fix(runtime): migrate roles to nested system fields
This commit is contained in:
@@ -3,10 +3,10 @@ bootstrap_rhel_base:
|
|||||||
- bind-utils
|
- bind-utils
|
||||||
- dhcp-client
|
- dhcp-client
|
||||||
- efibootmgr
|
- efibootmgr
|
||||||
- "{{ 'firewalld' if firewall_backend == 'firewalld' and firewall_enabled | bool else '' }}"
|
- "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}"
|
||||||
- "{{ 'ufw' if firewall_backend == 'ufw' and firewall_enabled | bool else '' }}"
|
- "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}"
|
||||||
- "{{ 'iptables' if firewall_toolkit == 'iptables' else '' }}"
|
- "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}"
|
||||||
- "{{ 'nftables' if firewall_toolkit == 'nftables' else '' }}"
|
- "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}"
|
||||||
- glibc-langpack-de
|
- glibc-langpack-de
|
||||||
- glibc-langpack-en
|
- glibc-langpack-en
|
||||||
- lrzsz
|
- lrzsz
|
||||||
@@ -17,10 +17,10 @@ bootstrap_rhel_base:
|
|||||||
- policycoreutils-python-utils
|
- policycoreutils-python-utils
|
||||||
- shim
|
- shim
|
||||||
- tmux
|
- tmux
|
||||||
- "{{ 'cryptsetup' if luks_enabled else '' }}"
|
- "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}"
|
||||||
- "{{ 'tpm2-tools' if luks_enabled else '' }}"
|
- "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}"
|
||||||
- "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}"
|
- "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}"
|
||||||
- "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}"
|
- "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}"
|
||||||
- vim
|
- vim
|
||||||
- zram-generator
|
- zram-generator
|
||||||
- zstd
|
- zstd
|
||||||
@@ -61,10 +61,10 @@ bootstrap_fedora:
|
|||||||
- duf
|
- duf
|
||||||
- efibootmgr
|
- efibootmgr
|
||||||
- entr
|
- entr
|
||||||
- "{{ 'firewalld' if firewall_backend == 'firewalld' and firewall_enabled | bool else '' }}"
|
- "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}"
|
||||||
- "{{ 'ufw' if firewall_backend == 'ufw' and firewall_enabled | bool else '' }}"
|
- "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}"
|
||||||
- "{{ 'iptables' if firewall_toolkit == 'iptables' else '' }}"
|
- "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}"
|
||||||
- "{{ 'nftables' if firewall_toolkit == 'nftables' else '' }}"
|
- "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}"
|
||||||
- fish
|
- fish
|
||||||
- fzf
|
- fzf
|
||||||
- glibc-langpack-de
|
- glibc-langpack-de
|
||||||
@@ -84,10 +84,10 @@ bootstrap_fedora:
|
|||||||
- ripgrep
|
- ripgrep
|
||||||
- shim
|
- shim
|
||||||
- tmux
|
- tmux
|
||||||
- "{{ 'cryptsetup' if luks_enabled else '' }}"
|
- "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}"
|
||||||
- "{{ 'tpm2-tools' if luks_enabled else '' }}"
|
- "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}"
|
||||||
- "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}"
|
- "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}"
|
||||||
- "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}"
|
- "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}"
|
||||||
- vim-default-editor
|
- vim-default-editor
|
||||||
- wget
|
- wget
|
||||||
- zoxide
|
- zoxide
|
||||||
@@ -106,14 +106,14 @@ bootstrap_debian_base:
|
|||||||
- grub-efi
|
- grub-efi
|
||||||
- grub-efi-amd64-signed
|
- grub-efi-amd64-signed
|
||||||
- grub2-common
|
- grub2-common
|
||||||
- "{{ 'cryptsetup' if luks_enabled else '' }}"
|
- "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}"
|
||||||
- "{{ 'cryptsetup-initramfs' if luks_enabled else '' }}"
|
- "{{ 'cryptsetup-initramfs' if system_cfg.luks.enabled else '' }}"
|
||||||
- locales
|
- locales
|
||||||
- logrotate
|
- logrotate
|
||||||
- lvm2
|
- lvm2
|
||||||
- "{{ 'iptables' if firewall_toolkit == 'iptables' else '' }}"
|
- "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}"
|
||||||
- "{{ 'nftables' if firewall_toolkit == 'nftables' else '' }}"
|
- "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}"
|
||||||
- "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
|
- "{{ 'openssh-server' if system_cfg.features.ssh.enabled | bool else '' }}"
|
||||||
- python3
|
- python3
|
||||||
- xfsprogs
|
- xfsprogs
|
||||||
|
|
||||||
@@ -124,8 +124,8 @@ bootstrap_debian_extra:
|
|||||||
- curl
|
- curl
|
||||||
- duf
|
- duf
|
||||||
- entr
|
- entr
|
||||||
- "{{ 'firewalld' if firewall_backend == 'firewalld' and firewall_enabled | bool else '' }}"
|
- "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}"
|
||||||
- "{{ 'ufw' if firewall_backend == 'ufw' and firewall_enabled | bool else '' }}"
|
- "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}"
|
||||||
- fish
|
- fish
|
||||||
- fzf
|
- fzf
|
||||||
- htop
|
- htop
|
||||||
@@ -146,9 +146,9 @@ bootstrap_debian_extra:
|
|||||||
- systemd-zram-generator
|
- systemd-zram-generator
|
||||||
- tcpd
|
- tcpd
|
||||||
- tldr
|
- tldr
|
||||||
- "{{ 'tpm2-tools' if luks_enabled else '' }}"
|
- "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}"
|
||||||
- "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}"
|
- "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}"
|
||||||
- "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}"
|
- "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}"
|
||||||
- vim
|
- vim
|
||||||
- wget
|
- wget
|
||||||
- zstd
|
- zstd
|
||||||
@@ -185,10 +185,10 @@ bootstrap_archlinux:
|
|||||||
- dhcpcd
|
- dhcpcd
|
||||||
- efibootmgr
|
- efibootmgr
|
||||||
- fastfetch
|
- fastfetch
|
||||||
- "{{ 'firewalld' if firewall_backend == 'firewalld' and firewall_enabled | bool else '' }}"
|
- "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}"
|
||||||
- "{{ 'ufw' if firewall_backend == 'ufw' and firewall_enabled | bool else '' }}"
|
- "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}"
|
||||||
- "{{ 'iptables' if firewall_toolkit == 'iptables' else '' }}"
|
- "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}"
|
||||||
- "{{ 'iptables-nft' if firewall_toolkit == 'nftables' else '' }}"
|
- "{{ 'iptables-nft' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}"
|
||||||
- fish
|
- fish
|
||||||
- fzf
|
- fzf
|
||||||
- grub
|
- grub
|
||||||
@@ -202,7 +202,7 @@ bootstrap_archlinux:
|
|||||||
- ncdu
|
- ncdu
|
||||||
- networkmanager
|
- networkmanager
|
||||||
- nfs-utils
|
- nfs-utils
|
||||||
- "{{ 'openssh' if ssh_enabled | bool else '' }}"
|
- "{{ 'openssh' if system_cfg.features.ssh.enabled | bool else '' }}"
|
||||||
- ppp
|
- ppp
|
||||||
- prometheus-node-exporter
|
- prometheus-node-exporter
|
||||||
- python-psycopg2
|
- python-psycopg2
|
||||||
@@ -211,10 +211,10 @@ bootstrap_archlinux:
|
|||||||
- sudo
|
- sudo
|
||||||
- tldr
|
- tldr
|
||||||
- tmux
|
- tmux
|
||||||
- "{{ 'cryptsetup' if luks_enabled else '' }}"
|
- "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}"
|
||||||
- "{{ 'tpm2-tools' if luks_enabled else '' }}"
|
- "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}"
|
||||||
- "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}"
|
- "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}"
|
||||||
- "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}"
|
- "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}"
|
||||||
- vim
|
- vim
|
||||||
- wireguard-tools
|
- wireguard-tools
|
||||||
- zram-generator
|
- zram-generator
|
||||||
@@ -222,36 +222,36 @@ bootstrap_archlinux:
|
|||||||
bootstrap_alpine:
|
bootstrap_alpine:
|
||||||
- alpine-base
|
- alpine-base
|
||||||
- vim
|
- vim
|
||||||
- "{{ 'openssh' if ssh_enabled | bool else '' }}"
|
- "{{ 'openssh' if system_cfg.features.ssh.enabled | bool else '' }}"
|
||||||
- "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}"
|
- "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}"
|
||||||
- "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}"
|
- "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}"
|
||||||
- "{{ 'firewalld' if firewall_backend == 'firewalld' and firewall_enabled | bool else '' }}"
|
- "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}"
|
||||||
- "{{ 'ufw' if firewall_backend == 'ufw' and firewall_enabled | bool else '' }}"
|
- "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}"
|
||||||
- "{{ 'iptables' if firewall_toolkit == 'iptables' else '' }}"
|
- "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}"
|
||||||
- "{{ 'nftables' if firewall_toolkit == 'nftables' else '' }}"
|
- "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}"
|
||||||
- "{{ 'cryptsetup' if luks_enabled else '' }}"
|
- "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}"
|
||||||
- "{{ 'tpm2-tools' if luks_enabled else '' }}"
|
- "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}"
|
||||||
|
|
||||||
bootstrap_opensuse:
|
bootstrap_opensuse:
|
||||||
- vim
|
- vim
|
||||||
- "{{ 'openssh' if ssh_enabled | bool else '' }}"
|
- "{{ 'openssh' if system_cfg.features.ssh.enabled | bool else '' }}"
|
||||||
- "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}"
|
- "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}"
|
||||||
- "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}"
|
- "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}"
|
||||||
- "{{ 'firewalld' if firewall_backend == 'firewalld' and firewall_enabled | bool else '' }}"
|
- "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}"
|
||||||
- "{{ 'ufw' if firewall_backend == 'ufw' and firewall_enabled | bool else '' }}"
|
- "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}"
|
||||||
- "{{ 'iptables' if firewall_toolkit == 'iptables' else '' }}"
|
- "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}"
|
||||||
- "{{ 'nftables' if firewall_toolkit == 'nftables' else '' }}"
|
- "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}"
|
||||||
- "{{ 'cryptsetup' if luks_enabled else '' }}"
|
- "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}"
|
||||||
- "{{ 'tpm2-tools' if luks_enabled else '' }}"
|
- "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}"
|
||||||
|
|
||||||
bootstrap_void:
|
bootstrap_void:
|
||||||
- vim
|
- vim
|
||||||
- "{{ 'openssh' if ssh_enabled | bool else '' }}"
|
- "{{ 'openssh' if system_cfg.features.ssh.enabled | bool else '' }}"
|
||||||
- "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}"
|
- "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}"
|
||||||
- "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}"
|
- "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}"
|
||||||
- "{{ 'firewalld' if firewall_backend == 'firewalld' and firewall_enabled | bool else '' }}"
|
- "{{ 'firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}"
|
||||||
- "{{ 'ufw' if firewall_backend == 'ufw' and firewall_enabled | bool else '' }}"
|
- "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}"
|
||||||
- "{{ 'iptables' if firewall_toolkit == 'iptables' else '' }}"
|
- "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}"
|
||||||
- "{{ 'nftables' if firewall_toolkit == 'nftables' else '' }}"
|
- "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}"
|
||||||
- "{{ 'cryptsetup' if luks_enabled else '' }}"
|
- "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}"
|
||||||
- "{{ 'tpm2-tools' if luks_enabled else '' }}"
|
- "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}"
|
||||||
|
|||||||
@@ -7,6 +7,6 @@
|
|||||||
|
|
||||||
- name: Mask Systemd Services
|
- name: Mask Systemd Services
|
||||||
ansible.builtin.command: >
|
ansible.builtin.command: >
|
||||||
{{ chroot_command }} systemctl mask {{ 'nftables' if firewall_toolkit == 'iptables' else 'iptables' }} bluetooth rpcbind
|
{{ chroot_command }} systemctl mask {{ 'nftables' if system_cfg.features.firewall.toolkit == 'iptables' else 'iptables' }} bluetooth rpcbind
|
||||||
register: cis_mask_services_result
|
register: cis_mask_services_result
|
||||||
changed_when: cis_mask_services_result.rc == 0
|
changed_when: cis_mask_services_result.rc == 0
|
||||||
|
|||||||
@@ -1,8 +1,8 @@
|
|||||||
---
|
---
|
||||||
- name: Cleanup physical install
|
- name: Cleanup physical install
|
||||||
when: install_type == "physical"
|
when: system_cfg.type == "physical"
|
||||||
ansible.builtin.include_tasks: physical.yml
|
ansible.builtin.include_tasks: physical.yml
|
||||||
|
|
||||||
- name: Cleanup virtual install
|
- name: Cleanup virtual install
|
||||||
when: install_type == "virtual"
|
when: system_cfg.type == "virtual"
|
||||||
ansible.builtin.include_tasks: virtual.yml
|
ansible.builtin.include_tasks: virtual.yml
|
||||||
|
|||||||
@@ -22,6 +22,6 @@
|
|||||||
api_host: "{{ hypervisor_cfg.url }}"
|
api_host: "{{ hypervisor_cfg.url }}"
|
||||||
api_user: "{{ hypervisor_cfg.username }}"
|
api_user: "{{ hypervisor_cfg.username }}"
|
||||||
api_password: "{{ hypervisor_cfg.password }}"
|
api_password: "{{ hypervisor_cfg.password }}"
|
||||||
node: "{{ hypervisor_cfg.node }}"
|
node: "{{ hypervisor_cfg.host }}"
|
||||||
vmid: "{{ system_cfg.id }}"
|
vmid: "{{ system_cfg.id }}"
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|||||||
@@ -28,7 +28,7 @@
|
|||||||
(ansible_connection | default('ssh')) != 'ssh'
|
(ansible_connection | default('ssh')) != 'ssh'
|
||||||
or ((system_cfg.ip | default('') | string | length) > 0)
|
or ((system_cfg.ip | default('') | string | length) > 0)
|
||||||
or (
|
or (
|
||||||
install_type == 'physical'
|
system_cfg.type == 'physical'
|
||||||
and (ansible_host | default('') | string | length) > 0
|
and (ansible_host | default('') | string | length) > 0
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
@@ -38,7 +38,7 @@
|
|||||||
|
|
||||||
- name: Check VM accessibility after reboot
|
- name: Check VM accessibility after reboot
|
||||||
when:
|
when:
|
||||||
- install_type == "virtual"
|
- system_cfg.type == "virtual"
|
||||||
- cleanup_post_reboot_can_connect | bool
|
- cleanup_post_reboot_can_connect | bool
|
||||||
block:
|
block:
|
||||||
- name: Attempt to connect to VM
|
- name: Attempt to connect to VM
|
||||||
@@ -114,7 +114,7 @@
|
|||||||
api_host: "{{ hypervisor_cfg.url }}"
|
api_host: "{{ hypervisor_cfg.url }}"
|
||||||
api_user: "{{ hypervisor_cfg.username }}"
|
api_user: "{{ hypervisor_cfg.username }}"
|
||||||
api_password: "{{ hypervisor_cfg.password }}"
|
api_password: "{{ hypervisor_cfg.password }}"
|
||||||
node: "{{ hypervisor_cfg.node }}"
|
node: "{{ hypervisor_cfg.host }}"
|
||||||
name: "{{ hostname }}"
|
name: "{{ hostname }}"
|
||||||
vmid: "{{ system_cfg.id }}"
|
vmid: "{{ system_cfg.id }}"
|
||||||
state: stopped
|
state: stopped
|
||||||
@@ -129,7 +129,7 @@
|
|||||||
api_host: "{{ hypervisor_cfg.url }}"
|
api_host: "{{ hypervisor_cfg.url }}"
|
||||||
api_user: "{{ hypervisor_cfg.username }}"
|
api_user: "{{ hypervisor_cfg.username }}"
|
||||||
api_password: "{{ hypervisor_cfg.password }}"
|
api_password: "{{ hypervisor_cfg.password }}"
|
||||||
node: "{{ hypervisor_cfg.node }}"
|
node: "{{ hypervisor_cfg.host }}"
|
||||||
name: "{{ hostname }}"
|
name: "{{ hostname }}"
|
||||||
vmid: "{{ system_cfg.id }}"
|
vmid: "{{ system_cfg.id }}"
|
||||||
state: absent
|
state: absent
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
configuration_motd_enabled: "{{ motd_enabled | bool }}"
|
configuration_motd_enabled: "{{ system_cfg.features.banner.motd | bool }}"
|
||||||
configuration_sudo_banner_enabled: "{{ sudo_banner_enabled | bool }}"
|
configuration_sudo_banner_enabled: "{{ system_cfg.features.banner.sudo | bool }}"
|
||||||
configuration_firewall_enabled: "{{ firewall_enabled | bool }}"
|
configuration_firewall_enabled: "{{ system_cfg.features.firewall.enabled | bool }}"
|
||||||
configuration_luks_enabled: "{{ luks_enabled | bool }}"
|
configuration_luks_enabled: "{{ system_cfg.luks.enabled | bool }}"
|
||||||
|
|||||||
@@ -57,7 +57,7 @@
|
|||||||
ansible.builtin.assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- configuration_luks_passphrase_effective | length > 0
|
- configuration_luks_passphrase_effective | length > 0
|
||||||
fail_msg: luks_passphrase (or partitioning_luks_passphrase) must be set for LUKS auto-decrypt.
|
fail_msg: system.luks.passphrase must be set for LUKS auto-decrypt.
|
||||||
no_log: true
|
no_log: true
|
||||||
|
|
||||||
- name: Enroll TPM2 for LUKS
|
- name: Enroll TPM2 for LUKS
|
||||||
|
|||||||
@@ -29,13 +29,13 @@
|
|||||||
when:
|
when:
|
||||||
- (os != "debian" or (os_version | string) != "11") and os != "rhel"
|
- (os != "debian" or (os_version | string) != "11") and os != "rhel"
|
||||||
- os | lower not in ["alpine", "void"]
|
- os | lower not in ["alpine", "void"]
|
||||||
- swap_enabled | bool
|
- system_cfg.features.swap.enabled | bool
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
dest: /mnt/etc/systemd/zram-generator.conf
|
dest: /mnt/etc/systemd/zram-generator.conf
|
||||||
content: |
|
content: |
|
||||||
[zram0]
|
[zram0]
|
||||||
zram-size = ram / 2
|
zram-size = ram / 2
|
||||||
compression-algorithm = {{ 'zstd' if zstd_enabled | bool else 'lz4' }}
|
compression-algorithm = {{ 'zstd' if system_cfg.features.zstd.enabled | bool else 'lz4' }}
|
||||||
swap-priority = 100
|
swap-priority = 100
|
||||||
fs-type = swap
|
fs-type = swap
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|||||||
@@ -32,7 +32,7 @@
|
|||||||
['rd.lvm.lv=sys/root']
|
['rd.lvm.lv=sys/root']
|
||||||
+ (
|
+ (
|
||||||
['rd.lvm.lv=sys/swap', 'resume=/dev/mapper/sys-swap']
|
['rd.lvm.lv=sys/swap', 'resume=/dev/mapper/sys-swap']
|
||||||
if swap_enabled | bool
|
if system_cfg.features.swap.enabled | bool
|
||||||
else []
|
else []
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -31,13 +31,14 @@
|
|||||||
|
|
||||||
- name: Set hostname
|
- name: Set hostname
|
||||||
vars:
|
vars:
|
||||||
|
configuration_dns_domain: "{{ (system_cfg.dns.search | default([]) | first | default('')) | string }}"
|
||||||
configuration_hostname_fqdn: >-
|
configuration_hostname_fqdn: >-
|
||||||
{{
|
{{
|
||||||
hostname
|
hostname
|
||||||
if '.' in hostname
|
if '.' in hostname
|
||||||
else (
|
else (
|
||||||
hostname + '.' + system_cfg.dns_search
|
hostname + '.' + configuration_dns_domain
|
||||||
if system_cfg.dns_search is defined and system_cfg.dns_search | length
|
if configuration_dns_domain | length > 0
|
||||||
else hostname
|
else hostname
|
||||||
)
|
)
|
||||||
}}
|
}}
|
||||||
@@ -48,13 +49,14 @@
|
|||||||
|
|
||||||
- name: Add host entry to /etc/hosts
|
- name: Add host entry to /etc/hosts
|
||||||
vars:
|
vars:
|
||||||
|
configuration_dns_domain: "{{ (system_cfg.dns.search | default([]) | first | default('')) | string }}"
|
||||||
configuration_hostname_fqdn: >-
|
configuration_hostname_fqdn: >-
|
||||||
{{
|
{{
|
||||||
hostname
|
hostname
|
||||||
if '.' in hostname
|
if '.' in hostname
|
||||||
else (
|
else (
|
||||||
hostname + '.' + system_cfg.dns_search
|
hostname + '.' + configuration_dns_domain
|
||||||
if system_cfg.dns_search is defined and system_cfg.dns_search | length
|
if configuration_dns_domain | length > 0
|
||||||
else hostname
|
else hostname
|
||||||
)
|
)
|
||||||
}}
|
}}
|
||||||
|
|||||||
@@ -101,15 +101,7 @@
|
|||||||
- name: Configure Alpine networking
|
- name: Configure Alpine networking
|
||||||
when: os | lower == "alpine"
|
when: os | lower == "alpine"
|
||||||
vars:
|
vars:
|
||||||
configuration_dns_value: "{{ system_cfg.dns_servers if system_cfg.dns_servers is defined else '' }}"
|
configuration_dns_list: "{{ system_cfg.dns.servers | default([]) }}"
|
||||||
configuration_dns_list_raw: >-
|
|
||||||
{{
|
|
||||||
configuration_dns_value
|
|
||||||
if configuration_dns_value is iterable and configuration_dns_value is not string
|
|
||||||
else configuration_dns_value.split(',')
|
|
||||||
}}
|
|
||||||
configuration_dns_list: >-
|
|
||||||
{{ configuration_dns_list_raw | map('trim') | reject('equalto', '') | list }}
|
|
||||||
configuration_alpine_static: >-
|
configuration_alpine_static: >-
|
||||||
{{
|
{{
|
||||||
system_cfg.ip is defined
|
system_cfg.ip is defined
|
||||||
@@ -148,15 +140,7 @@
|
|||||||
- name: Configure Void networking
|
- name: Configure Void networking
|
||||||
when: os | lower == "void"
|
when: os | lower == "void"
|
||||||
vars:
|
vars:
|
||||||
configuration_dns_value: "{{ system_cfg.dns_servers if system_cfg.dns_servers is defined else '' }}"
|
configuration_dns_list: "{{ system_cfg.dns.servers | default([]) }}"
|
||||||
configuration_dns_list_raw: >-
|
|
||||||
{{
|
|
||||||
configuration_dns_value
|
|
||||||
if configuration_dns_value is iterable and configuration_dns_value is not string
|
|
||||||
else configuration_dns_value.split(',')
|
|
||||||
}}
|
|
||||||
configuration_dns_list: >-
|
|
||||||
{{ configuration_dns_list_raw | map('trim') | reject('equalto', '') | list }}
|
|
||||||
configuration_void_static: >-
|
configuration_void_static: >-
|
||||||
{{
|
{{
|
||||||
system_cfg.ip is defined
|
system_cfg.ip is defined
|
||||||
|
|||||||
@@ -3,7 +3,7 @@
|
|||||||
when: is_rhel | bool
|
when: is_rhel | bool
|
||||||
block:
|
block:
|
||||||
- name: Fix SELinux by pre-labeling the filesystem before first boot
|
- name: Fix SELinux by pre-labeling the filesystem before first boot
|
||||||
when: os in ['almalinux', 'rocky', 'rhel'] and selinux | bool
|
when: os in ['almalinux', 'rocky', 'rhel'] and system_cfg.features.selinux.enabled | bool
|
||||||
ansible.builtin.command: >
|
ansible.builtin.command: >
|
||||||
{{ chroot_command }} /sbin/setfiles -v -F
|
{{ chroot_command }} /sbin/setfiles -v -F
|
||||||
-e /dev -e /proc -e /sys -e /run
|
-e /dev -e /proc -e /sys -e /run
|
||||||
@@ -12,7 +12,7 @@
|
|||||||
changed_when: configuration_setfiles_result.rc == 0
|
changed_when: configuration_setfiles_result.rc == 0
|
||||||
|
|
||||||
- name: Disable SELinux
|
- name: Disable SELinux
|
||||||
when: os | lower == "fedora" or not selinux | bool
|
when: os | lower == "fedora" or not system_cfg.features.selinux.enabled | bool
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /mnt/etc/selinux/config
|
path: /mnt/etc/selinux/config
|
||||||
regexp: ^SELINUX=
|
regexp: ^SELINUX=
|
||||||
|
|||||||
@@ -3,11 +3,11 @@
|
|||||||
when: os | lower not in ['alpine', 'void']
|
when: os | lower not in ['alpine', 'void']
|
||||||
ansible.builtin.command: >
|
ansible.builtin.command: >
|
||||||
{{ chroot_command }} systemctl enable NetworkManager
|
{{ chroot_command }} systemctl enable NetworkManager
|
||||||
{{ ' firewalld' if firewall_backend == 'firewalld' and firewall_enabled | bool else '' }}
|
{{ ' firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}
|
||||||
{{ ' ufw' if firewall_backend == 'ufw' and firewall_enabled | bool else '' }}
|
{{ ' ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}
|
||||||
{{
|
{{
|
||||||
(' ssh' if is_debian | bool else ' sshd')
|
(' ssh' if is_debian | bool else ' sshd')
|
||||||
if ssh_enabled | bool else ''
|
if system_cfg.features.ssh.enabled | bool else ''
|
||||||
}}
|
}}
|
||||||
{{
|
{{
|
||||||
'logrotate systemd-resolved systemd-timesyncd systemd-networkd'
|
'logrotate systemd-resolved systemd-timesyncd systemd-networkd'
|
||||||
@@ -22,8 +22,8 @@
|
|||||||
configuration_openrc_services: >-
|
configuration_openrc_services: >-
|
||||||
{{
|
{{
|
||||||
['networking']
|
['networking']
|
||||||
+ (['sshd'] if ssh_enabled | bool else [])
|
+ (['sshd'] if system_cfg.features.ssh.enabled | bool else [])
|
||||||
+ ([firewall_backend] if firewall_enabled | bool else [])
|
+ ([system_cfg.features.firewall.backend] if system_cfg.features.firewall.enabled | bool else [])
|
||||||
}}
|
}}
|
||||||
block:
|
block:
|
||||||
- name: Ensure OpenRC runlevel directory exists
|
- name: Ensure OpenRC runlevel directory exists
|
||||||
@@ -53,8 +53,8 @@
|
|||||||
configuration_runit_services: >-
|
configuration_runit_services: >-
|
||||||
{{
|
{{
|
||||||
['dhcpcd']
|
['dhcpcd']
|
||||||
+ (['sshd'] if ssh_enabled | bool else [])
|
+ (['sshd'] if system_cfg.features.ssh.enabled | bool else [])
|
||||||
+ ([firewall_backend] if firewall_enabled | bool else [])
|
+ ([system_cfg.features.firewall.backend] if system_cfg.features.firewall.enabled | bool else [])
|
||||||
}}
|
}}
|
||||||
block:
|
block:
|
||||||
- name: Ensure runit service directory exists
|
- name: Ensure runit service directory exists
|
||||||
|
|||||||
@@ -5,11 +5,11 @@
|
|||||||
{{ "sudo" if is_debian | bool else "wheel" }}
|
{{ "sudo" if is_debian | bool else "wheel" }}
|
||||||
configuration_useradd_cmd: >-
|
configuration_useradd_cmd: >-
|
||||||
{{ chroot_command }} /usr/sbin/useradd --create-home --user-group
|
{{ chroot_command }} /usr/sbin/useradd --create-home --user-group
|
||||||
--groups {{ configuration_user_group }} {{ user_name }}
|
--groups {{ configuration_user_group }} {{ system_cfg.user.name }}
|
||||||
--password {{ user_password | password_hash('sha512') }} --shell /bin/bash
|
--password {{ system_cfg.user.password | password_hash('sha512') }} --shell /bin/bash
|
||||||
configuration_root_cmd: >-
|
configuration_root_cmd: >-
|
||||||
{{ chroot_command }} /usr/sbin/usermod --password
|
{{ chroot_command }} /usr/sbin/usermod --password
|
||||||
'{{ root_password | password_hash('sha512') }}' root --shell /bin/bash
|
'{{ system_cfg.root.password | password_hash('sha512') }}' root --shell /bin/bash
|
||||||
ansible.builtin.command: "{{ item }}"
|
ansible.builtin.command: "{{ item }}"
|
||||||
loop:
|
loop:
|
||||||
- "{{ configuration_useradd_cmd }}"
|
- "{{ configuration_useradd_cmd }}"
|
||||||
@@ -18,19 +18,19 @@
|
|||||||
changed_when: configuration_user_result.rc == 0
|
changed_when: configuration_user_result.rc == 0
|
||||||
|
|
||||||
- name: Ensure .ssh directory exists
|
- name: Ensure .ssh directory exists
|
||||||
when: user_public_key | length > 0
|
when: system_cfg.user.public_key | length > 0
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /mnt/home/{{ user_name }}/.ssh
|
path: /mnt/home/{{ system_cfg.user.name }}/.ssh
|
||||||
state: directory
|
state: directory
|
||||||
owner: 1000
|
owner: 1000
|
||||||
group: 1000
|
group: 1000
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
|
|
||||||
- name: Add SSH public key to authorized_keys
|
- name: Add SSH public key to authorized_keys
|
||||||
when: user_public_key | length > 0
|
when: system_cfg.user.public_key | length > 0
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /mnt/home/{{ user_name }}/.ssh/authorized_keys
|
path: /mnt/home/{{ system_cfg.user.name }}/.ssh/authorized_keys
|
||||||
line: "{{ user_public_key }}"
|
line: "{{ system_cfg.user.public_key }}"
|
||||||
owner: 1000
|
owner: 1000
|
||||||
group: 1000
|
group: 1000
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
|||||||
@@ -4,12 +4,8 @@ uuid={{ configuration_net_uuid }}
|
|||||||
type=ethernet
|
type=ethernet
|
||||||
|
|
||||||
[ipv4]
|
[ipv4]
|
||||||
{% set dns_value = system_cfg.dns_servers if system_cfg.dns_servers is defined else '' %}
|
{% set dns_list = system_cfg.dns.servers | default([]) %}
|
||||||
{% set dns_list_raw = dns_value if dns_value is iterable and dns_value is not string else dns_value.split(',') %}
|
{% set search_list = system_cfg.dns.search | default([]) %}
|
||||||
{% set dns_list = dns_list_raw | map('trim') | reject('equalto', '') | list %}
|
|
||||||
{% set search_value = system_cfg.dns_search if system_cfg.dns_search is defined else '' %}
|
|
||||||
{% set search_list_raw = search_value if search_value is iterable and search_value is not string else search_value.split(',') %}
|
|
||||||
{% set search_list = search_list_raw | map('trim') | reject('equalto', '') | list %}
|
|
||||||
{% if system_cfg.ip is defined and system_cfg.ip | string | length %}
|
{% if system_cfg.ip is defined and system_cfg.ip | string | length %}
|
||||||
address1={{ system_cfg.ip }}/{{ system_cfg.prefix }}{{ (',' ~ system_cfg.gateway) if (system_cfg.gateway is defined and system_cfg.gateway | string | length) else '' }}
|
address1={{ system_cfg.ip }}/{{ system_cfg.prefix }}{{ (',' ~ system_cfg.gateway) if (system_cfg.gateway is defined and system_cfg.gateway | string | length) else '' }}
|
||||||
method=manual
|
method=manual
|
||||||
|
|||||||
@@ -120,7 +120,7 @@
|
|||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: Configure SSH for root login
|
- name: Configure SSH for root login
|
||||||
when: hypervisor_type == "vmware" and vmware_ssh | bool
|
when: hypervisor_type == "vmware" and hypervisor_cfg.ssh | bool
|
||||||
block:
|
block:
|
||||||
- name: Allow login
|
- name: Allow login
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
|
|||||||
@@ -79,7 +79,7 @@
|
|||||||
quiet: true
|
quiet: true
|
||||||
|
|
||||||
- name: VM existence protection check
|
- name: VM existence protection check
|
||||||
when: install_type == "virtual"
|
when: system_cfg.type == "virtual"
|
||||||
block:
|
block:
|
||||||
- name: Check if VM already exists on libvirt
|
- name: Check if VM already exists on libvirt
|
||||||
when: hypervisor_type == "libvirt"
|
when: hypervisor_type == "libvirt"
|
||||||
@@ -110,7 +110,7 @@
|
|||||||
api_host: "{{ hypervisor_cfg.url }}"
|
api_host: "{{ hypervisor_cfg.url }}"
|
||||||
api_user: "{{ hypervisor_cfg.username }}"
|
api_user: "{{ hypervisor_cfg.username }}"
|
||||||
api_password: "{{ hypervisor_cfg.password }}"
|
api_password: "{{ hypervisor_cfg.password }}"
|
||||||
node: "{{ hypervisor_cfg.node }}"
|
node: "{{ hypervisor_cfg.host }}"
|
||||||
vmid: "{{ system_cfg.id }}"
|
vmid: "{{ system_cfg.id }}"
|
||||||
name: "{{ hostname }}"
|
name: "{{ hostname }}"
|
||||||
type: qemu
|
type: qemu
|
||||||
|
|||||||
@@ -2,24 +2,6 @@
|
|||||||
- name: Deploy VM on Proxmox
|
- name: Deploy VM on Proxmox
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
vars:
|
vars:
|
||||||
virtualization_dns_value: "{{ system_cfg.dns_servers if system_cfg.dns_servers is defined else '' }}"
|
|
||||||
virtualization_dns_list_raw: >-
|
|
||||||
{{
|
|
||||||
virtualization_dns_value
|
|
||||||
if virtualization_dns_value is iterable and virtualization_dns_value is not string
|
|
||||||
else virtualization_dns_value.split(',')
|
|
||||||
}}
|
|
||||||
virtualization_dns_list: >-
|
|
||||||
{{ virtualization_dns_list_raw | map('trim') | reject('equalto', '') | list }}
|
|
||||||
virtualization_search_value: "{{ system_cfg.dns_search if system_cfg.dns_search is defined else '' }}"
|
|
||||||
virtualization_search_list_raw: >-
|
|
||||||
{{
|
|
||||||
virtualization_search_value
|
|
||||||
if virtualization_search_value is iterable and virtualization_search_value is not string
|
|
||||||
else virtualization_search_value.split(',')
|
|
||||||
}}
|
|
||||||
virtualization_search_list: >-
|
|
||||||
{{ virtualization_search_list_raw | map('trim') | reject('equalto', '') | list }}
|
|
||||||
virtualization_proxmox_scsi: >-
|
virtualization_proxmox_scsi: >-
|
||||||
{%- set out = {} -%}
|
{%- set out = {} -%}
|
||||||
{%- for disk in system_cfg.disks -%}
|
{%- for disk in system_cfg.disks -%}
|
||||||
@@ -30,16 +12,16 @@
|
|||||||
api_host: "{{ hypervisor_cfg.url }}"
|
api_host: "{{ hypervisor_cfg.url }}"
|
||||||
api_user: "{{ hypervisor_cfg.username }}"
|
api_user: "{{ hypervisor_cfg.username }}"
|
||||||
api_password: "{{ hypervisor_cfg.password }}"
|
api_password: "{{ hypervisor_cfg.password }}"
|
||||||
ciuser: "{{ user_name }}"
|
ciuser: "{{ system_cfg.user.name }}"
|
||||||
cipassword: "{{ user_password }}"
|
cipassword: "{{ system_cfg.user.password }}"
|
||||||
ciupgrade: false
|
ciupgrade: false
|
||||||
node: "{{ hypervisor_cfg.node }}"
|
node: "{{ hypervisor_cfg.host }}"
|
||||||
vmid: "{{ system_cfg.id }}"
|
vmid: "{{ system_cfg.id }}"
|
||||||
name: "{{ hostname }}"
|
name: "{{ hostname }}"
|
||||||
cpu: host
|
cpu: host
|
||||||
cores: "{{ system_cfg.cpus }}"
|
cores: "{{ system_cfg.cpus }}"
|
||||||
memory: "{{ system_cfg.memory_mb }}"
|
memory: "{{ system_cfg.memory }}"
|
||||||
balloon: "{{ system_cfg.balloon_mb if system_cfg.balloon_mb is defined and system_cfg.balloon_mb | int > 0 else omit }}"
|
balloon: "{{ system_cfg.balloon if system_cfg.balloon is defined and system_cfg.balloon | int > 0 else omit }}"
|
||||||
numa_enabled: true
|
numa_enabled: true
|
||||||
hotplug: network,disk
|
hotplug: network,disk
|
||||||
update: "{{ virtualization_tpm2_enabled | bool }}"
|
update: "{{ virtualization_tpm2_enabled | bool }}"
|
||||||
@@ -75,8 +57,8 @@
|
|||||||
if system_cfg.ip is defined and system_cfg.ip | string | length
|
if system_cfg.ip is defined and system_cfg.ip | string | length
|
||||||
else 'ip=dhcp'
|
else 'ip=dhcp'
|
||||||
}}
|
}}
|
||||||
nameservers: "{{ virtualization_dns_list if virtualization_dns_list | length else omit }}"
|
nameservers: "{{ system_cfg.dns.servers if system_cfg.dns.servers | length else omit }}"
|
||||||
searchdomains: "{{ virtualization_search_list if virtualization_search_list | length else omit }}"
|
searchdomains: "{{ system_cfg.dns.search if system_cfg.dns.search | length else omit }}"
|
||||||
onboot: true
|
onboot: true
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
@@ -86,7 +68,7 @@
|
|||||||
api_host: "{{ hypervisor_cfg.url }}"
|
api_host: "{{ hypervisor_cfg.url }}"
|
||||||
api_user: "{{ hypervisor_cfg.username }}"
|
api_user: "{{ hypervisor_cfg.username }}"
|
||||||
api_password: "{{ hypervisor_cfg.password }}"
|
api_password: "{{ hypervisor_cfg.password }}"
|
||||||
node: "{{ hypervisor_cfg.node }}"
|
node: "{{ hypervisor_cfg.host }}"
|
||||||
name: "{{ hostname }}"
|
name: "{{ hostname }}"
|
||||||
vmid: "{{ system_cfg.id }}"
|
vmid: "{{ system_cfg.id }}"
|
||||||
state: started
|
state: started
|
||||||
|
|||||||
@@ -29,7 +29,7 @@
|
|||||||
state: "{{ 'poweredoff' if virtualization_tpm2_enabled | bool else 'poweredon' }}"
|
state: "{{ 'poweredoff' if virtualization_tpm2_enabled | bool else 'poweredon' }}"
|
||||||
disk: "{{ virtualization_vmware_disks }}"
|
disk: "{{ virtualization_vmware_disks }}"
|
||||||
hardware:
|
hardware:
|
||||||
memory_mb: "{{ system_cfg.memory_mb }}"
|
memory_mb: "{{ system_cfg.memory }}"
|
||||||
num_cpus: "{{ system_cfg.cpus }}"
|
num_cpus: "{{ system_cfg.cpus }}"
|
||||||
boot_firmware: efi
|
boot_firmware: efi
|
||||||
secure_boot: false
|
secure_boot: false
|
||||||
|
|||||||
@@ -5,12 +5,8 @@ network:
|
|||||||
match:
|
match:
|
||||||
macaddress: "{{ virtualization_mac_address }}"
|
macaddress: "{{ virtualization_mac_address }}"
|
||||||
{% set has_static = system_cfg.ip is defined and system_cfg.ip | string | length %}
|
{% set has_static = system_cfg.ip is defined and system_cfg.ip | string | length %}
|
||||||
{% set dns_value = system_cfg.dns_servers if system_cfg.dns_servers is defined else '' %}
|
{% set dns_list = system_cfg.dns.servers | default([]) %}
|
||||||
{% set dns_list_raw = dns_value if dns_value is iterable and dns_value is not string else dns_value.split(',') %}
|
{% set search_list = system_cfg.dns.search | default([]) %}
|
||||||
{% set dns_list = dns_list_raw | map('trim') | reject('equalto', '') | list %}
|
|
||||||
{% set search_value = system_cfg.dns_search if system_cfg.dns_search is defined else '' %}
|
|
||||||
{% set search_list_raw = search_value if search_value is iterable and search_value is not string else search_value.split(',') %}
|
|
||||||
{% set search_list = search_list_raw | map('trim') | reject('equalto', '') | list %}
|
|
||||||
{% if has_static %}
|
{% if has_static %}
|
||||||
addresses:
|
addresses:
|
||||||
- "{{ system_cfg.ip }}/{{ system_cfg.prefix }}"
|
- "{{ system_cfg.ip }}/{{ system_cfg.prefix }}"
|
||||||
@@ -19,12 +15,12 @@ network:
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
{% else %}
|
{% else %}
|
||||||
dhcp4: true
|
dhcp4: true
|
||||||
{% if (system_cfg.dns_servers is defined and system_cfg.dns_servers | length) or (system_cfg.dns_search is defined and system_cfg.dns_search | length) %}
|
{% if dns_list | length or search_list | length %}
|
||||||
dhcp4-overrides:
|
dhcp4-overrides:
|
||||||
{% if system_cfg.dns_servers is defined and system_cfg.dns_servers | length %}
|
{% if dns_list | length %}
|
||||||
use-dns: false
|
use-dns: false
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if system_cfg.dns_search is defined and system_cfg.dns_search | length %}
|
{% if search_list | length %}
|
||||||
use-domains: false
|
use-domains: false
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|||||||
@@ -4,9 +4,9 @@ ssh_pwauth: true
|
|||||||
package_update: false
|
package_update: false
|
||||||
package_upgrade: false
|
package_upgrade: false
|
||||||
users:
|
users:
|
||||||
- name: "{{ user_name }}"
|
- name: "{{ system_cfg.user.name }}"
|
||||||
primary_group: "{{ user_name }}"
|
primary_group: "{{ system_cfg.user.name }}"
|
||||||
groups: users
|
groups: users
|
||||||
sudo: ALL=(ALL) NOPASSWD:ALL
|
sudo: ALL=(ALL) NOPASSWD:ALL
|
||||||
passwd: "{{ user_password | password_hash('sha512') }}"
|
passwd: "{{ system_cfg.user.password | password_hash('sha512') }}"
|
||||||
lock_passwd: False
|
lock_passwd: False
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
<domain type='kvm'>
|
<domain type='kvm'>
|
||||||
<name>{{ hostname }}</name>
|
<name>{{ hostname }}</name>
|
||||||
<memory>{{ system_cfg.memory_mb | int * 1024 }}</memory>
|
<memory>{{ system_cfg.memory | int * 1024 }}</memory>
|
||||||
{% if system_cfg.balloon_mb is defined and system_cfg.balloon_mb | int > 0 %}<currentMemory>{{ system_cfg.balloon_mb | int * 1024 }}</currentMemory>{% endif %}
|
{% if system_cfg.balloon is defined and system_cfg.balloon | int > 0 %}<currentMemory>{{ system_cfg.balloon | int * 1024 }}</currentMemory>{% endif %}
|
||||||
<vcpu placement='static'>{{ system_cfg.cpus }}</vcpu>
|
<vcpu placement='static'>{{ system_cfg.cpus }}</vcpu>
|
||||||
<os>
|
<os>
|
||||||
<type arch='x86_64' machine="pc-q35-8.0">hvm</type>
|
<type arch='x86_64' machine="pc-q35-8.0">hvm</type>
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
builder = "hvm"
|
builder = "hvm"
|
||||||
name = "{{ hostname }}"
|
name = "{{ hostname }}"
|
||||||
memory = "{{ system_cfg.memory_mb }}"
|
memory = "{{ system_cfg.memory }}"
|
||||||
vcpus = "{{ system_cfg.cpus }}"
|
vcpus = "{{ system_cfg.cpus }}"
|
||||||
disk = [
|
disk = [
|
||||||
{%- for disk in virtualization_xen_disks | default([]) -%}
|
{%- for disk in virtualization_xen_disks | default([]) -%}
|
||||||
|
|||||||
Reference in New Issue
Block a user