Map global defaults in playbook
This commit is contained in:
@@ -1,4 +1,2 @@
|
||||
skip_list:
|
||||
- run-once
|
||||
exclude_paths:
|
||||
- roles/global_defaults/defaults/main.yml
|
||||
|
||||
109
main.yml
109
main.yml
@@ -30,6 +30,115 @@
|
||||
ansible.builtin.import_role:
|
||||
name: global_defaults
|
||||
|
||||
- name: Apply global defaults
|
||||
vars:
|
||||
global_defaults_hypervisor_value: >-
|
||||
{{ hypervisor if hypervisor is defined else global_defaults_hypervisor }}
|
||||
global_defaults_custom_iso_value: >-
|
||||
{{ custom_iso if custom_iso is defined else global_defaults_custom_iso }}
|
||||
global_defaults_cis_value: >-
|
||||
{{ cis if cis is defined else global_defaults_cis }}
|
||||
global_defaults_selinux_value: >-
|
||||
{{ selinux if selinux is defined else global_defaults_selinux }}
|
||||
global_defaults_vmware_ssh_value: >-
|
||||
{{ vmware_ssh if vmware_ssh is defined else global_defaults_vmware_ssh }}
|
||||
global_defaults_firewalld_enabled_value: >-
|
||||
{{
|
||||
firewalld_enabled
|
||||
if firewalld_enabled is defined
|
||||
else global_defaults_firewalld_enabled
|
||||
}}
|
||||
global_defaults_luks_enabled_value: >-
|
||||
{{ luks_enabled if luks_enabled is defined else global_defaults_luks_enabled }}
|
||||
global_defaults_luks_mapper_name_value: >-
|
||||
{{
|
||||
luks_mapper_name
|
||||
if luks_mapper_name is defined
|
||||
else global_defaults_luks_mapper_name
|
||||
}}
|
||||
global_defaults_luks_auto_decrypt_value: >-
|
||||
{{
|
||||
luks_auto_decrypt
|
||||
if luks_auto_decrypt is defined
|
||||
else global_defaults_luks_auto_decrypt
|
||||
}}
|
||||
global_defaults_luks_auto_decrypt_method_value: >-
|
||||
{{
|
||||
luks_auto_decrypt_method
|
||||
if luks_auto_decrypt_method is defined
|
||||
else global_defaults_luks_auto_decrypt_method
|
||||
}}
|
||||
global_defaults_luks_tpm2_device_value: >-
|
||||
{{
|
||||
luks_tpm2_device
|
||||
if luks_tpm2_device is defined
|
||||
else global_defaults_luks_tpm2_device
|
||||
}}
|
||||
global_defaults_luks_tpm2_pcrs_value: >-
|
||||
{{
|
||||
luks_tpm2_pcrs
|
||||
if luks_tpm2_pcrs is defined
|
||||
else global_defaults_luks_tpm2_pcrs
|
||||
}}
|
||||
global_defaults_luks_keyfile_size_value: >-
|
||||
{{
|
||||
luks_keyfile_size
|
||||
if luks_keyfile_size is defined
|
||||
else global_defaults_luks_keyfile_size
|
||||
}}
|
||||
global_defaults_luks_options_value: >-
|
||||
{{ luks_options if luks_options is defined else global_defaults_luks_options }}
|
||||
global_defaults_luks_type_value: >-
|
||||
{{ luks_type if luks_type is defined else global_defaults_luks_type }}
|
||||
global_defaults_luks_cipher_value: >-
|
||||
{{ luks_cipher if luks_cipher is defined else global_defaults_luks_cipher }}
|
||||
global_defaults_luks_hash_value: >-
|
||||
{{ luks_hash if luks_hash is defined else global_defaults_luks_hash }}
|
||||
global_defaults_luks_iter_time_value: >-
|
||||
{{ luks_iter_time if luks_iter_time is defined else global_defaults_luks_iter_time }}
|
||||
global_defaults_luks_key_size_value: >-
|
||||
{{ luks_key_size if luks_key_size is defined else global_defaults_luks_key_size }}
|
||||
global_defaults_luks_pbkdf_value: >-
|
||||
{{ luks_pbkdf if luks_pbkdf is defined else global_defaults_luks_pbkdf }}
|
||||
global_defaults_luks_use_urandom_value: >-
|
||||
{{
|
||||
luks_use_urandom
|
||||
if luks_use_urandom is defined
|
||||
else global_defaults_luks_use_urandom
|
||||
}}
|
||||
global_defaults_luks_verify_passphrase_value: >-
|
||||
{{
|
||||
luks_verify_passphrase
|
||||
if luks_verify_passphrase is defined
|
||||
else global_defaults_luks_verify_passphrase
|
||||
}}
|
||||
ansible.builtin.set_fact:
|
||||
hypervisor: "{{ global_defaults_hypervisor_value }}"
|
||||
custom_iso: "{{ global_defaults_custom_iso_value }}"
|
||||
cis: "{{ global_defaults_cis_value }}"
|
||||
selinux: "{{ global_defaults_selinux_value }}"
|
||||
vmware_ssh: "{{ global_defaults_vmware_ssh_value }}"
|
||||
firewalld_enabled: "{{ global_defaults_firewalld_enabled_value }}"
|
||||
cis_enabled: "{{ global_defaults_cis_value | bool }}"
|
||||
custom_iso_enabled: "{{ global_defaults_custom_iso_value | bool }}"
|
||||
luks_enabled: "{{ global_defaults_luks_enabled_value }}"
|
||||
luks_mapper_name: "{{ global_defaults_luks_mapper_name_value }}"
|
||||
luks_auto_decrypt: "{{ global_defaults_luks_auto_decrypt_value }}"
|
||||
luks_auto_decrypt_method: "{{ global_defaults_luks_auto_decrypt_method_value }}"
|
||||
luks_tpm2_device: "{{ global_defaults_luks_tpm2_device_value }}"
|
||||
luks_tpm2_pcrs: "{{ global_defaults_luks_tpm2_pcrs_value }}"
|
||||
luks_keyfile_size: "{{ global_defaults_luks_keyfile_size_value }}"
|
||||
luks_options: "{{ global_defaults_luks_options_value }}"
|
||||
luks_type: "{{ global_defaults_luks_type_value }}"
|
||||
luks_cipher: "{{ global_defaults_luks_cipher_value }}"
|
||||
luks_hash: "{{ global_defaults_luks_hash_value }}"
|
||||
luks_iter_time: "{{ global_defaults_luks_iter_time_value }}"
|
||||
luks_key_size: "{{ global_defaults_luks_key_size_value }}"
|
||||
luks_pbkdf: "{{ global_defaults_luks_pbkdf_value }}"
|
||||
luks_use_urandom: "{{ global_defaults_luks_use_urandom_value }}"
|
||||
luks_verify_passphrase: "{{ global_defaults_luks_verify_passphrase_value }}"
|
||||
changed_when: false
|
||||
|
||||
- name: Validate variables
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
|
||||
@@ -1,27 +1,24 @@
|
||||
---
|
||||
hypervisor: "none"
|
||||
custom_iso: false
|
||||
cis: false
|
||||
selinux: true
|
||||
vmware_ssh: false
|
||||
firewalld_enabled: true
|
||||
global_defaults_hypervisor: "none"
|
||||
global_defaults_custom_iso: false
|
||||
global_defaults_cis: false
|
||||
global_defaults_selinux: true
|
||||
global_defaults_vmware_ssh: false
|
||||
global_defaults_firewalld_enabled: true
|
||||
|
||||
cis_enabled: "{{ cis | bool }}"
|
||||
custom_iso_enabled: "{{ custom_iso | bool }}"
|
||||
|
||||
luks_enabled: false
|
||||
luks_mapper_name: "SYSTEM_DECRYPTED"
|
||||
luks_auto_decrypt: true
|
||||
luks_auto_decrypt_method: "tpm2"
|
||||
luks_tpm2_device: "auto"
|
||||
luks_tpm2_pcrs: ""
|
||||
luks_keyfile_size: 64
|
||||
luks_options: "discard,tries=3"
|
||||
luks_type: "luks2"
|
||||
luks_cipher: "aes-xts-plain64"
|
||||
luks_hash: "sha512"
|
||||
luks_iter_time: 4000
|
||||
luks_key_size: 512
|
||||
luks_pbkdf: "argon2id"
|
||||
luks_use_urandom: true
|
||||
luks_verify_passphrase: true
|
||||
global_defaults_luks_enabled: false
|
||||
global_defaults_luks_mapper_name: "SYSTEM_DECRYPTED"
|
||||
global_defaults_luks_auto_decrypt: true
|
||||
global_defaults_luks_auto_decrypt_method: "tpm2"
|
||||
global_defaults_luks_tpm2_device: "auto"
|
||||
global_defaults_luks_tpm2_pcrs: ""
|
||||
global_defaults_luks_keyfile_size: 64
|
||||
global_defaults_luks_options: "discard,tries=3"
|
||||
global_defaults_luks_type: "luks2"
|
||||
global_defaults_luks_cipher: "aes-xts-plain64"
|
||||
global_defaults_luks_hash: "sha512"
|
||||
global_defaults_luks_iter_time: 4000
|
||||
global_defaults_luks_key_size: 512
|
||||
global_defaults_luks_pbkdf: "argon2id"
|
||||
global_defaults_luks_use_urandom: true
|
||||
global_defaults_luks_verify_passphrase: true
|
||||
|
||||
@@ -1,6 +1 @@
|
||||
---
|
||||
- name: Load global defaults
|
||||
ansible.builtin.debug:
|
||||
msg: "Global defaults loaded."
|
||||
verbosity: 1
|
||||
changed_when: false
|
||||
|
||||
Reference in New Issue
Block a user