sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: encryption, partitioning, cis and virtualization hardening

Browse Source
This commit is contained in:
Sandwich
2026-05-30 18:05:14 +02:00
parent b1e938b7f0
commit 55b21eae5d
14 changed files with 46 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
roles/virtualization/tasks/libvirt.yml
View File

@@ -70,6 +70,19 @@
- /tmp/cloud-user-data-{{ hostname }}.yml
- /tmp/cloud-network-config-{{ hostname }}.yml
# Resolve OVMF firmware to the first candidate present on the controller
# unless the user pinned an explicit path. first_found needs the localhost
# delegation since the candidates live on the libvirt host, not the target.
- name: Resolve OVMF firmware paths
delegate_to: localhost
ansible.builtin.set_fact:
virtualization_libvirt_ovmf_code: >-
{{ virtualization_libvirt_ovmf_code if virtualization_libvirt_ovmf_code | default('', true) | length > 0
else lookup('ansible.builtin.first_found', virtualization_libvirt_ovmf_code_candidates) }}
virtualization_libvirt_ovmf_vars: >-
{{ virtualization_libvirt_ovmf_vars if virtualization_libvirt_ovmf_vars | default('', true) | length > 0
else lookup('ansible.builtin.first_found', virtualization_libvirt_ovmf_vars_candidates) }}
# uri defaults to qemu:///system (local libvirtd)
- name: Create VM using libvirt
delegate_to: localhost