sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Normalize user-facing defaults

Browse Source
This commit is contained in:
Sandwich
2025-12-28 16:41:11 +01:00
parent cc77f646d7
commit 7fe2a0dcc1
26 changed files with 283 additions and 222 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
roles/partitioning/defaults/main.yml
View File

@@ -1,20 +1,20 @@
---
partitioning_luks_enabled: "{{ luks_enabled | default(false) | bool }}"
partitioning_luks_mapper_name: "{{ luks_mapper_name | default('SYSTEM_DECRYPTED') }}"
partitioning_luks_type: "{{ luks_type | default('luks2') }}"
partitioning_luks_cipher: "{{ luks_cipher | default('aes-xts-plain64') }}"
partitioning_luks_hash: "{{ luks_hash | default('sha512') }}"
partitioning_luks_iter_time: "{{ luks_iter_time | default(4000) }}"
partitioning_luks_key_size: "{{ luks_key_size | default(512) }}"
partitioning_luks_pbkdf: "{{ luks_pbkdf | default('argon2id') }}"
partitioning_luks_use_urandom: "{{ luks_use_urandom | default(true) | bool }}"
partitioning_luks_verify_passphrase: "{{ luks_verify_passphrase | default(true) | bool }}"
partitioning_luks_auto_decrypt: "{{ luks_auto_decrypt | default(true) | bool }}"
partitioning_luks_auto_decrypt_method: "{{ luks_auto_decrypt_method | default('tpm2') }}"
partitioning_luks_tpm2_device: "{{ luks_tpm2_device | default('auto') }}"
partitioning_luks_tpm2_pcrs: "{{ luks_tpm2_pcrs | default('') }}"
partitioning_luks_keyfile_size: "{{ luks_keyfile_size | default(64) }}"
partitioning_luks_options: "{{ luks_options | default('discard,tries=3') }}"
partitioning_luks_enabled: "{{ luks_enabled | bool }}"
partitioning_luks_mapper_name: "{{ luks_mapper_name }}"
partitioning_luks_type: "{{ luks_type }}"
partitioning_luks_cipher: "{{ luks_cipher }}"
partitioning_luks_hash: "{{ luks_hash }}"
partitioning_luks_iter_time: "{{ luks_iter_time }}"
partitioning_luks_key_size: "{{ luks_key_size }}"
partitioning_luks_pbkdf: "{{ luks_pbkdf }}"
partitioning_luks_use_urandom: "{{ luks_use_urandom | bool }}"
partitioning_luks_verify_passphrase: "{{ luks_verify_passphrase | bool }}"
partitioning_luks_auto_decrypt: "{{ luks_auto_decrypt | bool }}"
partitioning_luks_auto_decrypt_method: "{{ luks_auto_decrypt_method }}"
partitioning_luks_tpm2_device: "{{ luks_tpm2_device }}"
partitioning_luks_tpm2_pcrs: "{{ luks_tpm2_pcrs }}"
partitioning_luks_keyfile_size: "{{ luks_keyfile_size }}"
partitioning_luks_options: "{{ luks_options }}"
partitioning_boot_partition_suffix: 1
partitioning_main_partition_suffix: 2
partitioning_efi_size_mib: 50
@@ -22,13 +22,13 @@ partitioning_boot_size_mib: 1024
partitioning_separate_boot: >-
{{
(partitioning_luks_enabled | bool)
and (os | default('') | lower not in ['archlinux'])
and (os | lower not in ['archlinux'])
}}
partitioning_boot_fs_fstype: >-
{{
(filesystem | default('') | lower)
if (filesystem | default('') | lower) != 'btrfs'
else ('xfs' if (is_rhel | default(false)) else 'ext4')
(filesystem | lower)
if (filesystem | lower) != 'btrfs'
else ('xfs' if is_rhel else 'ext4')
}}
partitioning_boot_fs_partition_suffix: >-
{{
@@ -46,7 +46,7 @@ partitioning_efi_mountpoint: >-
if (partitioning_separate_boot | bool)
else (
'/boot/efi'
if (is_rhel | default(false)) or (os | default('') | lower in ['ubuntu', 'ubuntu-lts'])
if is_rhel or (os | lower in ['ubuntu', 'ubuntu-lts'])
else '/boot'
)
}}
@@ -107,8 +107,16 @@ partitioning_root_device: >-
if (partitioning_luks_enabled | bool)
else install_drive ~ (partitioning_root_partition_suffix | string)
}}
partitioning_vm_size_effective: "{{ (partitioning_vm_size | default(vm_size | default(0))) | float }}"
partitioning_vm_memory_effective: "{{ (partitioning_vm_memory | default(vm_memory | default(0))) | float }}"
partitioning_vm_size_effective: >-
{{
(partitioning_vm_size if (partitioning_vm_size | float) > 0 else vm_size)
| float
}}
partitioning_vm_memory_effective: >-
{{
(partitioning_vm_memory if (partitioning_vm_memory | float) > 0 else vm_memory)
| float
}}
partitioning_swap_size_gb: >-
{{
((partitioning_vm_memory_effective / 1024) >= 16.0)

2
roles/partitioning/tasks/btrfs.yml
View File

@@ -10,7 +10,7 @@
{{
'-K'
if (partitioning_luks_enabled | bool)
and not ('discard' in (partitioning_luks_options | default('') | lower))
and not ('discard' in (partitioning_luks_options | lower))
else omit
}}

16
roles/partitioning/tasks/main.yml
View File

@@ -1,8 +1,8 @@
---
- name: Detect system memory for swap sizing
when:
- partitioning_vm_memory is not defined
- vm_memory is not defined
- (partitioning_vm_memory | float) <= 0
- (vm_memory | float) <= 0
block:
- name: Read system memory
ansible.builtin.command: awk '/MemTotal/ {print int($2/1024)}' /proc/meminfo
@@ -17,9 +17,9 @@
- name: Set partitioning vm_size for physical installs
when:
- install_type == "physical"
- partitioning_vm_size is not defined
- vm_size is not defined
- install_drive is defined
- (partitioning_vm_size | float) <= 0
- (vm_size | float) <= 0
- install_drive | length > 0
block:
- name: Detect install drive size
ansible.builtin.command: "lsblk -b -dn -o SIZE {{ install_drive }}"
@@ -157,7 +157,7 @@
when: partitioning_luks_enabled | bool
vars:
partitioning_luks_passphrase_effective: >-
{{ (partitioning_luks_passphrase | default(luks_passphrase | default(''))) | string }}
{{ partitioning_luks_passphrase | string }}
block:
- name: Validate LUKS passphrase
ansible.builtin.assert:
@@ -207,7 +207,7 @@
state: opened
name: "{{ partitioning_luks_mapper_name }}"
passphrase: "{{ partitioning_luks_passphrase_effective }}"
allow_discards: "{{ 'discard' in (partitioning_luks_options | default('') | lower) }}"
allow_discards: "{{ 'discard' in (partitioning_luks_options | lower) }}"
register: partitioning_luks_open_result
no_log: true
rescue:
@@ -235,7 +235,7 @@
state: opened
name: "{{ partitioning_luks_mapper_name }}"
passphrase: "{{ partitioning_luks_passphrase_effective }}"
allow_discards: "{{ 'discard' in (partitioning_luks_options | default('') | lower) }}"
allow_discards: "{{ 'discard' in (partitioning_luks_options | lower) }}"
register: partitioning_luks_open_retry
no_log: true