mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-05 21:06:02 +02:00
4112bdf9fd
yaml: truthy value should be one of [false, true] (truthy) yaml: wrong indentation: expected 4 but found 2 (indentation) yaml: too few spaces before comment (comments) yaml: missing starting space in comment (comments) yaml: too many blank lines (1 > 0) (empty-lines) yaml: too many spaces after colon (colons) yaml: comment not indented like content (comments-indentation) yaml: no new line character at the end of file (new-line-at-end-of-file) load-failure: Failed to load or parse file parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
200 lines
7.8 KiB
YAML
200 lines
7.8 KiB
YAML
---
|
|
|
|
- name: read /etc/motd
|
|
command: cat /etc/motd
|
|
register: motd_contents
|
|
changed_when: motd_contents.stdout | length > 0
|
|
|
|
- name: check whether we're running in Hetzner or Packet.net rescue environment
|
|
fail: msg="Not running in rescue system!"
|
|
when: "'Hetzner Rescue' not in motd_contents.stdout and 'Rescue environment based on Alpine Linux' not in motd_contents.stdout"
|
|
|
|
- name: make sure all required packages are installed in the rescue system for installation
|
|
apk: name=sgdisk,btrfs-progs,tar update_cache=yes
|
|
when: ansible_facts['os_family'] == "Alpine"
|
|
|
|
- name: create GRUB embed partitions
|
|
command: sgdisk -g --clear -n 1:0:+10M {{ item }} -c 1:boot -t 1:ef02
|
|
with_items:
|
|
- "{{ system_disks }}"
|
|
register: sgdisk
|
|
changed_when: "sgdisk.rc == 0"
|
|
|
|
- name: create root partitions
|
|
command: sgdisk -n 2:0:0 {{ item }} -c 2:root
|
|
with_items:
|
|
- "{{ system_disks }}"
|
|
register: sgdisk
|
|
changed_when: "sgdisk.rc == 0"
|
|
|
|
- name: partition and format the disks (btrfs RAID)
|
|
command: mkfs.btrfs -f -L root -d {{ raid_level|default('raid1') }} -m {{ raid_level|default('raid1') }} -O no-holes {{ system_disks | map('regex_replace', '^(.*)$', '\g<1>p2' if 'nvme' in system_disks[0] else '\g<1>2') | join(' ') }}
|
|
when: filesystem == "btrfs" and system_disks|length >= 2
|
|
|
|
- name: partition and format the disks (btrfs single)
|
|
command: mkfs.btrfs -f -L root -d single -m single -O no-holes {{ system_disks[0] }}{{ 'p2' if 'nvme' in system_disks[0] else '2' }}
|
|
when: filesystem == "btrfs" and system_disks|length == 1
|
|
|
|
- name: mount the filesystem (btrfs)
|
|
mount: src="{{ system_disks[0] }}{{ 'p2' if 'nvme' in system_disks[0] else '2' }}" path=/mnt state=mounted fstype=btrfs opts="compress-force=zstd,space_cache=v2"
|
|
when: filesystem == "btrfs"
|
|
|
|
- name: touch LOCK file on mountpoint
|
|
file: path=/mnt/LOCK state=touch owner=root group=root mode=0644
|
|
|
|
- name: download bootstrap image
|
|
get_url:
|
|
url: https://mirrors.kernel.org/archlinux/iso/{{ bootstrap_version }}/archlinux-bootstrap-{{ bootstrap_version }}-x86_64.tar.gz
|
|
dest: /tmp/
|
|
|
|
- name: extract boostrap image # noqa 208
|
|
unarchive:
|
|
src: /tmp/archlinux-bootstrap-{{ bootstrap_version }}-x86_64.tar.gz
|
|
dest: /tmp
|
|
remote_src: true
|
|
creates: /tmp/root.x86_64
|
|
|
|
- name: copy resolv.conf to bootstrap chroot
|
|
copy: remote_src=true src=/etc/resolv.conf dest=/tmp/root.x86_64/etc/resolv.conf owner=root group=root mode=0644
|
|
|
|
- name: mount /proc to bootstrap chroot
|
|
command: mount --rbind /proc /tmp/root.x86_64/proc creates=/tmp/root.x86_64/proc/uptime # noqa 303
|
|
|
|
- name: mount /sys to bootstrap chroot
|
|
command: mount --rbind /sys /tmp/root.x86_64/sys creates=/tmp/root.x86_64/sys/dev # noqa 303
|
|
|
|
- name: mount /dev to bootstrap chroot
|
|
command: mount --rbind /dev /tmp/root.x86_64/dev creates=/tmp/root.x86_64/dev/zero # noqa 303
|
|
|
|
- name: mount /mnt to bootstrap chroot
|
|
command: mount --rbind /mnt /tmp/root.x86_64/mnt creates=/tmp/root.x86_64/mnt/LOCK # noqa 303
|
|
|
|
- name: configure pacman mirror
|
|
template: src=mirrorlist.j2 dest=/tmp/root.x86_64/etc/pacman.d/mirrorlist owner=root group=root mode=0644
|
|
|
|
- name: initialize pacman keyring inside bootstrap chroot
|
|
command: chroot /tmp/root.x86_64 pacman-key --init
|
|
register: chroot_pacman_key_init
|
|
changed_when: "chroot_pacman_key_init.rc == 0"
|
|
|
|
- name: populate pacman keyring inside bootstrap chroot
|
|
command: chroot /tmp/root.x86_64 pacman-key --populate archlinux
|
|
register: chroot_pacman_key_populate
|
|
changed_when: "chroot_pacman_key_populate.rc == 0"
|
|
|
|
- name: install ucode update for Intel
|
|
set_fact: ucode="intel-ucode"
|
|
when: "'GenuineIntel' in ansible_facts['processor']"
|
|
|
|
- name: install ucode update for AMD
|
|
set_fact: ucode="amd-ucode"
|
|
when: "'AuthenticAMD' in ansible_facts['processor']"
|
|
|
|
- name: install arch base from bootstrap chroot
|
|
command: chroot /tmp/root.x86_64 pacstrap /mnt base linux btrfs-progs grub openssh python-requests python-yaml {{ ucode }}
|
|
args:
|
|
creates: /tmp/root.x86_64/mnt/bin
|
|
|
|
- name: mount /proc to new chroot
|
|
command: mount --rbind /proc /mnt/proc creates=/mnt/proc/uptime # noqa 303
|
|
|
|
- name: mount /sys to new chroot
|
|
command: mount --rbind /sys /mnt/sys creates=/mnt/sys/dev # noqa 303
|
|
|
|
- name: mount /dev to new chroot
|
|
command: mount --rbind /dev /mnt/dev creates=/mnt/dev/zero # noqa 303
|
|
|
|
- name: configure locale.gen
|
|
lineinfile: dest=/mnt/etc/locale.gen line="en_US.UTF-8 UTF-8" owner=root group=root mode=0644
|
|
|
|
- name: run locale-gen inside chroot
|
|
command: chroot /mnt locale-gen
|
|
register: chroot_locale_gen
|
|
changed_when: "chroot_locale_gen.rc == 0"
|
|
|
|
- name: run systemd-firstboot
|
|
command: chroot /mnt systemd-firstboot --locale=en_US.UTF-8 --timezone=UTC --hostname={{ hostname }}
|
|
register: chroot_systemd_firstboot
|
|
changed_when: "chroot_systemd_firstboot.rc == 0"
|
|
|
|
- name: run mkinitcpio
|
|
command: chroot /mnt mkinitcpio -p linux
|
|
register: chroot_mkinitcpio
|
|
changed_when: "chroot_mkinitcpio.rc == 0"
|
|
|
|
- name: configure network (static)
|
|
template: src=10-static-ethernet.network.j2 dest=/mnt/etc/systemd/network/10-static-ethernet.network owner=root group=root mode=0644
|
|
when: not dhcp|default(false)
|
|
|
|
- name: configure network (dhcp)
|
|
template: src=10-dhcp-ethernet.network.j2 dest=/mnt/etc/systemd/network/10-dhcp-ethernet.network owner=root group=root mode=0644
|
|
when: dhcp|default(false)
|
|
|
|
- name: install hcloud-init
|
|
copy: src=hcloud-init dest=/mnt/usr/local/bin/hcloud-init owner=root group=root mode=0755
|
|
when: "'hcloud' in group_names or inventory_hostname == 'packer-base-image'"
|
|
|
|
- name: install hcloud-init.service
|
|
copy: src=hcloud-init.service dest=/mnt/etc/systemd/system/hcloud-init.service owner=root group=root mode=0644
|
|
when: "'hcloud' in group_names or inventory_hostname == 'packer-base-image'"
|
|
|
|
- name: enable hcloud-init inside chroot
|
|
command: chroot /mnt systemctl enable hcloud-init
|
|
register: chroot_systemd_services
|
|
changed_when: "chroot_systemd_services.rc == 0"
|
|
when: "'hcloud' in group_names or inventory_hostname == 'packer-base-image'"
|
|
|
|
- name: provide default mount options (btrfs)
|
|
lineinfile:
|
|
path: /mnt/etc/default/grub
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
regexp: "^GRUB_CMDLINE_LINUX_DEFAULT="
|
|
line: "GRUB_CMDLINE_LINUX_DEFAULT=\"rootflags=compress-force=zstd\""
|
|
when: filesystem == "btrfs"
|
|
|
|
- name: install grub
|
|
command: chroot /mnt grub-install --recheck {{ item }}
|
|
with_items:
|
|
- "{{ system_disks }}"
|
|
register: chroot_grub_install
|
|
changed_when: "chroot_grub_install.rc == 0"
|
|
|
|
- name: configure grub
|
|
command: chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg
|
|
register: chroot_grub_mkconfig
|
|
changed_when: "chroot_grub_mkconfig.rc == 0"
|
|
|
|
- name: enable services inside chroot
|
|
command: chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved fstrim.timer
|
|
register: chroot_systemd_services
|
|
changed_when: "chroot_systemd_services.rc == 0"
|
|
|
|
- name: assign pubkey list to fact
|
|
set_fact: pubkey_list="{{ lookup('file', playbook_dir + "/../../pubkeys/" + item) }}"
|
|
register: pubkeys
|
|
vars:
|
|
playbook_dir: "{{ playbook_dir }}"
|
|
with_items: "{{ root_ssh_keys }}"
|
|
|
|
- name: assign pubkey string to fact
|
|
set_fact: pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }}
|
|
|
|
- name: add authorized key for root
|
|
authorized_key: user=root key="{{ pubkey_string }}" path=/tmp/root.x86_64/mnt/root/.ssh/authorized_keys exclusive=yes
|
|
|
|
- name: configure sshd
|
|
template: src=sshd_config.j2 dest=/mnt/etc/ssh/sshd_config owner=root group=root mode=0644
|
|
|
|
- name: create symlink to resolv.conf
|
|
file: src=/run/systemd/resolve/stub-resolv.conf dest=/mnt/etc/resolv.conf state=link force=yes owner=root group=root mode=0644
|
|
|
|
- name: clean pacman cache
|
|
command: chroot /mnt pacman -Scc --noconfirm
|
|
register: chroot_pacman_clean_cache
|
|
changed_when: "chroot_pacman_clean_cache.rc == 0"
|
|
|
|
- name: remove LOCK file on mountpoint
|
|
file: path=/mnt/LOCK state=absent
|