feat(bootstrap): add rescue block to delete VMs on failed bootstrap

main.yml

@@ -110,31 +110,70 @@
       ansible.builtin.import_role:
         name: system_check
 
-  roles:
-    - role: virtualization
-      when: system_cfg.type == "virtual"
-      become: false
-      ansible_connection: local
+  tasks:
+    - name: Bootstrap pipeline
+      block:
+        - name: Create virtual machine
+          when: system_cfg.type == "virtual"
+          become: false
+          ansible.builtin.include_role:
+            name: virtualization
+          vars:
+            ansible_connection: local
 
-    - role: environment
-      vars:
-        ansible_connection: "{{ 'vmware_tools' if hypervisor_type == 'vmware' else 'ssh' }}"
+        - name: Configure environment
+          ansible.builtin.include_role:
+            name: environment
+          vars:
+            ansible_connection: "{{ 'vmware_tools' if hypervisor_type == 'vmware' else 'ssh' }}"
 
-    - role: partitioning
-      vars:
-        partitioning_boot_partition_suffix: 1
-        partitioning_main_partition_suffix: 2
+        - name: Partition disks
+          ansible.builtin.include_role:
+            name: partitioning
+          vars:
+            partitioning_boot_partition_suffix: 1
+            partitioning_main_partition_suffix: 2
 
-    - role: bootstrap
+        - name: Install base system
+          ansible.builtin.include_role:
+            name: bootstrap
 
-    - role: configuration
+        - name: Apply system configuration
+          ansible.builtin.include_role:
+            name: configuration
 
-    - role: cis
-      when: system_cfg.features.cis.enabled | bool
+        - name: Apply CIS hardening
+          when: system_cfg.features.cis.enabled | bool
+          ansible.builtin.include_role:
+            name: cis
 
-    - role: cleanup
-      when: system_cfg.type in ["virtual", "physical"]
-      become: false
+        - name: Clean up and finalize
+          when: system_cfg.type in ["virtual", "physical"]
+          become: false
+          ansible.builtin.include_role:
+            name: cleanup
+
+      rescue:
+        - name: Delete VM on bootstrap failure
+          when:
+            - virtualization_vm_created_in_run | default(false) | bool
+            - system_cfg.type == "virtual"
+          become: false
+          ansible.builtin.include_role:
+            name: virtualization
+            tasks_from: delete
+          vars:
+            ansible_connection: local
+          tags:
+            - rescue_cleanup
+
+        - name: Fail host after bootstrap rescue
+          ansible.builtin.fail:
+            msg: >-
+              Bootstrap failed for {{ hostname }}.
+              {{ 'VM was deleted to allow clean retry.'
+                 if (virtualization_vm_created_in_run | default(false))
+                 else 'VM was not created in this run (kept).' }}
 
   post_tasks:
     - name: Set post-reboot connection flags