Compare commits
4 Commits
2d4127a688
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| 8056890460 | |||
| 085e16abe9 | |||
| 23f08b350b | |||
| 315fdef69f |
@@ -66,6 +66,7 @@ Global variables apply across your Ansible project and can be supplied via inven
|
|||||||
| `cis` (optional) | Adjusts the installation to be CIS level 3 conformant. | `true`, `false (default)` |
|
| `cis` (optional) | Adjusts the installation to be CIS level 3 conformant. | `true`, `false (default)` |
|
||||||
| `selinux` (optional) | Toggle SELinux where supported. | `true (default)`, `false` |
|
| `selinux` (optional) | Toggle SELinux where supported. | `true (default)`, `false` |
|
||||||
| `firewalld_enabled` (optional) | Toggle firewalld package/service enablement. | `true (default)`, `false` |
|
| `firewalld_enabled` (optional) | Toggle firewalld package/service enablement. | `true (default)`, `false` |
|
||||||
|
| `ssh_enabled` (optional) | Toggle SSH server package/service enablement. | `true (default)`, `false` |
|
||||||
|
|
||||||
### 2.2 Hypervisor Access (virtual installs)
|
### 2.2 Hypervisor Access (virtual installs)
|
||||||
|
|
||||||
|
|||||||
@@ -48,7 +48,7 @@ bootstrap_archlinux:
|
|||||||
- ncdu
|
- ncdu
|
||||||
- networkmanager
|
- networkmanager
|
||||||
- nfs-utils
|
- nfs-utils
|
||||||
- openssh
|
- "{{ 'openssh' if ssh_enabled | bool else '' }}"
|
||||||
- ppp
|
- ppp
|
||||||
- prometheus-node-exporter
|
- prometheus-node-exporter
|
||||||
- python-psycopg2
|
- python-psycopg2
|
||||||
@@ -82,7 +82,7 @@ bootstrap_debian11:
|
|||||||
- logrotate
|
- logrotate
|
||||||
- lvm2
|
- lvm2
|
||||||
- net-tools
|
- net-tools
|
||||||
- openssh-server
|
- "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
|
||||||
- python3
|
- python3
|
||||||
- sudo
|
- sudo
|
||||||
- xfsprogs
|
- xfsprogs
|
||||||
@@ -153,7 +153,7 @@ bootstrap_debian12:
|
|||||||
- neofetch
|
- neofetch
|
||||||
- net-tools
|
- net-tools
|
||||||
- network-manager
|
- network-manager
|
||||||
- openssh-server
|
- "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
|
||||||
- python-is-python3
|
- python-is-python3
|
||||||
- python3
|
- python3
|
||||||
- ripgrep
|
- ripgrep
|
||||||
@@ -208,7 +208,7 @@ bootstrap_debian13:
|
|||||||
- ncdu
|
- ncdu
|
||||||
- net-tools
|
- net-tools
|
||||||
- network-manager
|
- network-manager
|
||||||
- openssh-server
|
- "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
|
||||||
- python-is-python3
|
- python-is-python3
|
||||||
- python3
|
- python3
|
||||||
- ripgrep
|
- ripgrep
|
||||||
@@ -412,7 +412,7 @@ bootstrap_ubuntu:
|
|||||||
- ncurses-term
|
- ncurses-term
|
||||||
- net-tools
|
- net-tools
|
||||||
- network-manager
|
- network-manager
|
||||||
- openssh-server
|
- "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
|
||||||
- python-is-python3
|
- python-is-python3
|
||||||
- python3
|
- python3
|
||||||
- ripgrep
|
- ripgrep
|
||||||
@@ -475,7 +475,7 @@ bootstrap_ubuntu_lts:
|
|||||||
- ncurses-term
|
- ncurses-term
|
||||||
- net-tools
|
- net-tools
|
||||||
- network-manager
|
- network-manager
|
||||||
- openssh-server
|
- "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
|
||||||
- python-is-python3
|
- python-is-python3
|
||||||
- python3
|
- python3
|
||||||
- ripgrep
|
- ripgrep
|
||||||
|
|||||||
@@ -4,8 +4,9 @@
|
|||||||
{{ chroot_command }} /mnt systemctl enable NetworkManager
|
{{ chroot_command }} /mnt systemctl enable NetworkManager
|
||||||
{{ ' firewalld' if firewalld_enabled | bool else '' }}
|
{{ ' firewalld' if firewalld_enabled | bool else '' }}
|
||||||
{{
|
{{
|
||||||
' ssh' if os | lower in ['ubuntu', 'ubuntu-lts'] else
|
(' ssh' if os | lower in ['ubuntu', 'ubuntu-lts'] else
|
||||||
(' sshd' if os | lower not in ['debian11', 'debian12', 'debian13'] else '')
|
(' sshd' if os | lower not in ['debian11', 'debian12', 'debian13'] else ''))
|
||||||
|
if ssh_enabled | bool else ''
|
||||||
}}
|
}}
|
||||||
{{
|
{{
|
||||||
'logrotate systemd-resolved systemd-timesyncd systemd-networkd'
|
'logrotate systemd-resolved systemd-timesyncd systemd-networkd'
|
||||||
@@ -13,10 +14,3 @@
|
|||||||
}}
|
}}
|
||||||
register: configuration_enable_services_result
|
register: configuration_enable_services_result
|
||||||
changed_when: configuration_enable_services_result.rc == 0
|
changed_when: configuration_enable_services_result.rc == 0
|
||||||
|
|
||||||
- name: Disable firewalld when disabled
|
|
||||||
when: not firewalld_enabled | bool
|
|
||||||
ansible.builtin.command: "{{ chroot_command }} /mnt systemctl disable --now firewalld"
|
|
||||||
register: configuration_disable_firewalld_result
|
|
||||||
changed_when: configuration_disable_firewalld_result.rc == 0
|
|
||||||
failed_when: false
|
|
||||||
|
|||||||
@@ -3,9 +3,6 @@ id=LAN
|
|||||||
uuid={{ configuration_net_uuid }}
|
uuid={{ configuration_net_uuid }}
|
||||||
type=ethernet
|
type=ethernet
|
||||||
|
|
||||||
[ethernet]
|
|
||||||
mac-address={{ configuration_net_mac }}
|
|
||||||
|
|
||||||
[ipv4]
|
[ipv4]
|
||||||
{% set dns_value = vm_dns if vm_dns is defined else '' %}
|
{% set dns_value = vm_dns if vm_dns is defined else '' %}
|
||||||
{% set dns_list_raw = dns_value if dns_value is iterable and dns_value is not string else dns_value.split(',') %}
|
{% set dns_list_raw = dns_value if dns_value is iterable and dns_value is not string else dns_value.split(',') %}
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ cis: false
|
|||||||
selinux: true
|
selinux: true
|
||||||
vmware_ssh: false
|
vmware_ssh: false
|
||||||
firewalld_enabled: true
|
firewalld_enabled: true
|
||||||
|
ssh_enabled: true
|
||||||
zstd_enabled: true
|
zstd_enabled: true
|
||||||
swap_enabled: true
|
swap_enabled: true
|
||||||
chroot_command: "arch-chroot"
|
chroot_command: "arch-chroot"
|
||||||
|
|||||||
@@ -262,6 +262,16 @@
|
|||||||
- cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
|
- cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
|
||||||
- swap_enabled | bool or item.lv != 'swap'
|
- swap_enabled | bool or item.lv != 'swap'
|
||||||
vars:
|
vars:
|
||||||
|
partitioning_lvm_extent_reserve_count: 10
|
||||||
|
partitioning_lvm_extent_size_mib: 4
|
||||||
|
partitioning_lvm_extent_reserve_gb: >-
|
||||||
|
{{
|
||||||
|
(
|
||||||
|
(partitioning_lvm_extent_reserve_count | float)
|
||||||
|
* (partitioning_lvm_extent_size_mib | float)
|
||||||
|
/ 1024
|
||||||
|
) | round(2, 'ceil')
|
||||||
|
}}
|
||||||
partitioning_lvm_swap_target_gb: >-
|
partitioning_lvm_swap_target_gb: >-
|
||||||
{{
|
{{
|
||||||
(
|
(
|
||||||
@@ -304,6 +314,7 @@
|
|||||||
(partitioning_vm_size_effective | float)
|
(partitioning_vm_size_effective | float)
|
||||||
- (partitioning_reserved_gb | float)
|
- (partitioning_reserved_gb | float)
|
||||||
- (cis_enabled | ternary(7.5, 0))
|
- (cis_enabled | ternary(7.5, 0))
|
||||||
|
- partitioning_lvm_extent_reserve_gb
|
||||||
- 4
|
- 4
|
||||||
),
|
),
|
||||||
0
|
0
|
||||||
@@ -318,6 +329,7 @@
|
|||||||
(partitioning_vm_size_effective | float)
|
(partitioning_vm_size_effective | float)
|
||||||
- (partitioning_reserved_gb | float)
|
- (partitioning_reserved_gb | float)
|
||||||
- (cis_enabled | ternary(7.5, 0))
|
- (cis_enabled | ternary(7.5, 0))
|
||||||
|
- partitioning_lvm_extent_reserve_gb
|
||||||
- partitioning_lvm_swap_target_effective_gb
|
- partitioning_lvm_swap_target_effective_gb
|
||||||
) | float
|
) | float
|
||||||
}}
|
}}
|
||||||
@@ -363,6 +375,7 @@
|
|||||||
(partitioning_vm_size_effective | float)
|
(partitioning_vm_size_effective | float)
|
||||||
- (partitioning_reserved_gb | float)
|
- (partitioning_reserved_gb | float)
|
||||||
- (partitioning_lvm_swap_gb | float)
|
- (partitioning_lvm_swap_gb | float)
|
||||||
|
- partitioning_lvm_extent_reserve_gb
|
||||||
- (
|
- (
|
||||||
(partitioning_lvm_home_gb | float) + 5.5
|
(partitioning_lvm_home_gb | float) + 5.5
|
||||||
if cis_enabled
|
if cis_enabled
|
||||||
|
|||||||
Reference in New Issue
Block a user