--- - name: Configuration block: - name: Generate fstab ansible.builtin.shell: genfstab -LU /mnt > /mnt/etc/fstab changed_when: result.rc == 0 register: result - name: Replace ISO UUID entry with /dev/sr0 in fstab when: os in ["rhel8", "rhel9"] ansible.builtin.lineinfile: path: /mnt/etc/fstab regexp: '^.*\/dvd.*$' line: "{{ '/usr/local/install/redhat/rhel.iso /usr/local/install/redhat/dvd iso9660 loop,nofail 0 0' if hypervisor == 'vmware' else '/dev/sr0 /usr/local/install/redhat/dvd iso9660 ro,relatime,nojoliet,check=s,map=n,nofail 0 0' }}" state: present backrefs: true - name: Write image from RHEL ISO to the target machine ansible.builtin.command: dd if=/dev/sr1 of=/mnt/usr/local/install/redhat/rhel.iso bs=4M changed_when: result.rc == 0 register: result - name: Append TempFS to fstab ansible.builtin.lineinfile: path: /mnt/etc/fstab line: "{{ item }}" insertafter: EOF with_items: - "" - "# TempFS" - tmpfs /tmp tmpfs defaults,nosuid,nodev,noexec 0 0 - tmpfs /var/tmp tmpfs defaults,nosuid,nodev,noexec 0 0 - tmpfs /dev/shm tmpfs defaults,noexec 0 0 - name: Set local timezone ansible.builtin.command: "{{ item }}" changed_when: result.rc == 0 register: result with_items: - systemctl daemon-reload - arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime - name: Setup locales block: - name: Set hostname ansible.builtin.copy: content: "{{ hostname }}" dest: /mnt/etc/hostname mode: '0644' - name: Add host entry to /etc/hosts ansible.builtin.lineinfile: path: /mnt/etc/hosts line: "{{ ansible_host }} {{ hostname }}" state: present - name: Create vconsole.conf ansible.builtin.copy: content: KEYMAP=us dest: /mnt/etc/vconsole.conf mode: '0644' - name: Create locale.conf ansible.builtin.copy: content: LANG=en_US.UTF-8 dest: /mnt/etc/locale.conf mode: '0644' - name: SSH permit Password ansible.builtin.replace: path: /mnt/etc/ssh/sshd_config regexp: "#PasswordAuthentication yes" replace: PasswordAuthentication yes - name: SSH permit root login ansible.builtin.replace: path: /mnt/etc/ssh/sshd_config regexp: "^#?PermitRootLogin.*" replace: "PermitRootLogin yes" - name: Enable Systemd Services ansible.builtin.command: arch-chroot /mnt systemctl enable NetworkManager sshd changed_when: result.rc == 0 register: result - name: Configure Bootloader block: - name: Install Bootloader ansible.builtin.command: arch-chroot /mnt /usr/sbin/efibootmgr -c -L '{{ os }}' -d "{{ install_drive }}" -p 1 -l '\efi\EFI\redhat\shimx64.efi' changed_when: result.rc == 0 register: result - name: Generate grub config ansible.builtin.command: arch-chroot /mnt /usr/sbin/grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg changed_when: result.rc == 0 register: result - name: Regenerate initramfs when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] ansible.builtin.command: arch-chroot /mnt /usr/bin/dracut --regenerate-all --force changed_when: result.rc == 0 register: result - name: Extra Configuration block: - name: Append vim configurations to vimrc failed_when: false ansible.builtin.blockinfile: path: "/mnt/etc/vimrc" block: | set encoding=utf-8 set number set autoindent set smartindent set mouse=a insertafter: EOF marker: "" - name: Add memory tuning parameters ansible.builtin.blockinfile: path: /mnt/etc/sysctl.d/90-memory.conf create: true block: | vm.swappiness=10 vm.vfs_cache_pressure=50 vm.dirty_background_ratio=1 vm.dirty_ratio=10 vm.page-cluster=10 marker: "" mode: '0644' - name: Create zram config when: os not in ['rhel8'] ansible.builtin.copy: dest: /mnt/etc/systemd/zram-generator.conf content: | [zram0] zram-size = ram / 2 compression-algorithm = zstd swap-priority = 100 fs-type = swap mode: '0644' - name: Copy FirstRun Script ansible.builtin.template: src: firstrun.sh.j2 dest: /mnt/root/firstrun.sh mode: "0755" - name: Copy Custom Shell config ansible.builtin.template: src: custom.sh.j2 dest: /mnt/etc/profile.d/custom.sh mode: '0644' - name: Setup Network block: - name: Generate UUID for Network Profile ansible.builtin.command: uuidgen changed_when: net_uuid.rc == 0 register: net_uuid - name: Retrieve Network Interface Name ansible.builtin.shell: set -o pipefail && ip r | awk 'NR==1 {print $5}' changed_when: net_inf.rc == 0 register: net_inf - name: Register MAC Address of the Network Interface ansible.builtin.shell: set -o pipefail && ip link show "{{ net_inf.stdout }}" | awk '/link\/ether/ {print $2}' | tr '[:lower:]' '[:upper:]' register: net_mac changed_when: net_mac.rc == 0 - name: Copy NetworkManager keyfile ansible.builtin.template: src: network.j2 dest: /mnt/etc/NetworkManager/system-connections/LAN.nmconnection mode: "0600" - name: Setup user account block: - name: Create user account ansible.builtin.command: "{{ item }}" with_items: - arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups wheel {{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash - arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash changed_when: result.rc == 0 register: result - name: Add SSH public key to authorized_keys when: user_public_key is defined ansible.builtin.lineinfile: path: /mnt/home/{{ user_name }}/.ssh/authorized_keys line: "{{ user_public_key }}" owner: 1000 group: 1000 mode: "0600" create: true - name: Give sudo access to wheel group ansible.builtin.copy: content: "%wheel ALL=(ALL) ALL" dest: /mnt/etc/sudoers.d/01-wheel mode: "0440" validate: /usr/sbin/visudo --check --file=%s - name: Fix SELinux ansible.builtin.command: "arch-chroot /mnt /sbin/fixfiles onboot" changed_when: result.rc == 0 register: result