sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(bootstrap): standardize patterns, extract common logic, remove dead code

Browse Source 
- Make timezone, locale, and keymap configurable via system_cfg
- Consolidate rhel8/9/10.repo.j2 into single rhel.repo.j2 template
- Extract bootstrap_common_conditional for shared firewall/LUKS/guest packages
- Remove redundant version aliases (fedora40-43, debian10-13, rhel8-10, etc.)
- Simplify bootstrap dispatch from 10 conditional blocks to single mapping
- Merge bootstrap_ubuntu_lts into bootstrap_ubuntu (identical)
- Remove orphaned firstrun.sh.j2 template
- Remove configuration/defaults/main.yml aliases, inline into banner.yml
- Remove unnecessary changed_when: false on set_fact/debug tasks
- Deduplicate hostname variable computation in locales.yml
- Update README with timezone/locale/keymap variable reference

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Sandwich
2026-02-12 23:14:17 +01:00
parent 8f8ce341ae
commit ac4f689d51
16 changed files with 122 additions and 461 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -166,6 +166,9 @@ Top-level host install/runtime settings. Use these keys under `system`.
| `version` | string | empty | Version selector for distro families | | `version` | string | empty | Version selector for distro families |
| `filesystem` | string | empty | `btrfs`, `ext4`, or `xfs` | | `filesystem` | string | empty | `btrfs`, `ext4`, or `xfs` |
| `name` | string | inventory hostname | Final hostname | | `name` | string | inventory hostname | Final hostname |
| `timezone` | string | `Europe/Vienna` | System timezone (tz database name) |
| `locale` | string | `en_US.UTF-8` | System locale |
| `keymap` | string | `us` | Console keymap (`vconsole.conf`) |
| `id` | int/string | empty | VMID (required for Proxmox) | | `id` | int/string | empty | VMID (required for Proxmox) |
| `cpus` | int | `0` | vCPU count | | `cpus` | int | `0` | vCPU count |
| `memory` | int | `0` | Memory in MiB | | `memory` | int | `0` | Memory in MiB |

56
roles/bootstrap/tasks/main.yml
View File

@@ -1,45 +1,17 @@
--- ---
- name: Run OS-specific bootstrap process - name: Run OS-specific bootstrap process
vars: vars:
bootstrap_os_key: "{{ (os_resolved | default(os)) | lower }}" bootstrap_os_task_map:
bootstrap_var_key: "{{ 'bootstrap_' + ((os_resolved | default(os)) | lower | replace('-', '_')) }}" almalinux: almalinux.yml
block: alpine: alpine.yml
- name: Include AlmaLinux bootstrap tasks archlinux: archlinux.yml
when: bootstrap_os_key in ['almalinux', 'almalinux8', 'almalinux9', 'almalinux10'] debian: debian.yml
ansible.builtin.include_tasks: almalinux.yml fedora: fedora.yml
opensuse: opensuse.yml
- name: Include Alpine bootstrap tasks rocky: rocky.yml
when: bootstrap_os_key == 'alpine' rhel: rhel.yml
ansible.builtin.include_tasks: alpine.yml ubuntu: ubuntu.yml
ubuntu-lts: ubuntu.yml
- name: Include ArchLinux bootstrap tasks void: void.yml
when: bootstrap_os_key == 'archlinux' bootstrap_var_key: "{{ 'bootstrap_' + (os | replace('-lts', '') | replace('-', '_')) }}"
ansible.builtin.include_tasks: archlinux.yml ansible.builtin.include_tasks: "{{ bootstrap_os_task_map[os] }}"
- name: Include Debian bootstrap tasks
when: bootstrap_os_key in ['debian10', 'debian11', 'debian12', 'debian13', 'debianunstable']
ansible.builtin.include_tasks: debian.yml
- name: Include Fedora bootstrap tasks
when: bootstrap_os_key in ['fedora', 'fedora40', 'fedora41', 'fedora42', 'fedora43']
ansible.builtin.include_tasks: fedora.yml
- name: Include openSUSE bootstrap tasks
when: bootstrap_os_key == 'opensuse'
ansible.builtin.include_tasks: opensuse.yml
- name: Include Rocky bootstrap tasks
when: bootstrap_os_key in ['rocky', 'rocky8', 'rocky9', 'rocky10']
ansible.builtin.include_tasks: rocky.yml
- name: Include RHEL bootstrap tasks
when: bootstrap_os_key in ['rhel8', 'rhel9', 'rhel10']
ansible.builtin.include_tasks: rhel.yml
- name: Include Ubuntu bootstrap tasks
when: bootstrap_os_key in ['ubuntu', 'ubuntu-lts']
ansible.builtin.include_tasks: ubuntu.yml
- name: Include Void bootstrap tasks
when: bootstrap_os_key == 'void'
ansible.builtin.include_tasks: void.yml

9
roles/bootstrap/tasks/rhel.yml
View File

@@ -2,10 +2,8 @@
- name: Bootstrap RHEL System - name: Bootstrap RHEL System
block: block:
- name: Install base packages in chroot environment - name: Install base packages in chroot environment
vars:
bootstrap_rhel_release: "{{ bootstrap_os_key | replace('rhel', '') }}"
ansible.builtin.command: >- ansible.builtin.command: >-
dnf --releasever={{ bootstrap_rhel_release }} --repo={{ bootstrap_os_key }}-baseos dnf --releasever={{ os_version_major }} --repo=rhel{{ os_version_major }}-baseos
--installroot=/mnt --installroot=/mnt
--setopt=install_weak_deps=False --setopt=optional_metadata_types=filelists --setopt=install_weak_deps=False --setopt=optional_metadata_types=filelists
groupinstall -y core base standard groupinstall -y core base standard
@@ -39,14 +37,13 @@
- name: Copy RHEL repo file into chroot environment - name: Copy RHEL repo file into chroot environment
ansible.builtin.copy: ansible.builtin.copy:
src: /etc/yum.repos.d/{{ bootstrap_os_key }}.repo src: /etc/yum.repos.d/rhel.repo
dest: /mnt/etc/yum.repos.d/redhat.repo dest: /mnt/etc/yum.repos.d/redhat.repo
mode: "0644" mode: "0644"
remote_src: true remote_src: true
- name: Install additional packages in chroot - name: Install additional packages in chroot
vars: vars:
bootstrap_rhel_release: "{{ bootstrap_os_key | replace('rhel', '') }}"
bootstrap_rhel_extra: >- bootstrap_rhel_extra: >-
{{ {{
lookup('vars', bootstrap_var_key) lookup('vars', bootstrap_var_key)
@@ -54,7 +51,7 @@
| join(' ') | join(' ')
}} }}
ansible.builtin.command: >- ansible.builtin.command: >-
{{ chroot_command }} dnf --releasever={{ bootstrap_rhel_release }} {{ chroot_command }} dnf --releasever={{ os_version_major }}
--setopt=install_weak_deps=False install -y {{ bootstrap_rhel_extra }} --setopt=install_weak_deps=False install -y {{ bootstrap_rhel_extra }}
register: bootstrap_result register: bootstrap_result
changed_when: bootstrap_result.rc == 0 changed_when: bootstrap_result.rc == 0

2
roles/bootstrap/tasks/ubuntu.yml
View File

@@ -2,7 +2,7 @@
- name: Bootstrap Ubuntu System - name: Bootstrap Ubuntu System
vars: vars:
bootstrap_ubuntu_release: >- bootstrap_ubuntu_release: >-
{{ 'plucky' if bootstrap_os_key == 'ubuntu' else 'noble' }} {{ 'plucky' if os == 'ubuntu' else 'noble' }}
bootstrap_ubuntu_package_config: >- bootstrap_ubuntu_package_config: >-
{{ {{
lookup('vars', bootstrap_var_key) lookup('vars', bootstrap_var_key)

249
roles/bootstrap/vars/main.yml
View File

@@ -1,28 +1,24 @@
--- ---
bootstrap_rhel_base: # Common conditional packages shared across distributions.
- bind-utils # Arch overrides nftables with iptables-nft; SSH package names vary per distro.
- dhcp-client bootstrap_common_conditional:
- efibootmgr
- "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}" - "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}"
- "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}" - "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}"
- "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}" - "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}"
- "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}" - "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}"
- glibc-langpack-de
- glibc-langpack-en
- lrzsz
- lvm2
- mtr
- ncurses-term
- nfs-utils
- policycoreutils-python-utils
- shim
- tmux
- "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}" - "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}"
- "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}" - "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}"
- "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}" - "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}"
- "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}" - "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}"
- vim
- zstd bootstrap_rhel_base: >-
{{
['bind-utils', 'dhcp-client', 'efibootmgr',
'glibc-langpack-de', 'glibc-langpack-en', 'lrzsz',
'lvm2', 'mtr', 'ncurses-term', 'nfs-utils',
'policycoreutils-python-utils', 'shim', 'tmux', 'vim', 'zstd']
+ bootstrap_common_conditional
}}
bootstrap_rhel_versioned: bootstrap_rhel_versioned:
- grub2 - grub2
@@ -32,72 +28,33 @@ bootstrap_rhel_versioned:
- "{{ 'kernel' if os_version_major | default('') == '10' else '' }}" - "{{ 'kernel' if os_version_major | default('') == '10' else '' }}"
- "{{ 'zram-generator' if os_version_major | default('') in ['9', '10'] else '' }}" - "{{ 'zram-generator' if os_version_major | default('') in ['9', '10'] else '' }}"
bootstrap_rhel_common: "{{ bootstrap_rhel_base + bootstrap_rhel_versioned }}" bootstrap_rhel: "{{ bootstrap_rhel_base + bootstrap_rhel_versioned }}"
bootstrap_rhel8: "{{ bootstrap_rhel_common }}" bootstrap_almalinux: >-
bootstrap_rhel9: "{{ bootstrap_rhel_common }}" {{
bootstrap_rhel10: "{{ bootstrap_rhel_common }}" bootstrap_rhel_base
+ ['grub2', 'grub2-efi', 'dbus-daemon', 'lrzsz',
'nfsv4-client-utils', 'nc', 'ppp', 'zram-generator']
}}
bootstrap_almalinux: bootstrap_rocky: >-
"{{ bootstrap_rhel_base + ['grub2', 'grub2-efi', 'dbus-daemon', 'lrzsz', 'nfsv4-client-utils', 'nc', 'ppp', 'zram-generator'] }}" {{
bootstrap_rhel_base
+ ['grub2', 'grub2-efi', 'nfsv4-client-utils', 'nc', 'ppp',
'telnet', 'util-linux-core', 'wget', 'zram-generator']
}}
bootstrap_rocky: bootstrap_fedora: >-
"{{ bootstrap_rhel_base + ['grub2', 'grub2-efi', 'nfsv4-client-utils', 'nc', 'ppp', 'telnet', 'util-linux-core', 'wget', 'zram-generator'] }}" {{
['bat', 'bind-utils', 'btrfs-progs', 'cronie', 'dhcp-client',
bootstrap_almalinux8: "{{ bootstrap_almalinux }}" 'duf', 'efibootmgr', 'entr', 'fish', 'fzf',
bootstrap_almalinux9: "{{ bootstrap_almalinux }}" 'glibc-langpack-de', 'glibc-langpack-en', 'grub2', 'grub2-efi',
bootstrap_almalinux10: "{{ bootstrap_almalinux }}" 'htop', 'iperf3', 'logrotate', 'lrzsz', 'lvm2',
'nc', 'nfs-utils', 'nfsv4-client-utils', 'polkit', 'ppp',
bootstrap_rocky8: "{{ bootstrap_rocky }}" 'ripgrep', 'shim', 'tmux', 'vim-default-editor',
bootstrap_rocky9: "{{ bootstrap_rocky }}" 'wget', 'zoxide', 'zram-generator', 'zstd']
bootstrap_rocky10: "{{ bootstrap_rocky }}" + bootstrap_common_conditional
}}
bootstrap_fedora:
- bat
- bind-utils
- btrfs-progs
- cronie
- dhcp-client
- duf
- efibootmgr
- entr
- "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}"
- "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}"
- "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}"
- "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}"
- fish
- fzf
- glibc-langpack-de
- glibc-langpack-en
- grub2
- grub2-efi
- htop
- iperf3
- logrotate
- lrzsz
- lvm2
- nc
- nfs-utils
- nfsv4-client-utils
- polkit
- ppp
- ripgrep
- shim
- tmux
- "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}"
- "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}"
- "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}"
- "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}"
- vim-default-editor
- wget
- zoxide
- zram-generator
- zstd
bootstrap_fedora40: "{{ bootstrap_fedora }}"
bootstrap_fedora41: "{{ bootstrap_fedora }}"
bootstrap_fedora42: "{{ bootstrap_fedora }}"
bootstrap_fedora43: "{{ bootstrap_fedora }}"
bootstrap_debian_base_common: bootstrap_debian_base_common:
- btrfs-progs - btrfs-progs
@@ -123,8 +80,6 @@ bootstrap_debian_extra_common:
- chrony - chrony
- curl - curl
- entr - entr
- "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}"
- "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}"
- fish - fish
- fzf - fzf
- htop - htop
@@ -142,9 +97,6 @@ bootstrap_debian_extra_common:
- sudo - sudo
- syslog-ng - syslog-ng
- tcpd - tcpd
- "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}"
- "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}"
- "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}"
- vim - vim
- wget - wget
- zstd - zstd
@@ -160,13 +112,12 @@ bootstrap_debian_extra_versioned:
bootstrap_debian: bootstrap_debian:
base: "{{ bootstrap_debian_base_common }}" base: "{{ bootstrap_debian_base_common }}"
extra: "{{ bootstrap_debian_extra_common + bootstrap_debian_extra_versioned }}" extra: >-
{{
bootstrap_debian10: "{{ bootstrap_debian }}" bootstrap_debian_extra_common
bootstrap_debian11: "{{ bootstrap_debian }}" + bootstrap_debian_extra_versioned
bootstrap_debian12: "{{ bootstrap_debian }}" + bootstrap_common_conditional
bootstrap_debian13: "{{ bootstrap_debian }}" }}
bootstrap_debianunstable: "{{ bootstrap_debian }}"
bootstrap_ubuntu: bootstrap_ubuntu:
base: base:
@@ -178,94 +129,38 @@ bootstrap_ubuntu:
+ ['bash-completion', 'dnsutils', 'duf', 'eza', 'fdupes', 'fio', + ['bash-completion', 'dnsutils', 'duf', 'eza', 'fdupes', 'fio',
'ncurses-term', 'software-properties-common', 'systemd-zram-generator', 'ncurses-term', 'software-properties-common', 'systemd-zram-generator',
'tldr', 'traceroute', 'util-linux-extra', 'yq', 'zoxide'] 'tldr', 'traceroute', 'util-linux-extra', 'yq', 'zoxide']
+ bootstrap_common_conditional
}} }}
bootstrap_ubuntu_lts: bootstrap_archlinux: >-
base: {{
- linux-image-generic ['base', 'btrfs-progs', 'cronie', 'dhcpcd', 'efibootmgr', 'fastfetch',
extra: >- 'fish', 'fzf', 'grub', 'htop', 'libpwquality', 'linux', 'logrotate',
{{ 'lrzsz', 'lsof', 'lvm2', 'ncdu', 'networkmanager', 'nfs-utils',
bootstrap_debian_base_common 'ppp', 'prometheus-node-exporter', 'python-psycopg2', 'reflector',
+ bootstrap_debian_extra_common 'rsync', 'sudo', 'tldr', 'tmux', 'vim', 'wireguard-tools', 'zram-generator']
+ ['bash-completion', 'dnsutils', 'duf', 'eza', 'fdupes', 'fio', + [('openssh' if system_cfg.features.ssh.enabled | bool else '')]
'ncurses-term', 'software-properties-common', 'systemd-zram-generator', + [('iptables-nft' if system_cfg.features.firewall.toolkit == 'nftables' else '')]
'tldr', 'traceroute', 'util-linux-extra', 'yq', 'zoxide'] + (bootstrap_common_conditional | reject('equalto', 'nftables') | list)
}} }}
bootstrap_archlinux: bootstrap_alpine: >-
- base {{
- btrfs-progs ['alpine-base', 'vim']
- cronie + [('openssh' if system_cfg.features.ssh.enabled | bool else '')]
- dhcpcd + bootstrap_common_conditional
- efibootmgr }}
- fastfetch
- "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}"
- "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}"
- "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}"
- "{{ 'iptables-nft' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}"
- fish
- fzf
- grub
- htop
- libpwquality
- linux
- logrotate
- lrzsz
- lsof
- lvm2
- ncdu
- networkmanager
- nfs-utils
- "{{ 'openssh' if system_cfg.features.ssh.enabled | bool else '' }}"
- ppp
- prometheus-node-exporter
- python-psycopg2
- reflector
- rsync
- sudo
- tldr
- tmux
- "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}"
- "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}"
- "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}"
- "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}"
- vim
- wireguard-tools
- zram-generator
bootstrap_alpine: bootstrap_opensuse: >-
- alpine-base {{
- vim ['vim']
- "{{ 'openssh' if system_cfg.features.ssh.enabled | bool else '' }}" + [('openssh' if system_cfg.features.ssh.enabled | bool else '')]
- "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}" + bootstrap_common_conditional
- "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}" }}
- "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}"
- "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}"
- "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}"
- "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}"
- "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}"
- "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}"
bootstrap_opensuse: bootstrap_void: >-
- vim {{
- "{{ 'openssh' if system_cfg.features.ssh.enabled | bool else '' }}" ['vim']
- "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}" + [('openssh' if system_cfg.features.ssh.enabled | bool else '')]
- "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}" + bootstrap_common_conditional
- "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}" }}
- "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}"
- "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}"
- "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}"
- "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}"
- "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}"
bootstrap_void:
- vim
- "{{ 'openssh' if system_cfg.features.ssh.enabled | bool else '' }}"
- "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}"
- "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}"
- "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}"
- "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}"
- "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}"
- "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}"
- "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}"
- "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}"

5
roles/configuration/defaults/main.yml
View File

@@ -1,5 +0,0 @@
---
configuration_motd_enabled: "{{ system_cfg.features.banner.motd | bool }}"
configuration_sudo_banner_enabled: "{{ system_cfg.features.banner.sudo | bool }}"
configuration_firewall_enabled: "{{ system_cfg.features.firewall.enabled | bool }}"
configuration_luks_enabled: "{{ system_cfg.luks.enabled | bool }}"

4
roles/configuration/tasks/banner.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: Configure MOTD - name: Configure MOTD
when: configuration_motd_enabled | bool when: system_cfg.features.banner.motd | bool
block: block:
- name: Create MOTD file - name: Create MOTD file
ansible.builtin.copy: ansible.builtin.copy:
@@ -24,7 +24,7 @@
failed_when: false failed_when: false
- name: Configure sudo banner - name: Configure sudo banner
when: configuration_sudo_banner_enabled | bool when: system_cfg.features.banner.sudo | bool
block: block:
- name: Create sudoers banner directory - name: Create sudoers banner directory
ansible.builtin.file: ansible.builtin.file:

32
roles/configuration/tasks/locales.yml
View File

@@ -6,7 +6,7 @@
- name: Set local timezone - name: Set local timezone
ansible.builtin.file: ansible.builtin.file:
src: /usr/share/zoneinfo/Europe/Vienna src: /usr/share/zoneinfo/{{ system_cfg.timezone }}
dest: /mnt/etc/localtime dest: /mnt/etc/localtime
state: link state: link
force: true force: true
@@ -20,7 +20,7 @@
regexp: "{{ item.regex }}" regexp: "{{ item.regex }}"
line: "{{ item.line }}" line: "{{ item.line }}"
loop: loop:
- { regex: en_US\.UTF-8 UTF-8, line: en_US.UTF-8 UTF-8 } - { regex: "{{ system_cfg.locale }} UTF-8", line: "{{ system_cfg.locale }} UTF-8" }
- name: Generate locales - name: Generate locales
when: not is_rhel | bool when: not is_rhel | bool
@@ -29,19 +29,22 @@
changed_when: configuration_locale_result.rc == 0 changed_when: configuration_locale_result.rc == 0
- name: Set hostname - name: Compute hostname variables
vars: ansible.builtin.set_fact:
configuration_dns_domain: "{{ (system_cfg.network.dns.search | default([]) | first | default('')) | string }}" configuration_dns_domain: >-
{{ (system_cfg.network.dns.search | default([]) | first | default('')) | string }}
configuration_hostname_fqdn: >- configuration_hostname_fqdn: >-
{{ {{
hostname hostname
if '.' in hostname if '.' in hostname
else ( else (
hostname + '.' + configuration_dns_domain hostname + '.' + (system_cfg.network.dns.search | default([]) | first | default('') | string)
if configuration_dns_domain | length > 0 if (system_cfg.network.dns.search | default([]) | first | default('') | string) | length > 0
else hostname else hostname
) )
}} }}
- name: Set hostname
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ configuration_hostname_fqdn }}" content: "{{ configuration_hostname_fqdn }}"
dest: /mnt/etc/hostname dest: /mnt/etc/hostname
@@ -49,17 +52,6 @@
- name: Add host entry to /etc/hosts - name: Add host entry to /etc/hosts
vars: vars:
configuration_dns_domain: "{{ (system_cfg.network.dns.search | default([]) | first | default('')) | string }}"
configuration_hostname_fqdn: >-
{{
hostname
if '.' in hostname
else (
hostname + '.' + configuration_dns_domain
if configuration_dns_domain | length > 0
else hostname
)
}}
configuration_hostname_short: "{{ hostname.split('.')[0] }}" configuration_hostname_short: "{{ hostname.split('.')[0] }}"
configuration_hostname_entries: >- configuration_hostname_entries: >-
{{ [configuration_hostname_fqdn, configuration_hostname_short] | unique | join(' ') }} {{ [configuration_hostname_fqdn, configuration_hostname_short] | unique | join(' ') }}
@@ -78,13 +70,13 @@
- name: Create vconsole.conf - name: Create vconsole.conf
ansible.builtin.copy: ansible.builtin.copy:
content: KEYMAP=us content: "KEYMAP={{ system_cfg.keymap }}"
dest: /mnt/etc/vconsole.conf dest: /mnt/etc/vconsole.conf
mode: "0644" mode: "0644"
- name: Create locale.conf - name: Create locale.conf
ansible.builtin.copy: ansible.builtin.copy:
content: LANG=en_US.UTF-8 content: "LANG={{ system_cfg.locale }}"
dest: /mnt/etc/locale.conf dest: /mnt/etc/locale.conf
mode: "0644" mode: "0644"

145
roles/configuration/templates/firstrun.sh.j2
View File

@@ -1,145 +0,0 @@
#!/bin/bash
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
BLUE='\033[1;34m'
NC='\033[0m' # No Color
# Ask for and set the hostname
echo -e "${BLUE}Enter the hostname:${NC}"
read -r new_hostname
# Detect the network interface
network_interface=$(nmcli -t -f DEVICE connection show --active | head -n 1)
# Ask for and set the IP address
echo -e "${BLUE}Enter the IP address (eg.: 10.11.x.x/24):${NC}"
read -r ip_address
# Ask for and set the DNS server
default_dns1="10.11.23.10"
default_dns2="10.11.23.18"
echo -e "${BLUE}Enter the DNS server (default: $default_dns1, $default_dns2):${NC}"
read -r dns_server
dns_server=${dns_server:-"$default_dns1 $default_dns2"}
# Ask if Btrfs compression should be enabled
if [[ $(df -T / | awk 'NR==2 {print $2}') == "btrfs" ]]; then
echo -e "${BLUE}Do you want to enable Btrfs compression? (y/n):${NC}"
read -r enable_compression
fi
if [[ "$enable_compression" == "y" || "$enable_compression" == "Y" ]]; then
# Ask for the use case
echo -e "${BLUE} the use case:${NC}"
echo "1. Databases, File Storage, etc (recommended compression level: 15)"
echo "2. Real-time compression (recommended compression level: 3)"
echo "3. Custom compression level"
read -r use_case
# Set the recommended compression level based on the use case
case "$use_case" in
1) compression_level=15 ;;
2) compression_level=3 ;;
3) echo -e "${BLUE}Enter the custom compression level (1-15):${NC}"
read -r compression_level ;;
*) echo -e "${RED}Invalid use case. Exiting script.${NC}"; exit 1 ;;
esac
fi
# Ask if CheckMK Agent should be installed
echo -e "${BLUE}Do you want to install the CheckMK Agent? (y/n):${NC}"
read -r install_checkmk_agent
# Ask if ports and services should be opened
echo -e "${BLUE}Do you want to open any ports or services? (y/n):${NC}"
read -r open_ports_services
if [[ "$open_ports_services" == "y" || "$open_ports_services" == "Y" ]]; then
# Ask for and set the services to open
echo -e "${BLUE}Enter the services to open (comma-separated):${NC}"
read -r services
# Ask for and set the ports to open
echo -e "${BLUE}Enter the ports to open (comma-separated):${NC}"
read -r ports
fi
# Apply Changes
echo -e "${BLUE}Are you sure you want to apply the changes? This may cause a loss of SSH connection. (y/n):${NC}"
read -r answer
# Check the user's response
if [[ "$answer" == "y" || "$answer" == "Y" ]]; then
# Comment out the script execution line in .bashrc
sed -i '/~\/firstrun\.sh/s/^/#/' ~/.bashrc
hostnamectl set-hostname "$new_hostname"
nmcli device modify "$network_interface" ipv4.dns "$dns_server" > /dev/null
nmcli device modify "$network_interface" ipv6.method ignore > /dev/null
nmcli device modify "$network_interface" ipv4.addresses "$ip_address" ipv4.method manual > /dev/null
# Modify /etc/hosts file
ip_address=$(echo "$ip_address" | sed 's/.\{3\}$//')
if grep "$ip_address" /etc/hosts > /dev/null 2>&1; then
echo "IP address already exists in /etc/hosts"
else
# Add IP address and hostname after the "127.0.0.1 localhost" entry
sed -i '1a\'"$ip_address\t$new_hostname" /etc/hosts
if [ $? -eq 0 ]; then
echo "IP address and hostname added to /etc/hosts"
else
echo "Failed to add IP address and hostname to /etc/hosts"
fi
fi
# Modify Btrfs compression settings in /etc/fstab
if [[ "$enable_compression" == "y" || "$enable_compression" == "Y" ]]; then
if ! grep -q "compress=zstd" /etc/fstab; then
sed -i "/btrfs/s/defaults/defaults,compress=zstd:$compression_level/" /etc/fstab
else
sed -i "/btrfs/s/compress=zstd:[0-9]*/compress=zstd:$compression_level/" /etc/fstab
fi
else
if grep -q "compress=zstd" /etc/fstab; then
sed -i "/btrfs/s/,compress=zstd:[0-9]*//" /etc/fstab
fi
fi
if [[ "$install_checkmk_agent" == "y" || "$install_checkmk_agent" == "Y" ]]; then
# Run the CheckMK Agent installation script
bash Scripts/install_checkmk_agent.sh
fi
if [[ "$open_ports_services" == "y" || "$open_ports_services" == "Y" ]]; then
# Open the specified services
IFS=',' read -ra service_array <<< "$services"
for service in "${service_array[@]}"; do
firewall-cmd --add-service="$service" --permanent > /dev/null
done
# Open the specified ports
IFS=',' read -ra port_array <<< "$ports"
for port in "${port_array[@]}"; do
firewall-cmd --add-port="$port"/tcp --permanent > /dev/null
done
firewall-cmd --reload > /dev/null 2>&1
fi
# Open port 6556/tcp for CheckMK Agent if it was installed
if [[ "$install_checkmk_agent" == "y" || "$install_checkmk_agent" == "Y" ]]; then
firewall-cmd --add-port=6556/tcp --permanent > /dev/null 2>&1
firewall-cmd --reload > /dev/null 2>&1
else
firewall-cmd --remove-port=6556/tcp --permanent > /dev/null 2>&1
firewall-cmd --reload > /dev/null 2>&1
fi
echo -e "${GREEN}Changes applied successfully.${NC}"
else
echo -e "${RED}Changes not applied. Exiting script.${NC}"
exit 0
fi

15
roles/environment/tasks/main.yml
View File

@@ -163,7 +163,7 @@
- name: Setup Pacman - name: Setup Pacman
when: when:
- not (custom_iso | bool) - not (custom_iso | bool)
- item.os is not defined or (os_resolved | default(os)) in item.os - item.os is not defined or os in item.os
community.general.pacman: community.general.pacman:
update_cache: true update_cache: true
force: true force: true
@@ -171,9 +171,9 @@
state: latest state: latest
loop: loop:
- { name: glibc } - { name: glibc }
- { name: dnf, os: [almalinux8, almalinux9, almalinux10, fedora40, fedora41, fedora42, fedora43, rhel8, rhel9, rhel10, rocky8, rocky9, rocky10] } - { name: dnf, os: [almalinux, fedora, rhel, rocky] }
- { name: debootstrap, os: [debian10, debian11, debian12, debian13, debianunstable, ubuntu, ubuntu-lts] } - { name: debootstrap, os: [debian, ubuntu, ubuntu-lts] }
- { name: debian-archive-keyring, os: [debian10, debian11, debian12, debian13, debianunstable] } - { name: debian-archive-keyring, os: [debian] }
- { name: ubuntu-keyring, os: [ubuntu, ubuntu-lts] } - { name: ubuntu-keyring, os: [ubuntu, ubuntu-lts] }
retries: 4 retries: 4
delay: 15 delay: 15
@@ -210,12 +210,7 @@
block: block:
- name: Select repository template - name: Select repository template
ansible.builtin.set_fact: ansible.builtin.set_fact:
environment_repo_template: >- environment_repo_template: "{{ os | lower }}"
{{
(os_resolved | default(os)) | lower
if os == 'rhel'
else os | lower
}}
changed_when: false changed_when: false
- name: Create directories for repository files and RPM GPG keys - name: Create directories for repository files and RPM GPG keys

3
roles/global_defaults/defaults/main.yml
View File

@@ -38,6 +38,9 @@ system_defaults:
search: [] search: []
interfaces: [] interfaces: []
path: "" path: ""
timezone: "Europe/Vienna"
locale: "en_US.UTF-8"
keymap: "us"
packages: [] packages: []
disks: [] disks: []
users: [] users: []

23
roles/global_defaults/tasks/main.yml
View File

@@ -2,7 +2,6 @@
- name: Global defaults loaded - name: Global defaults loaded
ansible.builtin.debug: ansible.builtin.debug:
msg: Global defaults loaded. msg: Global defaults loaded.
changed_when: false
- name: Normalize hypervisor inputs - name: Normalize hypervisor inputs
ansible.builtin.include_tasks: hypervisor.yml ansible.builtin.include_tasks: hypervisor.yml
@@ -17,7 +16,6 @@
ansible.builtin.set_fact: ansible.builtin.set_fact:
is_rhel: "{{ os | lower in ['almalinux', 'fedora', 'rhel', 'rocky'] }}" is_rhel: "{{ os | lower in ['almalinux', 'fedora', 'rhel', 'rocky'] }}"
is_debian: "{{ os | lower in ['debian', 'ubuntu', 'ubuntu-lts'] }}" is_debian: "{{ os | lower in ['debian', 'ubuntu', 'ubuntu-lts'] }}"
changed_when: false
- name: Normalize OS version for keying - name: Normalize OS version for keying
when: when:
@@ -25,23 +23,6 @@
- (os_version | string | length) > 0 - (os_version | string | length) > 0
ansible.builtin.set_fact: ansible.builtin.set_fact:
os_version_major: "{{ (os_version | string).split('.')[0] }}" os_version_major: "{{ (os_version | string).split('.')[0] }}"
changed_when: false
- name: Resolve final OS key with version
when:
- os_version is defined
- (os_version | string | length) > 0
ansible.builtin.set_fact:
os_resolved: >-
{{
'debian' + os_version | string if os == 'debian'
else 'fedora' + os_version | string if os == 'fedora'
else 'rocky' + os_version_major if os == 'rocky'
else 'almalinux' + os_version_major if os == 'almalinux'
else 'rhel' + os_version_major if os == 'rhel'
else os
}}
changed_when: false
- name: Set chroot command wrapper - name: Set chroot command wrapper
ansible.builtin.set_fact: ansible.builtin.set_fact:
@@ -51,7 +32,6 @@
if (system_cfg.features.chroot.tool | default('arch-chroot')) == 'systemd-nspawn' if (system_cfg.features.chroot.tool | default('arch-chroot')) == 'systemd-nspawn'
else (system_cfg.features.chroot.tool | default('arch-chroot')) ~ ' /mnt' else (system_cfg.features.chroot.tool | default('arch-chroot')) ~ ' /mnt'
}} }}
changed_when: false
- name: Set Python interpreter for RHEL-based installers - name: Set Python interpreter for RHEL-based installers
when: when:
@@ -59,7 +39,6 @@
- is_rhel | bool - is_rhel | bool
ansible.builtin.set_fact: ansible.builtin.set_fact:
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3
changed_when: false
- name: Set SSH access - name: Set SSH access
when: when:
@@ -70,10 +49,8 @@
ansible_password: "{{ system_cfg.users[0].password }}" ansible_password: "{{ system_cfg.users[0].password }}"
ansible_become_password: "{{ system_cfg.users[0].password }}" ansible_become_password: "{{ system_cfg.users[0].password }}"
ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
changed_when: false
- name: Set connection for VMware - name: Set connection for VMware
when: hypervisor_type == "vmware" when: hypervisor_type == "vmware"
ansible.builtin.set_fact: ansible.builtin.set_fact:
ansible_connection: vmware_tools ansible_connection: vmware_tools
changed_when: false

3
roles/global_defaults/tasks/system.yml
View File

@@ -114,6 +114,9 @@
else [] else []
) )
}} }}
timezone: "{{ system_raw.timezone | default('Europe/Vienna') | string }}"
locale: "{{ system_raw.locale | default('en_US.UTF-8') | string }}"
keymap: "{{ system_raw.keymap | default('us') | string }}"
path: "{{ system_raw.path | default('') | string }}" path: "{{ system_raw.path | default('') | string }}"
packages: >- packages: >-
{{ {{

8
templates/rhel9.repo.j2 → templates/rhel.repo.j2
View File

@@ -1,12 +1,12 @@
[rhel9-baseos] [rhel{{ os_version_major }}-baseos]
name=RHEL 9 BaseOS name=RHEL {{ os_version_major }} BaseOS
baseurl=file:///usr/local/install/redhat/dvd/BaseOS baseurl=file:///usr/local/install/redhat/dvd/BaseOS
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
gpgkey=file:///usr/local/install/redhat/dvd/RPM-GPG-KEY-redhat-release gpgkey=file:///usr/local/install/redhat/dvd/RPM-GPG-KEY-redhat-release
[rhel9-appstream] [rhel{{ os_version_major }}-appstream]
name=RHEL 9 AppStream name=RHEL {{ os_version_major }} AppStream
baseurl=file:///usr/local/install/redhat/dvd/AppStream baseurl=file:///usr/local/install/redhat/dvd/AppStream
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0

13
templates/rhel10.repo.j2
View File

@@ -1,13 +0,0 @@
[rhel10-baseos]
name=RHEL 10 BaseOS
baseurl=file:///usr/local/install/redhat/dvd/BaseOS
enabled=1
gpgcheck=0
gpgkey=file:///usr/local/install/redhat/dvd/RPM-GPG-KEY-redhat-release
[rhel10-appstream]
name=RHEL 10 AppStream
baseurl=file:///usr/local/install/redhat/dvd/AppStream
enabled=1
gpgcheck=0
gpgkey=file:///usr/local/install/redhat/dvd/RPM-GPG-KEY-redhat-release

13
templates/rhel8.repo.j2
View File

@@ -1,13 +0,0 @@
[rhel8-baseos]
name=RHEL 8 BaseOS
baseurl=file:///usr/local/install/redhat/dvd/BaseOS
enabled=1
gpgcheck=0
gpgkey=file:///usr/local/install/redhat/dvd/RPM-GPG-KEY-redhat-release
[rhel8-appstream]
name=RHEL 8 AppStream
baseurl=file:///usr/local/install/redhat/dvd/AppStream
enabled=1
gpgcheck=0
gpgkey=file:///usr/local/install/redhat/dvd/RPM-GPG-KEY-redhat-release