sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(schema): simplify dict normalization and schema checks

Browse Source
This commit is contained in:
Sandwich
2026-02-11 05:37:18 +01:00
parent aac2bd0b06
commit 5326907ae9
4 changed files with 207 additions and 269 deletions
Download Patch File Download Diff File Expand all files Collapse all files

176
roles/global_defaults/tasks/system.yml
View File

@@ -18,70 +18,82 @@
system_os_input: "{{ system_raw.os | default('') | string | lower }}"
system_name: >-
{{
system_raw.name | string
if (system_raw.name | default('') | string | length) > 0
system_raw.name | string | trim
if (system_raw.name | default('') | string | trim | length) > 0
else inventory_hostname
}}
system_dns_raw: "{{ system_raw.dns if system_raw.dns is mapping else {} }}"
system_dns_servers_input: "{{ system_dns_raw.servers | default([]) }}"
system_dns_search_input: "{{ system_dns_raw.search | default([]) }}"
system_user_raw: "{{ system_raw.user if system_raw.user is mapping else {} }}"
system_root_raw: "{{ system_raw.root if system_raw.root is mapping else {} }}"
system_luks_raw: "{{ system_raw.luks if system_raw.luks is mapping else {} }}"
system_luks_tpm2_raw: "{{ system_luks_raw.tpm2 if system_luks_raw.tpm2 is mapping else {} }}"
system_features_raw: "{{ system_raw.features if system_raw.features is mapping else {} }}"
system_feature_cis_raw: >-
system_dns: >-
{{
system_features_raw.cis
if system_features_raw.cis is defined and system_features_raw.cis is mapping
else {}
system_defaults.dns
| combine((system_raw.dns if system_raw.dns is mapping else {}), recursive=True)
}}
system_feature_selinux_raw: >-
system_user: >-
{{
system_features_raw.selinux
if system_features_raw.selinux is defined and system_features_raw.selinux is mapping
else {}
system_defaults.user
| combine((system_raw.user if system_raw.user is mapping else {}), recursive=True)
}}
system_feature_firewall_raw: >-
system_root: >-
{{
system_features_raw.firewall
if system_features_raw.firewall is defined and system_features_raw.firewall is mapping
else {}
system_defaults.root
| combine((system_raw.root if system_raw.root is mapping else {}), recursive=True)
}}
system_feature_ssh_raw: >-
system_luks: >-
{{
system_features_raw.ssh
if system_features_raw.ssh is defined and system_features_raw.ssh is mapping
else {}
system_defaults.luks
| combine((system_raw.luks if system_raw.luks is mapping else {}), recursive=True)
}}
system_feature_zstd_raw: >-
system_luks_tpm2: >-
{{
system_features_raw.zstd
if system_features_raw.zstd is defined and system_features_raw.zstd is mapping
else {}
system_defaults.luks.tpm2
| combine((system_luks.tpm2 if system_luks.tpm2 is mapping else {}), recursive=True)
}}
system_feature_swap_raw: >-
system_features: >-
{{
system_features_raw.swap
if system_features_raw.swap is defined and system_features_raw.swap is mapping
else {}
system_defaults.features
| combine((system_raw.features if system_raw.features is mapping else {}), recursive=True)
}}
system_feature_banner_raw: >-
system_feature_cis: >-
{{
system_features_raw.banner
if system_features_raw.banner is defined and system_features_raw.banner is mapping
else {}
system_defaults.features.cis
| combine((system_features.cis if system_features.cis is mapping else {}), recursive=True)
}}
system_feature_chroot_raw: >-
system_feature_selinux: >-
{{
system_features_raw.chroot
if system_features_raw.chroot is defined and system_features_raw.chroot is mapping
else {}
system_defaults.features.selinux
| combine((system_features.selinux if system_features.selinux is mapping else {}), recursive=True)
}}
system_feature_firewall: >-
{{
system_defaults.features.firewall
| combine((system_features.firewall if system_features.firewall is mapping else {}), recursive=True)
}}
system_feature_ssh: >-
{{
system_defaults.features.ssh
| combine((system_features.ssh if system_features.ssh is mapping else {}), recursive=True)
}}
system_feature_zstd: >-
{{
system_defaults.features.zstd
| combine((system_features.zstd if system_features.zstd is mapping else {}), recursive=True)
}}
system_feature_swap: >-
{{
system_defaults.features.swap
| combine((system_features.swap if system_features.swap is mapping else {}), recursive=True)
}}
system_feature_banner: >-
{{
system_defaults.features.banner
| combine((system_features.banner if system_features.banner is mapping else {}), recursive=True)
}}
system_feature_chroot: >-
{{
system_defaults.features.chroot
| combine((system_features.chroot if system_features.chroot is mapping else {}), recursive=True)
}}
system_dns_servers_input: "{{ system_dns.servers | default([]) }}"
system_dns_search_input: "{{ system_dns.search | default([]) }}"
system_packages_input: "{{ system_raw.packages | default([]) }}"
ansible.builtin.set_fact:
system_cfg:
@@ -140,50 +152,50 @@
}}
disks: "{{ system_raw.disks | default([]) }}"
user:
name: "{{ system_user_raw.name | default('') | string }}"
password: "{{ system_user_raw.password | default('') | string }}"
key: "{{ system_user_raw.key | default('') | string }}"
name: "{{ system_user.name | string }}"
password: "{{ system_user.password | string }}"
key: "{{ system_user.key | string }}"
root:
password: "{{ system_root_raw.password | default('') | string }}"
password: "{{ system_root.password | string }}"
luks:
enabled: "{{ system_luks_raw.enabled | default(system_defaults.luks.enabled) | bool }}"
passphrase: "{{ system_luks_raw.passphrase | default(system_defaults.luks.passphrase) | string }}"
mapper: "{{ system_luks_raw.mapper | default(system_defaults.luks.mapper) | string }}"
auto: "{{ system_luks_raw.auto | default(system_defaults.luks.auto) | bool }}"
method: "{{ system_luks_raw.method | default(system_defaults.luks.method) | string | lower }}"
enabled: "{{ system_luks.enabled | bool }}"
passphrase: "{{ system_luks.passphrase | string }}"
mapper: "{{ system_luks.mapper | string }}"
auto: "{{ system_luks.auto | bool }}"
method: "{{ system_luks.method | string | lower }}"
tpm2:
device: "{{ system_luks_tpm2_raw.device | default(system_defaults.luks.tpm2.device) | string }}"
pcrs: "{{ system_luks_tpm2_raw.pcrs | default(system_defaults.luks.tpm2.pcrs) | string }}"
keysize: "{{ system_luks_raw.keysize | default(system_defaults.luks.keysize) | int }}"
options: "{{ system_luks_raw.options | default(system_defaults.luks.options) | string }}"
type: "{{ system_luks_raw.type | default(system_defaults.luks.type) | string }}"
cipher: "{{ system_luks_raw.cipher | default(system_defaults.luks.cipher) | string }}"
hash: "{{ system_luks_raw.hash | default(system_defaults.luks.hash) | string }}"
iter: "{{ system_luks_raw.iter | default(system_defaults.luks.iter) | int }}"
bits: "{{ system_luks_raw.bits | default(system_defaults.luks.bits) | int }}"
pbkdf: "{{ system_luks_raw.pbkdf | default(system_defaults.luks.pbkdf) | string }}"
urandom: "{{ system_luks_raw.urandom | default(system_defaults.luks.urandom) | bool }}"
verify: "{{ system_luks_raw.verify | default(system_defaults.luks.verify) | bool }}"
device: "{{ system_luks_tpm2.device | string }}"
pcrs: "{{ system_luks_tpm2.pcrs | string }}"
keysize: "{{ system_luks.keysize | int }}"
options: "{{ system_luks.options | string }}"
type: "{{ system_luks.type | string }}"
cipher: "{{ system_luks.cipher | string }}"
hash: "{{ system_luks.hash | string }}"
iter: "{{ system_luks.iter | int }}"
bits: "{{ system_luks.bits | int }}"
pbkdf: "{{ system_luks.pbkdf | string }}"
urandom: "{{ system_luks.urandom | bool }}"
verify: "{{ system_luks.verify | bool }}"
features:
cis:
enabled: "{{ system_feature_cis_raw.enabled | default(system_defaults.features.cis.enabled) | bool }}"
enabled: "{{ system_feature_cis.enabled | bool }}"
selinux:
enabled: "{{ system_feature_selinux_raw.enabled | default(system_defaults.features.selinux.enabled) | bool }}"
enabled: "{{ system_feature_selinux.enabled | bool }}"
firewall:
enabled: "{{ system_feature_firewall_raw.enabled | default(system_defaults.features.firewall.enabled) | bool }}"
backend: "{{ system_feature_firewall_raw.backend | default(system_defaults.features.firewall.backend) | string | lower }}"
toolkit: "{{ system_feature_firewall_raw.toolkit | default(system_defaults.features.firewall.toolkit) | string | lower }}"
enabled: "{{ system_feature_firewall.enabled | bool }}"
backend: "{{ system_feature_firewall.backend | string | lower }}"
toolkit: "{{ system_feature_firewall.toolkit | string | lower }}"
ssh:
enabled: "{{ system_feature_ssh_raw.enabled | default(system_defaults.features.ssh.enabled) | bool }}"
enabled: "{{ system_feature_ssh.enabled | bool }}"
zstd:
enabled: "{{ system_feature_zstd_raw.enabled | default(system_defaults.features.zstd.enabled) | bool }}"
enabled: "{{ system_feature_zstd.enabled | bool }}"
swap:
enabled: "{{ system_feature_swap_raw.enabled | default(system_defaults.features.swap.enabled) | bool }}"
enabled: "{{ system_feature_swap.enabled | bool }}"
banner:
motd: "{{ system_feature_banner_raw.motd | default(system_defaults.features.banner.motd) | bool }}"
sudo: "{{ system_feature_banner_raw.sudo | default(system_defaults.features.banner.sudo) | bool }}"
motd: "{{ system_feature_banner.motd | bool }}"
sudo: "{{ system_feature_banner.sudo | bool }}"
chroot:
tool: "{{ system_feature_chroot_raw.tool | default(system_defaults.features.chroot.tool) | string }}"
tool: "{{ system_feature_chroot.tool | string }}"
hostname: "{{ system_name }}"
os: "{{ system_os_input if system_os_input | length > 0 else ('archlinux' if system_type == 'physical' else '') }}"
os_version: "{{ system_raw.version | default('') | string }}"
@@ -192,14 +204,6 @@
- name: Normalize system disks input
vars:
system_disks: "{{ system_cfg.disks | default([]) }}"
system_disk_defaults:
size: 0
device: ""
mount:
path: ""
fstype: ""
label: ""
opts: "defaults"
system_disk_letter_map: "abcdefghijklmnopqrstuvwxyz"
system_disk_device_prefix: >-
{{