|
|
3f65585e5c
|
fix(bootstrap): make dhcp-client conditional for EL < 10 (removed in EL 10)
|
2026-02-21 13:43:41 +01:00 |
|
|
|
74f1365a06
|
fix(bootstrap): remove --asexplicit from pacstrap to preserve dependency metadata
|
2026-02-21 13:26:59 +01:00 |
|
|
|
9d19f628aa
|
fix(bootstrap): add kernel package to rocky and almalinux extra packages
|
2026-02-21 12:06:09 +01:00 |
|
|
|
ced0da7bd1
|
fix(bootstrap): detect kernel package name for dnf family reinstall step
|
2026-02-21 11:46:57 +01:00 |
|
|
|
cf49d30916
|
fix(bootstrap): ensure chroot DNS resolution before installing extra packages
|
2026-02-21 11:30:28 +01:00 |
|
|
|
46b5223da5
|
fix(environment): align repo IDs in rocky and almalinux templates with bootstrap config
|
2026-02-21 11:18:34 +01:00 |
|
|
|
494f0b58b2
|
fix(configuration): omit interface-name when not explicitly provided to avoid predictable naming mismatch
|
2026-02-21 08:29:24 +01:00 |
|
|
|
d84b867cef
|
refactor(configuration): rename _uid to configuration_uid for role prefix convention
|
2026-02-21 05:14:33 +01:00 |
|
|
|
39c786305f
|
fix(configuration): handle boolean sudo values in sudoers deployment
|
2026-02-21 05:14:29 +01:00 |
|
|
|
72e2263f5c
|
fix(configuration): use full path for chpasswd in chroot
|
2026-02-21 05:03:36 +01:00 |
|
|
|
ac532578b8
|
fix(global_defaults): enrich pre-computed system_cfg with bootstrap defaults
|
2026-02-21 04:24:23 +01:00 |
|
|
|
34f35bb5ac
|
chore(lint): suppress var-naming for user-facing API dicts
|
2026-02-21 02:58:10 +01:00 |
|
|
|
6de88a911a
|
fix(configuration): remove unnecessary changed_when on set_fact tasks
|
2026-02-21 02:56:58 +01:00 |
|
|
|
fa78edf2e2
|
refactor(cis): align normalization with main project activation gate pattern
|
2026-02-21 02:56:39 +01:00 |
|
|
|
a1c8b5e2dd
|
fix(global_defaults): remove dead /swap and make pacman cache arch-only in reserved mounts
|
2026-02-21 02:56:20 +01:00 |
|
|
|
19da8c0e68
|
fix(global_defaults): set filesystem default to ext4 instead of empty string
|
2026-02-21 02:56:08 +01:00 |
|
|
|
ff1a4df960
|
refactor(bootstrap): restructure package lists to self-contained per-OS dicts with base/extra/conditional
|
2026-02-21 02:39:06 +01:00 |
|
|
|
f0c0b54e7f
|
refactor(environment): split main.yml into focused sub-task files
|
2026-02-21 02:39:05 +01:00 |
|
|
|
a868c6bb47
|
refactor(global_defaults): add idempotency guards to normalization tasks
|
2026-02-21 02:39:03 +01:00 |
|
|
|
dd0d70f4fd
|
fix(global_defaults): default interface name to eth0 instead of empty string
|
2026-02-21 02:38:59 +01:00 |
|
|
|
c08e1fe4e0
|
docs(cis): add comment explaining squashfs/snap Ubuntu exclusion
|
2026-02-21 02:38:58 +01:00 |
|
|
|
c3ccce97ae
|
chore(bootstrap): pin collection versions in requirements.yml
|
2026-02-21 02:38:57 +01:00 |
|
|
|
d9ca905b73
|
fix(bootstrap): move Jinja to end of task name and rename registers to bootstrap_dnf_*
|
2026-02-21 02:38:27 +01:00 |
|
|
|
6085336f96
|
docs: update README with cis dict API, execution pipeline, and cleanup defaults
|
2026-02-21 01:30:36 +01:00 |
|
|
|
2831479e77
|
fix(validation): align btrfs disk size check with new 2GB swap minimum
|
2026-02-21 01:28:32 +01:00 |
|
|
|
608cbf3196
|
refactor(bootstrap): unify rocky, almalinux, and fedora into shared _dnf_family.yml
|
2026-02-21 01:27:33 +01:00 |
|
|
|
382e48176d
|
refactor(cis): extract hardcoded values to cis_defaults and add _normalize.yml
|
2026-02-21 01:26:31 +01:00 |
|
|
|
0372e35ea3
|
refactor(cleanup): prioritize source-match over target-match in libvirt media removal
|
2026-02-21 01:22:44 +01:00 |
|
|
|
6e055de457
|
docs(cis): explain Fedora exclusion from crypto-policy configuration
|
2026-02-21 01:22:41 +01:00 |
|
|
|
f7e1bd4d49
|
fix(bootstrap): replace brittle sed with ansible.builtin.replace for ubuntu universe repo
|
2026-02-21 01:22:37 +01:00 |
|
|
|
58c9b264f9
|
refactor(virtualization): simplify cloud-user-data sudo to unconditional NOPASSWD
|
2026-02-21 01:22:34 +01:00 |
|
|
|
11a4794ac2
|
fix(bootstrap): remove duplicate lrzsz and gate dbus-daemon on version in almalinux
|
2026-02-21 01:20:34 +01:00 |
|
|
|
d3c8c6c975
|
fix(virtualization): fix cloud-user-data sudo logic to respect sudo: false
|
2026-02-21 01:20:31 +01:00 |
|
|
|
ba8ab340f7
|
fix(partitioning): lower swap minimum from 4GB to 2GB for small VMs
|
2026-02-21 01:19:23 +01:00 |
|
|
|
474ebbb513
|
fix(partitioning): add wipefs before mkfs on extra disk partitions
|
2026-02-21 01:19:19 +01:00 |
|
|
|
5df369b151
|
fix(cis): strengthen kernel module blacklist and sysctl hardening
|
2026-02-21 01:18:52 +01:00 |
|
|
|
08c518bd5b
|
refactor(partitioning): split monolithic main.yml into focused task files
|
2026-02-21 00:39:03 +01:00 |
|
|
|
e200774c8e
|
fix(validation): add CIDR prefix range check and Ubuntu version validation
|
2026-02-21 00:38:57 +01:00 |
|
|
|
6e0c289226
|
refactor(cis): remove redundant AllowUsers/AllowGroups/DenyUsers/DenyGroups from sshd
|
2026-02-21 00:38:52 +01:00 |
|
|
|
3be725633e
|
fix(cis): skip squashfs blacklist on Ubuntu to preserve snap functionality
|
2026-02-21 00:38:47 +01:00 |
|
|
|
6c02eab159
|
fix(partitioning): correct changed_when on btrfs quota and qgroup commands
|
2026-02-21 00:38:43 +01:00 |
|
|
|
99c579bec0
|
fix(cis): add regexp to all lineinfile entries in security_lines.yml for idempotency
|
2026-02-21 00:38:36 +01:00 |
|
|
|
be5d2e9f94
|
fix: add no_log to credential-handling pre_tasks and post_tasks in main.yml
|
2026-02-21 00:38:32 +01:00 |
|
|
|
e334c82b26
|
fix(virtualization): add no_log and secure temp file handling to libvirt cloud-init
|
2026-02-21 00:38:28 +01:00 |
|
|
|
5008d97bc8
|
refactor(cleanup): add configurable verify_boot, boot_timeout, and remove_on_failure defaults
|
2026-02-20 23:02:24 +01:00 |
|
|
|
06b8058c1d
|
refactor: move playbook-root templates into their respective roles
|
2026-02-20 23:01:38 +01:00 |
|
|
|
aec82e4241
|
refactor: add loop_control labels to dict-based loops across all roles
|
2026-02-20 23:00:53 +01:00 |
|
|
|
f36d9b7ca3
|
refactor(partitioning): move btrfs home quota to configurable default
|
2026-02-20 22:55:37 +01:00 |
|
|
|
0950db7011
|
fix(environment): detect RHEL ISO device dynamically instead of hardcoded /dev/sr paths
|
2026-02-20 22:54:42 +01:00 |
|
|
|
4f3e39398f
|
refactor(global_defaults): split system.yml into composable normalization stages
|
2026-02-20 22:54:05 +01:00 |
|
