53584b8730
fix(configuration): add pipefail to root password shell pipe
2026-02-20 22:28:54 +01:00
db2fab5e7d
fix(configuration): use chpasswd for root password and separate shell setting
2026-02-20 22:27:17 +01:00
42be0a5919
fix(configuration): add explicit LUKS auto-decrypt fallback state tracking and logging
2026-02-20 22:26:47 +01:00
a1fbb7c21d
feat(cleanup): gate RHEL ISO disk and fstab handling on rhel_repo.source
2026-02-20 21:51:20 +01:00
c82e4afc4d
fix(encryption): add warning before silent TPM2-to-keyfile fallback
2026-02-20 21:51:12 +01:00
404529e8a4
refactor(configuration): add conditional dispatch to task includes
2026-02-20 21:16:52 +01:00
72a9576abe
refactor(configuration): split network.yml into per-init-system dispatch files
2026-02-20 21:16:45 +01:00
ef8bfeaf84
refactor(configuration): convert services.yml to list-based loop
2026-02-20 21:16:37 +01:00
c439e9741e
fix(configuration): remove trailing blank line from extras.yml
2026-02-20 20:20:33 +01:00
a2993212ca
fix(configuration): disambiguate BLS task names and clean up misc noise
2026-02-20 20:17:05 +01:00
fba2e5fc94
refactor(configuration): relocate login banner and fix blockinfile markers
2026-02-20 20:16:19 +01:00
cf68a93b45
fix(configuration): use short hostname and allow per-user shell
2026-02-20 20:15:49 +01:00
33bad193b4
fix(configuration): add trailing semicolons to NM keyfile DNS fields
2026-02-20 20:14:06 +01:00
5dd84c6b39
fix: configurable OVMF/machine type, routes syntax, package lists, interface names
2026-02-20 18:47:12 +01:00
b6d06dd96d
fix: deep analysis audit — no_log, resolv.conf, service conflicts, lint
2026-02-20 18:34:59 +01:00
2a82ee4d5c
fix: resolve Jinja2 .keys ambiguity, fastfetch availability, and python interpreter
...
- Use bracket notation item['keys'] instead of item.keys to avoid
conflict with Python dict .keys() method
- Remove fastfetch from Debian 12 package list (only available in 13+)
- Set explicit python interpreter path for post-reboot tasks
2026-02-20 16:58:58 +01:00
cfc261878a
fix(bootloader): run efibootmgr on host for universal chroot compatibility
...
The previous approach ran efibootmgr inside the chroot, which only works
with arch-chroot (auto-mounts efivars) but fails silently with
systemd-nspawn or plain chroot. Move EFI boot entry creation to the host
where efivars is always available.
Also fixes wrong EFI loader path (\efi\EFI\... -> \EFI\...) and uses
the correct vendor label (e.g. "redhat" instead of raw os variable).
For non-RHEL distros, grub-install now uses --no-nvram to avoid
redundant NVRAM writes; the host efibootmgr handles entry creation
for all distros uniformly with idempotent pre-check.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-20 03:36:20 +01:00
eeb580f180
refactor(standardize): fix sudoers lecture syntax, extract ssh config, remove redundant os filters
2026-02-13 00:22:59 +01:00
af5eecfc01
fix(configuration): correct fstab regexp escaping, sudoers newline, locales block scope
2026-02-13 00:02:54 +01:00
bc43b3b994
refactor(standardize): remove redundant variables, deduplicate conditionals
2026-02-12 23:47:41 +01:00
29d365293c
fix(banner): correct visudo validate, clean trailing whitespace
2026-02-12 23:33:55 +01:00
c8806c9577
refactor(standardize): remove dead code, fix inconsistencies, update docs
2026-02-12 23:21:51 +01:00
debd1e176f
refactor(bootstrap): standardize patterns, extract common logic, remove dead code
2026-02-12 23:14:17 +01:00
8f8ce341ae
refactor(users): migrate system.user to system.users[] for multi-user support
2026-02-12 22:52:15 +01:00
66057bc9b2
feat(network): make interfaces[] canonical, normalize flat fields as AWX compat
2026-02-12 22:17:02 +01:00
67c320fcc2
fix(vars): enforce strict list-only DNS and user.key format for IaC compatibility
2026-02-12 21:50:55 +01:00
ed8da6e4e2
fix(luks): complete migration of partitioning_luks_tpm2_device reference
2026-02-11 23:28:05 +01:00
a60e6fd0d3
refactor(bootstrap): nest network fields under system.network to match main project schema
2026-02-11 23:03:37 +01:00
7a76f58384
refactor(luks): use system_cfg.luks directly across roles
2026-02-11 19:26:51 +01:00
8c0716508e
fix: honor libvirt network config, preserve DHCP DNS with search-only NM config, and exact-match Xen VM names
2026-02-11 14:00:20 +01:00
cd34b41862
fix(banner): align MOTD star border and default motd to disabled
2026-02-11 08:02:27 +01:00
e7323258fd
refactor(schema): move filesystem into system dictionary
2026-02-11 05:37:18 +01:00
3d026407e5
refactor(configuration): simplify grub commandline variable assembly
2026-02-11 05:37:18 +01:00
469d89641e
refactor(configuration): reduce LUKS runtime temporary facts
2026-02-11 05:37:18 +01:00
636656214b
refactor(schema): rename nested dict keys and simplify validation
2026-02-11 05:37:18 +01:00
b8c672507f
refactor(vars): simplify normalization and remove effective intermediates
2026-02-11 05:37:18 +01:00
fcc7c6aeb6
fix(runtime): migrate roles to nested system fields
2026-02-11 05:37:18 +01:00
9101e12126
refactor(vars): remove legacy variable inputs
2026-02-11 05:37:18 +01:00
fc05708466
refactor(vars): add system/hypervisor dict inputs
2026-02-11 05:37:18 +01:00
5ff0bac9d8
fix(network): Removes hardcoded MAC-Address from NetworkManager config
2026-01-05 18:22:18 +01:00
3d8b623f66
refactor(services): remove unnecessary firewalld services disablement.
2026-01-05 18:19:14 +01:00
a093bf3e28
feat(services): implement SSH server toggeling
2026-01-05 18:18:18 +01:00
c62de8bf4a
Make chroot command configurable
2026-01-02 18:53:55 +01:00
c5e01c3652
Add swap_enabled toggle for swap setup
2026-01-02 18:51:27 +01:00
49372309d2
Add zstd toggle for btrfs and zram
2026-01-02 18:47:32 +01:00
88a8737115
Use systemd module and link timezone
2026-01-02 16:10:50 +01:00
52c67c5a39
Move derived vars into role defaults
2026-01-02 11:25:51 +01:00
1c23055dd2
Add firewalld_enabled toggle
2026-01-02 11:25:40 +01:00
8395ad9e90
Define optional defaults and require vm_cpus
2026-01-02 11:25:06 +01:00
e59f056904
Move partitioning LUKS defaults into role
2026-01-02 11:23:31 +01:00
