"]
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
path: /mnt/etc/fstab
|
|
|
|
regexp: '^.*\/dvd.*$'
|
2024-10-30 20:25:41 +01:00
|
|
|
line: "{{ '/usr/local/install/redhat/rhel.iso /usr/local/install/redhat/dvd iso9660 loop,nofail 0 0' if hypervisor == 'vmware'
|
|
|
|
else '/dev/sr0 /usr/local/install/redhat/dvd iso9660 ro,relatime,nojoliet,check=s,map=n,nofail 0 0' }}"
|
2024-10-30 00:29:46 +01:00
|
|
|
state: present
|
|
|
|
backrefs: true
|
|
|
|
|
2024-10-30 20:25:41 +01:00
|
|
|
- name: Write image from RHEL ISO to the target machine
|
2024-10-30 22:19:00 +01:00
|
|
|
ansible.builtin.command: dd if=/dev/sr1 of=/mnt/usr/local/install/redhat/rhel.iso bs=4M
|
2024-10-30 20:25:41 +01:00
|
|
|
changed_when: result.rc == 0
|
|
|
|
register: result
|
|
|
|
|
2024-03-19 23:02:50 +01:00
|
|
|
- name: Append TempFS to fstab
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.lineinfile:
|
2024-03-19 23:02:50 +01:00
|
|
|
path: /mnt/etc/fstab
|
|
|
|
line: "{{ item }}"
|
|
|
|
insertafter: EOF
|
|
|
|
with_items:
|
|
|
|
- ""
|
|
|
|
- "# TempFS"
|
2024-07-11 22:20:45 +02:00
|
|
|
- tmpfs /tmp tmpfs defaults,nosuid,nodev,noexec 0 0
|
|
|
|
- tmpfs /var/tmp tmpfs defaults,nosuid,nodev,noexec 0 0
|
|
|
|
- tmpfs /dev/shm tmpfs defaults,noexec 0 0
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Set local timezone
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.command: "{{ item }}"
|
2024-10-28 19:20:05 +01:00
|
|
|
changed_when: result.rc == 0
|
|
|
|
register: result
|
2024-03-19 23:02:50 +01:00
|
|
|
with_items:
|
|
|
|
- systemctl daemon-reload
|
|
|
|
- arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime
|
|
|
|
|
|
|
|
- name: Setup locales
|
|
|
|
block:
|
|
|
|
- name: Set hostname
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.copy:
|
2024-03-19 23:02:50 +01:00
|
|
|
content: "{{ hostname }}"
|
|
|
|
dest: /mnt/etc/hostname
|
2024-10-28 18:37:44 +01:00
|
|
|
mode: '0644'
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Add host entry to /etc/hosts
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.lineinfile:
|
2024-03-19 23:02:50 +01:00
|
|
|
path: /mnt/etc/hosts
|
|
|
|
line: "{{ ansible_host }} {{ hostname }}"
|
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: Create vconsole.conf
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.copy:
|
2024-10-28 18:37:44 +01:00
|
|
|
content: KEYMAP=us
|
2024-03-19 23:02:50 +01:00
|
|
|
dest: /mnt/etc/vconsole.conf
|
2024-10-28 18:37:44 +01:00
|
|
|
mode: '0644'
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Create locale.conf
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.copy:
|
|
|
|
content: LANG=en_US.UTF-8
|
2024-03-19 23:02:50 +01:00
|
|
|
dest: /mnt/etc/locale.conf
|
2024-10-28 18:37:44 +01:00
|
|
|
mode: '0644'
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: SSH permit Password
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.replace:
|
2024-03-19 23:02:50 +01:00
|
|
|
path: /mnt/etc/ssh/sshd_config
|
2024-07-11 22:20:45 +02:00
|
|
|
regexp: "#PasswordAuthentication yes"
|
|
|
|
replace: PasswordAuthentication yes
|
2024-03-19 23:02:50 +01:00
|
|
|
|
2024-10-30 18:54:15 +01:00
|
|
|
- name: SSH permit root login
|
|
|
|
ansible.builtin.replace:
|
|
|
|
path: /mnt/etc/ssh/sshd_config
|
|
|
|
regexp: "^#?PermitRootLogin.*"
|
|
|
|
replace: "PermitRootLogin yes"
|
|
|
|
|
2024-03-19 23:02:50 +01:00
|
|
|
- name: Enable Systemd Services
|
2024-11-07 14:57:39 +01:00
|
|
|
ansible.builtin.command: arch-chroot /mnt systemctl enable NetworkManager sshd
|
2024-10-30 00:29:46 +01:00
|
|
|
changed_when: result.rc == 0
|
|
|
|
register: result
|
2024-10-28 19:20:05 +01:00
|
|
|
|
2024-03-19 23:02:50 +01:00
|
|
|
- name: Configure Bootloader
|
|
|
|
block:
|
|
|
|
- name: Install Bootloader
|
2024-11-07 14:57:39 +01:00
|
|
|
ansible.builtin.command: arch-chroot /mnt /usr/sbin/efibootmgr -c -L '{{ os }}'
|
|
|
|
-d "{{ install_drive }}" -p 1
|
|
|
|
-l '\efi\EFI\redhat\shimx64.efi'
|
2024-10-28 19:20:05 +01:00
|
|
|
changed_when: result.rc == 0
|
|
|
|
register: result
|
|
|
|
|
2024-03-19 23:02:50 +01:00
|
|
|
- name: Generate grub config
|
2024-11-07 14:57:39 +01:00
|
|
|
ansible.builtin.command: arch-chroot /mnt /usr/sbin/grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
|
2024-10-28 19:20:05 +01:00
|
|
|
changed_when: result.rc == 0
|
|
|
|
register: result
|
|
|
|
|
2024-04-16 01:14:05 +02:00
|
|
|
- name: Regenerate initramfs
|
2024-04-17 10:53:09 +02:00
|
|
|
when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"]
|
2024-11-07 14:57:39 +01:00
|
|
|
ansible.builtin.command: arch-chroot /mnt /usr/bin/dracut --regenerate-all --force
|
2024-10-28 19:20:05 +01:00
|
|
|
changed_when: result.rc == 0
|
|
|
|
register: result
|
|
|
|
|
2024-03-19 23:02:50 +01:00
|
|
|
- name: Extra Configuration
|
|
|
|
block:
|
2024-10-31 02:05:11 +01:00
|
|
|
- name: Append vim configurations to vimrc
|
2024-10-28 18:56:00 +01:00
|
|
|
failed_when: false
|
2024-10-31 02:05:11 +01:00
|
|
|
ansible.builtin.blockinfile:
|
2024-11-07 14:57:39 +01:00
|
|
|
path: "/mnt/etc/vimrc"
|
2024-10-31 02:05:11 +01:00
|
|
|
block: |
|
|
|
|
set encoding=utf-8
|
|
|
|
set number
|
|
|
|
set autoindent
|
|
|
|
set smartindent
|
|
|
|
set mouse=a
|
2024-03-19 23:02:50 +01:00
|
|
|
insertafter: EOF
|
2024-10-31 02:05:11 +01:00
|
|
|
marker: ""
|
|
|
|
|
|
|
|
- name: Add memory tuning parameters
|
|
|
|
ansible.builtin.blockinfile:
|
|
|
|
path: /mnt/etc/sysctl.d/90-memory.conf
|
|
|
|
create: true
|
|
|
|
block: |
|
|
|
|
vm.swappiness=10
|
|
|
|
vm.vfs_cache_pressure=50
|
|
|
|
vm.dirty_background_ratio=1
|
|
|
|
vm.dirty_ratio=10
|
|
|
|
vm.page-cluster=10
|
|
|
|
marker: ""
|
|
|
|
mode: '0644'
|
2024-03-19 23:02:50 +01:00
|
|
|
|
2024-10-31 02:18:55 +01:00
|
|
|
- name: Create zram config
|
2024-11-07 14:57:39 +01:00
|
|
|
when: os not in ['rhel8']
|
2024-10-31 02:18:55 +01:00
|
|
|
ansible.builtin.copy:
|
|
|
|
dest: /mnt/etc/systemd/zram-generator.conf
|
|
|
|
content: |
|
|
|
|
[zram0]
|
|
|
|
zram-size = ram / 2
|
|
|
|
compression-algorithm = zstd
|
|
|
|
swap-priority = 100
|
|
|
|
fs-type = swap
|
|
|
|
mode: '0644'
|
|
|
|
|
2024-03-19 23:02:50 +01:00
|
|
|
- name: Copy FirstRun Script
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.template:
|
2024-03-19 23:02:50 +01:00
|
|
|
src: firstrun.sh.j2
|
|
|
|
dest: /mnt/root/firstrun.sh
|
2024-07-11 22:20:45 +02:00
|
|
|
mode: "0755"
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Copy Custom Shell config
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.template:
|
2024-03-19 23:02:50 +01:00
|
|
|
src: custom.sh.j2
|
|
|
|
dest: /mnt/etc/profile.d/custom.sh
|
2024-10-28 18:37:44 +01:00
|
|
|
mode: '0644'
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Setup Network
|
|
|
|
block:
|
2024-07-11 22:20:45 +02:00
|
|
|
- name: Generate UUID for Network Profile
|
|
|
|
ansible.builtin.command: uuidgen
|
2024-10-28 19:20:05 +01:00
|
|
|
changed_when: net_uuid.rc == 0
|
2024-07-11 22:20:45 +02:00
|
|
|
register: net_uuid
|
|
|
|
|
|
|
|
- name: Retrieve Network Interface Name
|
2024-10-28 18:47:31 +01:00
|
|
|
ansible.builtin.shell: set -o pipefail && ip r | awk 'NR==1 {print $5}'
|
2024-10-28 19:20:05 +01:00
|
|
|
changed_when: net_inf.rc == 0
|
2024-07-11 22:20:45 +02:00
|
|
|
register: net_inf
|
|
|
|
|
2024-10-31 00:13:23 +01:00
|
|
|
- name: Register MAC Address of the Network Interface
|
2024-10-31 00:43:49 +01:00
|
|
|
ansible.builtin.shell: set -o pipefail && ip link show "{{ net_inf.stdout }}" | awk '/link\/ether/ {print $2}' | tr '[:lower:]' '[:upper:]'
|
2024-10-31 00:13:23 +01:00
|
|
|
register: net_mac
|
|
|
|
changed_when: net_mac.rc == 0
|
|
|
|
|
2024-07-11 22:20:45 +02:00
|
|
|
- name: Copy NetworkManager keyfile
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: network.j2
|
|
|
|
dest: /mnt/etc/NetworkManager/system-connections/LAN.nmconnection
|
|
|
|
mode: "0600"
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Setup user account
|
|
|
|
block:
|
|
|
|
- name: Create user account
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.command: "{{ item }}"
|
2024-03-19 23:02:50 +01:00
|
|
|
with_items:
|
2024-11-07 14:57:39 +01:00
|
|
|
- arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups wheel
|
2024-10-28 18:26:54 +01:00
|
|
|
{{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash
|
2024-07-11 22:20:45 +02:00
|
|
|
- arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash
|
2024-10-28 19:20:05 +01:00
|
|
|
changed_when: result.rc == 0
|
|
|
|
register: result
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Add SSH public key to authorized_keys
|
|
|
|
when: user_public_key is defined
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
path: /mnt/home/{{ user_name }}/.ssh/authorized_keys
|
2024-03-19 23:02:50 +01:00
|
|
|
line: "{{ user_public_key }}"
|
|
|
|
owner: 1000
|
|
|
|
group: 1000
|
|
|
|
mode: "0600"
|
2024-07-11 22:09:58 +02:00
|
|
|
create: true
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Give sudo access to wheel group
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.copy:
|
2024-11-07 14:57:39 +01:00
|
|
|
content: "%wheel ALL=(ALL) ALL"
|
2024-03-19 23:02:50 +01:00
|
|
|
dest: /mnt/etc/sudoers.d/01-wheel
|
2024-07-11 22:20:45 +02:00
|
|
|
mode: "0440"
|
2024-03-19 23:02:50 +01:00
|
|
|
validate: /usr/sbin/visudo --check --file=%s
|
|
|
|
|
|
|
|
- name: Fix SELinux
|
2024-11-07 14:57:39 +01:00
|
|
|
ansible.builtin.command: "arch-chroot /mnt /sbin/fixfiles onboot"
|
|
|
|
changed_when: result.rc == 0
|
|
|
|
register: result
|