fix(partitioning): set btrfs default subvolume and restrict @pkg to Arch
This commit is contained in:
@@ -9,12 +9,13 @@
|
|||||||
- >-
|
- >-
|
||||||
system_cfg.features.cis.enabled | bool or (
|
system_cfg.features.cis.enabled | bool or (
|
||||||
not (system_cfg.features.cis.enabled | bool) and (
|
not (system_cfg.features.cis.enabled | bool) and (
|
||||||
(system_cfg.filesystem == 'btrfs' and item.path in ['/home', '/var/log', '/var/cache/pacman/pkg'])
|
(system_cfg.filesystem == 'btrfs' and item.path in ['/home', '/var/log']
|
||||||
|
+ (['/var/cache/pacman/pkg'] if os == 'archlinux' else []))
|
||||||
or (item.path not in ['/home', '/var', '/var/log', '/var/log/audit', '/var/cache/pacman/pkg'])
|
or (item.path not in ['/home', '/var', '/var/log', '/var/log/audit', '/var/cache/pacman/pkg'])
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
- >-
|
- >-
|
||||||
not (item.path in ['/swap', '/var/cache/pacman/pkg'] and system_cfg.filesystem != 'btrfs')
|
not (item.path in ['/swap', '/var/cache/pacman/pkg'] and (system_cfg.filesystem != 'btrfs' or os != 'archlinux'))
|
||||||
- system_cfg.features.swap.enabled | bool or item.path != '/swap'
|
- system_cfg.features.swap.enabled | bool or item.path != '/swap'
|
||||||
ansible.posix.mount:
|
ansible.posix.mount:
|
||||||
path: /mnt{{ item.path }}
|
path: /mnt{{ item.path }}
|
||||||
|
|||||||
@@ -43,6 +43,7 @@
|
|||||||
when:
|
when:
|
||||||
- system_cfg.features.cis.enabled | bool or item.subvol not in ['var_log_audit']
|
- system_cfg.features.cis.enabled | bool or item.subvol not in ['var_log_audit']
|
||||||
- system_cfg.features.swap.enabled | bool or item.subvol != 'swap'
|
- system_cfg.features.swap.enabled | bool or item.subvol != 'swap'
|
||||||
|
- item.os is not defined or os in item.os
|
||||||
ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
|
ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
|
||||||
args:
|
args:
|
||||||
creates: /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
|
creates: /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
|
||||||
@@ -51,12 +52,19 @@
|
|||||||
- { subvol: swap }
|
- { subvol: swap }
|
||||||
- { subvol: home }
|
- { subvol: home }
|
||||||
- { subvol: var }
|
- { subvol: var }
|
||||||
- { subvol: pkg }
|
- { subvol: pkg, os: [archlinux] }
|
||||||
- { subvol: var_log }
|
- { subvol: var_log }
|
||||||
- { subvol: var_log_audit }
|
- { subvol: var_log_audit }
|
||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.subvol }}"
|
label: "{{ item.subvol }}"
|
||||||
|
|
||||||
|
- name: Set default btrfs subvolume to @
|
||||||
|
ansible.builtin.shell: >-
|
||||||
|
btrfs subvolume list /mnt | awk '/ path @$/ {print $2}'
|
||||||
|
| xargs -I{} btrfs subvolume set-default {} /mnt
|
||||||
|
register: partitioning_btrfs_default_result
|
||||||
|
changed_when: partitioning_btrfs_default_result.rc == 0
|
||||||
|
|
||||||
- name: Set quotas for subvolumes
|
- name: Set quotas for subvolumes
|
||||||
when: system_cfg.features.cis.enabled | bool
|
when: system_cfg.features.cis.enabled | bool
|
||||||
ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
|
ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
|
||||||
|
|||||||
Reference in New Issue
Block a user