sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move derived vars into role defaults

Browse Source
This commit is contained in:
Sandwich
2026-01-02 11:25:51 +01:00
parent f9a8791b4d
commit 230b14e2ab
7 changed files with 36 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
roles/cis/defaults/main.yml Normal file
View File

@@ -0,0 +1,21 @@
---
cis_permission_targets: >-
{{
[
{ "path": "/mnt/etc/ssh/sshd_config", "mode": "0600" },
{ "path": "/mnt/etc/cron.hourly", "mode": "0700" },
{ "path": "/mnt/etc/cron.daily", "mode": "0700" },
{ "path": "/mnt/etc/cron.weekly", "mode": "0700" },
{ "path": "/mnt/etc/cron.monthly", "mode": "0700" },
{ "path": "/mnt/etc/cron.d", "mode": "0700" },
{ "path": "/mnt/etc/crontab", "mode": "0600" },
{ "path": "/mnt/etc/logrotate.conf", "mode": "0644" },
{ "path": "/mnt/usr/sbin/pppd", "mode": "0754" } if os not in ["rhel8", "rhel9", "rhel10"] else None,
{
"path": "/mnt/usr/bin/"
+ ("fusermount3" if os in ["archlinux", "debian12", "fedora", "rhel9", "rhel10", "rocky"] else "fusermount"),
"mode": "755"
},
{ "path": "/mnt/usr/bin/" + ("write.ul" if os == "debian11" else "write"), "mode": "755" }
] | reject("none")
}}

21
roles/cis/tasks/permissions.yml
View File

@@ -1,25 +1,4 @@
--- ---
- name: Build CIS permission targets
ansible.builtin.set_fact:
cis_permission_targets: >-
{{
[
{ "path": "/mnt/etc/ssh/sshd_config", "mode": "0600" },
{ "path": "/mnt/etc/cron.hourly", "mode": "0700" },
{ "path": "/mnt/etc/cron.daily", "mode": "0700" },
{ "path": "/mnt/etc/cron.weekly", "mode": "0700" },
{ "path": "/mnt/etc/cron.monthly", "mode": "0700" },
{ "path": "/mnt/etc/cron.d", "mode": "0700" },
{ "path": "/mnt/etc/crontab", "mode": "0600" },
{ "path": "/mnt/etc/logrotate.conf", "mode": "0644" },
{ "path": "/mnt/usr/sbin/pppd", "mode": "0754" } if os not in ["rhel8", "rhel9", "rhel10"] else None,
{ "path": "/mnt/usr/bin/" + ("fusermount3" if os in ["archlinux", "debian12", "fedora", "rhel9",
"rhel10", "rocky"] else "fusermount"), "mode": "755" },
{ "path": "/mnt/usr/bin/" + ("write.ul" if os == "debian11" else "write"), "mode": "755" }
] | reject("none")
}}
changed_when: false
- name: Check CIS permission targets - name: Check CIS permission targets
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ item.path }}" path: "{{ item.path }}"

5
roles/cleanup/defaults/main.yml Normal file
View File

@@ -0,0 +1,5 @@
---
cleanup_libvirt_image_dir: >-
{{ vm_path if vm_path is defined and vm_path | length > 0 else '/var/lib/libvirt/images' }}
cleanup_libvirt_cloudinit_path: >-
{{ [cleanup_libvirt_image_dir, hostname ~ '-cloudinit.iso'] | ansible.builtin.path_join }}

10
roles/cleanup/tasks/libvirt.yml
View File

@@ -4,16 +4,6 @@
delegate_to: localhost delegate_to: localhost
become: false become: false
block: block:
- name: Set libvirt image paths
vars:
cleanup_libvirt_image_dir_value: >-
{{ vm_path if vm_path is defined and vm_path | length > 0 else '/var/lib/libvirt/images' }}
ansible.builtin.set_fact:
cleanup_libvirt_image_dir: "{{ cleanup_libvirt_image_dir_value }}"
cleanup_libvirt_cloudinit_path: >-
{{ [cleanup_libvirt_image_dir_value, hostname ~ '-cloudinit.iso'] | ansible.builtin.path_join }}
changed_when: false
- name: Read current VM XML definition - name: Read current VM XML definition
community.libvirt.virt: community.libvirt.virt:
command: get_xml command: get_xml

2
roles/configuration/tasks/encryption/keyfile.yml
View File

@@ -61,7 +61,7 @@
- name: Regenerate keyfile and retry adding to LUKS header - name: Regenerate keyfile and retry adding to LUKS header
when: when:
- configuration_luks_keyfile_unlock_test.rc != 0 - configuration_luks_keyfile_unlock_test.rc != 0
- configuration_luks_keyfile_copy.changed | default(false) | bool - configuration_luks_keyfile_copy is defined and configuration_luks_keyfile_copy.changed | bool
- configuration_luks_addkey_result is failed - configuration_luks_addkey_result is failed
block: block:
- name: Regenerate LUKS keyfile - name: Regenerate LUKS keyfile

9
roles/virtualization/defaults/main.yml
View File

@@ -1,4 +1,13 @@
--- ---
virtualization_libvirt_image_dir: >-
{{ vm_path if vm_path is defined and vm_path | length > 0 else '/var/lib/libvirt/images' }}
virtualization_libvirt_disk_path: >-
{{ [virtualization_libvirt_image_dir, hostname ~ '.qcow2'] | ansible.builtin.path_join }}
virtualization_libvirt_cloudinit_path: >-
{{ [virtualization_libvirt_image_dir, hostname ~ '-cloudinit.iso'] | ansible.builtin.path_join }}
virtualization_mac_address: >-
{{ '52:54:00' | community.general.random_mac(seed=hostname) }}
virtualization_tpm2_enabled: >- virtualization_tpm2_enabled: >-
{{ {{
(partitioning_luks_enabled | bool) (partitioning_luks_enabled | bool)

20
roles/virtualization/tasks/libvirt.yml
View File

@@ -1,17 +1,4 @@
--- ---
- name: Set libvirt image paths
delegate_to: localhost
vars:
virtualization_libvirt_image_dir_value: >-
{{ vm_path if vm_path is defined and vm_path | length > 0 else '/var/lib/libvirt/images' }}
ansible.builtin.set_fact:
virtualization_libvirt_image_dir: "{{ virtualization_libvirt_image_dir_value }}"
virtualization_libvirt_disk_path: >-
{{ [virtualization_libvirt_image_dir_value, hostname ~ '.qcow2'] | ansible.builtin.path_join }}
virtualization_libvirt_cloudinit_path: >-
{{ [virtualization_libvirt_image_dir_value, hostname ~ '-cloudinit.iso'] | ansible.builtin.path_join }}
changed_when: false
- name: Create VM disk - name: Create VM disk
delegate_to: localhost delegate_to: localhost
ansible.builtin.command: ansible.builtin.command:
@@ -24,13 +11,6 @@
- "{{ vm_size }}G" - "{{ vm_size }}G"
creates: "{{ virtualization_libvirt_disk_path }}" creates: "{{ virtualization_libvirt_disk_path }}"
- name: Generate VM MAC address
delegate_to: localhost
ansible.builtin.set_fact:
virtualization_mac_address: >-
{{ '52:54:00' | community.general.random_mac(seed=hostname) }}
changed_when: false
- name: Render cloud config templates - name: Render cloud config templates
delegate_to: localhost delegate_to: localhost
ansible.builtin.template: ansible.builtin.template: