refactor(environment): split main.yml into focused sub-task files

2026-02-21 02:39:05 +01:00
parent 6d1c3577df
commit e5bd152fb3
5 changed files with 275 additions and 270 deletions
--- a/roles/environment/tasks/_configure_network.yml
+++ b/roles/environment/tasks/_configure_network.yml
@@ -0,0 +1,64 @@
+---
+- name: Select primary Network Interface
+  when: hypervisor_type == "vmware"
+  ansible.builtin.set_fact:
+    environment_interface_name: >-
+      {{
+        (
+          (ansible_facts.interfaces | default(ansible_facts['ansible_interfaces'] | default([])))
+          | reject('equalto', 'lo')
+          | list
+          | first
+        )
+        | default('')
+      }}
+
+- name: Set IP-Address
+  when:
+    - hypervisor_type == "vmware"
+    - system_cfg.network.ip is defined and system_cfg.network.ip | string | length > 0
+  ansible.builtin.command: >-
+    ip addr replace {{ system_cfg.network.ip }}/{{ system_cfg.network.prefix }}
+    dev {{ environment_interface_name }}
+  register: environment_ip_result
+  changed_when: environment_ip_result.rc == 0
+
+- name: Set Default Gateway
+  when:
+    - hypervisor_type == "vmware"
+    - system_cfg.network.gateway is defined and system_cfg.network.gateway | string | length > 0
+    - system_cfg.network.ip is defined and system_cfg.network.ip | string | length > 0
+  ansible.builtin.command: "ip route replace default via {{ system_cfg.network.gateway }}"
+  register: environment_gateway_result
+  changed_when: environment_gateway_result.rc == 0
+
+- name: Synchronize clock via NTP
+  ansible.builtin.command: timedatectl set-ntp true
+  register: environment_ntp_result
+  changed_when: environment_ntp_result.rc == 0
+
+- name: Configure SSH for root login
+  when: hypervisor_type == "vmware" and hypervisor_cfg.ssh | bool
+  block:
+    - name: Allow login
+      ansible.builtin.replace:
+        path: /etc/ssh/sshd_config
+        regexp: "{{ item.regexp }}"
+        replace: "{{ item.replace }}"
+      loop:
+        - regexp: "^#?PermitEmptyPasswords.*"
+          replace: "PermitEmptyPasswords yes"
+        - regexp: "^#?PermitRootLogin.*"
+          replace: "PermitRootLogin yes"
+      loop_control:
+        label: "{{ item.replace }}"
+
+    - name: Reload SSH service to apply changes
+      ansible.builtin.service:
+        name: sshd
+        state: reloaded
+
+    - name: Set SSH connection for VMware
+      ansible.builtin.set_fact:
+        ansible_connection: ssh
+        ansible_user: root