sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Commit Graph

  • ce79728744 feat(cleanup): enroll Secure Boot keys in VM NVRAM after OS installation master sandwich 2026-04-02 07:22:53 +02:00
  • b31a5a2580 feat(virtualization): enable TPM2 emulation for Secure Boot VMs sandwich 2026-04-02 04:37:28 +02:00
  • 2055863673 feat(configuration): auto-bind PCR 7 when Secure Boot and FDE are both enabled sandwich 2026-04-02 04:37:03 +02:00
  • ceb11852ec feat(configuration): add Secure Boot tasks for shim and sbctl sandwich 2026-04-02 04:36:24 +02:00
  • 57417514e3 feat(configuration): override EFI loader to shim when Secure Boot enabled sandwich 2026-04-02 04:34:47 +02:00
  • 0928588c1f feat(bootstrap): add Secure Boot conditional packages for Debian, Ubuntu, and Arch sandwich 2026-04-02 04:34:16 +02:00
  • 6d622f2db4 feat(global_defaults): add secure_boot feature toggle with normalization sandwich 2026-04-02 04:33:07 +02:00
  • b11d65a6f3 docs(bootstrap): document desktop, initramfs, and FDE features with SSH keepalive config sandwich 2026-04-01 15:07:58 +02:00
  • 3623fc292c feat(configuration): generic FDE with systemd-cryptenroll, clevis fallback, and configurable initramfs sandwich 2026-04-01 15:07:58 +02:00
  • dfca7ec94b fix(configuration): RedHat EFI grub wrapper with btrfs subvol prefix and boot order sandwich 2026-04-01 15:07:58 +02:00
  • e8be84bf49 fix(partitioning): set btrfs default subvolume and restrict @pkg to Arch sandwich 2026-04-01 15:07:58 +02:00
  • 322cc0b1ce fix(bootstrap): resolve interface-only network, sshd penalties, dnf scriptlets, and EFI cleanup sandwich 2026-04-01 15:07:58 +02:00
  • 4b38754f8b feat(bootstrap): add desktop environment support with configurable DE, DM, and display target sandwich 2026-04-01 15:07:58 +02:00
  • a6bc7ffe04 fix(configuration): use /boot/grub2/grub.cfg for RedHat EFI grub config Sandwich 2026-03-25 15:40:19 +01:00
  • c529e71ebc feat(packages): add needrestart to Debian and Ubuntu package lists Sandwich 2026-03-20 18:06:14 +01:00
  • cb46de2b6d feat(bootstrap): add full package upgrade step for Debian and Ubuntu Sandwich 2026-03-20 18:05:04 +01:00
  • 9169117b25 fix(vim): use vimscript comment syntax for blockinfile markers in vimrc Sandwich 2026-03-20 17:58:11 +01:00
  • 6c94c519fb fix(sudo): use explicit string check instead of bool conditional for sudo field Sandwich 2026-03-20 17:28:43 +01:00
  • efd96a42b8 fix(connection): set ansible_port explicitly at every connection transition Sandwich 2026-03-20 16:52:15 +01:00
  • 68661c3cca fix(vmware): use primary ansible_* vars for vmware_tools connection plugin precedence Sandwich 2026-03-20 16:17:41 +01:00
  • 1db20c7ac0 fix(vmware): use empty password for vmware_tools during live ISO bootstrap Sandwich 2026-03-20 15:51:35 +01:00
  • 7b155b427b fix(users): update cloud-init template and input validation for dict users Sandwich 2026-03-20 15:10:31 +01:00
  • ca8721e98f refactor(prompts): remove vars_prompt, require users defined in inventory Sandwich 2026-03-20 15:06:32 +01:00
  • cdb2559d8f fix(prompts): add default values to vars_prompt to skip in non-interactive mode Sandwich 2026-03-20 15:03:35 +01:00
  • 443f6623df refactor(users): change system.users from list to dict keyed by username Sandwich 2026-03-20 14:33:13 +01:00
  • 6cf418fe00 fix(configuration): make root password, user keys, and sudo all optional Sandwich 2026-03-20 02:03:48 +01:00
  • 47ec5fe621 fix(cloud-init): handle missing keys and make sudo conditional Sandwich 2026-03-20 02:01:35 +01:00
  • 240f945cce fix(cleanup): remove ansible_become override that blocks swapoff/umount Sandwich 2026-03-20 01:13:20 +01:00
  • 663a04556f feat(global_defaults): add system.features.aur schema for validation passthrough Sandwich 2026-03-20 01:13:20 +01:00
  • 6febd1acf1 refactor(virtualization): extract shared Xen disk definitions Sandwich 2026-03-12 12:27:18 +01:00
  • 008187860c refactor: remove unnecessary changed_when from set_fact tasks Sandwich 2026-03-12 12:25:45 +01:00
  • cd1be6b5e1 refactor(partitioning): remove redundant blockdev --rereadpt calls Sandwich 2026-03-12 12:25:15 +01:00
  • 15be6149fd refactor(partitioning): remove unused register variables Sandwich 2026-03-12 12:24:59 +01:00
  • ca29ad200d chore: suppress args[module] false positives from variable-based module_defaults Sandwich 2026-03-12 12:09:54 +01:00
  • 8079099cee fix(cleanup): add no_log to Proxmox VM restart task Sandwich 2026-03-12 12:09:53 +01:00
  • 9e79185b07 fix(virtualization): add missing changed_when to Xen VM stop task Sandwich 2026-03-12 12:09:51 +01:00
  • b88bf2860f fix(configuration): replace fail+ignore_errors with debug for TPM2 fallback warning Sandwich 2026-03-12 12:09:51 +01:00
  • 81d26eb715 refactor(configuration): split encryption.yml into crypttab, dracut, grub, and initramfs subtasks Sandwich 2026-03-12 09:18:17 +01:00
  • 41691fcf0a feat(bootstrap): add rescue block with VM cleanup on failure Sandwich 2026-03-12 07:43:51 +01:00
  • 601f8a1ef9 feat(environment): VMware network config, DNS resolvers, and SSH switchover Sandwich 2026-03-12 07:43:46 +01:00
  • 49d362c860 fix(global_defaults): populate flat network fields from interfaces in pre-computed path Sandwich 2026-03-12 07:43:39 +01:00
  • f9656cfbf5 feat(vmware): add VMware hypervisor support (node field, connection vars, validation) Sandwich 2026-03-12 07:43:34 +01:00
  • c99daa3dbc fix(bootstrap): exclude tldr from Ubuntu rolling extra packages Sandwich 2026-02-22 20:40:46 +01:00
  • d35976635c fix(global_defaults): use archive.ubuntu.com instead of mirror redirector Sandwich 2026-02-22 16:26:35 +01:00
  • b13f89a250 fix(global_defaults): apply mirror default in pre-computed system_cfg path Sandwich 2026-02-22 14:20:12 +01:00
  • b3b634f915 feat(configuration): add Debian/Ubuntu repository and apt configuration Sandwich 2026-02-22 10:47:47 +01:00
  • b8dd400aea feat(bootstrap): use configurable mirror and write proper sources.list Sandwich 2026-02-22 10:47:43 +01:00
  • f38e0a628f feat(global_defaults): add system.mirror to schema and normalization Sandwich 2026-02-22 10:47:40 +01:00
  • 3242d5a895 chore(bootstrap): update ubuntu non-lts codename to questing (25.10) Sandwich 2026-02-22 03:08:54 +01:00
  • 7e812dd74c fix(global_defaults): add missing ssh.enabled validation assertion Sandwich 2026-02-22 03:08:31 +01:00
  • 785eaab9a7 fix(global_defaults): correct fedora version upper bound to 43 Sandwich 2026-02-22 03:08:23 +01:00
  • 81ff2b2b87 feat(global_defaults): add root.shell to system schema and normalization Sandwich 2026-02-22 03:07:30 +01:00
  • 2265e346b0 refactor(cleanup): remove duplicated libvirt path vars, reuse virtualization defaults Sandwich 2026-02-22 03:07:04 +01:00
  • d9ae4ee809 refactor(bootstrap,configuration): rename validation-only _normalize.yml files Sandwich 2026-02-22 03:06:34 +01:00
  • 931d65df04 fix(partitioning): add | bool to all system_cfg.features.cis.enabled checks Sandwich 2026-02-22 03:06:13 +01:00
  • 59670e876a fix(partitioning): add partition separator for NVMe/mmcblk device paths Sandwich 2026-02-22 02:39:36 +01:00
  • f7070343b9 refactor(configuration): centralize DNS list variables in network dispatch Sandwich 2026-02-22 02:39:32 +01:00
  • 1cce81366c refactor(configuration): extract shared BLS update task to reduce duplication Sandwich 2026-02-22 02:39:28 +01:00
  • f6cb7bf78d fix(bootstrap): add missing --best flag to RHEL dnf commands Sandwich 2026-02-22 02:39:23 +01:00
  • 2c80c01b1a refactor(global_defaults): consolidate hypervisor auth into shared credential dicts Sandwich 2026-02-22 02:35:04 +01:00
  • 1b58a20c45 refactor(bootstrap,configuration,environment): add defaults/main.yml and extract hardcoded values Sandwich 2026-02-22 02:32:36 +01:00
  • 6b1686e652 refactor(bootstrap,configuration): add per-role _normalize.yml for platform resolution Sandwich 2026-02-22 02:27:46 +01:00
  • a460584c5d refactor(configuration): add platform_config dict and replace is_rhel/is_debian with os_family lookups Sandwich 2026-02-22 02:26:54 +01:00
  • 9c0f00f1ec feat(global_defaults): add os_family_map and os_family fact for platform config lookups Sandwich 2026-02-22 02:23:05 +01:00
  • 6ebceb8ee2 fix(virtualization): add vTPM2 result validation before VMware power-on Sandwich 2026-02-22 02:22:37 +01:00
  • 5e72394bf8 feat(global_defaults): add semantic validations for IP, hostname, LUKS method, and interface prefix Sandwich 2026-02-22 02:22:05 +01:00
  • 5abdc76c86 refactor(global_defaults): extract physical_default_os to configurable default Sandwich 2026-02-22 02:21:34 +01:00
  • bcfd5d5a89 fix(global_defaults): normalize system.type 'vm' to 'virtual' for main project compatibility Sandwich 2026-02-22 02:21:22 +01:00
  • c91e049378 docs(bootstrap): add section comments, role boundary docs, and pipeline overview Sandwich 2026-02-22 01:59:12 +01:00
  • b9e8aa283b refactor(global_defaults): data-driven hypervisor validation and shared constants Sandwich 2026-02-22 01:59:09 +01:00
  • 734ed822d6 refactor(extras): convert custom.sh from template to static copy Sandwich 2026-02-22 01:59:04 +01:00
  • 3f2f4055f0 fix(cleanup,config): xen tmp cleanup, tpm2 fallback warning, add code comments Sandwich 2026-02-22 01:59:01 +01:00
  • a2b206127f fix(partitioning,network): swapon idempotency, DNS search domains, tune2fs changed_when Sandwich 2026-02-22 01:58:56 +01:00
  • 6985235e70 fix(encryption): add no_log to LUKS configuration block Sandwich 2026-02-22 01:58:52 +01:00
  • 25b1eeec45 fix(network): bind NM connections to detected interface names for multi-NIC Sandwich 2026-02-21 16:51:15 +01:00
  • 3f65585e5c fix(bootstrap): make dhcp-client conditional for EL < 10 (removed in EL 10) Sandwich 2026-02-21 13:43:41 +01:00
  • 74f1365a06 fix(bootstrap): remove --asexplicit from pacstrap to preserve dependency metadata Sandwich 2026-02-21 13:26:59 +01:00
  • 9d19f628aa fix(bootstrap): add kernel package to rocky and almalinux extra packages Sandwich 2026-02-21 12:06:09 +01:00
  • ced0da7bd1 fix(bootstrap): detect kernel package name for dnf family reinstall step Sandwich 2026-02-21 11:46:57 +01:00
  • cf49d30916 fix(bootstrap): ensure chroot DNS resolution before installing extra packages Sandwich 2026-02-21 11:30:28 +01:00
  • 46b5223da5 fix(environment): align repo IDs in rocky and almalinux templates with bootstrap config Sandwich 2026-02-21 11:18:34 +01:00
  • 494f0b58b2 fix(configuration): omit interface-name when not explicitly provided to avoid predictable naming mismatch Sandwich 2026-02-21 07:56:21 +01:00
  • d84b867cef refactor(configuration): rename _uid to configuration_uid for role prefix convention Sandwich 2026-02-21 05:14:33 +01:00
  • 39c786305f fix(configuration): handle boolean sudo values in sudoers deployment Sandwich 2026-02-21 05:14:29 +01:00
  • 72e2263f5c fix(configuration): use full path for chpasswd in chroot Sandwich 2026-02-21 05:03:36 +01:00
  • ac532578b8 fix(global_defaults): enrich pre-computed system_cfg with bootstrap defaults Sandwich 2026-02-21 04:15:58 +01:00
  • 34f35bb5ac chore(lint): suppress var-naming for user-facing API dicts Sandwich 2026-02-21 02:58:10 +01:00
  • 6de88a911a fix(configuration): remove unnecessary changed_when on set_fact tasks Sandwich 2026-02-21 02:56:58 +01:00
  • fa78edf2e2 refactor(cis): align normalization with main project activation gate pattern Sandwich 2026-02-21 02:56:39 +01:00
  • a1c8b5e2dd fix(global_defaults): remove dead /swap and make pacman cache arch-only in reserved mounts Sandwich 2026-02-21 02:56:20 +01:00
  • 19da8c0e68 fix(global_defaults): set filesystem default to ext4 instead of empty string Sandwich 2026-02-21 02:56:08 +01:00
  • ff1a4df960 refactor(bootstrap): restructure package lists to self-contained per-OS dicts with base/extra/conditional Sandwich 2026-02-21 02:39:06 +01:00
  • f0c0b54e7f refactor(environment): split main.yml into focused sub-task files Sandwich 2026-02-21 02:39:05 +01:00
  • a868c6bb47 refactor(global_defaults): add idempotency guards to normalization tasks Sandwich 2026-02-21 02:39:03 +01:00
  • dd0d70f4fd fix(global_defaults): default interface name to eth0 instead of empty string Sandwich 2026-02-21 02:38:59 +01:00
  • c08e1fe4e0 docs(cis): add comment explaining squashfs/snap Ubuntu exclusion Sandwich 2026-02-21 02:38:58 +01:00
  • c3ccce97ae chore(bootstrap): pin collection versions in requirements.yml Sandwich 2026-02-21 02:38:57 +01:00
  • d9ca905b73 fix(bootstrap): move Jinja to end of task name and rename registers to bootstrap_dnf_* Sandwich 2026-02-21 02:38:27 +01:00
  • 6085336f96 docs: update README with cis dict API, execution pipeline, and cleanup defaults Sandwich 2026-02-21 01:30:36 +01:00
  • 2831479e77 fix(validation): align btrfs disk size check with new 2GB swap minimum Sandwich 2026-02-21 01:28:32 +01:00