Compare commits
6 Commits
82a1548b2e
...
696df925c6
| Author | SHA1 | Date | |
|---|---|---|---|
| 696df925c6 | |||
| 65ef8cb1ca | |||
| 396d802dc3 | |||
| 90cc9add01 | |||
| eeaf3b0f0a | |||
| 0a76e07b39 |
17
README.md
17
README.md
@@ -105,7 +105,7 @@ These are required when `hypervisor: vmware` uses the `vmware_tools` connection.
|
||||
| `luks_passphrase` | Passphrase used for initial LUKS format/unlock. | `1234` |
|
||||
| `luks_mapper_name` | Decrypted mapper name. | `SYSTEM_DECRYPTED` |
|
||||
| `luks_auto_decrypt` | Enable automatic unlock on boot. | `true`, `false` |
|
||||
| `luks_auto_decrypt_method` | Auto-unlock method. | `tpm2`, `keyfile` |
|
||||
| `luks_auto_decrypt_method` | Auto-unlock method. | `tpm2`, `keyfile`, `manual` |
|
||||
| `luks_tpm2_device` | TPM2 device for enrollment. | `auto` |
|
||||
| `luks_tpm2_pcrs` | TPM2 PCR list (systemd-cryptenroll). | `7` |
|
||||
| `luks_keyfile_size` | Keyfile size in bytes for initramfs. | `64` |
|
||||
@@ -119,6 +119,18 @@ These are required when `hypervisor: vmware` uses the `vmware_tools` connection.
|
||||
| `luks_use_urandom` | Reserved; module uses cryptsetup defaults. | `true` |
|
||||
| `luks_verify_passphrase` | Reserved; module uses cryptsetup defaults. | `true` |
|
||||
|
||||
### 2.5 Partitioning Overrides (advanced)
|
||||
|
||||
Use these only when you need to override the default layout logic.
|
||||
|
||||
| Variable | Description | Example Value |
|
||||
| ---------------------------- | -------------------------------------------------------- | ------------- |
|
||||
| `partitioning_efi_size_mib` | ESP size in MiB. | `512` |
|
||||
| `partitioning_boot_size_mib` | `/boot` size in MiB when a separate boot is used. | `1024` |
|
||||
| `partitioning_separate_boot` | Force a separate `/boot` partition. | `true` |
|
||||
| `partitioning_boot_fs_fstype` | Filesystem for `/boot` when separate. | `ext4` |
|
||||
| `partitioning_use_full_disk` | Use remaining LVM space for the root volume. | `true` |
|
||||
|
||||
To protect sensitive information, such as passwords, API keys, and other confidential variables (e.g., `hypervisor_password`), **it is recommended to use Ansible Vault**.
|
||||
|
||||
## 3. Inventory Variables
|
||||
@@ -129,6 +141,7 @@ Inventory variables are defined for individual hosts or VMs in the inventory fil
|
||||
|
||||
| Variable | Description | Example Value |
|
||||
| ------------ | -------------------------------------- | ---------------------- |
|
||||
| `ansible_host` | Ansible connection address for the host. | `192.168.0.10` |
|
||||
| `os` | Operating system to be installed. | `ubuntu-lts` |
|
||||
| `filesystem` | Filesystem type for the root volume. | `btrfs`, `ext4`, `xfs` |
|
||||
| `hostname` | The hostname assigned to the system. | `vm01` |
|
||||
@@ -160,7 +173,7 @@ These are prompted by default via `vars_prompt` in `main.yml`, but can be suppli
|
||||
| Variable | Description | Example Value |
|
||||
| ----------- | --------------------------------- | ------------- |
|
||||
| `vm_id` | Unique identifier for the VM. | `101` |
|
||||
| `vm_size` | Disk size allocated in GB. | `20` |
|
||||
| `vm_size` | Disk size allocated in GB (min 20). | `20` |
|
||||
| `vm_memory` | Amount of memory in MB. | `2048` |
|
||||
| `vm_cpus` | Number of CPU cores (virtual installs). | `4` |
|
||||
| `vm_ballo` | Ballooning memory size (optional).| `2048` |
|
||||
|
||||
34
main.yml
34
main.yml
@@ -80,25 +80,23 @@
|
||||
ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
|
||||
|
||||
- name: Install post-reboot extra packages
|
||||
vars:
|
||||
post_install_extra_packages: >-
|
||||
{{
|
||||
(
|
||||
extra_packages
|
||||
if (extra_packages is iterable and extra_packages is not string)
|
||||
else (extra_packages | string).split(',')
|
||||
)
|
||||
| map('trim')
|
||||
| reject('equalto', '')
|
||||
| list
|
||||
}}
|
||||
when:
|
||||
- post_reboot_can_connect | bool
|
||||
- extra_packages is defined
|
||||
- extra_packages | length > 0
|
||||
block:
|
||||
- name: Install extra packages
|
||||
vars:
|
||||
post_install_extra_packages: >-
|
||||
{{
|
||||
(
|
||||
extra_packages
|
||||
if (extra_packages is iterable and extra_packages is not string)
|
||||
else (extra_packages | string).split(',')
|
||||
)
|
||||
| map('trim')
|
||||
| reject('equalto', '')
|
||||
| list
|
||||
}}
|
||||
when: post_install_extra_packages | length > 0
|
||||
ansible.builtin.package:
|
||||
name: "{{ post_install_extra_packages }}"
|
||||
state: present
|
||||
- post_install_extra_packages | length > 0
|
||||
ansible.builtin.package:
|
||||
name: "{{ post_install_extra_packages }}"
|
||||
state: present
|
||||
|
||||
@@ -1,11 +1,14 @@
|
||||
---
|
||||
- name: Reload systemd in installer environment
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
|
||||
- name: Set local timezone
|
||||
ansible.builtin.command: "{{ item }}"
|
||||
loop:
|
||||
- systemctl daemon-reload
|
||||
- arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime
|
||||
register: configuration_timezone_result
|
||||
changed_when: configuration_timezone_result.rc == 0
|
||||
ansible.builtin.file:
|
||||
src: /usr/share/zoneinfo/Europe/Vienna
|
||||
dest: /mnt/etc/localtime
|
||||
state: link
|
||||
force: true
|
||||
|
||||
- name: Setup locales
|
||||
block:
|
||||
|
||||
@@ -52,10 +52,7 @@
|
||||
install_type == "physical"
|
||||
or (
|
||||
vm_size is defined
|
||||
and (
|
||||
(filesystem == "btrfs" and (vm_size | int) >= 10)
|
||||
or (filesystem != "btrfs" and (vm_size | int) >= 20)
|
||||
)
|
||||
and (vm_size | int) >= 20
|
||||
)
|
||||
)
|
||||
- >-
|
||||
@@ -64,15 +61,19 @@
|
||||
or (
|
||||
vm_size is defined
|
||||
and vm_memory is defined
|
||||
and filesystem is defined
|
||||
and (
|
||||
(vm_size | float)
|
||||
>= (
|
||||
(vm_memory | float / 1024 >= 16.0)
|
||||
| ternary(
|
||||
(vm_memory | float / 2048),
|
||||
[vm_memory | float / 1024, 4.0] | max
|
||||
)
|
||||
+ 16
|
||||
filesystem != "btrfs"
|
||||
or (
|
||||
(vm_size | float)
|
||||
>= (
|
||||
(vm_memory | float / 1024 >= 16.0)
|
||||
| ternary(
|
||||
(vm_memory | float / 2048),
|
||||
[vm_memory | float / 1024, 4.0] | max
|
||||
)
|
||||
+ 5.5
|
||||
)
|
||||
)
|
||||
)
|
||||
)
|
||||
|
||||
@@ -22,6 +22,7 @@ partitioning_efi_size_mib: 512
|
||||
partitioning_efi_start_mib: 1
|
||||
partitioning_efi_end_mib: "{{ (partitioning_efi_start_mib | int) + (partitioning_efi_size_mib | int) }}"
|
||||
partitioning_boot_size_mib: 1024
|
||||
partitioning_use_full_disk: true
|
||||
partitioning_separate_boot: >-
|
||||
{{
|
||||
(partitioning_luks_enabled | bool)
|
||||
|
||||
@@ -261,13 +261,37 @@
|
||||
vars:
|
||||
partitioning_lvm_swap_target_gb: >-
|
||||
{{
|
||||
(
|
||||
((partitioning_vm_memory_effective | float / 1024) > 16.0)
|
||||
| ternary(
|
||||
(partitioning_vm_memory_effective | float / 2048) | int,
|
||||
(partitioning_vm_memory_effective | float / 1024)
|
||||
)
|
||||
) | float
|
||||
[
|
||||
(partitioning_vm_memory_effective | float / 1024),
|
||||
4
|
||||
] | max | float
|
||||
}}
|
||||
partitioning_lvm_swap_cap_gb: >-
|
||||
{{
|
||||
4
|
||||
+ [
|
||||
(partitioning_vm_size_effective | float) - 20,
|
||||
0
|
||||
] | max
|
||||
}}
|
||||
partitioning_lvm_swap_target_effective_gb: >-
|
||||
{{
|
||||
[
|
||||
partitioning_lvm_swap_target_gb,
|
||||
partitioning_lvm_swap_cap_gb
|
||||
] | min
|
||||
}}
|
||||
partitioning_lvm_swap_max_gb: >-
|
||||
{{
|
||||
[
|
||||
(
|
||||
(partitioning_vm_size_effective | float)
|
||||
- (partitioning_reserved_gb | float)
|
||||
- (cis_enabled | ternary(7.5, 0))
|
||||
- 4
|
||||
),
|
||||
0
|
||||
] | max
|
||||
}}
|
||||
partitioning_lvm_available_gb: >-
|
||||
{{
|
||||
@@ -275,10 +299,14 @@
|
||||
(partitioning_vm_size_effective | float)
|
||||
- (partitioning_reserved_gb | float)
|
||||
- (cis_enabled | ternary(7.5, 0))
|
||||
- partitioning_lvm_swap_target_gb
|
||||
- partitioning_lvm_swap_target_effective_gb
|
||||
) | float
|
||||
}}
|
||||
partitioning_lvm_root_gb: >-
|
||||
partitioning_lvm_home_gb: >-
|
||||
{{
|
||||
([([(((partitioning_vm_size_effective | float) - 20) * 0.1), 2] | max), 20] | min)
|
||||
}}
|
||||
partitioning_lvm_root_default_gb: >-
|
||||
{{
|
||||
[
|
||||
(
|
||||
@@ -300,15 +328,32 @@
|
||||
}}
|
||||
partitioning_lvm_swap_gb: >-
|
||||
{{
|
||||
((partitioning_lvm_available_gb | float) < 4)
|
||||
| ternary(
|
||||
(
|
||||
(partitioning_lvm_available_gb | float)
|
||||
+ (partitioning_lvm_swap_target_gb | float)
|
||||
- 4
|
||||
),
|
||||
partitioning_lvm_swap_target_gb
|
||||
)
|
||||
[
|
||||
partitioning_lvm_swap_target_effective_gb,
|
||||
partitioning_lvm_swap_max_gb
|
||||
] | min | round(2, 'floor')
|
||||
}}
|
||||
partitioning_lvm_root_full_gb: >-
|
||||
{{
|
||||
[
|
||||
(
|
||||
(partitioning_vm_size_effective | float)
|
||||
- (partitioning_reserved_gb | float)
|
||||
- (partitioning_lvm_swap_gb | float)
|
||||
- (
|
||||
(partitioning_lvm_home_gb | float) + 5.5
|
||||
if cis_enabled
|
||||
else 0
|
||||
)
|
||||
),
|
||||
4
|
||||
] | max | round(2, 'floor')
|
||||
}}
|
||||
partitioning_lvm_root_gb: >-
|
||||
{{
|
||||
partitioning_lvm_root_full_gb
|
||||
if partitioning_use_full_disk | bool
|
||||
else partitioning_lvm_root_default_gb
|
||||
}}
|
||||
community.general.lvol:
|
||||
vg: sys
|
||||
@@ -321,7 +366,7 @@
|
||||
- lv: swap
|
||||
size: "{{ partitioning_lvm_swap_gb | string + 'G' }}"
|
||||
- lv: home
|
||||
size: "{{ ([([(((partitioning_vm_size_effective | float) - 20) * 0.1), 2] | max), 20] | min) | string + 'G' }}"
|
||||
size: "{{ partitioning_lvm_home_gb | string + 'G' }}"
|
||||
- {lv: var, size: "2G"}
|
||||
- {lv: var_log, size: "2G"}
|
||||
- {lv: var_log_audit, size: "1.5G"}
|
||||
|
||||
Reference in New Issue
Block a user