refactor(vars): add system/hypervisor dict inputs

2026-02-11 05:37:18 +01:00
parent c4c96dbfb5
commit fc05708466
62 changed files with 2422 additions and 871 deletions
--- a/roles/partitioning/tasks/btrfs.yml
+++ b/roles/partitioning/tasks/btrfs.yml
@@ -47,20 +47,20 @@
      args:
        creates: /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
      loop:
-        - {subvol: root}
-        - {subvol: swap}
-        - {subvol: home}
-        - {subvol: var}
-        - {subvol: pkg}
-        - {subvol: var_log}
-        - {subvol: var_log_audit}
+        - { subvol: root }
+        - { subvol: swap }
+        - { subvol: home }
+        - { subvol: var }
+        - { subvol: pkg }
+        - { subvol: var_log }
+        - { subvol: var_log_audit }
      register: partitioning_btrfs_subvol_result

    - name: Set quotas for subvolumes
      when: cis_enabled
      ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
      loop:
-        - {subvol: home, quota: 2G}
+        - { subvol: home, quota: 2G }
      register: partitioning_btrfs_qgroup_result
      changed_when: false

--- a/roles/partitioning/tasks/ext4.yml
+++ b/roles/partitioning/tasks/ext4.yml
@@ -6,20 +6,22 @@
    fstype: ext4
    force: true
  loop:
-    - {lv: root}
-    - {lv: home}
-    - {lv: var}
-    - {lv: var_log}
-    - {lv: var_log_audit}
+    - { lv: root }
+    - { lv: home }
+    - { lv: var }
+    - { lv: var_log }
+    - { lv: var_log_audit }

 - name: Remove Unsupported features for older Systems
-  when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky']) and (cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'])
+  when: >
+    (os in ['almalinux', 'rocky', 'rhel'] or (os == 'debian' and (os_version | string) == '11'))
+    and (cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'])
  ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}"
  loop:
-    - {lv: root}
-    - {lv: home}
-    - {lv: var}
-    - {lv: var_log}
-    - {lv: var_log_audit}
+    - { lv: root }
+    - { lv: home }
+    - { lv: var }
+    - { lv: var_log }
+    - { lv: var_log_audit }
  register: partitioning_ext4_tune_result
  changed_when: partitioning_ext4_tune_result.rc == 0
--- a/roles/partitioning/tasks/extra_disks.yml
+++ b/roles/partitioning/tasks/extra_disks.yml
@@ -0,0 +1,85 @@
+---
+- name: Determine additional disks to auto-mount
+  ansible.builtin.set_fact:
+    partitioning_extra_disks: >-
+      {{
+        (system_cfg.disks | default([]))[1:]
+        | selectattr('mount')
+        | list
+      }}
+  changed_when: false
+
+- name: Validate additional disks do not target install_drive
+  when: partitioning_extra_disks | length > 0
+  ansible.builtin.assert:
+    that:
+      - item.device is defined
+      - item.device | string | length > 0
+      - item.device != install_drive
+      - item.partition is defined
+      - item.partition | string | length > 0
+      - item.fstype is defined
+      - item.fstype in ['btrfs', 'ext4', 'xfs']
+      - item.mount is defined
+      - item.mount | string | length > 0
+      - item.mount.startswith('/')
+      - item.mount != '/'
+    fail_msg: "Invalid additional disk definition: {{ item | to_json }}"
+    quiet: true
+  loop: "{{ partitioning_extra_disks }}"
+  loop_control:
+    label: "{{ item | to_json }}"
+
+- name: Partition additional disks
+  when: partitioning_extra_disks | length > 0
+  community.general.parted:
+    device: "{{ item.device }}"
+    label: gpt
+    number: 1
+    part_start: "1MiB"
+    part_end: "100%"
+    name: "{{ (item.label | default('') | string | length > 0) | ternary(item.label, 'data') }}"
+    state: present
+  loop: "{{ partitioning_extra_disks }}"
+  loop_control:
+    label: "{{ item.device }}"
+
+- name: Settle partition tables for additional disks
+  when: partitioning_extra_disks | length > 0
+  ansible.builtin.command: udevadm settle
+  changed_when: false
+
+- name: Create filesystems on additional disks
+  when: partitioning_extra_disks | length > 0
+  community.general.filesystem:
+    dev: "{{ item.partition }}"
+    fstype: "{{ item.fstype }}"
+    opts: "{{ ('-L ' ~ item.label) if (item.label | default('') | string | length) > 0 else omit }}"
+    force: true
+  loop: "{{ partitioning_extra_disks }}"
+  loop_control:
+    label: "{{ item.partition }}"
+
+- name: Ensure mount directories exist for additional disks
+  when: partitioning_extra_disks | length > 0
+  ansible.builtin.file:
+    path: "/mnt{{ item.mount }}"
+    state: directory
+    owner: root
+    group: root
+    mode: "0755"
+  loop: "{{ partitioning_extra_disks }}"
+  loop_control:
+    label: "{{ item.mount }}"
+
+- name: Mount additional disks for fstab generation
+  when: partitioning_extra_disks | length > 0
+  ansible.posix.mount:
+    path: "/mnt{{ item.mount }}"
+    src: "{{ item.partition }}"
+    fstype: "{{ item.fstype }}"
+    opts: "{{ item.opts | default('defaults') }}"
+    state: mounted
+  loop: "{{ partitioning_extra_disks }}"
+  loop_control:
+    label: "{{ item.mount }}"
--- a/roles/partitioning/tasks/main.yml
+++ b/roles/partitioning/tasks/main.yml
@@ -403,9 +403,9 @@
          size: "{{ partitioning_lvm_swap_gb | string + 'G' }}"
        - lv: home
          size: "{{ partitioning_lvm_home_gb | string + 'G' }}"
-        - {lv: var, size: "2G"}
-        - {lv: var_log, size: "2G"}
-        - {lv: var_log_audit, size: "1.5G"}
+        - { lv: var, size: "2G" }
+        - { lv: var_log, size: "2G" }
+        - { lv: var_log_audit, size: "1.5G" }

 - name: Create filesystems
  block:
@@ -427,7 +427,7 @@
      when:
        - partitioning_separate_boot | bool
        - partitioning_boot_fs_fstype == 'ext4'
-        - os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky']
+        - os in ['almalinux', 'rocky', 'rhel'] or (os == 'debian' and (os_version | string) == '11')
      ansible.builtin.command: >-
        tune2fs -O "^orphan_file,^metadata_csum_seed"
        "{{ install_drive }}{{ partitioning_boot_fs_partition_suffix }}"
@@ -548,14 +548,14 @@
    - name: Mount filesystems and subvolumes
      when:
        - >-
-            cis_enabled or (
-              not cis_enabled and (
-                (filesystem == 'btrfs' and item.path in ['/home', '/var/log', '/var/cache/pacman/pkg'])
-                or (item.path not in ['/home', '/var', '/var/log', '/var/log/audit', '/var/cache/pacman/pkg'])
-              )
+          cis_enabled or (
+            not cis_enabled and (
+              (filesystem == 'btrfs' and item.path in ['/home', '/var/log', '/var/cache/pacman/pkg'])
+              or (item.path not in ['/home', '/var', '/var/log', '/var/log/audit', '/var/cache/pacman/pkg'])
            )
+          )
        - >-
-            not (item.path in ['/swap', '/var/cache/pacman/pkg'] and filesystem != 'btrfs')
+          not (item.path in ['/swap', '/var/cache/pacman/pkg'] and filesystem != 'btrfs')
        - swap_enabled | bool or item.path != '/swap'
      ansible.posix.mount:
        path: /mnt{{ item.path }}
@@ -663,3 +663,6 @@
      ansible.builtin.command: "{{ partitioning_swap_cmd }}"
      register: partitioning_swap_activate_result
      changed_when: partitioning_swap_activate_result.rc == 0
+
+- name: Mount additional disks
+  ansible.builtin.include_tasks: extra_disks.yml
--- a/roles/partitioning/tasks/xfs.yml
+++ b/roles/partitioning/tasks/xfs.yml
@@ -6,8 +6,8 @@
    fstype: xfs
    force: true
  loop:
-    - {lv: root}
-    - {lv: home}
-    - {lv: var}
-    - {lv: var_log}
-    - {lv: var_log_audit}
+    - { lv: root }
+    - { lv: home }
+    - { lv: var }
+    - { lv: var_log }
+    - { lv: var_log_audit }