From 23a798a63a8318747bbf13323ac5f822b83590f6 Mon Sep 17 00:00:00 2001
From: Sandwich <sandwich@archworks.co>
Date: Fri, 20 Feb 2026 20:11:37 +0100
Subject: [PATCH] fix(global_defaults): add no_log to hypervisor tasks and
 expand validation

---
 roles/global_defaults/tasks/hypervisor.yml |  1 +
 roles/global_defaults/tasks/system.yml     |  2 +-
 roles/global_defaults/tasks/validation.yml | 40 ++++++++++++++++++++--
 3 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/roles/global_defaults/tasks/hypervisor.yml b/roles/global_defaults/tasks/hypervisor.yml
index 3a7c253..320815a 100644
--- a/roles/global_defaults/tasks/hypervisor.yml
+++ b/roles/global_defaults/tasks/hypervisor.yml
@@ -18,3 +18,4 @@
   ansible.builtin.set_fact:
     hypervisor_cfg: "{{ merged }}"
     hypervisor_type: "{{ merged.type | string | lower }}"
+  no_log: true
diff --git a/roles/global_defaults/tasks/system.yml b/roles/global_defaults/tasks/system.yml
index 5c21592..ea37220 100644
--- a/roles/global_defaults/tasks/system.yml
+++ b/roles/global_defaults/tasks/system.yml
@@ -84,7 +84,7 @@
         ip: "{{ system_raw.network.ip | default('') | string }}"
         prefix: >-
           {{
-            (system_raw.network.prefix | int)
+            (system_raw.network.prefix | int | string)
             if (system_raw.network.prefix | default('') | string | length) > 0
             else ''
           }}
diff --git a/roles/global_defaults/tasks/validation.yml b/roles/global_defaults/tasks/validation.yml
index 14eb5d0..78df216 100644
--- a/roles/global_defaults/tasks/validation.yml
+++ b/roles/global_defaults/tasks/validation.yml
@@ -123,7 +123,7 @@
         or (
           os == "debian" and (os_version | string) in ["10", "11", "12", "13", "unstable"]
         ) or (
-          os == "fedora" and (os_version | string) in ["40", "41", "42", "43"]
+          os == "fedora" and (os_version | int) >= 38 and (os_version | int) <= 45
         ) or (
           os in ["rocky", "almalinux"]
           and (os_version | string) is match("^(8|9|10)(\\.\\d+)?$")
@@ -131,7 +131,9 @@
           os == "rhel"
           and (os_version | string) is match("^(8|9|10)(\\.\\d+)?$")
         ) or (
-          os in ["alpine", "archlinux", "opensuse", "ubuntu", "ubuntu-lts", "void"]
+          os in ["ubuntu", "ubuntu-lts"]
+        ) or (
+          os in ["alpine", "archlinux", "opensuse", "void"]
         )
     fail_msg: "Invalid os/version specified. Please check README.md for supported values."
     quiet: true
@@ -162,6 +164,7 @@
       Missing required Proxmox inputs. Define hypervisor.(url,username,password,host,storage),
       system.id, and system.network.bridge (or system.network.interfaces[]).
     quiet: true
+  no_log: true
 
 - name: Validate VMware hypervisor inputs
   when:
@@ -182,6 +185,7 @@
       Missing required VMware inputs. Define hypervisor.(url,username,password,datacenter,cluster,storage)
       and system.network.bridge (or system.network.interfaces[]).
     quiet: true
+  no_log: true
 
 - name: Validate Xen hypervisor inputs
   when:
@@ -195,6 +199,18 @@
     fail_msg: "Missing required Xen inputs. Define system.network.bridge (or system.network.interfaces[])."
     quiet: true
 
+- name: Validate libvirt hypervisor inputs
+  when:
+    - system_cfg.type == "virtual"
+    - hypervisor_type == "libvirt"
+  ansible.builtin.assert:
+    that:
+      - >-
+        (system_cfg.network.bridge | default('') | string | length > 0)
+        or (system_cfg.network.interfaces | default([]) | length > 0)
+    fail_msg: "Missing required libvirt inputs. Define system.network.bridge (or system.network.interfaces[])."
+    quiet: true
+
 - name: Validate virtual installer ISO requirement
   ansible.builtin.assert:
     that:
@@ -245,6 +261,26 @@
     fail_msg: "Invalid system sizing. Check system.cpus, system.memory, and system.disks[0].size."
     quiet: true
 
+- name: Validate at least one user is defined
+  ansible.builtin.assert:
+    that:
+      - system_cfg.users | default([]) | length > 0
+      - system_cfg.users[0].name is defined and (system_cfg.users[0].name | string | length) > 0
+    fail_msg: "At least one user with a name must be defined in system.users[]."
+    quiet: true
+
+- name: Validate DNS servers is a list
+  when:
+    - system_cfg.network.dns.servers is defined
+    - system_cfg.network.dns.servers | length > 0
+  ansible.builtin.assert:
+    that:
+      - system_cfg.network.dns.servers is iterable
+      - system_cfg.network.dns.servers is not string
+      - system_cfg.network.dns.servers is not mapping
+    fail_msg: "system.network.dns.servers must be a list."
+    quiet: true
+
 - name: Validate all virtual disks have a positive size
   when: system_cfg.type == "virtual"
   ansible.builtin.assert: