Remove defaults for required vars
This commit is contained in:
@@ -1,6 +1,5 @@
|
||||
---
|
||||
partitioning_luks_enabled: "{{ luks_enabled | bool }}"
|
||||
partitioning_luks_passphrase: "{{ luks_passphrase }}"
|
||||
partitioning_luks_mapper_name: "{{ luks_mapper_name }}"
|
||||
partitioning_luks_type: "{{ luks_type }}"
|
||||
partitioning_luks_cipher: "{{ luks_cipher }}"
|
||||
@@ -112,12 +111,20 @@ partitioning_root_device: >-
|
||||
}}
|
||||
partitioning_vm_size_effective: >-
|
||||
{{
|
||||
(partitioning_vm_size if (partitioning_vm_size | float) > 0 else vm_size)
|
||||
(
|
||||
partitioning_vm_size
|
||||
if (partitioning_vm_size | float) > 0
|
||||
else (vm_size if vm_size is defined else 0)
|
||||
)
|
||||
| float
|
||||
}}
|
||||
partitioning_vm_memory_effective: >-
|
||||
{{
|
||||
(partitioning_vm_memory if (partitioning_vm_memory | float) > 0 else vm_memory)
|
||||
(
|
||||
partitioning_vm_memory
|
||||
if (partitioning_vm_memory | float) > 0
|
||||
else (vm_memory if vm_memory is defined else 0)
|
||||
)
|
||||
| float
|
||||
}}
|
||||
partitioning_swap_size_gb: >-
|
||||
|
||||
@@ -28,7 +28,7 @@
|
||||
changed_when: false
|
||||
|
||||
- name: Make root subvolumes
|
||||
when: cis | bool or item.subvol not in ['var_log_audit']
|
||||
when: cis_enabled or item.subvol not in ['var_log_audit']
|
||||
ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
|
||||
args:
|
||||
creates: /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
|
||||
@@ -43,7 +43,7 @@
|
||||
register: partitioning_btrfs_subvol_result
|
||||
|
||||
- name: Set quotas for subvolumes
|
||||
when: cis | bool
|
||||
when: cis_enabled
|
||||
ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
|
||||
loop:
|
||||
- {subvol: home, quota: 2G}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Create and format ext4 logical volumes
|
||||
when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
|
||||
when: cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
|
||||
community.general.filesystem:
|
||||
dev: /dev/sys/{{ item.lv }}
|
||||
fstype: ext4
|
||||
@@ -13,7 +13,7 @@
|
||||
- {lv: var_log_audit}
|
||||
|
||||
- name: Remove Unsupported features for older Systems
|
||||
when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky']) and (cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'])
|
||||
when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky']) and (cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'])
|
||||
ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}"
|
||||
loop:
|
||||
- {lv: root}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
- name: Detect system memory for swap sizing
|
||||
when:
|
||||
- (partitioning_vm_memory | float) <= 0
|
||||
- (vm_memory | float) <= 0
|
||||
- vm_memory is not defined or (vm_memory | float) <= 0
|
||||
block:
|
||||
- name: Read system memory
|
||||
ansible.builtin.command: awk '/MemTotal/ {print int($2/1024)}' /proc/meminfo
|
||||
@@ -18,7 +18,7 @@
|
||||
when:
|
||||
- install_type == "physical"
|
||||
- (partitioning_vm_size | float) <= 0
|
||||
- (vm_size | float) <= 0
|
||||
- vm_size is not defined or (vm_size | float) <= 0
|
||||
- install_drive | length > 0
|
||||
block:
|
||||
- name: Detect install drive size
|
||||
@@ -157,7 +157,14 @@
|
||||
when: partitioning_luks_enabled | bool
|
||||
vars:
|
||||
partitioning_luks_passphrase_effective: >-
|
||||
{{ partitioning_luks_passphrase | string }}
|
||||
{{
|
||||
(
|
||||
partitioning_luks_passphrase
|
||||
if partitioning_luks_passphrase is defined
|
||||
else (luks_passphrase if luks_passphrase is defined else '')
|
||||
)
|
||||
| string
|
||||
}}
|
||||
block:
|
||||
- name: Validate LUKS passphrase
|
||||
ansible.builtin.assert:
|
||||
@@ -257,7 +264,7 @@
|
||||
pvs: "{{ partitioning_root_device }}"
|
||||
|
||||
- name: Create LVM logical volumes
|
||||
when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
|
||||
when: cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
|
||||
community.general.lvol:
|
||||
vg: sys
|
||||
lv: "{{ item.lv }}"
|
||||
@@ -266,24 +273,24 @@
|
||||
loop:
|
||||
- lv: root
|
||||
size: >-
|
||||
{{ [(((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis | bool) | ternary(7.5, 0)) - (((partitioning_vm_memory_effective | float / 1024) > 16.0)
|
||||
{{ [(((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis_enabled) | ternary(7.5, 0)) - (((partitioning_vm_memory_effective | float / 1024) > 16.0)
|
||||
| ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024)))) < 4)
|
||||
| ternary(4,((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis | bool) | ternary(7.5, 0)) -
|
||||
| ternary(4,((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis_enabled) | ternary(7.5, 0)) -
|
||||
(((partitioning_vm_memory_effective | float / 1024) > 16.0)
|
||||
| ternary(
|
||||
((partitioning_vm_memory_effective | float / 2048) | int),
|
||||
(partitioning_vm_memory_effective | float / 1024)
|
||||
)))
|
||||
> 12)
|
||||
| ternary(((partitioning_vm_size_effective | float) * 0.4) | round(0, 'ceil'),((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis | bool)
|
||||
| ternary(((partitioning_vm_size_effective | float) * 0.4) | round(0, 'ceil'),((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis_enabled)
|
||||
| ternary(7.5, 0)) - (((partitioning_vm_memory_effective | float / 1024) > 16.0)
|
||||
| ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024))))))))), 4 ] | max | string +
|
||||
'G' }}
|
||||
- lv: swap
|
||||
size: >-
|
||||
{{ ((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis | bool) | ternary(7.5, 0))) - (((partitioning_vm_memory_effective | float / 1024) > 16.0)
|
||||
{{ ((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis_enabled) | ternary(7.5, 0))) - (((partitioning_vm_memory_effective | float / 1024) > 16.0)
|
||||
| ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024)))) < 4)
|
||||
| ternary((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis | bool) | ternary(7.5, 0))) - 4), (((partitioning_vm_memory_effective | float / 1024)
|
||||
| ternary((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis_enabled) | ternary(7.5, 0))) - 4), (((partitioning_vm_memory_effective | float / 1024)
|
||||
> 16.0)
|
||||
| ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024)))) | string + 'G' }}
|
||||
- lv: home
|
||||
@@ -346,7 +353,7 @@
|
||||
changed_when: false
|
||||
|
||||
- name: Get UUIDs for LVM filesystems
|
||||
when: filesystem != 'btrfs' and (cis | bool or item not in ['home', 'var', 'var_log', 'var_log_audit'])
|
||||
when: filesystem != 'btrfs' and (cis_enabled or item not in ['home', 'var', 'var_log', 'var_log_audit'])
|
||||
ansible.builtin.command: blkid -s UUID -o value /dev/sys/{{ item }}
|
||||
loop:
|
||||
- root
|
||||
@@ -363,18 +370,18 @@
|
||||
ansible.builtin.set_fact:
|
||||
partitioning_uuid_root: "{{ partitioning_uuid_result.results[0].stdout_lines }}"
|
||||
partitioning_uuid_swap: "{{ partitioning_uuid_result.results[1].stdout_lines }}"
|
||||
partitioning_uuid_home: "{{ partitioning_uuid_result.results[2].stdout_lines if cis | bool else '' }}"
|
||||
partitioning_uuid_var: "{{ partitioning_uuid_result.results[3].stdout_lines if cis | bool else '' }}"
|
||||
partitioning_uuid_var_log: "{{ partitioning_uuid_result.results[4].stdout_lines if cis | bool else '' }}"
|
||||
partitioning_uuid_var_log_audit: "{{ partitioning_uuid_result.results[5].stdout_lines if cis | bool else '' }}"
|
||||
partitioning_uuid_home: "{{ partitioning_uuid_result.results[2].stdout_lines if cis_enabled else '' }}"
|
||||
partitioning_uuid_var: "{{ partitioning_uuid_result.results[3].stdout_lines if cis_enabled else '' }}"
|
||||
partitioning_uuid_var_log: "{{ partitioning_uuid_result.results[4].stdout_lines if cis_enabled else '' }}"
|
||||
partitioning_uuid_var_log_audit: "{{ partitioning_uuid_result.results[5].stdout_lines if cis_enabled else '' }}"
|
||||
|
||||
- name: Mount filesystems
|
||||
block:
|
||||
- name: Mount filesystems and subvolumes
|
||||
when:
|
||||
- >-
|
||||
cis | bool or (
|
||||
not cis and (
|
||||
cis_enabled or (
|
||||
not cis_enabled and (
|
||||
(filesystem == 'btrfs' and item.path in ['/home', '/var/log', '/var/cache/pacman/pkg'])
|
||||
or (item.path not in ['/home', '/var', '/var/log', '/var/log/audit', '/var/cache/pacman/pkg'])
|
||||
)
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Create and format XFS logical volumes
|
||||
when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
|
||||
when: cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
|
||||
community.general.filesystem:
|
||||
dev: /dev/sys/{{ item.lv }}
|
||||
fstype: xfs
|
||||
|
||||
Reference in New Issue
Block a user