Initial commit

roles/configuration/tasks/main.yml

@@ -0,0 +1,165 @@
+- name: Configuration
+  block:
+    - name: Generate fstab
+      shell: genfstab -LU /mnt > /mnt/etc/fstab
+
+    - name: Append TempFS to fstab
+      lineinfile:
+        path: /mnt/etc/fstab
+        line: "{{ item }}"
+        insertafter: EOF
+      with_items:
+        - ""
+        - "# TempFS"
+        - "tmpfs           /tmp            tmpfs           defaults,nosuid,nodev,noexec    0 0"
+        - "tmpfs           /var/tmp        tmpfs           defaults,nosuid,nodev,noexec    0 0"
+        - "tmpfs           /dev/shm        tmpfs           defaults,noexec    0 0"
+
+    - name: Set local timezone
+      command: '{{ item }}'
+      with_items:
+        - systemctl daemon-reload
+        - arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime
+
+    - name: Generate adjtime file
+      command: arch-chroot /mnt /usr/sbin/hwclock --systohc
+
+    - name: Setup locales
+      block:
+        - name: Configure locale.gen
+          lineinfile:
+            dest: /mnt/etc/locale.gen
+            regexp: '{{ item.regex }}'
+            line: '{{ item.line }}'
+          loop:
+            - {regex: en_US\.UTF-8 UTF-8, line: en_US.UTF-8 UTF-8}
+
+        - name: Generate locales
+          command: arch-chroot /mnt /usr/sbin/locale-gen
+
+        - name: Set hostname
+          copy:
+            content: "{{ hostname }}"
+            dest: /mnt/etc/hostname
+
+        - name: Add host entry to /etc/hosts
+          lineinfile:
+            path: /mnt/etc/hosts
+            line: "{{ ansible_host }}    {{ hostname }}"
+            state: present
+
+        - name: Create vconsole.conf
+          copy:
+            content: "KEYMAP=de-latin1-nodeadkeys"
+            dest: /mnt/etc/vconsole.conf
+
+        - name: Create locale.conf
+          copy:
+            content: "LANG=en_US.UTF-8"
+            dest: /mnt/etc/locale.conf
+
+        - name: SSH permit Password
+          replace:
+            path: /mnt/etc/ssh/sshd_config
+            regexp: '#PasswordAuthentication yes'
+            replace: 'PasswordAuthentication yes'
+
+    - name: Enable Systemd Services
+      block:
+      - name: Enable sshd
+        when: os | lower == "archlinux"
+        command: arch-chroot /mnt systemctl enable sshd NetworkManager logrotate
+
+    - name: Configure grub
+      when: os | lower != "fedora" and os | lower != "almalinux" and os | lower != "rhel8" and os | lower != "rhel9"
+      block:
+        - name: Add commandline information to grub config
+          lineinfile:
+            dest: /mnt/etc/default/grub
+            regexp: ^GRUB_CMDLINE_LINUX_DEFAULT=
+            line: 'GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3"'
+
+        - name: Change Grub time
+          lineinfile:
+            dest: /mnt/etc/default/grub
+            regexp: ^GRUB_TIMEOUT=
+            line: 'GRUB_TIMEOUT=0'
+
+    - name: Configure Bootloader
+      block:
+        - name: Install Bootloader
+          command: arch-chroot /mnt {% if os | lower != "archlinux" and os | lower != "debian11" and os | lower != "debian12" %}/usr/sbin/efibootmgr -c -L '{{ os }}' -d "{{ install_drive }}" -wwp 1 -l '\efi\EFI\{{ os }}\shimx64.efi'{% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id={{ os }}{% endif %}
+
+        - name: Generate grub config
+          command: arch-chroot /mnt {% if os | lower != "archlinux" and os | lower != "debian11" and os | lower != "debian12" %}/usr/sbin/grub2-mkconfig -o /boot/efi/EFI/{{ os }}/grub.cfg{% else %}/usr/sbin/grub-mkconfig -o /boot/grub/grub.cfg{% endif %}
+
+    - name: Extra Configuration
+      when: os | lower != "archlinux"
+      block:
+        - name: Append lines to vimrc
+          lineinfile:
+            path: "{{ '/mnt/etc/vim/vimrc' if os|lower == 'debian11' or os|lower == 'debian12' else '/mnt/etc/vimrc' }}"
+            line: "{{ item }}"
+            insertafter: EOF
+          with_items:
+            - "set encoding=utf-8"
+            - "set number"
+            - "set autoindent"
+            - "set smartindent"
+            - "set mouse=a"
+
+        - name: Copy FirstRun Script
+          template:
+            src: firstrun.sh.j2
+            dest: /mnt/root/firstrun.sh
+            mode: '0755'
+
+        - name: Copy Custom Shell config
+          template:
+            src: custom.sh.j2
+            dest: /mnt/etc/profile.d/custom.sh
+
+    - name: Setup Network
+      block:
+      - name: Generate UUID for Network Profile
+        command: "uuidgen"
+        register: net_uuid
+
+      - name: Retrieve Network Interface Name
+        shell: "ip r | awk 'NR==1 {print $5}'"
+        register: net_inf
+
+      - name: Copy NetworkManager keyfile
+        template:
+          src: network.j2
+          dest: /mnt/etc/NetworkManager/system-connections/LAN.nmconnection
+          mode: '0600'
+
+    - name: Setup user account
+      block:
+        - name: Create user account
+          command: '{{ item }}'
+          with_items:
+          - arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups {{ "sudo" if os|lower == "debian11" or os|lower == "debian12" else "wheel" }} {{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash
+          - arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash
+
+        - name: Add SSH public key to authorized_keys
+          when: user_public_key is defined
+          lineinfile:
+            path: "/mnt/home/{{ user_name }}/.ssh/authorized_keys"
+            line: "{{ user_public_key }}"
+            owner: 1000
+            group: 1000
+            mode: "0600"
+            create: yes
+
+    - name: Give sudo access to wheel group
+      copy:
+        content: "{{ '%sudo ALL=(ALL) ALL' if os|lower == 'debian11' or os|lower == 'debian12' else '%wheel ALL=(ALL) ALL' }}"
+        dest: /mnt/etc/sudoers.d/01-wheel
+        mode: 0440
+        validate: /usr/sbin/visudo --check --file=%s
+
+    - name: Fix SELinux
+      when: (os | lower == "almalinux" or os | lower == "fedora" or os | lower == "rhel8" or os | lower == "rhel9")
+      command: touch /mnt/.autorelabel

roles/configuration/templates/custom.sh.j2

@@ -0,0 +1,12 @@
+# Prompt Style
+if [ "$PS1" ]; then
+  PS1="\[\033[01;32m\][\u@\h:\l \[\033[01;34m\]\W\[\033[00m\]]\\$ "
+fi
+
+# Timestamps and instant apply
+HISTTIMEFORMAT="%F %T "
+PROMPT_COMMAND="history -a;$PROMPT_COMMAND"
+
+# History Size
+HISTFILESIZE=
+HISTSIZE=

roles/configuration/templates/firstrun.sh.j2

@@ -0,0 +1,145 @@
+#!/bin/bash
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+BLUE='\033[1;34m'
+NC='\033[0m' # No Color
+
+# Ask for and set the hostname
+echo -e "${BLUE}Enter the hostname:${NC}"
+read -r new_hostname
+
+# Detect the network interface
+network_interface=$(nmcli -t -f DEVICE connection show --active | head -n 1)
+
+# Ask for and set the IP address
+echo -e "${BLUE}Enter the IP address (eg.: 10.11.x.x/24):${NC}"
+read -r ip_address
+
+# Ask for and set the DNS server
+default_dns1="10.11.23.10"
+default_dns2="10.11.23.18"
+echo -e "${BLUE}Enter the DNS server (default: $default_dns1, $default_dns2):${NC}"
+read -r dns_server
+dns_server=${dns_server:-"$default_dns1 $default_dns2"}
+
+# Ask if Btrfs compression should be enabled
+if [[ $(df -T / | awk 'NR==2 {print $2}') == "btrfs" ]]; then
+    echo -e "${BLUE}Do you want to enable Btrfs compression? (y/n):${NC}"
+    read -r enable_compression
+fi
+
+if [[ "$enable_compression" == "y" || "$enable_compression" == "Y" ]]; then
+    # Ask for the use case
+    echo -e "${BLUE} the use case:${NC}"
+    echo "1. Databases, File Storage, etc (recommended compression level: 15)"
+    echo "2. Real-time compression (recommended compression level: 3)"
+    echo "3. Custom compression level"
+    read -r use_case
+
+    # Set the recommended compression level based on the use case
+    case "$use_case" in
+        1) compression_level=15 ;;
+        2) compression_level=3 ;;
+        3) echo -e "${BLUE}Enter the custom compression level (1-15):${NC}"
+           read -r compression_level ;;
+        *) echo -e "${RED}Invalid use case. Exiting script.${NC}"; exit 1 ;;
+    esac
+fi
+
+# Ask if CheckMK Agent should be installed
+echo -e "${BLUE}Do you want to install the CheckMK Agent? (y/n):${NC}"
+read -r install_checkmk_agent
+
+# Ask if ports and services should be opened
+echo -e "${BLUE}Do you want to open any ports or services? (y/n):${NC}"
+read -r open_ports_services
+
+if [[ "$open_ports_services" == "y" || "$open_ports_services" == "Y" ]]; then
+    # Ask for and set the services to open
+    echo -e "${BLUE}Enter the services to open (comma-separated):${NC}"
+    read -r services
+
+    # Ask for and set the ports to open
+    echo -e "${BLUE}Enter the ports to open (comma-separated):${NC}"
+    read -r ports
+fi
+
+# Apply Changes
+echo -e "${BLUE}Are you sure you want to apply the changes? This may cause a loss of SSH connection. (y/n):${NC}"
+read -r answer
+
+# Check the user's response
+if [[ "$answer" == "y" || "$answer" == "Y" ]]; then
+    # Comment out the script execution line in .bashrc
+    sed -i '/~\/firstrun\.sh/s/^/#/' ~/.bashrc
+    hostnamectl set-hostname "$new_hostname"
+
+    nmcli device modify "$network_interface" ipv4.dns "$dns_server" > /dev/null
+    nmcli device modify "$network_interface" ipv6.method ignore > /dev/null
+    nmcli device modify "$network_interface" ipv4.addresses "$ip_address" ipv4.method manual > /dev/null
+
+    # Modify /etc/hosts file
+    ip_address=$(echo "$ip_address" | sed 's/.\{3\}$//')
+    if grep "$ip_address" /etc/hosts > /dev/null 2>&1; then
+    echo "IP address already exists in /etc/hosts"
+    else
+        # Add IP address and hostname after the "127.0.0.1 localhost" entry
+        sed -i '1a\'"$ip_address\t$new_hostname" /etc/hosts
+
+        if [ $? -eq 0 ]; then
+            echo "IP address and hostname added to /etc/hosts"
+        else
+            echo "Failed to add IP address and hostname to /etc/hosts"
+        fi
+    fi
+
+    # Modify Btrfs compression settings in /etc/fstab
+    if [[ "$enable_compression" == "y" || "$enable_compression" == "Y" ]]; then
+        if ! grep -q "compress=zstd" /etc/fstab; then
+            sed -i "/btrfs/s/defaults/defaults,compress=zstd:$compression_level/" /etc/fstab
+        else
+            sed -i "/btrfs/s/compress=zstd:[0-9]*/compress=zstd:$compression_level/" /etc/fstab
+        fi
+    else
+        if grep -q "compress=zstd" /etc/fstab; then
+            sed -i "/btrfs/s/,compress=zstd:[0-9]*//" /etc/fstab
+        fi
+    fi
+
+    if [[ "$install_checkmk_agent" == "y" || "$install_checkmk_agent" == "Y" ]]; then
+        # Run the CheckMK Agent installation script
+        bash Scripts/install_checkmk_agent.sh
+    fi
+
+    if [[ "$open_ports_services" == "y" || "$open_ports_services" == "Y" ]]; then
+        # Open the specified services
+        IFS=',' read -ra service_array <<< "$services"
+        for service in "${service_array[@]}"; do
+            firewall-cmd --add-service="$service" --permanent > /dev/null
+        done
+
+        # Open the specified ports
+        IFS=',' read -ra port_array <<< "$ports"
+        for port in "${port_array[@]}"; do
+            firewall-cmd --add-port="$port"/tcp --permanent > /dev/null
+        done
+
+        firewall-cmd --reload > /dev/null 2>&1
+    fi
+
+    # Open port 6556/tcp for CheckMK Agent if it was installed
+    if [[ "$install_checkmk_agent" == "y" || "$install_checkmk_agent" == "Y" ]]; then
+        firewall-cmd --add-port=6556/tcp --permanent > /dev/null 2>&1
+        firewall-cmd --reload > /dev/null 2>&1
+    else
+        firewall-cmd --remove-port=6556/tcp --permanent > /dev/null 2>&1
+        firewall-cmd --reload > /dev/null 2>&1
+    fi
+
+    echo -e "${GREEN}Changes applied successfully.${NC}"
+else
+    echo -e "${RED}Changes not applied. Exiting script.${NC}"
+    exit 0
+fi

roles/configuration/templates/network.j2

@@ -0,0 +1,18 @@
+[connection]
+id=LAN
+uuid={{ net_uuid.stdout }}
+type=ethernet
+interface-name={{ net_inf.stdout }}
+
+[ethernet]
+
+[ipv4]
+address={{ vm_ip }},{{ vm_gw }}
+dns={{ vm_dns }}
+method=manual
+
+[ipv6]
+addr-gen-mode=default
+method=disabled
+
+[proxy]

roles/configuration/templates/sudo_lecture.txt.j2

@@ -0,0 +1,11 @@
+
+       \^V//
+       |. .|    I AM (G)ROOT!
+     - \ - / _
+      \_| |_/
+        \ \
+      __/_/__
+     |_______|   With great power comes great responsibility.
+      \     /    Use sudo wisely.
+       \___/
+