fix(configuration): omit interface-name when not explicitly provided to avoid predictable naming mismatch

refactor(configuration): rename _uid to configuration_uid for role prefix convention
fix(configuration): handle boolean sudo values in sudoers deployment
2026-02-21 08:29:24 +01:00 · 2026-02-21 05:14:33 +01:00 · 2026-02-21 05:14:29 +01:00 · 2026-02-21 05:03:36 +01:00 · 2026-02-21 04:24:23 +01:00
6 changed files with 41 additions and 13 deletions
--- a/roles/configuration/tasks/network_nm.yml
+++ b/roles/configuration/tasks/network_nm.yml
@@ -2,12 +2,7 @@
 - name: Copy NetworkManager keyfile per interface
  vars:
    configuration_iface: "{{ item }}"
-    configuration_iface_name: >-
+    configuration_iface_name: "{{ item.name | default('') }}"
      {{
        item.name
        if (item.name | default('') | string | length) > 0
        else (configuration_detected_interfaces[idx] | default('eth' ~ idx))
      }}
    configuration_net_uuid: "{{ ('LAN-' ~ idx ~ '-' ~ hostname) | ansible.builtin.to_uuid }}"
  ansible.builtin.template:
    src: network.j2
--- a/roles/configuration/tasks/sudo.yml
+++ b/roles/configuration/tasks/sudo.yml
@@ -15,9 +15,12 @@
    validate: /usr/sbin/visudo --check --file=%s
 - name: Deploy per-user sudoers rules
-  when: item.sudo is defined and (item.sudo | string | length) > 0
+  when: item.sudo | default(false)
  vars:
    configuration_sudoers_rule: >-
      {{ item.sudo if item.sudo is string else 'ALL=(ALL) NOPASSWD: ALL' }}
  ansible.builtin.copy:
-    content: "{{ item.name }} {{ item.sudo }}\n"
+    content: "{{ item.name }} {{ configuration_sudoers_rule }}\n"
    dest: "/mnt/etc/sudoers.d/{{ item.name }}"
    mode: "0440"
    validate: /usr/sbin/visudo --check --file=%s
--- a/roles/configuration/tasks/users.yml
+++ b/roles/configuration/tasks/users.yml
@@ -2,7 +2,7 @@
 - name: Set root password
  ansible.builtin.shell: >-
    set -o pipefail &&
-    echo 'root:{{ system_cfg.root.password | password_hash("sha512") }}' | {{ chroot_command }} chpasswd -e
+    echo 'root:{{ system_cfg.root.password | password_hash("sha512") }}' | {{ chroot_command }} /usr/sbin/chpasswd -e
  args:
    executable: /bin/bash
  register: configuration_root_result
@@ -49,12 +49,12 @@
 - name: Add SSH public keys to authorized_keys
  vars:
-    _uid: "{{ 1000 + (system_cfg.users | map(attribute='name') | list).index(item.0.name) }}"
+    configuration_uid: "{{ 1000 + (system_cfg.users | map(attribute='name') | list).index(item.0.name) }}"
  ansible.builtin.lineinfile:
    path: "/mnt/home/{{ item.0.name }}/.ssh/authorized_keys"
    line: "{{ item.1 }}"
-    owner: "{{ _uid }}"
+    owner: "{{ configuration_uid }}"
-    group: "{{ _uid }}"
+    group: "{{ configuration_uid }}"
    mode: "0600"
    create: true
  loop: "{{ system_cfg.users | subelements('keys', skip_missing=True) }}"
--- a/roles/configuration/templates/network.j2
+++ b/roles/configuration/templates/network.j2
@@ -2,7 +2,10 @@
 id=LAN-{{ idx }}
 uuid={{ configuration_net_uuid }}
 type=ethernet
 autoconnect-priority=10
 {% if configuration_iface_name | length > 0 %}
 interface-name={{ configuration_iface_name }}
 {% endif %}
 [ipv4]
 {% set iface = configuration_iface %}
--- a/roles/global_defaults/tasks/_normalize_system.yml
+++ b/roles/global_defaults/tasks/_normalize_system.yml
@@ -41,7 +41,7 @@
            if (system_raw.network.interfaces | default([]) | length > 0)
            else (
              [{
-                'name': 'eth0',
+                'name': '',
                'bridge': system_raw.network.bridge | default('') | string,
                'vlan': system_raw.network.vlan | default('') | string,
                'ip': system_raw.network.ip | default('') | string,
--- a/roles/global_defaults/tasks/system.yml
+++ b/roles/global_defaults/tasks/system.yml
@@ -10,3 +10,30 @@
    - name: Normalize disk configuration
      ansible.builtin.include_tasks: _normalize_disks.yml
 - name: Check if pre-computed system_cfg needs enrichment
  when: system_cfg is defined
  ansible.builtin.set_fact:
    _bootstrap_needs_enrichment: "{{ hostname is not defined }}"
 - name: Merge pre-computed system_cfg with bootstrap system_defaults
  when:
    - system_cfg is defined
    - _bootstrap_needs_enrichment | default(false) | bool
  ansible.builtin.set_fact:
    system_cfg: "{{ system_defaults | combine(system | default({}), recursive=True) | combine(system_cfg, recursive=True) }}"
 - name: Derive convenience facts from pre-computed system_cfg
  when:
    - system_cfg is defined
    - _bootstrap_needs_enrichment | default(false) | bool
  ansible.builtin.set_fact:
    hostname: "{{ system_cfg.name | default(inventory_hostname) }}"
    os: "{{ system_cfg.os | default('') }}"
    os_version: "{{ system_cfg.version | default('') | string }}"
 - name: Normalize disk configuration (pre-computed system_cfg)
  when:
    - system_cfg is defined
    - install_drive is not defined
  ansible.builtin.include_tasks: _normalize_disks.yml
Author	SHA1	Message	Date
Sandwich	b84688f1d6	fix(configuration): omit interface-name when not explicitly provided to avoid predictable naming mismatch	2026-02-21 08:29:24 +01:00
Sandwich	b1d2294d63	refactor(configuration): rename _uid to configuration_uid for role prefix convention	2026-02-21 05:14:33 +01:00
Sandwich	ac339b54c4	fix(configuration): handle boolean sudo values in sudoers deployment	2026-02-21 05:14:29 +01:00
Sandwich	cb46a6989f	fix(configuration): use full path for chpasswd in chroot	2026-02-21 05:03:36 +01:00
Sandwich	73ea7a177b	fix(global_defaults): enrich pre-computed system_cfg with bootstrap defaults	2026-02-21 04:24:23 +01:00