diff --git a/README.md b/README.md index 4f58e3e..0687950 100644 --- a/README.md +++ b/README.md @@ -166,6 +166,9 @@ Top-level host install/runtime settings. Use these keys under `system`. | `version` | string | empty | Version selector for distro families | | `filesystem` | string | empty | `btrfs`, `ext4`, or `xfs` | | `name` | string | inventory hostname | Final hostname | +| `timezone` | string | `Europe/Vienna` | System timezone (tz database name) | +| `locale` | string | `en_US.UTF-8` | System locale | +| `keymap` | string | `us` | Console keymap (`vconsole.conf`) | | `id` | int/string | empty | VMID (required for Proxmox) | | `cpus` | int | `0` | vCPU count | | `memory` | int | `0` | Memory in MiB | diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml index da3f27f..3136a5e 100644 --- a/roles/bootstrap/tasks/main.yml +++ b/roles/bootstrap/tasks/main.yml @@ -1,45 +1,17 @@ --- - name: Run OS-specific bootstrap process vars: - bootstrap_os_key: "{{ (os_resolved | default(os)) | lower }}" - bootstrap_var_key: "{{ 'bootstrap_' + ((os_resolved | default(os)) | lower | replace('-', '_')) }}" - block: - - name: Include AlmaLinux bootstrap tasks - when: bootstrap_os_key in ['almalinux', 'almalinux8', 'almalinux9', 'almalinux10'] - ansible.builtin.include_tasks: almalinux.yml - - - name: Include Alpine bootstrap tasks - when: bootstrap_os_key == 'alpine' - ansible.builtin.include_tasks: alpine.yml - - - name: Include ArchLinux bootstrap tasks - when: bootstrap_os_key == 'archlinux' - ansible.builtin.include_tasks: archlinux.yml - - - name: Include Debian bootstrap tasks - when: bootstrap_os_key in ['debian10', 'debian11', 'debian12', 'debian13', 'debianunstable'] - ansible.builtin.include_tasks: debian.yml - - - name: Include Fedora bootstrap tasks - when: bootstrap_os_key in ['fedora', 'fedora40', 'fedora41', 'fedora42', 'fedora43'] - ansible.builtin.include_tasks: fedora.yml - - - name: Include openSUSE bootstrap tasks - when: bootstrap_os_key == 'opensuse' - ansible.builtin.include_tasks: opensuse.yml - - - name: Include Rocky bootstrap tasks - when: bootstrap_os_key in ['rocky', 'rocky8', 'rocky9', 'rocky10'] - ansible.builtin.include_tasks: rocky.yml - - - name: Include RHEL bootstrap tasks - when: bootstrap_os_key in ['rhel8', 'rhel9', 'rhel10'] - ansible.builtin.include_tasks: rhel.yml - - - name: Include Ubuntu bootstrap tasks - when: bootstrap_os_key in ['ubuntu', 'ubuntu-lts'] - ansible.builtin.include_tasks: ubuntu.yml - - - name: Include Void bootstrap tasks - when: bootstrap_os_key == 'void' - ansible.builtin.include_tasks: void.yml + bootstrap_os_task_map: + almalinux: almalinux.yml + alpine: alpine.yml + archlinux: archlinux.yml + debian: debian.yml + fedora: fedora.yml + opensuse: opensuse.yml + rocky: rocky.yml + rhel: rhel.yml + ubuntu: ubuntu.yml + ubuntu-lts: ubuntu.yml + void: void.yml + bootstrap_var_key: "{{ 'bootstrap_' + (os | replace('-lts', '') | replace('-', '_')) }}" + ansible.builtin.include_tasks: "{{ bootstrap_os_task_map[os] }}" diff --git a/roles/bootstrap/tasks/rhel.yml b/roles/bootstrap/tasks/rhel.yml index 167364c..4316753 100644 --- a/roles/bootstrap/tasks/rhel.yml +++ b/roles/bootstrap/tasks/rhel.yml @@ -2,10 +2,8 @@ - name: Bootstrap RHEL System block: - name: Install base packages in chroot environment - vars: - bootstrap_rhel_release: "{{ bootstrap_os_key | replace('rhel', '') }}" ansible.builtin.command: >- - dnf --releasever={{ bootstrap_rhel_release }} --repo={{ bootstrap_os_key }}-baseos + dnf --releasever={{ os_version_major }} --repo=rhel{{ os_version_major }}-baseos --installroot=/mnt --setopt=install_weak_deps=False --setopt=optional_metadata_types=filelists groupinstall -y core base standard @@ -39,14 +37,13 @@ - name: Copy RHEL repo file into chroot environment ansible.builtin.copy: - src: /etc/yum.repos.d/{{ bootstrap_os_key }}.repo + src: /etc/yum.repos.d/rhel.repo dest: /mnt/etc/yum.repos.d/redhat.repo mode: "0644" remote_src: true - name: Install additional packages in chroot vars: - bootstrap_rhel_release: "{{ bootstrap_os_key | replace('rhel', '') }}" bootstrap_rhel_extra: >- {{ lookup('vars', bootstrap_var_key) @@ -54,7 +51,7 @@ | join(' ') }} ansible.builtin.command: >- - {{ chroot_command }} dnf --releasever={{ bootstrap_rhel_release }} + {{ chroot_command }} dnf --releasever={{ os_version_major }} --setopt=install_weak_deps=False install -y {{ bootstrap_rhel_extra }} register: bootstrap_result changed_when: bootstrap_result.rc == 0 diff --git a/roles/bootstrap/tasks/ubuntu.yml b/roles/bootstrap/tasks/ubuntu.yml index 8b835f4..36d2e4b 100644 --- a/roles/bootstrap/tasks/ubuntu.yml +++ b/roles/bootstrap/tasks/ubuntu.yml @@ -2,7 +2,7 @@ - name: Bootstrap Ubuntu System vars: bootstrap_ubuntu_release: >- - {{ 'plucky' if bootstrap_os_key == 'ubuntu' else 'noble' }} + {{ 'plucky' if os == 'ubuntu' else 'noble' }} bootstrap_ubuntu_package_config: >- {{ lookup('vars', bootstrap_var_key) diff --git a/roles/bootstrap/vars/main.yml b/roles/bootstrap/vars/main.yml index 877c4da..54f13c7 100644 --- a/roles/bootstrap/vars/main.yml +++ b/roles/bootstrap/vars/main.yml @@ -1,28 +1,24 @@ --- -bootstrap_rhel_base: - - bind-utils - - dhcp-client - - efibootmgr +# Common conditional packages shared across distributions. +# Arch overrides nftables with iptables-nft; SSH package names vary per distro. +bootstrap_common_conditional: - "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}" - "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}" - "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}" - "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}" - - glibc-langpack-de - - glibc-langpack-en - - lrzsz - - lvm2 - - mtr - - ncurses-term - - nfs-utils - - policycoreutils-python-utils - - shim - - tmux - "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}" - "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}" - "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}" - "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}" - - vim - - zstd + +bootstrap_rhel_base: >- + {{ + ['bind-utils', 'dhcp-client', 'efibootmgr', + 'glibc-langpack-de', 'glibc-langpack-en', 'lrzsz', + 'lvm2', 'mtr', 'ncurses-term', 'nfs-utils', + 'policycoreutils-python-utils', 'shim', 'tmux', 'vim', 'zstd'] + + bootstrap_common_conditional + }} bootstrap_rhel_versioned: - grub2 @@ -32,72 +28,33 @@ bootstrap_rhel_versioned: - "{{ 'kernel' if os_version_major | default('') == '10' else '' }}" - "{{ 'zram-generator' if os_version_major | default('') in ['9', '10'] else '' }}" -bootstrap_rhel_common: "{{ bootstrap_rhel_base + bootstrap_rhel_versioned }}" +bootstrap_rhel: "{{ bootstrap_rhel_base + bootstrap_rhel_versioned }}" -bootstrap_rhel8: "{{ bootstrap_rhel_common }}" -bootstrap_rhel9: "{{ bootstrap_rhel_common }}" -bootstrap_rhel10: "{{ bootstrap_rhel_common }}" +bootstrap_almalinux: >- + {{ + bootstrap_rhel_base + + ['grub2', 'grub2-efi', 'dbus-daemon', 'lrzsz', + 'nfsv4-client-utils', 'nc', 'ppp', 'zram-generator'] + }} -bootstrap_almalinux: - "{{ bootstrap_rhel_base + ['grub2', 'grub2-efi', 'dbus-daemon', 'lrzsz', 'nfsv4-client-utils', 'nc', 'ppp', 'zram-generator'] }}" +bootstrap_rocky: >- + {{ + bootstrap_rhel_base + + ['grub2', 'grub2-efi', 'nfsv4-client-utils', 'nc', 'ppp', + 'telnet', 'util-linux-core', 'wget', 'zram-generator'] + }} -bootstrap_rocky: - "{{ bootstrap_rhel_base + ['grub2', 'grub2-efi', 'nfsv4-client-utils', 'nc', 'ppp', 'telnet', 'util-linux-core', 'wget', 'zram-generator'] }}" - -bootstrap_almalinux8: "{{ bootstrap_almalinux }}" -bootstrap_almalinux9: "{{ bootstrap_almalinux }}" -bootstrap_almalinux10: "{{ bootstrap_almalinux }}" - -bootstrap_rocky8: "{{ bootstrap_rocky }}" -bootstrap_rocky9: "{{ bootstrap_rocky }}" -bootstrap_rocky10: "{{ bootstrap_rocky }}" - -bootstrap_fedora: - - bat - - bind-utils - - btrfs-progs - - cronie - - dhcp-client - - duf - - efibootmgr - - entr - - "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}" - - "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}" - - "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}" - - "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}" - - fish - - fzf - - glibc-langpack-de - - glibc-langpack-en - - grub2 - - grub2-efi - - htop - - iperf3 - - logrotate - - lrzsz - - lvm2 - - nc - - nfs-utils - - nfsv4-client-utils - - polkit - - ppp - - ripgrep - - shim - - tmux - - "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}" - - "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}" - - vim-default-editor - - wget - - zoxide - - zram-generator - - zstd - -bootstrap_fedora40: "{{ bootstrap_fedora }}" -bootstrap_fedora41: "{{ bootstrap_fedora }}" -bootstrap_fedora42: "{{ bootstrap_fedora }}" -bootstrap_fedora43: "{{ bootstrap_fedora }}" +bootstrap_fedora: >- + {{ + ['bat', 'bind-utils', 'btrfs-progs', 'cronie', 'dhcp-client', + 'duf', 'efibootmgr', 'entr', 'fish', 'fzf', + 'glibc-langpack-de', 'glibc-langpack-en', 'grub2', 'grub2-efi', + 'htop', 'iperf3', 'logrotate', 'lrzsz', 'lvm2', + 'nc', 'nfs-utils', 'nfsv4-client-utils', 'polkit', 'ppp', + 'ripgrep', 'shim', 'tmux', 'vim-default-editor', + 'wget', 'zoxide', 'zram-generator', 'zstd'] + + bootstrap_common_conditional + }} bootstrap_debian_base_common: - btrfs-progs @@ -123,8 +80,6 @@ bootstrap_debian_extra_common: - chrony - curl - entr - - "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}" - - "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}" - fish - fzf - htop @@ -142,9 +97,6 @@ bootstrap_debian_extra_common: - sudo - syslog-ng - tcpd - - "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}" - vim - wget - zstd @@ -160,13 +112,12 @@ bootstrap_debian_extra_versioned: bootstrap_debian: base: "{{ bootstrap_debian_base_common }}" - extra: "{{ bootstrap_debian_extra_common + bootstrap_debian_extra_versioned }}" - -bootstrap_debian10: "{{ bootstrap_debian }}" -bootstrap_debian11: "{{ bootstrap_debian }}" -bootstrap_debian12: "{{ bootstrap_debian }}" -bootstrap_debian13: "{{ bootstrap_debian }}" -bootstrap_debianunstable: "{{ bootstrap_debian }}" + extra: >- + {{ + bootstrap_debian_extra_common + + bootstrap_debian_extra_versioned + + bootstrap_common_conditional + }} bootstrap_ubuntu: base: @@ -178,94 +129,38 @@ bootstrap_ubuntu: + ['bash-completion', 'dnsutils', 'duf', 'eza', 'fdupes', 'fio', 'ncurses-term', 'software-properties-common', 'systemd-zram-generator', 'tldr', 'traceroute', 'util-linux-extra', 'yq', 'zoxide'] + + bootstrap_common_conditional }} -bootstrap_ubuntu_lts: - base: - - linux-image-generic - extra: >- - {{ - bootstrap_debian_base_common - + bootstrap_debian_extra_common - + ['bash-completion', 'dnsutils', 'duf', 'eza', 'fdupes', 'fio', - 'ncurses-term', 'software-properties-common', 'systemd-zram-generator', - 'tldr', 'traceroute', 'util-linux-extra', 'yq', 'zoxide'] - }} +bootstrap_archlinux: >- + {{ + ['base', 'btrfs-progs', 'cronie', 'dhcpcd', 'efibootmgr', 'fastfetch', + 'fish', 'fzf', 'grub', 'htop', 'libpwquality', 'linux', 'logrotate', + 'lrzsz', 'lsof', 'lvm2', 'ncdu', 'networkmanager', 'nfs-utils', + 'ppp', 'prometheus-node-exporter', 'python-psycopg2', 'reflector', + 'rsync', 'sudo', 'tldr', 'tmux', 'vim', 'wireguard-tools', 'zram-generator'] + + [('openssh' if system_cfg.features.ssh.enabled | bool else '')] + + [('iptables-nft' if system_cfg.features.firewall.toolkit == 'nftables' else '')] + + (bootstrap_common_conditional | reject('equalto', 'nftables') | list) + }} -bootstrap_archlinux: - - base - - btrfs-progs - - cronie - - dhcpcd - - efibootmgr - - fastfetch - - "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}" - - "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}" - - "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}" - - "{{ 'iptables-nft' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}" - - fish - - fzf - - grub - - htop - - libpwquality - - linux - - logrotate - - lrzsz - - lsof - - lvm2 - - ncdu - - networkmanager - - nfs-utils - - "{{ 'openssh' if system_cfg.features.ssh.enabled | bool else '' }}" - - ppp - - prometheus-node-exporter - - python-psycopg2 - - reflector - - rsync - - sudo - - tldr - - tmux - - "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}" - - "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}" - - vim - - wireguard-tools - - zram-generator +bootstrap_alpine: >- + {{ + ['alpine-base', 'vim'] + + [('openssh' if system_cfg.features.ssh.enabled | bool else '')] + + bootstrap_common_conditional + }} -bootstrap_alpine: - - alpine-base - - vim - - "{{ 'openssh' if system_cfg.features.ssh.enabled | bool else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}" - - "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}" - - "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}" - - "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}" - - "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}" - - "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}" - - "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}" +bootstrap_opensuse: >- + {{ + ['vim'] + + [('openssh' if system_cfg.features.ssh.enabled | bool else '')] + + bootstrap_common_conditional + }} -bootstrap_opensuse: - - vim - - "{{ 'openssh' if system_cfg.features.ssh.enabled | bool else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}" - - "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}" - - "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}" - - "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}" - - "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}" - - "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}" - - "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}" - -bootstrap_void: - - vim - - "{{ 'openssh' if system_cfg.features.ssh.enabled | bool else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}" - - "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}" - - "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}" - - "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}" - - "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}" - - "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}" - - "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}" +bootstrap_void: >- + {{ + ['vim'] + + [('openssh' if system_cfg.features.ssh.enabled | bool else '')] + + bootstrap_common_conditional + }} diff --git a/roles/configuration/defaults/main.yml b/roles/configuration/defaults/main.yml deleted file mode 100644 index 07a3524..0000000 --- a/roles/configuration/defaults/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -configuration_motd_enabled: "{{ system_cfg.features.banner.motd | bool }}" -configuration_sudo_banner_enabled: "{{ system_cfg.features.banner.sudo | bool }}" -configuration_firewall_enabled: "{{ system_cfg.features.firewall.enabled | bool }}" -configuration_luks_enabled: "{{ system_cfg.luks.enabled | bool }}" diff --git a/roles/configuration/tasks/banner.yml b/roles/configuration/tasks/banner.yml index 1136c1e..41cfe2b 100644 --- a/roles/configuration/tasks/banner.yml +++ b/roles/configuration/tasks/banner.yml @@ -1,6 +1,6 @@ --- - name: Configure MOTD - when: configuration_motd_enabled | bool + when: system_cfg.features.banner.motd | bool block: - name: Create MOTD file ansible.builtin.copy: @@ -24,7 +24,7 @@ failed_when: false - name: Configure sudo banner - when: configuration_sudo_banner_enabled | bool + when: system_cfg.features.banner.sudo | bool block: - name: Create sudoers banner directory ansible.builtin.file: diff --git a/roles/configuration/tasks/locales.yml b/roles/configuration/tasks/locales.yml index 15dc6ff..912ebdc 100644 --- a/roles/configuration/tasks/locales.yml +++ b/roles/configuration/tasks/locales.yml @@ -6,7 +6,7 @@ - name: Set local timezone ansible.builtin.file: - src: /usr/share/zoneinfo/Europe/Vienna + src: /usr/share/zoneinfo/{{ system_cfg.timezone }} dest: /mnt/etc/localtime state: link force: true @@ -20,7 +20,7 @@ regexp: "{{ item.regex }}" line: "{{ item.line }}" loop: - - { regex: en_US\.UTF-8 UTF-8, line: en_US.UTF-8 UTF-8 } + - { regex: "{{ system_cfg.locale }} UTF-8", line: "{{ system_cfg.locale }} UTF-8" } - name: Generate locales when: not is_rhel | bool @@ -29,19 +29,22 @@ changed_when: configuration_locale_result.rc == 0 - - name: Set hostname - vars: - configuration_dns_domain: "{{ (system_cfg.network.dns.search | default([]) | first | default('')) | string }}" + - name: Compute hostname variables + ansible.builtin.set_fact: + configuration_dns_domain: >- + {{ (system_cfg.network.dns.search | default([]) | first | default('')) | string }} configuration_hostname_fqdn: >- {{ hostname if '.' in hostname else ( - hostname + '.' + configuration_dns_domain - if configuration_dns_domain | length > 0 + hostname + '.' + (system_cfg.network.dns.search | default([]) | first | default('') | string) + if (system_cfg.network.dns.search | default([]) | first | default('') | string) | length > 0 else hostname ) }} + + - name: Set hostname ansible.builtin.copy: content: "{{ configuration_hostname_fqdn }}" dest: /mnt/etc/hostname @@ -49,17 +52,6 @@ - name: Add host entry to /etc/hosts vars: - configuration_dns_domain: "{{ (system_cfg.network.dns.search | default([]) | first | default('')) | string }}" - configuration_hostname_fqdn: >- - {{ - hostname - if '.' in hostname - else ( - hostname + '.' + configuration_dns_domain - if configuration_dns_domain | length > 0 - else hostname - ) - }} configuration_hostname_short: "{{ hostname.split('.')[0] }}" configuration_hostname_entries: >- {{ [configuration_hostname_fqdn, configuration_hostname_short] | unique | join(' ') }} @@ -78,13 +70,13 @@ - name: Create vconsole.conf ansible.builtin.copy: - content: KEYMAP=us + content: "KEYMAP={{ system_cfg.keymap }}" dest: /mnt/etc/vconsole.conf mode: "0644" - name: Create locale.conf ansible.builtin.copy: - content: LANG=en_US.UTF-8 + content: "LANG={{ system_cfg.locale }}" dest: /mnt/etc/locale.conf mode: "0644" diff --git a/roles/configuration/templates/firstrun.sh.j2 b/roles/configuration/templates/firstrun.sh.j2 deleted file mode 100644 index 996b30b..0000000 --- a/roles/configuration/templates/firstrun.sh.j2 +++ /dev/null @@ -1,145 +0,0 @@ -#!/bin/bash - -# Colors -RED='\033[0;31m' -GREEN='\033[0;32m' -BLUE='\033[1;34m' -NC='\033[0m' # No Color - -# Ask for and set the hostname -echo -e "${BLUE}Enter the hostname:${NC}" -read -r new_hostname - -# Detect the network interface -network_interface=$(nmcli -t -f DEVICE connection show --active | head -n 1) - -# Ask for and set the IP address -echo -e "${BLUE}Enter the IP address (eg.: 10.11.x.x/24):${NC}" -read -r ip_address - -# Ask for and set the DNS server -default_dns1="10.11.23.10" -default_dns2="10.11.23.18" -echo -e "${BLUE}Enter the DNS server (default: $default_dns1, $default_dns2):${NC}" -read -r dns_server -dns_server=${dns_server:-"$default_dns1 $default_dns2"} - -# Ask if Btrfs compression should be enabled -if [[ $(df -T / | awk 'NR==2 {print $2}') == "btrfs" ]]; then - echo -e "${BLUE}Do you want to enable Btrfs compression? (y/n):${NC}" - read -r enable_compression -fi - -if [[ "$enable_compression" == "y" || "$enable_compression" == "Y" ]]; then - # Ask for the use case - echo -e "${BLUE} the use case:${NC}" - echo "1. Databases, File Storage, etc (recommended compression level: 15)" - echo "2. Real-time compression (recommended compression level: 3)" - echo "3. Custom compression level" - read -r use_case - - # Set the recommended compression level based on the use case - case "$use_case" in - 1) compression_level=15 ;; - 2) compression_level=3 ;; - 3) echo -e "${BLUE}Enter the custom compression level (1-15):${NC}" - read -r compression_level ;; - *) echo -e "${RED}Invalid use case. Exiting script.${NC}"; exit 1 ;; - esac -fi - -# Ask if CheckMK Agent should be installed -echo -e "${BLUE}Do you want to install the CheckMK Agent? (y/n):${NC}" -read -r install_checkmk_agent - -# Ask if ports and services should be opened -echo -e "${BLUE}Do you want to open any ports or services? (y/n):${NC}" -read -r open_ports_services - -if [[ "$open_ports_services" == "y" || "$open_ports_services" == "Y" ]]; then - # Ask for and set the services to open - echo -e "${BLUE}Enter the services to open (comma-separated):${NC}" - read -r services - - # Ask for and set the ports to open - echo -e "${BLUE}Enter the ports to open (comma-separated):${NC}" - read -r ports -fi - -# Apply Changes -echo -e "${BLUE}Are you sure you want to apply the changes? This may cause a loss of SSH connection. (y/n):${NC}" -read -r answer - -# Check the user's response -if [[ "$answer" == "y" || "$answer" == "Y" ]]; then - # Comment out the script execution line in .bashrc - sed -i '/~\/firstrun\.sh/s/^/#/' ~/.bashrc - hostnamectl set-hostname "$new_hostname" - - nmcli device modify "$network_interface" ipv4.dns "$dns_server" > /dev/null - nmcli device modify "$network_interface" ipv6.method ignore > /dev/null - nmcli device modify "$network_interface" ipv4.addresses "$ip_address" ipv4.method manual > /dev/null - - # Modify /etc/hosts file - ip_address=$(echo "$ip_address" | sed 's/.\{3\}$//') - if grep "$ip_address" /etc/hosts > /dev/null 2>&1; then - echo "IP address already exists in /etc/hosts" - else - # Add IP address and hostname after the "127.0.0.1 localhost" entry - sed -i '1a\'"$ip_address\t$new_hostname" /etc/hosts - - if [ $? -eq 0 ]; then - echo "IP address and hostname added to /etc/hosts" - else - echo "Failed to add IP address and hostname to /etc/hosts" - fi - fi - - # Modify Btrfs compression settings in /etc/fstab - if [[ "$enable_compression" == "y" || "$enable_compression" == "Y" ]]; then - if ! grep -q "compress=zstd" /etc/fstab; then - sed -i "/btrfs/s/defaults/defaults,compress=zstd:$compression_level/" /etc/fstab - else - sed -i "/btrfs/s/compress=zstd:[0-9]*/compress=zstd:$compression_level/" /etc/fstab - fi - else - if grep -q "compress=zstd" /etc/fstab; then - sed -i "/btrfs/s/,compress=zstd:[0-9]*//" /etc/fstab - fi - fi - - if [[ "$install_checkmk_agent" == "y" || "$install_checkmk_agent" == "Y" ]]; then - # Run the CheckMK Agent installation script - bash Scripts/install_checkmk_agent.sh - fi - - if [[ "$open_ports_services" == "y" || "$open_ports_services" == "Y" ]]; then - # Open the specified services - IFS=',' read -ra service_array <<< "$services" - for service in "${service_array[@]}"; do - firewall-cmd --add-service="$service" --permanent > /dev/null - done - - # Open the specified ports - IFS=',' read -ra port_array <<< "$ports" - for port in "${port_array[@]}"; do - firewall-cmd --add-port="$port"/tcp --permanent > /dev/null - done - - firewall-cmd --reload > /dev/null 2>&1 - fi - - # Open port 6556/tcp for CheckMK Agent if it was installed - if [[ "$install_checkmk_agent" == "y" || "$install_checkmk_agent" == "Y" ]]; then - firewall-cmd --add-port=6556/tcp --permanent > /dev/null 2>&1 - firewall-cmd --reload > /dev/null 2>&1 - else - firewall-cmd --remove-port=6556/tcp --permanent > /dev/null 2>&1 - firewall-cmd --reload > /dev/null 2>&1 - fi - - echo -e "${GREEN}Changes applied successfully.${NC}" -else - echo -e "${RED}Changes not applied. Exiting script.${NC}" - exit 0 -fi \ No newline at end of file diff --git a/roles/environment/tasks/main.yml b/roles/environment/tasks/main.yml index 5ef47e2..8205260 100644 --- a/roles/environment/tasks/main.yml +++ b/roles/environment/tasks/main.yml @@ -163,7 +163,7 @@ - name: Setup Pacman when: - not (custom_iso | bool) - - item.os is not defined or (os_resolved | default(os)) in item.os + - item.os is not defined or os in item.os community.general.pacman: update_cache: true force: true @@ -171,9 +171,9 @@ state: latest loop: - { name: glibc } - - { name: dnf, os: [almalinux8, almalinux9, almalinux10, fedora40, fedora41, fedora42, fedora43, rhel8, rhel9, rhel10, rocky8, rocky9, rocky10] } - - { name: debootstrap, os: [debian10, debian11, debian12, debian13, debianunstable, ubuntu, ubuntu-lts] } - - { name: debian-archive-keyring, os: [debian10, debian11, debian12, debian13, debianunstable] } + - { name: dnf, os: [almalinux, fedora, rhel, rocky] } + - { name: debootstrap, os: [debian, ubuntu, ubuntu-lts] } + - { name: debian-archive-keyring, os: [debian] } - { name: ubuntu-keyring, os: [ubuntu, ubuntu-lts] } retries: 4 delay: 15 @@ -210,12 +210,7 @@ block: - name: Select repository template ansible.builtin.set_fact: - environment_repo_template: >- - {{ - (os_resolved | default(os)) | lower - if os == 'rhel' - else os | lower - }} + environment_repo_template: "{{ os | lower }}" changed_when: false - name: Create directories for repository files and RPM GPG keys diff --git a/roles/global_defaults/defaults/main.yml b/roles/global_defaults/defaults/main.yml index 321524e..093af5c 100644 --- a/roles/global_defaults/defaults/main.yml +++ b/roles/global_defaults/defaults/main.yml @@ -38,6 +38,9 @@ system_defaults: search: [] interfaces: [] path: "" + timezone: "Europe/Vienna" + locale: "en_US.UTF-8" + keymap: "us" packages: [] disks: [] users: [] diff --git a/roles/global_defaults/tasks/main.yml b/roles/global_defaults/tasks/main.yml index 6d67719..feb15a3 100644 --- a/roles/global_defaults/tasks/main.yml +++ b/roles/global_defaults/tasks/main.yml @@ -2,7 +2,6 @@ - name: Global defaults loaded ansible.builtin.debug: msg: Global defaults loaded. - changed_when: false - name: Normalize hypervisor inputs ansible.builtin.include_tasks: hypervisor.yml @@ -17,7 +16,6 @@ ansible.builtin.set_fact: is_rhel: "{{ os | lower in ['almalinux', 'fedora', 'rhel', 'rocky'] }}" is_debian: "{{ os | lower in ['debian', 'ubuntu', 'ubuntu-lts'] }}" - changed_when: false - name: Normalize OS version for keying when: @@ -25,23 +23,6 @@ - (os_version | string | length) > 0 ansible.builtin.set_fact: os_version_major: "{{ (os_version | string).split('.')[0] }}" - changed_when: false - -- name: Resolve final OS key with version - when: - - os_version is defined - - (os_version | string | length) > 0 - ansible.builtin.set_fact: - os_resolved: >- - {{ - 'debian' + os_version | string if os == 'debian' - else 'fedora' + os_version | string if os == 'fedora' - else 'rocky' + os_version_major if os == 'rocky' - else 'almalinux' + os_version_major if os == 'almalinux' - else 'rhel' + os_version_major if os == 'rhel' - else os - }} - changed_when: false - name: Set chroot command wrapper ansible.builtin.set_fact: @@ -51,7 +32,6 @@ if (system_cfg.features.chroot.tool | default('arch-chroot')) == 'systemd-nspawn' else (system_cfg.features.chroot.tool | default('arch-chroot')) ~ ' /mnt' }} - changed_when: false - name: Set Python interpreter for RHEL-based installers when: @@ -59,7 +39,6 @@ - is_rhel | bool ansible.builtin.set_fact: ansible_python_interpreter: /usr/bin/python3 - changed_when: false - name: Set SSH access when: @@ -70,10 +49,8 @@ ansible_password: "{{ system_cfg.users[0].password }}" ansible_become_password: "{{ system_cfg.users[0].password }}" ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" - changed_when: false - name: Set connection for VMware when: hypervisor_type == "vmware" ansible.builtin.set_fact: ansible_connection: vmware_tools - changed_when: false diff --git a/roles/global_defaults/tasks/system.yml b/roles/global_defaults/tasks/system.yml index 7ef2353..650f5b2 100644 --- a/roles/global_defaults/tasks/system.yml +++ b/roles/global_defaults/tasks/system.yml @@ -114,6 +114,9 @@ else [] ) }} + timezone: "{{ system_raw.timezone | default('Europe/Vienna') | string }}" + locale: "{{ system_raw.locale | default('en_US.UTF-8') | string }}" + keymap: "{{ system_raw.keymap | default('us') | string }}" path: "{{ system_raw.path | default('') | string }}" packages: >- {{ diff --git a/templates/rhel9.repo.j2 b/templates/rhel.repo.j2 similarity index 64% rename from templates/rhel9.repo.j2 rename to templates/rhel.repo.j2 index 4eeb34a..dee3c63 100644 --- a/templates/rhel9.repo.j2 +++ b/templates/rhel.repo.j2 @@ -1,12 +1,12 @@ -[rhel9-baseos] -name=RHEL 9 BaseOS +[rhel{{ os_version_major }}-baseos] +name=RHEL {{ os_version_major }} BaseOS baseurl=file:///usr/local/install/redhat/dvd/BaseOS enabled=1 gpgcheck=0 gpgkey=file:///usr/local/install/redhat/dvd/RPM-GPG-KEY-redhat-release -[rhel9-appstream] -name=RHEL 9 AppStream +[rhel{{ os_version_major }}-appstream] +name=RHEL {{ os_version_major }} AppStream baseurl=file:///usr/local/install/redhat/dvd/AppStream enabled=1 gpgcheck=0 diff --git a/templates/rhel10.repo.j2 b/templates/rhel10.repo.j2 deleted file mode 100644 index bbc3118..0000000 --- a/templates/rhel10.repo.j2 +++ /dev/null @@ -1,13 +0,0 @@ -[rhel10-baseos] -name=RHEL 10 BaseOS -baseurl=file:///usr/local/install/redhat/dvd/BaseOS -enabled=1 -gpgcheck=0 -gpgkey=file:///usr/local/install/redhat/dvd/RPM-GPG-KEY-redhat-release - -[rhel10-appstream] -name=RHEL 10 AppStream -baseurl=file:///usr/local/install/redhat/dvd/AppStream -enabled=1 -gpgcheck=0 -gpgkey=file:///usr/local/install/redhat/dvd/RPM-GPG-KEY-redhat-release diff --git a/templates/rhel8.repo.j2 b/templates/rhel8.repo.j2 deleted file mode 100644 index 7638279..0000000 --- a/templates/rhel8.repo.j2 +++ /dev/null @@ -1,13 +0,0 @@ -[rhel8-baseos] -name=RHEL 8 BaseOS -baseurl=file:///usr/local/install/redhat/dvd/BaseOS -enabled=1 -gpgcheck=0 -gpgkey=file:///usr/local/install/redhat/dvd/RPM-GPG-KEY-redhat-release - -[rhel8-appstream] -name=RHEL 8 AppStream -baseurl=file:///usr/local/install/redhat/dvd/AppStream -enabled=1 -gpgcheck=0 -gpgkey=file:///usr/local/install/redhat/dvd/RPM-GPG-KEY-redhat-release