Enable GRUB cryptodisk defaults

Fix bootstrap package list rendering
2025-12-28 00:46:09 +01:00 · 2025-12-28 00:12:37 +01:00
9 changed files with 504 additions and 660 deletions
--- a/roles/bootstrap/tasks/almalinux.yml
+++ b/roles/bootstrap/tasks/almalinux.yml
@@ -3,9 +3,8 @@
  vars:
    bootstrap_alma_extra: >-
      {{
-        (
-          lookup('vars', bootstrap_var_key)
-        )
+        lookup('vars', bootstrap_var_key)
+        | reject('equalto', '')
        | join(' ')
      }}
  ansible.builtin.command: "{{ item }}"
--- a/roles/bootstrap/tasks/archlinux.yml
+++ b/roles/bootstrap/tasks/archlinux.yml
@@ -6,6 +6,6 @@
        lookup('vars', bootstrap_var_key)
      }}
  ansible.builtin.command: >-
-    pacstrap /mnt {{ bootstrap_archlinux_packages | join(' ') }} --asexplicit
+    pacstrap /mnt {{ bootstrap_archlinux_packages | reject('equalto', '') | join(' ') }} --asexplicit
  register: bootstrap_result
  changed_when: bootstrap_result.rc == 0
--- a/roles/bootstrap/tasks/debian.yml
+++ b/roles/bootstrap/tasks/debian.yml
@@ -9,12 +9,13 @@
      }}
    bootstrap_debian_base_list: "{{ lookup('vars', bootstrap_var_key).base | default([]) }}"
    bootstrap_debian_extra_list: "{{ lookup('vars', bootstrap_var_key).extra | default([]) }}"
-    bootstrap_debian_base: "{{ bootstrap_debian_base_list | join(',') }}"
+    bootstrap_debian_base: "{{ bootstrap_debian_base_list | reject('equalto', '') | join(',') }}"
    bootstrap_debian_extra: >-
      {{
        (
          bootstrap_debian_extra_list
        )
+        | reject('equalto', '')
        | join(' ')
      }}
  ansible.builtin.command: "{{ item }}"
--- a/roles/bootstrap/tasks/fedora.yml
+++ b/roles/bootstrap/tasks/fedora.yml
@@ -3,9 +3,8 @@
  vars:
    bootstrap_fedora_extra: >-
      {{
-        (
-          lookup('vars', bootstrap_var_key)
-        )
+        lookup('vars', bootstrap_var_key)
+        | reject('equalto', '')
        | join(' ')
      }}
  ansible.builtin.command: "{{ item }}"
--- a/roles/bootstrap/tasks/rhel.yml
+++ b/roles/bootstrap/tasks/rhel.yml
@@ -55,9 +55,8 @@
        bootstrap_rhel_release: "{{ bootstrap_os_key | replace('rhel', '') }}"
        bootstrap_rhel_extra: >-
          {{
-            (
-              lookup('vars', bootstrap_var_key)
-            )
+            lookup('vars', bootstrap_var_key)
+            | reject('equalto', '')
            | join(' ')
          }}
      ansible.builtin.command: >-
--- a/roles/bootstrap/tasks/rocky.yml
+++ b/roles/bootstrap/tasks/rocky.yml
@@ -3,9 +3,8 @@
  vars:
    bootstrap_rocky_extra: >-
      {{
-        (
-          lookup('vars', bootstrap_var_key)
-        )
+        lookup('vars', bootstrap_var_key)
+        | reject('equalto', '')
        | join(' ')
      }}
  ansible.builtin.command: "{{ item }}"
--- a/roles/bootstrap/tasks/ubuntu.yml
+++ b/roles/bootstrap/tasks/ubuntu.yml
@@ -5,12 +5,13 @@
      {{ 'plucky' if bootstrap_os_key == 'ubuntu' else 'noble' }}
    bootstrap_ubuntu_base_list: "{{ lookup('vars', bootstrap_var_key).base | default([]) }}"
    bootstrap_ubuntu_extra_list: "{{ lookup('vars', bootstrap_var_key).extra | default([]) }}"
-    bootstrap_ubuntu_base: "{{ bootstrap_ubuntu_base_list | join(',') }}"
+    bootstrap_ubuntu_base: "{{ bootstrap_ubuntu_base_list | reject('equalto', '') | join(',') }}"
    bootstrap_ubuntu_extra: >-
      {{
        (
          bootstrap_ubuntu_extra_list
        )
+        | reject('equalto', '')
        | join(' ')
      }}
  ansible.builtin.command: "{{ item }}"
--- a/roles/bootstrap/vars/main.yml
+++ b/roles/bootstrap/vars/main.yml
--- a/roles/configuration/tasks/grub.yml
+++ b/roles/configuration/tasks/grub.yml
@@ -1,18 +1,15 @@
 ---
- name: Configure grub
+- name: Configure grub defaults
  when: not is_rhel | default(false)
-  block:
-    - name: Add commandline information to grub config
-      ansible.builtin.lineinfile:
-        dest: /mnt/etc/default/grub
-        regexp: ^GRUB_CMDLINE_LINUX_DEFAULT=
-        line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3"
-
-    - name: Change Grub time
-      ansible.builtin.lineinfile:
-        dest: /mnt/etc/default/grub
-        regexp: ^GRUB_TIMEOUT=
-        line: GRUB_TIMEOUT=1
+  ansible.builtin.lineinfile:
+    dest: /mnt/etc/default/grub
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  loop:
+    - regexp: ^GRUB_CMDLINE_LINUX_DEFAULT=
+      line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3"
+    - regexp: ^GRUB_TIMEOUT=
+      line: GRUB_TIMEOUT=1

 - name: Ensure grub defaults file exists for RHEL-based systems
  when: is_rhel | default(false)
@@ -70,7 +67,7 @@
        dest: /mnt/etc/default/grub
        mode: "0644"
        content: |
-          GRUB_TIMEOUT=5
+          GRUB_TIMEOUT=1
          GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
          GRUB_DEFAULT=saved
          GRUB_DISABLE_SUBMENU=true
@@ -107,3 +104,11 @@
      loop: "{{ configuration_grub_bls_entries.files }}"
      loop_control:
        label: "{{ item.path }}"
+
+- name: Enable GRUB cryptodisk for encrypted /boot
+  when:
+    - partitioning_luks_enabled | default(luks_enabled | default(false)) | bool
+  ansible.builtin.lineinfile:
+    path: /mnt/etc/default/grub
+    regexp: '^GRUB_ENABLE_CRYPTODISK='
+    line: GRUB_ENABLE_CRYPTODISK=y
Author	SHA1	Message	Date
Sandwich	415fc5a26b	Enable GRUB cryptodisk defaults	2025-12-28 00:46:09 +01:00
Sandwich	aaada3a826	Fix bootstrap package list rendering	2025-12-28 00:12:37 +01:00