fix(network): Removes hardcoded MAC-Address from NetworkManager config

This fixes an issue that in some virtual environments the NICs
MAC-Address gets changes and the config no longer applies.

README.md

@@ -66,6 +66,7 @@ Global variables apply across your Ansible project and can be supplied via inven
 | `cis` (optional)        | Adjusts the installation to be CIS level 3 conformant.     | `true`, `false (default)`                 |
 | `selinux` (optional)    | Toggle SELinux where supported.                            | `true (default)`, `false`                 |
 | `firewalld_enabled` (optional) | Toggle firewalld package/service enablement.        | `true (default)`, `false`                 |
+| `ssh_enabled` (optional) | Toggle SSH server package/service enablement.        | `true (default)`, `false`                 |
 
 ### 2.2 Hypervisor Access (virtual installs)
 

roles/bootstrap/vars/main.yml

@@ -48,7 +48,7 @@ bootstrap_archlinux:
   - ncdu
   - networkmanager
   - nfs-utils
-  - openssh
+  - "{{ 'openssh' if ssh_enabled | bool else '' }}"
   - ppp
   - prometheus-node-exporter
   - python-psycopg2
@@ -82,7 +82,7 @@ bootstrap_debian11:
     - logrotate
     - lvm2
     - net-tools
-    - openssh-server
+    - "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
     - python3
     - sudo
     - xfsprogs
@@ -153,7 +153,7 @@ bootstrap_debian12:
     - neofetch
     - net-tools
     - network-manager
-    - openssh-server
+    - "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
     - python-is-python3
     - python3
     - ripgrep
@@ -208,7 +208,7 @@ bootstrap_debian13:
     - ncdu
     - net-tools
     - network-manager
-    - openssh-server
+    - "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
     - python-is-python3
     - python3
     - ripgrep
@@ -412,7 +412,7 @@ bootstrap_ubuntu:
     - ncurses-term
     - net-tools
     - network-manager
-    - openssh-server
+    - "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
     - python-is-python3
     - python3
     - ripgrep
@@ -475,7 +475,7 @@ bootstrap_ubuntu_lts:
     - ncurses-term
     - net-tools
     - network-manager
-    - openssh-server
+    - "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
     - python-is-python3
     - python3
     - ripgrep

roles/configuration/tasks/services.yml

@@ -4,8 +4,9 @@
     {{ chroot_command }} /mnt systemctl enable NetworkManager
     {{ ' firewalld' if firewalld_enabled | bool else '' }}
     {{
-      ' ssh' if os | lower in ['ubuntu', 'ubuntu-lts'] else
-      (' sshd' if os | lower not in ['debian11', 'debian12', 'debian13'] else '')
+      (' ssh' if os | lower in ['ubuntu', 'ubuntu-lts'] else
+       (' sshd' if os | lower not in ['debian11', 'debian12', 'debian13'] else ''))
+      if ssh_enabled | bool else ''
     }}
     {{
       'logrotate systemd-resolved systemd-timesyncd systemd-networkd'
@@ -13,10 +14,3 @@
     }}
   register: configuration_enable_services_result
   changed_when: configuration_enable_services_result.rc == 0
-
-- name: Disable firewalld when disabled
-  when: not firewalld_enabled | bool
-  ansible.builtin.command: "{{ chroot_command }} /mnt systemctl disable --now firewalld"
-  register: configuration_disable_firewalld_result
-  changed_when: configuration_disable_firewalld_result.rc == 0
-  failed_when: false

roles/configuration/templates/network.j2

@@ -3,9 +3,6 @@ id=LAN
 uuid={{ configuration_net_uuid }}
 type=ethernet
 
-[ethernet]
-mac-address={{ configuration_net_mac }}
-
 [ipv4]
 {% set dns_value = vm_dns if vm_dns is defined else '' %}
 {% set dns_list_raw = dns_value if dns_value is iterable and dns_value is not string else dns_value.split(',') %}

roles/global_defaults/defaults/main.yml

@@ -5,6 +5,7 @@ cis: false
 selinux: true
 vmware_ssh: false
 firewalld_enabled: true
+ssh_enabled: true
 zstd_enabled: true
 swap_enabled: true
 chroot_command: "arch-chroot"