Compare commits

..

3 Commits

Author SHA1 Message Date
e8f609dd03 Add SWAP support 2024-10-31 05:46:33 +01:00
a599e26a63 Add zram-generator config 2024-10-31 02:18:55 +01:00
3085ebc336 add zram-generator package 2024-10-31 02:10:21 +01:00
8 changed files with 77 additions and 24 deletions

View File

@ -43,6 +43,7 @@
- os in ["archlinux", "almalinux", "debian11", "debian12", "fedora", "rhel8", "rhel9", "rocky", "ubuntu", "ubuntu-lts"] - os in ["archlinux", "almalinux", "debian11", "debian12", "fedora", "rhel8", "rhel9", "rocky", "ubuntu", "ubuntu-lts"]
- os not in ["rhel8", "rhel9"] or rhel_iso is defined - os not in ["rhel8", "rhel9"] or rhel_iso is defined
- (filesystem == "btrfs" and (vm_size | int) >= 10) or (filesystem != "btrfs" and (vm_size | int) >= 20) - (filesystem == "btrfs" and (vm_size | int) >= 10) or (filesystem != "btrfs" and (vm_size | int) >= 20)
- (vm_size | float) >= ((vm_memory | float / 1024 >= 16.0) | ternary((vm_memory | float / 2048), [vm_memory | float / 1024, 4.0] | max) + 16)
fail_msg: Invalid input specified, please try again. fail_msg: Invalid input specified, please try again.
- name: Set connection - name: Set connection

View File

@ -53,6 +53,7 @@ archlinux:
- sudo - sudo
- vim - vim
- wireguard-tools - wireguard-tools
- zram-generator
debian11: debian11:
base: base:
@ -72,6 +73,7 @@ debian11:
- openssh-server - openssh-server
- python3 - python3
- sudo - sudo
- systemd-zram-generator
- xfsprogs - xfsprogs
extra: extra:
@ -131,6 +133,7 @@ debian12:
- screen - screen
- software-properties-common - software-properties-common
- sudo - sudo
- systemd-zram-generator
- syslog-ng - syslog-ng
- tcpd - tcpd
- vim - vim
@ -160,6 +163,7 @@ fedora:
- telnet - telnet
- vim-default-editor - vim-default-editor
- wget - wget
- zram-generator
- zstd - zstd
rhel8: rhel8:
@ -174,6 +178,7 @@ rhel8:
- shim - shim
- telnet - telnet
- vim - vim
- zram-generator
- zstd - zstd
rhel9: rhel9:
@ -188,6 +193,7 @@ rhel9:
- shim - shim
- telnet - telnet
- vim - vim
- zram-generator
- zstd - zstd
rocky: rocky:
@ -211,6 +217,7 @@ rocky:
- util-linux-core - util-linux-core
- vim - vim
- wget - wget
- zram-generator
- zstd - zstd
ubuntu: ubuntu:
@ -225,6 +232,7 @@ ubuntu:
- linux-image-generic - linux-image-generic
- locales - locales
- lvm2 - lvm2
- systemd-zram-generator
- xfsprogs - xfsprogs
extra: extra:
@ -268,6 +276,7 @@ ubuntu-lts:
- linux-image-generic - linux-image-generic
- locales - locales
- lvm2 - lvm2
- systemd-zram-generator
- xfsprogs - xfsprogs
extra: extra:

View File

@ -1,9 +1,4 @@
--- ---
- name: Unmount /mnt recursively
ansible.builtin.command: umount -l /mnt
changed_when: result.rc == 0
register: result
- name: Setup Cleanup - name: Setup Cleanup
when: hypervisor == "proxmox" when: hypervisor == "proxmox"
delegate_to: localhost delegate_to: localhost

View File

@ -154,6 +154,14 @@
changed_when: result.rc == 0 changed_when: result.rc == 0
register: result register: result
- name: Ensure lvm2 for non btrfs filesystems
when: os | lower == "archlinux" and filesystem != "btrfs"
ansible.builtin.lineinfile:
path: /mnt/etc/mkinitcpio.conf
regexp: '^(HOOKS=.*block)(?!.*lvm2)(.*)'
line: '\1 lvm2\2'
backrefs: true
- name: Regenerate initramfs - name: Regenerate initramfs
when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"]
ansible.builtin.command: arch-chroot /mnt ansible.builtin.command: arch-chroot /mnt
@ -193,6 +201,17 @@
marker: "" marker: ""
mode: '0644' mode: '0644'
- name: Create zram config
ansible.builtin.copy:
dest: /mnt/etc/systemd/zram-generator.conf
content: |
[zram0]
zram-size = ram / 2
compression-algorithm = zstd
swap-priority = 100
fs-type = swap
mode: '0644'
- name: Copy FirstRun Script - name: Copy FirstRun Script
when: os | lower != "archlinux" when: os | lower != "archlinux"
ansible.builtin.template: ansible.builtin.template:

View File

@ -21,25 +21,33 @@
register: result register: result
- name: Make root subvolumes - name: Make root subvolumes
when: cis | bool or item.subvol not in ['var_log', 'var_log_audit'] when: cis | bool or item.subvol not in ['var_log_audit']
ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }} ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
changed_when: result.rc == 0 changed_when: result.rc == 0
register: result register: result
loop: loop:
- { subvol: root } - { subvol: root }
- { subvol: swap }
- { subvol: home } - { subvol: home }
- { subvol: var } - { subvol: var }
- { subvol: var_log } - { subvol: var_log }
- { subvol: var_log_audit } - { subvol: var_log_audit }
- name: Set quotas for subvolumes - name: Set quotas for subvolumes
when: cis | bool or item.subvol not in ['var_log', 'var_log_audit'] when: cis | bool or item.subvol not in ['var_log_audit']
ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }} ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
changed_when: result.rc == 0 changed_when: result.rc == 0
register: result register: result
loop: loop:
- { subvol: home, quota: 2G } - { subvol: home, quota: 2G }
- name: Create a Btrfs swap file
ansible.builtin.command: >-
btrfs filesystem mkswapfile --size {{ ((vm_memory | float / 1024 >= 16.0) | ternary((vm_memory
| float / 2048) | int, [vm_memory | float / 1024, 4.0] | max) | int) }}g --uuid clear /mnt/@swap/swapfile
changed_when: result.rc == 0
register: result
- name: Unmount Partition - name: Unmount Partition
ansible.posix.mount: ansible.posix.mount:
path: /mnt path: /mnt

View File

@ -1,6 +1,6 @@
--- ---
- name: Create and format ext4 logical volumes - name: Create and format ext4 logical volumes
when: cis | bool or item.lv not in ['var_log', 'var_log_audit'] when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
community.general.filesystem: community.general.filesystem:
dev: /dev/sys/{{ item.lv }} dev: /dev/sys/{{ item.lv }}
fstype: ext4 fstype: ext4
@ -13,7 +13,7 @@
- { lv: var_log_audit } - { lv: var_log_audit }
- name: Remove Unsupported features for older Systems - name: Remove Unsupported features for older Systems
when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky']) and (cis | bool or item.lv not in ['var_log', 'var_log_audit']) when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky']) and (cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'])
ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}" ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}"
changed_when: result.rc == 0 changed_when: result.rc == 0
register: result register: result

View File

@ -36,19 +36,22 @@
pvs: "{{ install_drive }}{{ main_partition_suffix }}" pvs: "{{ install_drive }}{{ main_partition_suffix }}"
- name: Create LVM logical volumes - name: Create LVM logical volumes
when: cis | bool or item.lv not in ['var_log', 'var_log_audit'] when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
community.general.lvol: community.general.lvol:
vg: sys vg: sys
lv: "{{ item.lv }}" lv: "{{ item.lv }}"
size: "{{ item.size }}" size: "{{ item.size }}"
state: present state: present
loop: loop:
- { lv: root, size: "{{ '12G' if (vm_size | int * 0.4) < 12 - { lv: root, size: "{{ [(vm_size | float) - 0.5 - (((vm_memory | float / 1024) >= 16.0)
else (vm_size | int * 0.4) | round(0, 'ceil') | int | string + 'G' }}" } | ternary((vm_memory | float / 1024 / 2) | int, 4)) - 7.5, 1] | max | float
- { lv: home, size: 2G } | round(1) | string + 'G' }}" }
- { lv: var, size: 2G } - { lv: swap, size: "{{ ((vm_memory | float / 1024 >= 16.0) | ternary((vm_memory | float / 2048)
- { lv: var_log, size: 2G } | int, [vm_memory | float / 1024, 4.0] | max)) | string + 'G' }}" }
- { lv: var_log_audit, size: 1.5G } - { lv: home, size: "2G" }
- { lv: var, size: "2G" }
- { lv: var_log, size: "2G" }
- { lv: var_log_audit, size: "1.5G" }
- name: Create filesystems - name: Create filesystems
block: block:
@ -59,6 +62,12 @@
opts: -F32 -n BOOT opts: -F32 -n BOOT
force: true force: true
- name: Create swap filesystem
when: filesystem != 'btrfs'
community.general.filesystem:
fstype: swap
dev: /dev/sys/swap
- name: Create filesystem - name: Create filesystem
ansible.builtin.include_tasks: "{{ filesystem }}.yml" ansible.builtin.include_tasks: "{{ filesystem }}.yml"
@ -73,30 +82,35 @@
register: main_uuid register: main_uuid
- name: Get UUIDs for LVM filesystems - name: Get UUIDs for LVM filesystems
when: filesystem != 'btrfs' and (cis | bool or item not in ['var_log', 'var_log_audit']) when: filesystem != 'btrfs' and (cis | bool or item not in ['home', 'var', 'var_log', 'var_log_audit'])
ansible.builtin.command: blkid -s UUID -o value /dev/sys/{{ item }} ansible.builtin.command: blkid -s UUID -o value /dev/sys/{{ item }}
changed_when: false changed_when: false
register: uuid_result register: uuid_result
loop: loop:
- root - root
- swap
- home - home
- var - var
- var_log - var_log
- var_log_audit - var_log_audit
- name: Assign UUIDs to Variables - name: Assign UUIDs to Variables
when: filesystem != 'btrfs'
ansible.builtin.set_fact: ansible.builtin.set_fact:
uuid_root: "{{ uuid_result.results[0].stdout_lines }}" uuid_root: "{{ uuid_result.results[0].stdout_lines }}"
uuid_home: "{{ uuid_result.results[1].stdout_lines }}" uuid_swap: "{{ uuid_result.results[1].stdout_lines }}"
uuid_var: "{{ uuid_result.results[2].stdout_lines }}" uuid_home: "{{ uuid_result.results[2].stdout_lines if cis | bool else '' }}"
uuid_var_log: "{{ uuid_result.results[3].stdout_lines if cis == true else '' }}" uuid_var: "{{ uuid_result.results[3].stdout_lines if cis | bool else '' }}"
uuid_var_log_audit: "{{ uuid_result.results[4].stdout_lines if cis == true else '' }}" uuid_var_log: "{{ uuid_result.results[4].stdout_lines if cis | bool else '' }}"
when: filesystem != 'btrfs' uuid_var_log_audit: "{{ uuid_result.results[5].stdout_lines if cis | bool else '' }}"
- name: Mount filesystems - name: Mount filesystems
block: block:
- name: Mount filesystems and subvolumes - name: Mount filesystems and subvolumes
when: cis | bool or (not cis and item.path != '/var/log' and item.path != '/var/log/audit') when:
- cis | bool or (not cis and (item.path == '/var/log' and filesystem == 'btrfs')
or (item.path not in ['/home', '/var', '/var/log', '/var/log/audit']))
- not (item.path == '/swap' and filesystem != 'btrfs')
ansible.posix.mount: ansible.posix.mount:
path: /mnt{{ item.path }} path: /mnt{{ item.path }}
src: "{{ 'UUID=' + (main_uuid.stdout if filesystem == 'btrfs' else item.uuid) }}" src: "{{ 'UUID=' + (main_uuid.stdout if filesystem == 'btrfs' else item.uuid) }}"
@ -107,6 +121,8 @@
- path: "" - path: ""
uuid: "{{ uuid_root[0] | default(omit) }}" uuid: "{{ uuid_root[0] | default(omit) }}"
opts: "{{ 'defaults' if filesystem != 'btrfs' else 'rw,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@' }}" opts: "{{ 'defaults' if filesystem != 'btrfs' else 'rw,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@' }}"
- path: /swap
opts: "rw,nosuid,nodev,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@swap"
- path: /home - path: /home
uuid: "{{ uuid_home[0] | default(omit) }}" uuid: "{{ uuid_home[0] | default(omit) }}"
opts: "{{ 'defaults,nosuid,nodev' if filesystem != 'btrfs' opts: "{{ 'defaults,nosuid,nodev' if filesystem != 'btrfs'
@ -141,3 +157,8 @@
src: UUID={{ boot_uuid.stdout }} src: UUID={{ boot_uuid.stdout }}
fstype: vfat fstype: vfat
state: mounted state: mounted
- name: Activate swap
ansible.builtin.command: "{{ 'swapon /mnt/swap/swapfile' if filesystem == 'btrfs' else 'swapon -U ' + uuid_swap[0] }}"
changed_when: result.rc == 0
register: result

View File

@ -1,6 +1,6 @@
--- ---
- name: Create and format XFS logical volumes - name: Create and format XFS logical volumes
when: cis | bool or item.lv not in ['var_log', 'var_log_audit'] when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
community.general.filesystem: community.general.filesystem:
dev: /dev/sys/{{ item.lv }} dev: /dev/sys/{{ item.lv }}
fstype: xfs fstype: xfs