From be80c4096c75e52f9152556d88b3fb7f5b696295 Mon Sep 17 00:00:00 2001 From: Sandwich Date: Fri, 2 Jan 2026 12:24:36 +0100 Subject: [PATCH] Restore global defaults lint exclusion --- .ansible-lint | 2 + main.yml | 109 ------------------------ roles/global_defaults/defaults/main.yml | 47 +++++----- 3 files changed, 27 insertions(+), 131 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index d4f0d78..f25316d 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,2 +1,4 @@ skip_list: - run-once +exclude_paths: + - roles/global_defaults/defaults/main.yml diff --git a/main.yml b/main.yml index 2a3d6b7..75feea9 100644 --- a/main.yml +++ b/main.yml @@ -30,115 +30,6 @@ ansible.builtin.import_role: name: global_defaults - - name: Apply global defaults - vars: - global_defaults_hypervisor_value: >- - {{ hypervisor if hypervisor is defined else global_defaults_hypervisor }} - global_defaults_custom_iso_value: >- - {{ custom_iso if custom_iso is defined else global_defaults_custom_iso }} - global_defaults_cis_value: >- - {{ cis if cis is defined else global_defaults_cis }} - global_defaults_selinux_value: >- - {{ selinux if selinux is defined else global_defaults_selinux }} - global_defaults_vmware_ssh_value: >- - {{ vmware_ssh if vmware_ssh is defined else global_defaults_vmware_ssh }} - global_defaults_firewalld_enabled_value: >- - {{ - firewalld_enabled - if firewalld_enabled is defined - else global_defaults_firewalld_enabled - }} - global_defaults_luks_enabled_value: >- - {{ luks_enabled if luks_enabled is defined else global_defaults_luks_enabled }} - global_defaults_luks_mapper_name_value: >- - {{ - luks_mapper_name - if luks_mapper_name is defined - else global_defaults_luks_mapper_name - }} - global_defaults_luks_auto_decrypt_value: >- - {{ - luks_auto_decrypt - if luks_auto_decrypt is defined - else global_defaults_luks_auto_decrypt - }} - global_defaults_luks_auto_decrypt_method_value: >- - {{ - luks_auto_decrypt_method - if luks_auto_decrypt_method is defined - else global_defaults_luks_auto_decrypt_method - }} - global_defaults_luks_tpm2_device_value: >- - {{ - luks_tpm2_device - if luks_tpm2_device is defined - else global_defaults_luks_tpm2_device - }} - global_defaults_luks_tpm2_pcrs_value: >- - {{ - luks_tpm2_pcrs - if luks_tpm2_pcrs is defined - else global_defaults_luks_tpm2_pcrs - }} - global_defaults_luks_keyfile_size_value: >- - {{ - luks_keyfile_size - if luks_keyfile_size is defined - else global_defaults_luks_keyfile_size - }} - global_defaults_luks_options_value: >- - {{ luks_options if luks_options is defined else global_defaults_luks_options }} - global_defaults_luks_type_value: >- - {{ luks_type if luks_type is defined else global_defaults_luks_type }} - global_defaults_luks_cipher_value: >- - {{ luks_cipher if luks_cipher is defined else global_defaults_luks_cipher }} - global_defaults_luks_hash_value: >- - {{ luks_hash if luks_hash is defined else global_defaults_luks_hash }} - global_defaults_luks_iter_time_value: >- - {{ luks_iter_time if luks_iter_time is defined else global_defaults_luks_iter_time }} - global_defaults_luks_key_size_value: >- - {{ luks_key_size if luks_key_size is defined else global_defaults_luks_key_size }} - global_defaults_luks_pbkdf_value: >- - {{ luks_pbkdf if luks_pbkdf is defined else global_defaults_luks_pbkdf }} - global_defaults_luks_use_urandom_value: >- - {{ - luks_use_urandom - if luks_use_urandom is defined - else global_defaults_luks_use_urandom - }} - global_defaults_luks_verify_passphrase_value: >- - {{ - luks_verify_passphrase - if luks_verify_passphrase is defined - else global_defaults_luks_verify_passphrase - }} - ansible.builtin.set_fact: - hypervisor: "{{ global_defaults_hypervisor_value }}" - custom_iso: "{{ global_defaults_custom_iso_value }}" - cis: "{{ global_defaults_cis_value }}" - selinux: "{{ global_defaults_selinux_value }}" - vmware_ssh: "{{ global_defaults_vmware_ssh_value }}" - firewalld_enabled: "{{ global_defaults_firewalld_enabled_value }}" - cis_enabled: "{{ global_defaults_cis_value | bool }}" - custom_iso_enabled: "{{ global_defaults_custom_iso_value | bool }}" - luks_enabled: "{{ global_defaults_luks_enabled_value }}" - luks_mapper_name: "{{ global_defaults_luks_mapper_name_value }}" - luks_auto_decrypt: "{{ global_defaults_luks_auto_decrypt_value }}" - luks_auto_decrypt_method: "{{ global_defaults_luks_auto_decrypt_method_value }}" - luks_tpm2_device: "{{ global_defaults_luks_tpm2_device_value }}" - luks_tpm2_pcrs: "{{ global_defaults_luks_tpm2_pcrs_value }}" - luks_keyfile_size: "{{ global_defaults_luks_keyfile_size_value }}" - luks_options: "{{ global_defaults_luks_options_value }}" - luks_type: "{{ global_defaults_luks_type_value }}" - luks_cipher: "{{ global_defaults_luks_cipher_value }}" - luks_hash: "{{ global_defaults_luks_hash_value }}" - luks_iter_time: "{{ global_defaults_luks_iter_time_value }}" - luks_key_size: "{{ global_defaults_luks_key_size_value }}" - luks_pbkdf: "{{ global_defaults_luks_pbkdf_value }}" - luks_use_urandom: "{{ global_defaults_luks_use_urandom_value }}" - luks_verify_passphrase: "{{ global_defaults_luks_verify_passphrase_value }}" - changed_when: false - - name: Validate variables ansible.builtin.assert: that: diff --git a/roles/global_defaults/defaults/main.yml b/roles/global_defaults/defaults/main.yml index ee0f09c..492335c 100644 --- a/roles/global_defaults/defaults/main.yml +++ b/roles/global_defaults/defaults/main.yml @@ -1,24 +1,27 @@ --- -global_defaults_hypervisor: "none" -global_defaults_custom_iso: false -global_defaults_cis: false -global_defaults_selinux: true -global_defaults_vmware_ssh: false -global_defaults_firewalld_enabled: true +hypervisor: "none" +custom_iso: false +cis: false +selinux: true +vmware_ssh: false +firewalld_enabled: true -global_defaults_luks_enabled: false -global_defaults_luks_mapper_name: "SYSTEM_DECRYPTED" -global_defaults_luks_auto_decrypt: true -global_defaults_luks_auto_decrypt_method: "tpm2" -global_defaults_luks_tpm2_device: "auto" -global_defaults_luks_tpm2_pcrs: "" -global_defaults_luks_keyfile_size: 64 -global_defaults_luks_options: "discard,tries=3" -global_defaults_luks_type: "luks2" -global_defaults_luks_cipher: "aes-xts-plain64" -global_defaults_luks_hash: "sha512" -global_defaults_luks_iter_time: 4000 -global_defaults_luks_key_size: 512 -global_defaults_luks_pbkdf: "argon2id" -global_defaults_luks_use_urandom: true -global_defaults_luks_verify_passphrase: true +cis_enabled: "{{ cis | bool }}" +custom_iso_enabled: "{{ custom_iso | bool }}" + +luks_enabled: false +luks_mapper_name: "SYSTEM_DECRYPTED" +luks_auto_decrypt: true +luks_auto_decrypt_method: "tpm2" +luks_tpm2_device: "auto" +luks_tpm2_pcrs: "" +luks_keyfile_size: 64 +luks_options: "discard,tries=3" +luks_type: "luks2" +luks_cipher: "aes-xts-plain64" +luks_hash: "sha512" +luks_iter_time: 4000 +luks_key_size: 512 +luks_pbkdf: "argon2id" +luks_use_urandom: true +luks_verify_passphrase: true