Add supported distro to the README

.gitignore

@@ -1,5 +1,8 @@
 inventory.yml
 inventory.yaml
+inventory_libvirt.yml
 
 vars.yml
 vars.yaml
+vars_kvm.yml
+vars_libvirt.yml

README.md

@@ -9,6 +9,22 @@ Most of the roles are adaptable for use with systems beyond ArchLinux, requiring
 - RHEL Systems are not currently supported due to restricted access to their repositories.
   A workaround could involve using an ISO as a local repository or setting up a proxy repository to facilitate access.
 
+# Supported Distributions
+
+This playbook supports multiple Linux distributions with specific versions tailored to each. Below is a list of supported distributions:
+
+| `os`       | Distribution                       |
+|------------|------------------------------------|
+| archlinux  | ArchLinux (Latest rolling release) |
+| almalinux  | AlmaLinux 8.x, 9.x                 |
+| debian11   | Debian 11 (Bullseye)               |
+| debian12   | Debian 12 (Bookworm)               |
+| fedora     | Fedora 40                          |
+| rocky      | Rocky Linux 9.x                    |
+| ubuntu     | Ubuntu 23.10 (Mantic Minotaur)     |
+| ubuntu-lts | Ubuntu 22.04 LTS (Jammy Jellyfish) |
+
+
 # Documentation
 
 ## Table of Contents
@@ -52,7 +68,7 @@ Inventory variables are defined for individual hosts or VMs in the inventory fil
 | `cis` (optional)        | Adjusts the installation to be CIS level 3 conformant.                            | `true`, `false`                                    |
 | `filesystem`            | Filesystem type for the VM's primary storage.                                     | `btrfs`, `ext4`, `xfs`                             |
 | `hostname`              | The hostname assigned to the virtual machine or system.                           | `vm01`                                             |
-| `os`                    | Operating system to be installed on the VM.                                       | `archlinux`, `almalinux`, `debian11`, `debian12`, `fedora` |
+| `os`                    | Operating system to be installed on the VM.                                       | `archlinux`, `almalinux`, `debian11`, `debian12`, `fedora`, `rocky`, `ubuntu`, `ubuntu-lts` |
 | `root_password`         | Root password for the VM or system, used for initial setup or secure access.      | `SecurePass123`                                    |
 | `user_name`             | Username for a user account within the VM, often used with cloud-init.            | `adminuser`                                        |
 | `user_password`         | Password for the user account within the VM.                                      | `UserPass123`                                      |

inventory_example.yml

@@ -0,0 +1,28 @@
+all:
+  children:
+      promox-kvm:
+        hosts:
+          192.168.122.10:
+            hostname: proxy
+            vm_id: 100
+            os: archlinux
+            filesystem: btrfs
+            vm_memory: "2048"
+            vm_ballo: "1024"
+            vm_cpus: "2"
+            vm_size: "5"
+            vm_nif: vmbr1
+            vm_gw: 192.168.122.1
+            vm_dns: 1.1.1.1
+          192.168.122.11:
+            hostname: database
+            vm_id: 101
+            os: archlinux
+            filesystem: btrfs
+            vm_memory: "6144"
+            vm_ballo: "3072"
+            vm_cpus: "4"
+            vm_size: "40"
+            vm_nif: vmbr1
+            vm_gw: 192.168.122.1
+            vm_dns: 1.1.1.1

main.yml

@@ -38,16 +38,16 @@
   vars_files: vars.yml
   pre_tasks:
     - name: Set ansible_python_interpreter
-      when: os | lower in ["almalinux", "rhel9", "rhel8"]
+      when: os | lower in ["almalinux", "rhel9", "rhel8", "rocky"]
       set_fact:
         ansible_python_interpreter: /usr/bin/python3
 
     - name: Validate variables
       assert:
         that:
-          - hypervisor in hypervisor_list
+          - hypervisor in ["libvirt", "proxmox", "vmware", "none"]
-          - filesystem in filesystem_list
+          - filesystem in ["btrfs", "ext4", "xfs"]
-          - os in os_list
+          - os in ["archlinux", "almalinux", "debian11", "debian12", "fedora", "rocky", "ubuntu", "ubuntu-lts"]
         fail_msg: "Invalid input specified, please try again"
 
     - name: Set connection

roles/bootstrap/tasks/main.yml

@@ -18,6 +18,15 @@
         - arch-chroot /mnt apt install -y {{ role_packages[os].extra | join(' ') }}
         - arch-chroot /mnt apt remove -y libcups2 libavahi-common3 libavahi-common-data
 
+    - name: Bootstrap Ubuntu System
+      when: os | lower in ['ubuntu', 'ubuntu-lts']
+      shell: "{{ item }}"
+      with_items:
+        - debootstrap --include={{ role_packages[os].base | join(',') }} {{ 'mantic' if os == 'ubuntu' else 'jammy' }} /mnt http://archive.ubuntu.com/ubuntu/
+        - arch-chroot /mnt sed -i '1s|$| universe|' /etc/apt/sources.list
+        - arch-chroot /mnt apt update -y
+        - arch-chroot /mnt apt install -y {{ role_packages[os].extra | join(' ') }}
+
     - name: Bootstrap AlmaLinux 9
       when: os | lower == 'almalinux'
       shell: "{{ item }}"
@@ -26,13 +35,21 @@
         - echo "nameserver 1.0.0.1" > /mnt/etc/resolv.conf
         - arch-chroot /mnt dnf --releasever=9 --setopt=install_weak_deps=False install -y {{ role_packages.almalinux | join(' ') }}
 
-    - name: Bootstrap Fedora 39
+    - name: Bootstrap Fedora 40
       when: os | lower == 'fedora'
       shell: "{{ item }}"
       with_items:
-        - dnf --releasever=39 --best --repo=fedora --repo=fedora-updates --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y critical-path-base core
+        - dnf --releasever=40 --best --repo=fedora --repo=fedora-updates --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y critical-path-base core
-        - arch-chroot /mnt dnf --releasever=39 --setopt=install_weak_deps=False install -y {{ role_packages.fedora | join(' ') }}
+        - arch-chroot /mnt dnf --releasever=40 --setopt=install_weak_deps=False install -y {{ role_packages.fedora | join(' ') }}
-        - arch-chroot /mnt dnf reinstall -y grub2-efi-x64 kernel
+        - arch-chroot /mnt dnf reinstall -y kernel-core
+
+    - name: Bootstrap RockyLinux 9
+      when: os | lower == 'rocky'
+      shell: "{{ item }}"
+      with_items:
+        - dnf --releasever=9 --best --repo=rocky-baseos --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core
+        - echo "nameserver 1.0.0.1" > /mnt/etc/resolv.conf
+        - arch-chroot /mnt dnf --releasever=9 --setopt=install_weak_deps=False install -y {{ role_packages.rocky | join(' ') }}
 
     - name: Bootstrap RHEL System
       when: os | lower in ['rhel8', 'rhel9']

roles/bootstrap/vars/packages.yml

@@ -1,7 +1,30 @@
----
+almalinux:
+  - bind-utils
+  - cloud-init
+  - dbus-daemon
+  - dhcp-client
+  - efibootmgr
+  - glibc-langpack-de
+  - glibc-langpack-en
+  - grub2
+  - grub2-efi
+  - lrzsz
+  - lvm2
+  - nc
+  - nfs-utils
+  - nfsv4-client-utils
+  - open-vm-tools
+  - ppp
+  - shim
+  - telnet
+  - vim
+  - wget
+  - zstd
+
 archlinux:
   - base
   - btrfs-progs
+  - cloud-init
   - cronie
   - dhcpcd
   - efibootmgr
@@ -9,6 +32,7 @@ archlinux:
   - fish
   - grub
   - htop
+  - libpwquality
   - linux
   - logrotate
   - lrzsz
@@ -20,6 +44,7 @@ archlinux:
   - nfs-utils
   - openssh
   - open-vm-tools
+  - ppp
   - prometheus-node-exporter
   - python-psycopg2
   - qemu-guest-agent
@@ -34,13 +59,12 @@ debian11:
   base:
     - apparmor-utils
     - btrfs-progs
-    - xfsprogs
     - chrony
     - cron
+    - gnupg
     - grub-efi
     - grub-efi-amd64-signed
     - grub2-common
-    - gnupg
     - linux-image-amd64
     - locales
     - logrotate
@@ -49,98 +73,107 @@ debian11:
     - openssh-server
     - python3
     - sudo
+    - xfsprogs
+
   extra:
+    - cloud-init
     - curl
     - firewalld
+    - fish
     - htop
-    - network-manager
+    - libpam-pwquality
-    - screen
+    - lrzsz
-    - open-vm-tools
-    - python-is-python3
     - ncdu
     - neofetch
-    - lrzsz
+    - network-manager
-    - libpam-pwquality
+    - open-vm-tools
+    - python-is-python3
     - rsync
+    - screen
     - software-properties-common
     - syslog-ng
     - tcpd
-    - fish
     - vim
     - wget
+    - zstd
 
 debian12:
   base:
     - btrfs-progs
-    - xfsprogs
     - cron
+    - gnupg
     - grub-efi
     - grub-efi-amd64-signed
     - grub2-common
-    - gnupg
     - linux-image-amd64
     - locales
+    - logrotate
     - lvm2
+    - xfsprogs
 
   extra:
     - apparmor-utils
     - chrony
+    - cloud-init
     - curl
     - firewalld
     - fish
     - htop
-    - network-manager
+    - libpam-pwquality
-    - screen
-    - open-vm-tools
-    - python-is-python3
-    - ncdu
-    - neofetch
     - logrotate
     - lrzsz
-    - libpam-pwquality
+    - ncdu
+    - neofetch
+    - net-tools
+    - network-manager
+    - open-vm-tools
+    - openssh-server
+    - python-is-python3
+    - python3
     - rsync
+    - screen
     - software-properties-common
     - sudo
     - syslog-ng
     - tcpd
-    - net-tools
-    - openssh-server
-    - python3
     - vim
     - wget
+    - zstd
 
 fedora:
+  - bind-utils
+  - btrfs-progs
+  - cloud-init
+  - cronie
   - dhcp-client
   - efibootmgr
+  - glibc-langpack-de
+  - glibc-langpack-en
   - grub2
-  - grub2-efi-x64-modules
+  - grub2-efi
+  - logrotate
   - lrzsz
+  - lvm2
+  - nc
   - nfs-utils
+  - nfsv4-client-utils
   - open-vm-tools
+  - polkit
+  - ppp
   - shim
   - telnet
   - vim-default-editor
-  - zstd
+  - wget
-
-almalinux:
-  - dhcp-client
-  - efibootmgr
-  - grub2
-  - grub2-efi-x64-modules
-  - lrzsz
-  - nfs-utils
-  - open-vm-tools
-  - shims
-  - telnet
-  - vim
   - zstd
 
 rhel8:
+  - cloud-init
   - dhcp-client
   - efibootmgr
   - grub2
-  - grub2-efi-x64-modules
+  - grub2-efi
   - lrzsz
+  - lvm2
   - nfs-utils
   - open-vm-tools
   - shim
@@ -148,13 +181,127 @@ rhel8:
   - zstd
 
 rhel9:
+  - cloud-init
   - dhcp-client
   - efibootmgr
   - grub2
-  - grub2-efi-x64-modules
+  - grub2-efi
   - lrzsz
+  - lvm2
   - nfs-utils
   - open-vm-tools
   - shim
   - telnet
-  - zstd
+  - zstd
+
+rocky:
+  - bind-utils
+  - cloud-init
+  - dbus-daemon
+  - dhcp-client
+  - efibootmgr
+  - glibc-langpack-de
+  - glibc-langpack-en
+  - grub2
+  - grub2-efi
+  - lrzsz
+  - lvm2
+  - nc
+  - nfs-utils
+  - nfsv4-client-utils
+  - open-vm-tools
+  - ppp
+  - shim
+  - telnet
+  - util-linux-core
+  - vim
+  - wget
+  - zstd
+
+ubuntu:
+  base:
+    - btrfs-progs
+    - cron
+    - gnupg
+    - grub-efi
+    - grub-efi-amd64-signed
+    - grub2-common
+    - initramfs-tools
+    - linux-image-generic
+    - locales
+    - lvm2
+    - xfsprogs
+
+  extra:
+    - apparmor-utils
+    - bash-completion
+    - chrony
+    - cloud-init
+    - curl
+    - dnsutils
+    - firewalld
+    - fish
+    - htop
+    - libpam-pwquality
+    - logrotate
+    - lrzsz
+    - ncdu
+    - net-tools
+    - network-manager
+    - open-vm-tools
+    - openssh-server
+    - python-is-python3
+    - python3
+    - rsync
+    - screen
+    - software-properties-common
+    - sudo
+    - syslog-ng
+    - tcpd
+    - vim
+    - wget
+    - zstd
+
+ubuntu-lts:
+  base:
+    - btrfs-progs
+    - cron
+    - gnupg
+    - grub-efi
+    - grub-efi-amd64-signed
+    - grub2-common
+    - initramfs-tools
+    - linux-image-generic
+    - locales
+    - lvm2
+    - xfsprogs
+
+  extra:
+    - apparmor-utils
+    - bash-completion
+    - chrony
+    - cloud-init
+    - curl
+    - dnsutils
+    - firewalld
+    - fish
+    - htop
+    - libpam-pwquality
+    - logrotate
+    - lrzsz
+    - ncdu
+    - net-tools
+    - network-manager
+    - open-vm-tools
+    - openssh-server
+    - python-is-python3
+    - python3
+    - rsync
+    - screen
+    - software-properties-common
+    - sudo
+    - syslog-ng
+    - tcpd
+    - vim
+    - wget
+    - zstd

roles/cis/tasks/main.yml

@@ -65,7 +65,7 @@
     #     - { regexp: '^PASS_MIN_DAYS.*', replace: 'PASS_MIN_DAYS 7' }
     #     - { regexp: '^UMASK.*', replace: 'UMASK           027' }
 
-    - name: Create allow files
+    - name: Ensure files exist
       file:
         path: "{{ item }}"
         state: touch
@@ -73,6 +73,8 @@
       loop:
         - /mnt/etc/at.allow
         - /mnt/etc/cron.allow
+        - /mnt/etc/hosts.allow
+        - /mnt/etc/hosts.deny
 
     - name: Add Security related lines into config files
       lineinfile:
@@ -85,14 +87,14 @@
         - { path: '/mnt/etc/security/pwquality.conf', content: 'ucredit = -1' }
         - { path: '/mnt/etc/security/pwquality.conf', content: 'ocredit = -1' }
         - { path: '/mnt/etc/security/pwquality.conf', content: 'lcredit = -1' }
-        - { path: '/mnt/etc/bash.bashrc', content: 'umask 077' }
+        - { path: '/mnt/etc/{{ "bashrc" if os in ["almalinux", "fedora", "rocky"] else "bash.bashrc" }}', content: 'umask 077' }
-        - { path: '/mnt/etc/bash.bashrc', content: 'export TMOUT=3000' }
+        - { path: '/mnt/etc/{{ "bashrc" if os in ["almalinux", "fedora", "rocky"] else "bash.bashrc" }}', content: 'export TMOUT=3000' }
-        - { path: '/mnt/etc/systemd/journald.conf', content: 'Storage=persistent' }
+        - { path: '/mnt/{{ "usr/lib/systemd/journald.conf" if os == "fedora" else "etc/systemd/journald.conf" }}', content: 'Storage=persistent' }
         - { path: '/mnt/etc/sudoers', content: 'Defaults        logfile="/var/log/sudo.log"' }
         - { path: '/mnt/etc/pam.d/su', content: 'auth required pam_wheel.so' }
-        - { path: '/mnt/etc/pam.d/common-auth', content: 'auth required pam_faillock.so onerr=fail audit silent deny=5 unlock_time=900' }
+        - { path: '/mnt/etc/{{ "pam.d/common-auth" if os in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "authselect/system-auth" if os == "fedora" else "pam.d/system-auth" }}', content: 'auth required pam_faillock.so onerr=fail audit silent deny=5 unlock_time=900' }
-        - { path: '/mnt/etc/pam.d/common-account', content: 'account required pam_faillock.so' }
+        - { path: '/mnt/etc/{{ "pam.d/common-account" if os in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "authselect/system-auth" if os == "fedora" else "pam.d/system-auth" }}', content: 'account required pam_faillock.so' }
-        - { path: '/mnt/etc/pam.d/common-password', content: 'password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5' }
+        - { path: '/mnt/etc/pam.d/{{ "common-password" if os in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "passwd" }}', content: 'password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5' }
         - { path: '/mnt/etc/hosts.deny', content: 'ALL: ALL' }
         - { path: '/mnt/etc/hosts.allow', content: 'sshd: ALL' }
 
@@ -112,12 +114,8 @@
         - { path: '/mnt/etc/crontab', mode: '0600' }
         - { path: '/mnt/etc/logrotate.conf', mode: '0644' }
         - { path: '/mnt/usr/sbin/pppd', mode: '754' }
-        - { path: '/mnt/usr/lib/dbus-1.0/dbus-daemon-launch-helper', mode: '754' }
+        - { path: '/mnt/usr/bin/{{ "fusermount3" if os in ["archlinux", "debian12", "fedora"] else "fusermount" }}', mode: '755' }
-        - { path: '/mnt/usr/libexec/polkit-agent-helper-1', mode: '755' }
-        - { path: '/mnt/usr/bin/{{ "fusermount" if os == "debian11" else "fusermount3" }}', mode: '755' }
         - { path: '/mnt/usr/bin/{{ "write.ul" if os == "debian11" else "write" }}', mode: '755' }
-        - { path: '/mnt/usr/lib/x86_64-linux-gnu/utempter/utempter', mode: '755' }
-        - { path: '/mnt/home/svcansible', mode: '750' }
 
     - name: Adjust SSHD config
       lineinfile:

roles/configuration/tasks/main.yml

@@ -21,12 +21,10 @@
         - systemctl daemon-reload
         - arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime
 
-    - name: Generate adjtime file
-      command: arch-chroot /mnt /usr/sbin/hwclock --systohc
-
     - name: Setup locales
       block:
         - name: Configure locale.gen
+          when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
           lineinfile:
             dest: /mnt/etc/locale.gen
             regexp: '{{ item.regex }}'
@@ -34,7 +32,8 @@
           loop:
             - {regex: en_US\.UTF-8 UTF-8, line: en_US.UTF-8 UTF-8}
 
-        - name: Generate locales
+        - name: Generate locales\
+          when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
           command: arch-chroot /mnt /usr/sbin/locale-gen
 
         - name: Set hostname
@@ -50,7 +49,7 @@
 
         - name: Create vconsole.conf
           copy:
-            content: "KEYMAP=de-latin1-nodeadkeys"
+            content: "KEYMAP=us-intl"
             dest: /mnt/etc/vconsole.conf
 
         - name: Create locale.conf
@@ -68,10 +67,10 @@
       block:
       - name: Enable sshd
         when: os | lower == "archlinux"
-        command: arch-chroot /mnt systemctl enable sshd NetworkManager logrotate
+        command: arch-chroot /mnt systemctl enable sshd logrotate systemd-resolved systemd-timesyncd NetworkManager
 
     - name: Configure grub
-      when: os | lower != "fedora" and os | lower != "almalinux" and os | lower != "rhel8" and os | lower != "rhel9"
+      when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
       block:
         - name: Add commandline information to grub config
           lineinfile:
@@ -83,22 +82,26 @@
           lineinfile:
             dest: /mnt/etc/default/grub
             regexp: ^GRUB_TIMEOUT=
-            line: 'GRUB_TIMEOUT=0'
+            line: 'GRUB_TIMEOUT=1'
 
     - name: Configure Bootloader
       block:
         - name: Install Bootloader
-          command: arch-chroot /mnt {% if os | lower != "archlinux" and os | lower != "debian11" and os | lower != "debian12" %}/usr/sbin/efibootmgr -c -L '{{ os }}' -d "{{ install_drive }}" -wwp 1 -l '\efi\EFI\{{ os }}\shimx64.efi'{% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id={{ os }}{% endif %}
+          command: arch-chroot /mnt {% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %}/usr/sbin/efibootmgr -c -L '{{ os }}' -d "{{ install_drive }}" -p 1 -l '\efi\EFI\{{ os }}\shimx64.efi'{% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory={{ "/boot/efi" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot" }} --bootloader-id={{ "ubuntu" if os | lower in ["ubuntu", "ubuntu-lts"] else os }}{% endif %}
 
         - name: Generate grub config
-          command: arch-chroot /mnt {% if os | lower != "archlinux" and os | lower != "debian11" and os | lower != "debian12" %}/usr/sbin/grub2-mkconfig -o /boot/efi/EFI/{{ os }}/grub.cfg{% else %}/usr/sbin/grub-mkconfig -o /boot/grub/grub.cfg{% endif %}
+          command: arch-chroot /mnt {% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %}/usr/sbin/grub2-mkconfig -o /boot/efi/EFI/{{ os }}/grub.cfg{% else %}/usr/sbin/grub-mkconfig -o {{ "/boot/efi/EFI/ubuntu/grub.cfg" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot/grub/grub.cfg" }}{% endif %}
+
+        - name: Regenerate initramfs
+          when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"]
+          command: arch-chroot /mnt {% if os | lower == "archlinux" %}/usr/sbin/mkinitcpio -P{% elif os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts", "archlinux"] %}/usr/bin/dracut --regenerate-all --force{% else %}echo "Skipping initramfs regeneration"{% endif %}
 
     - name: Extra Configuration
-      when: os | lower != "archlinux"
       block:
         - name: Append lines to vimrc
+          ignore_errors: true
           lineinfile:
-            path: "{{ '/mnt/etc/vim/vimrc' if os|lower == 'debian11' or os|lower == 'debian12' else '/mnt/etc/vimrc' }}"
+            path: "{{ '/mnt/etc/vim/vimrc' if os|lower in ['debian11' ,'debian12', 'ubuntu', 'ubuntu-lts'] else '/mnt/etc/vimrc' }}"
             line: "{{ item }}"
             insertafter: EOF
           with_items:
@@ -109,6 +112,7 @@
             - "set mouse=a"
 
         - name: Copy FirstRun Script
+          when: os | lower != "archlinux"
           template:
             src: firstrun.sh.j2
             dest: /mnt/root/firstrun.sh
@@ -140,7 +144,7 @@
         - name: Create user account
           command: '{{ item }}'
           with_items:
-          - arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups {{ "sudo" if os|lower == "debian11" or os|lower == "debian12" else "wheel" }} {{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash
+          - arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups {{ "sudo" if os|lower in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "wheel" }} {{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash
           - arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash
 
         - name: Add SSH public key to authorized_keys
@@ -155,11 +159,20 @@
 
     - name: Give sudo access to wheel group
       copy:
-        content: "{{ '%sudo ALL=(ALL) ALL' if os|lower == 'debian11' or os|lower == 'debian12' else '%wheel ALL=(ALL) ALL' }}"
+        content: "{{ '%sudo ALL=(ALL) ALL' if os|lower in ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts'] else '%wheel ALL=(ALL) ALL' }}"
         dest: /mnt/etc/sudoers.d/01-wheel
         mode: 0440
         validate: /usr/sbin/visudo --check --file=%s
 
     - name: Fix SELinux
-      when: (os | lower == "almalinux" or os | lower == "fedora" or os | lower == "rhel8" or os | lower == "rhel9")
+      block:
-      command: touch /mnt/.autorelabel
+       - name: Relabel the filesystem
+         when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rocky']
+         command: touch /mnt/.autorelabel
+
+       - name: Disable SELinux
+         when: os | lower == "fedora"
+         lineinfile:
+           path: /mnt/etc/selinux/config
+           regexp: '^SELINUX='
+           line: 'SELINUX=permissive'

roles/environment/tasks/main.yml

@@ -53,15 +53,16 @@
         state: latest
       loop:
         - { name: 'glibc' }
-        - { name: 'dnf', os: ['almalinux', 'rhel9', 'rhel8'] }
+        - { name: 'dnf', os: ['almalinux', 'fedora', 'rhel9', 'rhel8', 'rocky'] }
-        - { name: 'debootstrap', os: ['debian11', 'debian12'] }
+        - { name: 'debootstrap', os: ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts'] }
         - { name: 'debian-archive-keyring', os: ['debian11', 'debian12'] }
+        - { name: 'ubuntu-keyring', os: ['ubuntu', 'ubuntu-lts'] }
       when: "'os' not in item or os in item.os"
       retries: 4
       delay: 15
 
     - name: Configure RHEL Repos for installation
-      when: os | lower == "almalinux" or os | lower == "fedora"
+      when: os | lower in ["almalinux", "fedora", "rocky"]
       block:
       - name: Create directories for repository files and RPM GPG keys
         file:

roles/partitioning/tasks/ext4.yml

@@ -13,7 +13,7 @@
     - { lv: var_log_audit }
 
 - name: Remove Unsupported features for older Systems
-  when: (os | lower == 'debian11') and (cis == true or item.lv not in ['var_log', 'var_log_audit'])
+  when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky', 'ubuntu-lts']) and (cis == true or item.lv not in ['var_log', 'var_log_audit'])
   command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}"
   loop:
     - { lv: root }

roles/partitioning/tasks/main.yml

@@ -119,7 +119,7 @@
 
     - name: Mount boot filesystem
       mount:
-        path: /mnt/boot
+        path: "{{ '/mnt/boot/efi' if os | lower in ['ubuntu', 'ubuntu-lts'] else '/mnt/boot' }}"
         src: UUID={{ boot_uuid.stdout }}
         fstype: vfat
         state: mounted

templates/rocky.repo.j2

@@ -0,0 +1,10 @@
+[rocky-baseos]
+name=Rocky Linux $releasever - BaseOS
+mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=BaseOS-$releasever
+#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/BaseOS/$basearch/os/
+gpgcheck=1
+enabled=1
+countme=1
+gpgkey=https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-$releasever
+metadata_expire=86400
+enabled_metadata=1

vars_example.yml

@@ -4,9 +4,6 @@ ansible_become_password: "{{ user_password }}"
 ansible_ssh_extra_args: '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
 
 vm_ip: "{{ inventory_hostname }}/24"
-hypervisor_list: ["libvirt", "proxmox", "vmware", "none"]
-filesystem_list: ["btrfs", "ext4", "xfs"]
-os_list: ["archlinux", "almalinux", "debian11", "debian12", "fedora"]
 install_type: "virtual"
 cis: false