Ansible-Bootstrap/main.yml

---
- name: Create and configure VMs
  hosts: all
  strategy: free # noqa: run-once[play]
  gather_facts: false
  become: true
  vars_prompt:
    - name: user_name
      prompt: |
        What is your username?
      private: false

    - name: user_public_key
      prompt: |
        What is your ssh key?
      private: false

    - name: user_password
      prompt: |
        What is your password?
      confirm: true

    - name: root_password
      prompt: |
        What is your root password?
      confirm: true
  pre_tasks:
    - name: Apply prompted authentication values to system input
      vars:
        system_input: "{{ system | default({}) }}"
        system_user_input: "{{ (system_input.user | default({})) if (system_input.user is mapping) else {} }}"
        system_root_input: "{{ (system_input.root | default({})) if (system_input.root is mapping) else {} }}"
        prompt_user_name: "{{ user_name | default(system_user_name | default(''), true) | string }}"
        prompt_user_key: "{{ user_public_key | default(user_key | default(system_user_key | default(''), true), true) | string }}"
        prompt_user_password: "{{ user_password | default(system_user_password | default(''), true) | string }}"
        prompt_root_password: "{{ root_password | default(system_root_password | default(''), true) | string }}"
      ansible.builtin.set_fact:
        system: >-
          {{
            system_input
            | combine(
                {
                  'user': {
                    'name': (
                      (system_user_input.name | default('') | string | length) > 0
                    ) | ternary(system_user_input.name | string, prompt_user_name),
                    'key': (
                      (system_user_input.key | default('') | string | length) > 0
                    ) | ternary(system_user_input.key | string, prompt_user_key),
                    'password': (
                      (system_user_input.password | default('') | string | length) > 0
                    ) | ternary(system_user_input.password | string, prompt_user_password)
                  },
                  'root': {
                    'password': (
                      (system_root_input.password | default('') | string | length) > 0
                    ) | ternary(system_root_input.password | string, prompt_root_password)
                  }
                },
                recursive=True
              )
          }}
      changed_when: false

    - name: Load global defaults
      ansible.builtin.import_role:
        name: global_defaults

    - name: Perform safety checks
      ansible.builtin.import_role:
        name: system_check

  roles:
    - role: virtualization
      when: system_cfg.type == "virtual"
      become: false
      vars:
        ansible_connection: local

    - role: environment
      vars:
        ansible_connection: "{{ 'vmware_tools' if hypervisor_type == 'vmware' else 'ssh' }}"

    - role: partitioning
      vars:
        partitioning_boot_partition_suffix: 1
        partitioning_main_partition_suffix: 2

    - role: bootstrap

    - role: configuration

    - role: cis
      when: system_cfg.features.cis.enabled | bool

    - role: cleanup
      when: system_cfg.type in ["virtual", "physical"]
      become: false

  post_tasks:
    - name: Set post-reboot connection flags
      ansible.builtin.set_fact:
        post_reboot_can_connect: >-
          {{
            (ansible_connection | default('ssh')) != 'ssh'
            or ((system_cfg.ip | default('') | string | length) > 0)
            or (
              system_cfg.type == 'physical'
              and (ansible_host | default('') | string | length) > 0
            )
          }}
      changed_when: false

    - name: Set final SSH credentials for post-reboot tasks
      when:
        - post_reboot_can_connect | bool
      ansible.builtin.set_fact:
        ansible_user: "{{ system_cfg.user.name }}"
        ansible_password: "{{ system_cfg.user.password }}"
        ansible_become_password: "{{ system_cfg.user.password }}"
        ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"

    - name: Install post-reboot packages
      when:
        - post_reboot_can_connect | bool
        - system_cfg.packages is defined
        - system_cfg.packages | length > 0
      ansible.builtin.package:
        name: "{{ system_cfg.packages }}"
        state: present