Compare commits
3 Commits
f967ea1c3b
...
e8f609dd03
Author | SHA1 | Date | |
---|---|---|---|
e8f609dd03 | |||
a599e26a63 | |||
3085ebc336 |
1
main.yml
1
main.yml
@ -43,6 +43,7 @@
|
|||||||
- os in ["archlinux", "almalinux", "debian11", "debian12", "fedora", "rhel8", "rhel9", "rocky", "ubuntu", "ubuntu-lts"]
|
- os in ["archlinux", "almalinux", "debian11", "debian12", "fedora", "rhel8", "rhel9", "rocky", "ubuntu", "ubuntu-lts"]
|
||||||
- os not in ["rhel8", "rhel9"] or rhel_iso is defined
|
- os not in ["rhel8", "rhel9"] or rhel_iso is defined
|
||||||
- (filesystem == "btrfs" and (vm_size | int) >= 10) or (filesystem != "btrfs" and (vm_size | int) >= 20)
|
- (filesystem == "btrfs" and (vm_size | int) >= 10) or (filesystem != "btrfs" and (vm_size | int) >= 20)
|
||||||
|
- (vm_size | float) >= ((vm_memory | float / 1024 >= 16.0) | ternary((vm_memory | float / 2048), [vm_memory | float / 1024, 4.0] | max) + 16)
|
||||||
fail_msg: Invalid input specified, please try again.
|
fail_msg: Invalid input specified, please try again.
|
||||||
|
|
||||||
- name: Set connection
|
- name: Set connection
|
||||||
|
@ -53,6 +53,7 @@ archlinux:
|
|||||||
- sudo
|
- sudo
|
||||||
- vim
|
- vim
|
||||||
- wireguard-tools
|
- wireguard-tools
|
||||||
|
- zram-generator
|
||||||
|
|
||||||
debian11:
|
debian11:
|
||||||
base:
|
base:
|
||||||
@ -72,6 +73,7 @@ debian11:
|
|||||||
- openssh-server
|
- openssh-server
|
||||||
- python3
|
- python3
|
||||||
- sudo
|
- sudo
|
||||||
|
- systemd-zram-generator
|
||||||
- xfsprogs
|
- xfsprogs
|
||||||
|
|
||||||
extra:
|
extra:
|
||||||
@ -131,6 +133,7 @@ debian12:
|
|||||||
- screen
|
- screen
|
||||||
- software-properties-common
|
- software-properties-common
|
||||||
- sudo
|
- sudo
|
||||||
|
- systemd-zram-generator
|
||||||
- syslog-ng
|
- syslog-ng
|
||||||
- tcpd
|
- tcpd
|
||||||
- vim
|
- vim
|
||||||
@ -160,6 +163,7 @@ fedora:
|
|||||||
- telnet
|
- telnet
|
||||||
- vim-default-editor
|
- vim-default-editor
|
||||||
- wget
|
- wget
|
||||||
|
- zram-generator
|
||||||
- zstd
|
- zstd
|
||||||
|
|
||||||
rhel8:
|
rhel8:
|
||||||
@ -174,6 +178,7 @@ rhel8:
|
|||||||
- shim
|
- shim
|
||||||
- telnet
|
- telnet
|
||||||
- vim
|
- vim
|
||||||
|
- zram-generator
|
||||||
- zstd
|
- zstd
|
||||||
|
|
||||||
rhel9:
|
rhel9:
|
||||||
@ -188,6 +193,7 @@ rhel9:
|
|||||||
- shim
|
- shim
|
||||||
- telnet
|
- telnet
|
||||||
- vim
|
- vim
|
||||||
|
- zram-generator
|
||||||
- zstd
|
- zstd
|
||||||
|
|
||||||
rocky:
|
rocky:
|
||||||
@ -211,6 +217,7 @@ rocky:
|
|||||||
- util-linux-core
|
- util-linux-core
|
||||||
- vim
|
- vim
|
||||||
- wget
|
- wget
|
||||||
|
- zram-generator
|
||||||
- zstd
|
- zstd
|
||||||
|
|
||||||
ubuntu:
|
ubuntu:
|
||||||
@ -225,6 +232,7 @@ ubuntu:
|
|||||||
- linux-image-generic
|
- linux-image-generic
|
||||||
- locales
|
- locales
|
||||||
- lvm2
|
- lvm2
|
||||||
|
- systemd-zram-generator
|
||||||
- xfsprogs
|
- xfsprogs
|
||||||
|
|
||||||
extra:
|
extra:
|
||||||
@ -268,6 +276,7 @@ ubuntu-lts:
|
|||||||
- linux-image-generic
|
- linux-image-generic
|
||||||
- locales
|
- locales
|
||||||
- lvm2
|
- lvm2
|
||||||
|
- systemd-zram-generator
|
||||||
- xfsprogs
|
- xfsprogs
|
||||||
|
|
||||||
extra:
|
extra:
|
||||||
|
@ -1,9 +1,4 @@
|
|||||||
---
|
---
|
||||||
- name: Unmount /mnt recursively
|
|
||||||
ansible.builtin.command: umount -l /mnt
|
|
||||||
changed_when: result.rc == 0
|
|
||||||
register: result
|
|
||||||
|
|
||||||
- name: Setup Cleanup
|
- name: Setup Cleanup
|
||||||
when: hypervisor == "proxmox"
|
when: hypervisor == "proxmox"
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
@ -154,6 +154,14 @@
|
|||||||
changed_when: result.rc == 0
|
changed_when: result.rc == 0
|
||||||
register: result
|
register: result
|
||||||
|
|
||||||
|
- name: Ensure lvm2 for non btrfs filesystems
|
||||||
|
when: os | lower == "archlinux" and filesystem != "btrfs"
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /mnt/etc/mkinitcpio.conf
|
||||||
|
regexp: '^(HOOKS=.*block)(?!.*lvm2)(.*)'
|
||||||
|
line: '\1 lvm2\2'
|
||||||
|
backrefs: true
|
||||||
|
|
||||||
- name: Regenerate initramfs
|
- name: Regenerate initramfs
|
||||||
when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"]
|
when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"]
|
||||||
ansible.builtin.command: arch-chroot /mnt
|
ansible.builtin.command: arch-chroot /mnt
|
||||||
@ -193,6 +201,17 @@
|
|||||||
marker: ""
|
marker: ""
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
|
|
||||||
|
- name: Create zram config
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: /mnt/etc/systemd/zram-generator.conf
|
||||||
|
content: |
|
||||||
|
[zram0]
|
||||||
|
zram-size = ram / 2
|
||||||
|
compression-algorithm = zstd
|
||||||
|
swap-priority = 100
|
||||||
|
fs-type = swap
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
- name: Copy FirstRun Script
|
- name: Copy FirstRun Script
|
||||||
when: os | lower != "archlinux"
|
when: os | lower != "archlinux"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
@ -21,25 +21,33 @@
|
|||||||
register: result
|
register: result
|
||||||
|
|
||||||
- name: Make root subvolumes
|
- name: Make root subvolumes
|
||||||
when: cis | bool or item.subvol not in ['var_log', 'var_log_audit']
|
when: cis | bool or item.subvol not in ['var_log_audit']
|
||||||
ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
|
ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
|
||||||
changed_when: result.rc == 0
|
changed_when: result.rc == 0
|
||||||
register: result
|
register: result
|
||||||
loop:
|
loop:
|
||||||
- { subvol: root }
|
- { subvol: root }
|
||||||
|
- { subvol: swap }
|
||||||
- { subvol: home }
|
- { subvol: home }
|
||||||
- { subvol: var }
|
- { subvol: var }
|
||||||
- { subvol: var_log }
|
- { subvol: var_log }
|
||||||
- { subvol: var_log_audit }
|
- { subvol: var_log_audit }
|
||||||
|
|
||||||
- name: Set quotas for subvolumes
|
- name: Set quotas for subvolumes
|
||||||
when: cis | bool or item.subvol not in ['var_log', 'var_log_audit']
|
when: cis | bool or item.subvol not in ['var_log_audit']
|
||||||
ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
|
ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
|
||||||
changed_when: result.rc == 0
|
changed_when: result.rc == 0
|
||||||
register: result
|
register: result
|
||||||
loop:
|
loop:
|
||||||
- { subvol: home, quota: 2G }
|
- { subvol: home, quota: 2G }
|
||||||
|
|
||||||
|
- name: Create a Btrfs swap file
|
||||||
|
ansible.builtin.command: >-
|
||||||
|
btrfs filesystem mkswapfile --size {{ ((vm_memory | float / 1024 >= 16.0) | ternary((vm_memory
|
||||||
|
| float / 2048) | int, [vm_memory | float / 1024, 4.0] | max) | int) }}g --uuid clear /mnt/@swap/swapfile
|
||||||
|
changed_when: result.rc == 0
|
||||||
|
register: result
|
||||||
|
|
||||||
- name: Unmount Partition
|
- name: Unmount Partition
|
||||||
ansible.posix.mount:
|
ansible.posix.mount:
|
||||||
path: /mnt
|
path: /mnt
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
- name: Create and format ext4 logical volumes
|
- name: Create and format ext4 logical volumes
|
||||||
when: cis | bool or item.lv not in ['var_log', 'var_log_audit']
|
when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
|
||||||
community.general.filesystem:
|
community.general.filesystem:
|
||||||
dev: /dev/sys/{{ item.lv }}
|
dev: /dev/sys/{{ item.lv }}
|
||||||
fstype: ext4
|
fstype: ext4
|
||||||
@ -13,7 +13,7 @@
|
|||||||
- { lv: var_log_audit }
|
- { lv: var_log_audit }
|
||||||
|
|
||||||
- name: Remove Unsupported features for older Systems
|
- name: Remove Unsupported features for older Systems
|
||||||
when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky']) and (cis | bool or item.lv not in ['var_log', 'var_log_audit'])
|
when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky']) and (cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'])
|
||||||
ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}"
|
ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}"
|
||||||
changed_when: result.rc == 0
|
changed_when: result.rc == 0
|
||||||
register: result
|
register: result
|
||||||
|
@ -36,19 +36,22 @@
|
|||||||
pvs: "{{ install_drive }}{{ main_partition_suffix }}"
|
pvs: "{{ install_drive }}{{ main_partition_suffix }}"
|
||||||
|
|
||||||
- name: Create LVM logical volumes
|
- name: Create LVM logical volumes
|
||||||
when: cis | bool or item.lv not in ['var_log', 'var_log_audit']
|
when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
|
||||||
community.general.lvol:
|
community.general.lvol:
|
||||||
vg: sys
|
vg: sys
|
||||||
lv: "{{ item.lv }}"
|
lv: "{{ item.lv }}"
|
||||||
size: "{{ item.size }}"
|
size: "{{ item.size }}"
|
||||||
state: present
|
state: present
|
||||||
loop:
|
loop:
|
||||||
- { lv: root, size: "{{ '12G' if (vm_size | int * 0.4) < 12
|
- { lv: root, size: "{{ [(vm_size | float) - 0.5 - (((vm_memory | float / 1024) >= 16.0)
|
||||||
else (vm_size | int * 0.4) | round(0, 'ceil') | int | string + 'G' }}" }
|
| ternary((vm_memory | float / 1024 / 2) | int, 4)) - 7.5, 1] | max | float
|
||||||
- { lv: home, size: 2G }
|
| round(1) | string + 'G' }}" }
|
||||||
- { lv: var, size: 2G }
|
- { lv: swap, size: "{{ ((vm_memory | float / 1024 >= 16.0) | ternary((vm_memory | float / 2048)
|
||||||
- { lv: var_log, size: 2G }
|
| int, [vm_memory | float / 1024, 4.0] | max)) | string + 'G' }}" }
|
||||||
- { lv: var_log_audit, size: 1.5G }
|
- { lv: home, size: "2G" }
|
||||||
|
- { lv: var, size: "2G" }
|
||||||
|
- { lv: var_log, size: "2G" }
|
||||||
|
- { lv: var_log_audit, size: "1.5G" }
|
||||||
|
|
||||||
- name: Create filesystems
|
- name: Create filesystems
|
||||||
block:
|
block:
|
||||||
@ -59,6 +62,12 @@
|
|||||||
opts: -F32 -n BOOT
|
opts: -F32 -n BOOT
|
||||||
force: true
|
force: true
|
||||||
|
|
||||||
|
- name: Create swap filesystem
|
||||||
|
when: filesystem != 'btrfs'
|
||||||
|
community.general.filesystem:
|
||||||
|
fstype: swap
|
||||||
|
dev: /dev/sys/swap
|
||||||
|
|
||||||
- name: Create filesystem
|
- name: Create filesystem
|
||||||
ansible.builtin.include_tasks: "{{ filesystem }}.yml"
|
ansible.builtin.include_tasks: "{{ filesystem }}.yml"
|
||||||
|
|
||||||
@ -73,30 +82,35 @@
|
|||||||
register: main_uuid
|
register: main_uuid
|
||||||
|
|
||||||
- name: Get UUIDs for LVM filesystems
|
- name: Get UUIDs for LVM filesystems
|
||||||
when: filesystem != 'btrfs' and (cis | bool or item not in ['var_log', 'var_log_audit'])
|
when: filesystem != 'btrfs' and (cis | bool or item not in ['home', 'var', 'var_log', 'var_log_audit'])
|
||||||
ansible.builtin.command: blkid -s UUID -o value /dev/sys/{{ item }}
|
ansible.builtin.command: blkid -s UUID -o value /dev/sys/{{ item }}
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: uuid_result
|
register: uuid_result
|
||||||
loop:
|
loop:
|
||||||
- root
|
- root
|
||||||
|
- swap
|
||||||
- home
|
- home
|
||||||
- var
|
- var
|
||||||
- var_log
|
- var_log
|
||||||
- var_log_audit
|
- var_log_audit
|
||||||
|
|
||||||
- name: Assign UUIDs to Variables
|
- name: Assign UUIDs to Variables
|
||||||
|
when: filesystem != 'btrfs'
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
uuid_root: "{{ uuid_result.results[0].stdout_lines }}"
|
uuid_root: "{{ uuid_result.results[0].stdout_lines }}"
|
||||||
uuid_home: "{{ uuid_result.results[1].stdout_lines }}"
|
uuid_swap: "{{ uuid_result.results[1].stdout_lines }}"
|
||||||
uuid_var: "{{ uuid_result.results[2].stdout_lines }}"
|
uuid_home: "{{ uuid_result.results[2].stdout_lines if cis | bool else '' }}"
|
||||||
uuid_var_log: "{{ uuid_result.results[3].stdout_lines if cis == true else '' }}"
|
uuid_var: "{{ uuid_result.results[3].stdout_lines if cis | bool else '' }}"
|
||||||
uuid_var_log_audit: "{{ uuid_result.results[4].stdout_lines if cis == true else '' }}"
|
uuid_var_log: "{{ uuid_result.results[4].stdout_lines if cis | bool else '' }}"
|
||||||
when: filesystem != 'btrfs'
|
uuid_var_log_audit: "{{ uuid_result.results[5].stdout_lines if cis | bool else '' }}"
|
||||||
|
|
||||||
- name: Mount filesystems
|
- name: Mount filesystems
|
||||||
block:
|
block:
|
||||||
- name: Mount filesystems and subvolumes
|
- name: Mount filesystems and subvolumes
|
||||||
when: cis | bool or (not cis and item.path != '/var/log' and item.path != '/var/log/audit')
|
when:
|
||||||
|
- cis | bool or (not cis and (item.path == '/var/log' and filesystem == 'btrfs')
|
||||||
|
or (item.path not in ['/home', '/var', '/var/log', '/var/log/audit']))
|
||||||
|
- not (item.path == '/swap' and filesystem != 'btrfs')
|
||||||
ansible.posix.mount:
|
ansible.posix.mount:
|
||||||
path: /mnt{{ item.path }}
|
path: /mnt{{ item.path }}
|
||||||
src: "{{ 'UUID=' + (main_uuid.stdout if filesystem == 'btrfs' else item.uuid) }}"
|
src: "{{ 'UUID=' + (main_uuid.stdout if filesystem == 'btrfs' else item.uuid) }}"
|
||||||
@ -107,6 +121,8 @@
|
|||||||
- path: ""
|
- path: ""
|
||||||
uuid: "{{ uuid_root[0] | default(omit) }}"
|
uuid: "{{ uuid_root[0] | default(omit) }}"
|
||||||
opts: "{{ 'defaults' if filesystem != 'btrfs' else 'rw,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@' }}"
|
opts: "{{ 'defaults' if filesystem != 'btrfs' else 'rw,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@' }}"
|
||||||
|
- path: /swap
|
||||||
|
opts: "rw,nosuid,nodev,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@swap"
|
||||||
- path: /home
|
- path: /home
|
||||||
uuid: "{{ uuid_home[0] | default(omit) }}"
|
uuid: "{{ uuid_home[0] | default(omit) }}"
|
||||||
opts: "{{ 'defaults,nosuid,nodev' if filesystem != 'btrfs'
|
opts: "{{ 'defaults,nosuid,nodev' if filesystem != 'btrfs'
|
||||||
@ -141,3 +157,8 @@
|
|||||||
src: UUID={{ boot_uuid.stdout }}
|
src: UUID={{ boot_uuid.stdout }}
|
||||||
fstype: vfat
|
fstype: vfat
|
||||||
state: mounted
|
state: mounted
|
||||||
|
|
||||||
|
- name: Activate swap
|
||||||
|
ansible.builtin.command: "{{ 'swapon /mnt/swap/swapfile' if filesystem == 'btrfs' else 'swapon -U ' + uuid_swap[0] }}"
|
||||||
|
changed_when: result.rc == 0
|
||||||
|
register: result
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
- name: Create and format XFS logical volumes
|
- name: Create and format XFS logical volumes
|
||||||
when: cis | bool or item.lv not in ['var_log', 'var_log_audit']
|
when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
|
||||||
community.general.filesystem:
|
community.general.filesystem:
|
||||||
dev: /dev/sys/{{ item.lv }}
|
dev: /dev/sys/{{ item.lv }}
|
||||||
fstype: xfs
|
fstype: xfs
|
||||||
|
Loading…
Reference in New Issue
Block a user