jlay/deploy-base
1
1
Fork 0
Code Issues Pull requests Activity

Compare commits

base: jlay:25610e364f48f0e0361a29c8ff6c3c78e8b7cde2
Branches Tags
jlay:master
..
compare: jlay:0d1153ad95d6ea4a6df690afc24c691f011b1156
Branches Tags
jlay:master

No commits in common. "25610e364f48f0e0361a29c8ff6c3c78e8b7cde2" and "0d1153ad95d6ea4a6df690afc24c691f011b1156" have entirely different histories.
25610e364f ... 0d1153ad95

2 changed files with 16 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

27
play.yml
View file

@ -1,20 +1,17 @@
--- ---
# vim: ft=yaml.ansible - hosts: "{{ target | default('all') }}" # target inventory group, default all
- name: Deploy basics gather_facts: yes
hosts: all # reminder: '--limit'
gather_facts: true
vars: vars:
# auto_update: "true" # would configure dnf-automatic # auto_update: "true" # would configure dnf-automatic
# hardened_ssh_port: "1181" # tcp is assumed in selinux/firewalld allowance # hardened_ssh_port: "1181" # tcp is assumed in selinux/firewalld allowance
URL_PUBKEYS: "https://github.com/joshlay.keys" # https://github.com/user.keys
roles: roles:
- {role: custom-facts, tags: ['facts', 'custom-facts']} - {role: btrfs} # sets up scrubbing
# - {role: btrfs, tags: ['btrfs']} # sets up scrubbing - {role: bootstrap}
- {role: bootstrap, tags: ['boot', 'bootstrap']} - {role: tuned}
- {role: grub, tags: ['grub']} - {role: install-packages}
- {role: tuned, tags: ['tuned']} - {role: update-packages} # depends on 'is_atomic' in bootstrap
- {role: install-packages, tags: ['pkgs', 'install', 'install-pkgs']} - {role: fedora-upgrade} # consider renaming to dist-upgrade / supporting more than fedora
- {role: update-packages, tags: ['pkgs', 'install', 'update-pkgs']} - {role: create-user} # this should always follow packages; they often provide groups the user may want to join
# - {role: fedora-upgrade} # replacing w/ 'dist-upgrade', supporting more than fedora - {role: hardening}
- {role: create-user, tags: ['user']} # should follow package-installing roles; provide groups the user may want to join - {role: docker}
- {role: hardening, tags: ['harden', 'hardening']}
# - {role: docker}

7
roles/fedora-upgrade/tasks/main.yml
View file

@ -1,7 +1,4 @@
--- ---
- name: Include Fedora-upgrading tasks - include_tasks: tasks.yml
ansible.builtin.include_tasks: tasks.yml when: (ansible_distribution in ["Fedora"] and not is_atomic) and (ansible_distribution_version < fedora_target and ansible_distribution_version|int >= fedora_minimum)
when:
- (ansible_distribution in ["Fedora"] and not ansible_local.os.is_atomic)
- (ansible_distribution_version < fedora_target and ansible_distribution_version|int >= fedora_minimum)