sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: sandwich:82a1548b2eb9ac72cf952db91fb3a61106683113
Branches Tags
sandwich:master
..
compare: sandwich:696df925c6ae0dbcf5b1c77e57df09905970a806
Branches Tags
sandwich:master

6 Commits
82a1548b2e ... 696df925c6

Author SHA1 Message Date
Sandwich
696df925c6 Update LVM swap sizing policy 2026-01-02 16:29:24 +01:00
Sandwich
65ef8cb1ca Enforce 20GiB minimum vm_size 2026-01-02 16:18:14 +01:00
Sandwich
396d802dc3 Enable full-disk LVM root sizing 2026-01-02 16:11:06 +01:00
Sandwich
90cc9add01 Use systemd module and link timezone 2026-01-02 16:10:50 +01:00
Sandwich
eeaf3b0f0a Document partitioning overrides and inventory host vars 2026-01-02 16:10:50 +01:00
Sandwich
0a76e07b39 Fix post-reboot extra packages task 2026-01-02 15:55:27 +01:00
6 changed files with 118 additions and 57 deletions
Expand all files Collapse all files

17
README.md
View File

@@ -105,7 +105,7 @@ These are required when `hypervisor: vmware` uses the `vmware_tools` connection.
| `luks_passphrase` | Passphrase used for initial LUKS format/unlock. | `1234` | | `luks_passphrase` | Passphrase used for initial LUKS format/unlock. | `1234` |
| `luks_mapper_name` | Decrypted mapper name. | `SYSTEM_DECRYPTED` | | `luks_mapper_name` | Decrypted mapper name. | `SYSTEM_DECRYPTED` |
| `luks_auto_decrypt` | Enable automatic unlock on boot. | `true`, `false` | | `luks_auto_decrypt` | Enable automatic unlock on boot. | `true`, `false` |
| `luks_auto_decrypt_method` | Auto-unlock method. | `tpm2`, `keyfile` | | `luks_auto_decrypt_method` | Auto-unlock method. | `tpm2`, `keyfile`, `manual` |
| `luks_tpm2_device` | TPM2 device for enrollment. | `auto` | | `luks_tpm2_device` | TPM2 device for enrollment. | `auto` |
| `luks_tpm2_pcrs` | TPM2 PCR list (systemd-cryptenroll). | `7` | | `luks_tpm2_pcrs` | TPM2 PCR list (systemd-cryptenroll). | `7` |
| `luks_keyfile_size` | Keyfile size in bytes for initramfs. | `64` | | `luks_keyfile_size` | Keyfile size in bytes for initramfs. | `64` |
@@ -119,6 +119,18 @@ These are required when `hypervisor: vmware` uses the `vmware_tools` connection.
| `luks_use_urandom` | Reserved; module uses cryptsetup defaults. | `true` | | `luks_use_urandom` | Reserved; module uses cryptsetup defaults. | `true` |
| `luks_verify_passphrase` | Reserved; module uses cryptsetup defaults. | `true` | | `luks_verify_passphrase` | Reserved; module uses cryptsetup defaults. | `true` |
### 2.5 Partitioning Overrides (advanced)
Use these only when you need to override the default layout logic.
| Variable | Description | Example Value |
| ---------------------------- | -------------------------------------------------------- | ------------- |
| `partitioning_efi_size_mib` | ESP size in MiB. | `512` |
| `partitioning_boot_size_mib` | `/boot` size in MiB when a separate boot is used. | `1024` |
| `partitioning_separate_boot` | Force a separate `/boot` partition. | `true` |
| `partitioning_boot_fs_fstype` | Filesystem for `/boot` when separate. | `ext4` |
| `partitioning_use_full_disk` | Use remaining LVM space for the root volume. | `true` |
To protect sensitive information, such as passwords, API keys, and other confidential variables (e.g., `hypervisor_password`), **it is recommended to use Ansible Vault**. To protect sensitive information, such as passwords, API keys, and other confidential variables (e.g., `hypervisor_password`), **it is recommended to use Ansible Vault**.
## 3. Inventory Variables ## 3. Inventory Variables
@@ -129,6 +141,7 @@ Inventory variables are defined for individual hosts or VMs in the inventory fil
| Variable | Description | Example Value | | Variable | Description | Example Value |
| ------------ | -------------------------------------- | ---------------------- | | ------------ | -------------------------------------- | ---------------------- |
| `ansible_host` | Ansible connection address for the host. | `192.168.0.10` |
| `os` | Operating system to be installed. | `ubuntu-lts` | | `os` | Operating system to be installed. | `ubuntu-lts` |
| `filesystem` | Filesystem type for the root volume. | `btrfs`, `ext4`, `xfs` | | `filesystem` | Filesystem type for the root volume. | `btrfs`, `ext4`, `xfs` |
| `hostname` | The hostname assigned to the system. | `vm01` | | `hostname` | The hostname assigned to the system. | `vm01` |
@@ -160,7 +173,7 @@ These are prompted by default via `vars_prompt` in `main.yml`, but can be suppli
| Variable | Description | Example Value | | Variable | Description | Example Value |
| ----------- | --------------------------------- | ------------- | | ----------- | --------------------------------- | ------------- |
| `vm_id` | Unique identifier for the VM. | `101` | | `vm_id` | Unique identifier for the VM. | `101` |
| `vm_size` | Disk size allocated in GB. | `20` | | `vm_size` | Disk size allocated in GB (min 20). | `20` |
| `vm_memory` | Amount of memory in MB. | `2048` | | `vm_memory` | Amount of memory in MB. | `2048` |
| `vm_cpus` | Number of CPU cores (virtual installs). | `4` | | `vm_cpus` | Number of CPU cores (virtual installs). | `4` |
| `vm_ballo` | Ballooning memory size (optional).| `2048` | | `vm_ballo` | Ballooning memory size (optional).| `2048` |

34
main.yml
View File

@@ -80,25 +80,23 @@
ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
- name: Install post-reboot extra packages - name: Install post-reboot extra packages
vars:
post_install_extra_packages: >-
{{
(
extra_packages
if (extra_packages is iterable and extra_packages is not string)
else (extra_packages | string).split(',')
)
| map('trim')
| reject('equalto', '')
| list
}}
when: when:
- post_reboot_can_connect | bool - post_reboot_can_connect | bool
- extra_packages is defined - extra_packages is defined
- extra_packages | length > 0 - extra_packages | length > 0
block: - post_install_extra_packages | length > 0
- name: Install extra packages ansible.builtin.package:
vars: name: "{{ post_install_extra_packages }}"
post_install_extra_packages: >- state: present
{{
(
extra_packages
if (extra_packages is iterable and extra_packages is not string)
else (extra_packages | string).split(',')
)
| map('trim')
| reject('equalto', '')
| list
}}
when: post_install_extra_packages | length > 0
ansible.builtin.package:
name: "{{ post_install_extra_packages }}"
state: present

15
roles/configuration/tasks/locales.yml
View File

@@ -1,11 +1,14 @@
--- ---
- name: Reload systemd in installer environment
ansible.builtin.systemd:
daemon_reload: true
- name: Set local timezone - name: Set local timezone
ansible.builtin.command: "{{ item }}" ansible.builtin.file:
loop: src: /usr/share/zoneinfo/Europe/Vienna
- systemctl daemon-reload dest: /mnt/etc/localtime
- arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime state: link
register: configuration_timezone_result force: true
changed_when: configuration_timezone_result.rc == 0
- name: Setup locales - name: Setup locales
block: block:

25
roles/global_defaults/tasks/main.yml
View File

@@ -52,10 +52,7 @@
install_type == "physical" install_type == "physical"
or ( or (
vm_size is defined vm_size is defined
and ( and (vm_size | int) >= 20
(filesystem == "btrfs" and (vm_size | int) >= 10)
or (filesystem != "btrfs" and (vm_size | int) >= 20)
)
) )
) )
- >- - >-
@@ -64,15 +61,19 @@
or ( or (
vm_size is defined vm_size is defined
and vm_memory is defined and vm_memory is defined
and filesystem is defined
and ( and (
(vm_size | float) filesystem != "btrfs"
>= ( or (
(vm_memory | float / 1024 >= 16.0) (vm_size | float)
| ternary( >= (
(vm_memory | float / 2048), (vm_memory | float / 1024 >= 16.0)
[vm_memory | float / 1024, 4.0] | max | ternary(
) (vm_memory | float / 2048),
+ 16 [vm_memory | float / 1024, 4.0] | max
)
+ 5.5
)
) )
) )
) )

1
roles/partitioning/defaults/main.yml
View File

@@ -22,6 +22,7 @@ partitioning_efi_size_mib: 512
partitioning_efi_start_mib: 1 partitioning_efi_start_mib: 1
partitioning_efi_end_mib: "{{ (partitioning_efi_start_mib | int) + (partitioning_efi_size_mib | int) }}" partitioning_efi_end_mib: "{{ (partitioning_efi_start_mib | int) + (partitioning_efi_size_mib | int) }}"
partitioning_boot_size_mib: 1024 partitioning_boot_size_mib: 1024
partitioning_use_full_disk: true
partitioning_separate_boot: >- partitioning_separate_boot: >-
{{ {{
(partitioning_luks_enabled | bool) (partitioning_luks_enabled | bool)

83
roles/partitioning/tasks/main.yml
View File

@@ -261,13 +261,37 @@
vars: vars:
partitioning_lvm_swap_target_gb: >- partitioning_lvm_swap_target_gb: >-
{{ {{
( [
((partitioning_vm_memory_effective | float / 1024) > 16.0) (partitioning_vm_memory_effective | float / 1024),
| ternary( 4
(partitioning_vm_memory_effective | float / 2048) | int, ] | max | float
(partitioning_vm_memory_effective | float / 1024) }}
) partitioning_lvm_swap_cap_gb: >-
) | float {{
4
+ [
(partitioning_vm_size_effective | float) - 20,
0
] | max
}}
partitioning_lvm_swap_target_effective_gb: >-
{{
[
partitioning_lvm_swap_target_gb,
partitioning_lvm_swap_cap_gb
] | min
}}
partitioning_lvm_swap_max_gb: >-
{{
[
(
(partitioning_vm_size_effective | float)
- (partitioning_reserved_gb | float)
- (cis_enabled | ternary(7.5, 0))
- 4
),
0
] | max
}} }}
partitioning_lvm_available_gb: >- partitioning_lvm_available_gb: >-
{{ {{
@@ -275,10 +299,14 @@
(partitioning_vm_size_effective | float) (partitioning_vm_size_effective | float)
- (partitioning_reserved_gb | float) - (partitioning_reserved_gb | float)
- (cis_enabled | ternary(7.5, 0)) - (cis_enabled | ternary(7.5, 0))
- partitioning_lvm_swap_target_gb - partitioning_lvm_swap_target_effective_gb
) | float ) | float
}} }}
partitioning_lvm_root_gb: >- partitioning_lvm_home_gb: >-
{{
([([(((partitioning_vm_size_effective | float) - 20) * 0.1), 2] | max), 20] | min)
}}
partitioning_lvm_root_default_gb: >-
{{ {{
[ [
( (
@@ -300,15 +328,32 @@
}} }}
partitioning_lvm_swap_gb: >- partitioning_lvm_swap_gb: >-
{{ {{
((partitioning_lvm_available_gb | float) < 4) [
| ternary( partitioning_lvm_swap_target_effective_gb,
( partitioning_lvm_swap_max_gb
(partitioning_lvm_available_gb | float) ] | min | round(2, 'floor')
+ (partitioning_lvm_swap_target_gb | float) }}
- 4 partitioning_lvm_root_full_gb: >-
), {{
partitioning_lvm_swap_target_gb [
) (
(partitioning_vm_size_effective | float)
- (partitioning_reserved_gb | float)
- (partitioning_lvm_swap_gb | float)
- (
(partitioning_lvm_home_gb | float) + 5.5
if cis_enabled
else 0
)
),
4
] | max | round(2, 'floor')
}}
partitioning_lvm_root_gb: >-
{{
partitioning_lvm_root_full_gb
if partitioning_use_full_disk | bool
else partitioning_lvm_root_default_gb
}} }}
community.general.lvol: community.general.lvol:
vg: sys vg: sys
@@ -321,7 +366,7 @@
- lv: swap - lv: swap
size: "{{ partitioning_lvm_swap_gb | string + 'G' }}" size: "{{ partitioning_lvm_swap_gb | string + 'G' }}"
- lv: home - lv: home
size: "{{ ([([(((partitioning_vm_size_effective | float) - 20) * 0.1), 2] | max), 20] | min) | string + 'G' }}" size: "{{ partitioning_lvm_home_gb | string + 'G' }}"
- {lv: var, size: "2G"} - {lv: var, size: "2G"}
- {lv: var_log, size: "2G"} - {lv: var_log, size: "2G"}
- {lv: var_log_audit, size: "1.5G"} - {lv: var_log_audit, size: "1.5G"}