Enable GRUB cryptodisk defaults

2025-12-28 00:46:09 +01:00
parent e1db2ce434
commit 3da6894ff1
1 changed files with 19 additions and 14 deletions
--- a/roles/configuration/tasks/grub.yml
+++ b/roles/configuration/tasks/grub.yml
@@ -1,18 +1,15 @@
 ---
- name: Configure grub
+- name: Configure grub defaults
  when: not is_rhel | default(false)
-  block:
+  ansible.builtin.lineinfile:
-    - name: Add commandline information to grub config
+    dest: /mnt/etc/default/grub
-      ansible.builtin.lineinfile:
+    regexp: "{{ item.regexp }}"
-        dest: /mnt/etc/default/grub
+    line: "{{ item.line }}"
-        regexp: ^GRUB_CMDLINE_LINUX_DEFAULT=
+  loop:
-        line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3"
+    - regexp: ^GRUB_CMDLINE_LINUX_DEFAULT=
-
+      line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3"
-    - name: Change Grub time
+    - regexp: ^GRUB_TIMEOUT=
-      ansible.builtin.lineinfile:
+      line: GRUB_TIMEOUT=1
        dest: /mnt/etc/default/grub
        regexp: ^GRUB_TIMEOUT=
        line: GRUB_TIMEOUT=1
 - name: Ensure grub defaults file exists for RHEL-based systems
  when: is_rhel | default(false)
@@ -70,7 +67,7 @@
        dest: /mnt/etc/default/grub
        mode: "0644"
        content: |
-          GRUB_TIMEOUT=5
+          GRUB_TIMEOUT=1
          GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
          GRUB_DEFAULT=saved
          GRUB_DISABLE_SUBMENU=true
@@ -107,3 +104,11 @@
      loop: "{{ configuration_grub_bls_entries.files }}"
      loop_control:
        label: "{{ item.path }}"
 - name: Enable GRUB cryptodisk for encrypted /boot
  when:
    - partitioning_luks_enabled | default(luks_enabled | default(false)) | bool
  ansible.builtin.lineinfile:
    path: /mnt/etc/default/grub
    regexp: '^GRUB_ENABLE_CRYPTODISK='
    line: GRUB_ENABLE_CRYPTODISK=y