From c8806c957790dc5b354cc2ac3fc5686f9d4b8e71 Mon Sep 17 00:00:00 2001 From: Sandwich Date: Thu, 12 Feb 2026 23:21:51 +0100 Subject: [PATCH] refactor(standardize): remove dead code, fix inconsistencies, update docs --- .gitignore | 3 ++ README.md | 1 + roles/bootstrap/tasks/alpine.yml | 2 +- roles/bootstrap/tasks/opensuse.yml | 2 +- roles/bootstrap/tasks/void.yml | 2 +- roles/cis/tasks/sysctl.yml | 30 +++++++++---------- roles/cleanup/tasks/vmware.yml | 2 -- .../templates/sudo_lecture.txt.j2 | 11 ------- roles/global_defaults/tasks/hypervisor.yml | 2 -- 9 files changed, 22 insertions(+), 33 deletions(-) delete mode 100644 roles/configuration/templates/sudo_lecture.txt.j2 diff --git a/.gitignore b/.gitignore index 2c04c7f..f8b7abc 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,6 @@ vars.yml vars.yaml vars_kvm.yml vars_libvirt.yml +vars_proxmox.yml + +.sisyphus/ diff --git a/README.md b/README.md index 0687950..e3998ef 100644 --- a/README.md +++ b/README.md @@ -375,6 +375,7 @@ Use the bundled example files as starting points for new inventories: - `inventory_libvirt_example.yml` -- libvirt virtual setup - `inventory_baremetal_example.yml` -- bare-metal physical setup - `vars_example.yml` -- shared variable overrides +- `vars_baremetal_example.yml` -- bare-metal variable overrides ```bash # Proxmox example diff --git a/roles/bootstrap/tasks/alpine.yml b/roles/bootstrap/tasks/alpine.yml index 5aaabf6..41d7ede 100644 --- a/roles/bootstrap/tasks/alpine.yml +++ b/roles/bootstrap/tasks/alpine.yml @@ -3,7 +3,7 @@ vars: bootstrap_alpine_packages: >- {{ - lookup('vars', 'bootstrap_alpine') | reject('equalto', '') | join(' ') + lookup('vars', bootstrap_var_key) | reject('equalto', '') | join(' ') }} block: - name: Ensure chroot has resolv.conf diff --git a/roles/bootstrap/tasks/opensuse.yml b/roles/bootstrap/tasks/opensuse.yml index 1fbcf06..dfbeeff 100644 --- a/roles/bootstrap/tasks/opensuse.yml +++ b/roles/bootstrap/tasks/opensuse.yml @@ -3,7 +3,7 @@ vars: bootstrap_opensuse_packages: >- {{ - lookup('vars', 'bootstrap_opensuse') | reject('equalto', '') | join(' ') + lookup('vars', bootstrap_var_key) | reject('equalto', '') | join(' ') }} block: - name: Ensure chroot has resolv.conf diff --git a/roles/bootstrap/tasks/void.yml b/roles/bootstrap/tasks/void.yml index 07965c1..a761312 100644 --- a/roles/bootstrap/tasks/void.yml +++ b/roles/bootstrap/tasks/void.yml @@ -3,7 +3,7 @@ vars: bootstrap_void_packages: >- {{ - lookup('vars', 'bootstrap_void') | reject('equalto', '') | join(' ') + lookup('vars', bootstrap_var_key) | reject('equalto', '') | join(' ') }} block: - name: Ensure chroot has resolv.conf diff --git a/roles/cis/tasks/sysctl.yml b/roles/cis/tasks/sysctl.yml index dadc79f..e30cc14 100644 --- a/roles/cis/tasks/sysctl.yml +++ b/roles/cis/tasks/sysctl.yml @@ -12,19 +12,19 @@ net.ipv4.tcp_syncookies=1 net.ipv4.icmp_echo_ignore_broadcasts=1 net.ipv4.icmp_ignore_bogus_error_responses=1 - net.ipv4.conf.all.log_martians = 1 - net.ipv4.conf.all.rp_filter = 1 - net.ipv4.conf.all.secure_redirects = 0 - net.ipv4.conf.all.send_redirects = 0 - net.ipv4.conf.all.accept_redirects = 0 + net.ipv4.conf.all.log_martians=1 + net.ipv4.conf.all.rp_filter=1 + net.ipv4.conf.all.secure_redirects=0 + net.ipv4.conf.all.send_redirects=0 + net.ipv4.conf.all.accept_redirects=0 net.ipv4.conf.all.accept_source_route=0 - net.ipv4.conf.default.log_martians = 1 - net.ipv4.conf.default.rp_filter = 1 - net.ipv4.conf.default.secure_redirects = 0 - net.ipv4.conf.default.send_redirects = 0 - net.ipv4.conf.default.accept_redirects = 0 - net.ipv6.conf.all.accept_redirects = 0 - net.ipv6.conf.all.disable_ipv6 = 1 - net.ipv6.conf.default.accept_redirects = 0 - net.ipv6.conf.default.disable_ipv6 = 1 - net.ipv6.conf.lo.disable_ipv6 = 1 + net.ipv4.conf.default.log_martians=1 + net.ipv4.conf.default.rp_filter=1 + net.ipv4.conf.default.secure_redirects=0 + net.ipv4.conf.default.send_redirects=0 + net.ipv4.conf.default.accept_redirects=0 + net.ipv6.conf.all.accept_redirects=0 + net.ipv6.conf.all.disable_ipv6=1 + net.ipv6.conf.default.accept_redirects=0 + net.ipv6.conf.default.disable_ipv6=1 + net.ipv6.conf.lo.disable_ipv6=1 diff --git a/roles/cleanup/tasks/vmware.yml b/roles/cleanup/tasks/vmware.yml index e3862dc..87dc54a 100644 --- a/roles/cleanup/tasks/vmware.yml +++ b/roles/cleanup/tasks/vmware.yml @@ -5,7 +5,6 @@ become: false block: - name: Remove CD-ROM from VM in vCenter - when: hypervisor_type == "vmware" community.vmware.vmware_guest: hostname: "{{ hypervisor_cfg.url }}" username: "{{ hypervisor_cfg.username }}" @@ -29,7 +28,6 @@ failed_when: false - name: Start VM in vCenter - when: hypervisor_type == "vmware" vmware.vmware.vm_powerstate: hostname: "{{ hypervisor_cfg.url }}" username: "{{ hypervisor_cfg.username }}" diff --git a/roles/configuration/templates/sudo_lecture.txt.j2 b/roles/configuration/templates/sudo_lecture.txt.j2 deleted file mode 100644 index 80dbf77..0000000 --- a/roles/configuration/templates/sudo_lecture.txt.j2 +++ /dev/null @@ -1,11 +0,0 @@ - - \^V// - |. .| I AM (G)ROOT! - - \ - / _ - \_| |_/ - \ \ - __/_/__ - |_______| With great power comes great responsibility. - \ / Use sudo wisely. - \___/ - diff --git a/roles/global_defaults/tasks/hypervisor.yml b/roles/global_defaults/tasks/hypervisor.yml index 1c65108..3a7c253 100644 --- a/roles/global_defaults/tasks/hypervisor.yml +++ b/roles/global_defaults/tasks/hypervisor.yml @@ -2,7 +2,6 @@ - name: Ensure hypervisor input is a dictionary ansible.builtin.set_fact: hypervisor: "{{ hypervisor | default({}) }}" - changed_when: false - name: Validate hypervisor input ansible.builtin.assert: @@ -19,4 +18,3 @@ ansible.builtin.set_fact: hypervisor_cfg: "{{ merged }}" hypervisor_type: "{{ merged.type | string | lower }}" - changed_when: false