From 37df881daa37c8900b94863b85ef95baebbf97b2 Mon Sep 17 00:00:00 2001 From: Sandwich Date: Sat, 30 May 2026 18:05:14 +0200 Subject: [PATCH] docs: refresh bootstrap examples and README --- README.md | 24 ++++++++++++++++-------- main.yml | 20 ++++++++++---------- vars_baremetal_example.yml | 8 ++++++-- vars_example.yml | 2 -- 4 files changed, 32 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index bb3a036..f2593d1 100644 --- a/README.md +++ b/README.md @@ -30,16 +30,13 @@ Non-Arch targets require the appropriate package manager available from the ISO | `system.os` | Distribution | `system.version` | | ------------ | ------------------------ | ------------------------------------- | | `almalinux` | AlmaLinux | `8`, `9`, `10` | -| `alpine` | Alpine Linux | latest (rolling) | | `archlinux` | Arch Linux | latest (rolling) | | `debian` | Debian | `10`-`13`, `unstable` | | `fedora` | Fedora | `38`-`45` | -| `opensuse` | openSUSE Tumbleweed | latest (rolling) | | `rhel` | Red Hat Enterprise Linux | `8`, `9`, `10` | | `rocky` | Rocky Linux | `8`, `9`, `10` | | `ubuntu` | Ubuntu (latest non-LTS) | optional (e.g. `24.04`) | | `ubuntu-lts` | Ubuntu LTS | optional (e.g. `24.04`) | -| `void` | Void Linux | latest (rolling) | ### Hypervisors @@ -293,7 +290,7 @@ The bootstrap auto-switches to dracut when `method: tpm2` is set. Override via ` | `peripherals.*` | dict | see below | Fingerprint readers, webcams, DisplayLink (see [4.2.8](#428-systemfeaturesperipherals)) | | `hardware.*` | dict | see below | Hardware-detection profile override (see [4.2.9](#429-systemfeatureshardware)) | -**Initramfs generator auto-detection:** RedHat → dracut, Arch → mkinitcpio, Debian/Ubuntu → initramfs-tools. +**Initramfs generator auto-detection:** RedHat -> dracut, Arch -> mkinitcpio, Debian/Ubuntu -> initramfs-tools. Override with `dracut`, `mkinitcpio`, or `initramfs-tools`. When LUKS TPM2 auto-unlock is enabled and the native generator does not support `tpm2-device`, the generator is automatically upgraded to dracut. On distros with older dracut (no `tpm2-tss` module), clevis is used as a fallback for TPM2 binding. @@ -303,13 +300,24 @@ On distros with older dracut (no `tpm2-tss` module), clevis is used as a fallbac | Key | Type | Default | Description | | ----------------- | ------ | -------------- | ----------------------------------------- | | `enabled` | bool | `false` | Install desktop environment | -| `environment` | string | -- | `gnome`, `kde`, `xfce`, `sway`, `hyprland`, `cinnamon`, `mate`, `lxqt`, `budgie` | -| `display_manager` | string | auto-detected | Override DM: `gdm`, `sddm`, `lightdm`, `ly`, `greetd` | +| `environment` | string | `""` | `gnome`, `kde`, `sway`, or `hyprland` | +| `display_manager` | string | auto-detected | Override DM: `gdm`, `sddm`, or `greetd` | +| `autologin` | bool \| string | `false` | `false` to disable, or a username from `system.users` to auto-login that user | +| `session` | string | auto-from-environment | Session to autologin into; overrides the per-environment default (sddm `.desktop` basename / greetd command) | +| `groups` | list | `[]` | Opt-in package groups installed on top of the base set (keys of `desktop_package_groups`, e.g. `dev`) | + +All desktop environments are Wayland-only. `sway` and `hyprland` are available on Arch only; +`gnome` and `kde` are available on all three families. When `enabled: true`, the bootstrap installs the desktop environment packages, enables the display manager and bluetooth services, and sets the systemd default target to `graphical.target`. -Display manager auto-detection: gnome→gdm, kde→sddm, xfce→lightdm, sway→greetd, hyprland→ly. +Display manager auto-detection: gnome to gdm, kde to sddm, sway to greetd, hyprland to greetd. + +When `autologin` names a user, the matching display manager is configured to log that user in without a +password prompt. `session` is resolved automatically per environment when left empty (gdm picks its default, +sddm uses `plasma.desktop` for kde, greetd runs the compositor command for sway/hyprland), so it only needs +setting to override that choice. #### 4.2.6 `system.features.firmware` @@ -461,7 +469,7 @@ When `hypervisor.type: vmware` uses the `vmware_tools` connection: | ------------- | ------ | ------------------------------------------------------ | | `size` | number | Disk size in GB (required for virtual) | | `device` | string | Block device path (required for physical data disks) | -| `partition` | string | Partition device path (required for physical data disks) | +| `partition` | string | Derived from `device` during normalization (not user input) | | `mount.path` | string | Mount point (additional disks only) | | `mount.fstype`| string | `btrfs`, `ext4`, or `xfs` | | `mount.label` | string | Filesystem label | diff --git a/main.yml b/main.yml index e67f814..0ba9d93 100644 --- a/main.yml +++ b/main.yml @@ -1,14 +1,14 @@ --- -# Bootstrap pipeline — role execution order: -# 1. global_defaults — normalize + validate system/hypervisor/disk input -# 2. system_check — pre-flight hardware/environment safety checks -# 3. virtualization — create VM on hypervisor (libvirt/proxmox/vmware/xen) -# 4. environment — detect live ISO, configure installer network, install tools, detect hardware -# 5. partitioning — partition disk, create FS, LUKS, LVM, mount everything -# 6. bootstrap — debootstrap/pacstrap/dnf install the target OS into /mnt -# 7. configuration — users, network, encryption, fstab, bootloader, services -# 8. cis — CIS hardening (optional, per system.features.cis.enabled) -# 9. cleanup — unmount, remove cloud-init artifacts, reboot/shutdown +# Bootstrap pipeline - role execution order: +# 1. global_defaults - normalize + validate system/hypervisor/disk input +# 2. system_check - pre-flight hardware/environment safety checks +# 3. virtualization - create VM on hypervisor (libvirt/proxmox/vmware/xen) +# 4. environment - detect live ISO, configure installer network, install tools, detect hardware +# 5. partitioning - partition disk, create FS, LUKS, LVM, mount everything +# 6. bootstrap - debootstrap/pacstrap/dnf install the target OS into /mnt +# 7. configuration - users, network, encryption, fstab, bootloader, services +# 8. cis - CIS hardening (optional, per system.features.cis.enabled) +# 9. cleanup - unmount, remove cloud-init artifacts, reboot/shutdown - name: Create and configure VMs hosts: "{{ bootstrap_target | default('all') }}" strategy: free # noqa: run-once[play] diff --git a/vars_baremetal_example.yml b/vars_baremetal_example.yml index 711de4c..034bc0d 100644 --- a/vars_baremetal_example.yml +++ b/vars_baremetal_example.yml @@ -61,11 +61,15 @@ system: sudo: true chroot: tool: "arch-chroot" - # firmware/microcode default to "auto" — on for physical, off for virtual. + desktop: + enabled: false + environment: "" # gnome|kde|sway|hyprland (sway/hyprland are Archlinux only) + autologin: false # false | a username from system.users (not bool true) + # firmware/microcode default to "auto" - on for physical, off for virtual. # gpu and peripherals.* default to "auto" tied to desktop.enabled. # Override only when you want non-default behavior. gpu: - enabled: false # set true for desktop installs + enabled: "auto" # auto = follows desktop.enabled; set true to force nvidia_driver: "auto" # auto = open|proprietary|nouveau by GPU generation peripherals: displaylink: false # explicit opt-in for DisplayLink docks diff --git a/vars_example.yml b/vars_example.yml index 44a5939..4be133a 100644 --- a/vars_example.yml +++ b/vars_example.yml @@ -79,8 +79,6 @@ system: iter: 4000 bits: 512 pbkdf: "argon2id" - urandom: true - verify: true packages: - jq - tmux