|
95 | 95 | ansible.builtin.set_fact: |
96 | 96 | mountpoints_list: "{{ mountpoints_list + ['/dev', '/dev/shm', '/run', '/tmp'] }}" |
97 | 97 |
|
| 98 | +- name: Define filesystems variable |
| 99 | + set_fact: |
| 100 | + filesystems: |
| 101 | + - path: /boot |
| 102 | + src: "{{ os_mnt_boot_src }}" |
| 103 | + fstype: "{{ os_mnt_boot_filesystem }}" |
| 104 | + opts: "{{ os_mnt_boot_options }}" |
| 105 | + enabled: "{{ os_mnt_boot_enabled }}" |
| 106 | + mode: "{{ os_mnt_boot_dir_mode }}" |
| 107 | + group: "{{ os_mnt_boot_group }}" |
| 108 | + owner: "{{ os_mnt_boot_owner }}" |
| 109 | + dump: "{{ os_mnt_boot_dump }}" |
| 110 | + passno: "{{ os_mnt_boot_passno }}" |
| 111 | + - path: /dev |
| 112 | + src: "{{ os_mnt_dev_src }}" |
| 113 | + fstype: "{{ os_mnt_dev_filesystem }}" |
| 114 | + opts: "{{ os_mnt_dev_options }}" |
| 115 | + enabled: "{{ os_mnt_dev_enabled }}" |
| 116 | + mode: "{{ os_mnt_dev_dir_mode }}" |
| 117 | + group: "{{ os_mnt_dev_group }}" |
| 118 | + owner: "{{ os_mnt_dev_owner }}" |
| 119 | + dump: "{{ os_mnt_dev_dump }}" |
| 120 | + passno: "{{ os_mnt_dev_passno }}" |
| 121 | + - path: /dev/shm |
| 122 | + src: "{{ os_mnt_dev_shm_src }}" |
| 123 | + fstype: "{{ os_mnt_dev_shm_filesystem }}" |
| 124 | + opts: "{{ os_mnt_dev_shm_options }}" |
| 125 | + enabled: "{{ os_mnt_dev_shm_enabled }}" |
| 126 | + mode: "{{ os_mnt_dev_shm_dir_mode }}" |
| 127 | + group: "{{ os_mnt_dev_shm_group }}" |
| 128 | + owner: "{{ os_mnt_dev_shm_owner }}" |
| 129 | + dump: "{{ os_mnt_dev_shm_dump }}" |
| 130 | + passno: "{{ os_mnt_dev_shm_passno }}" |
| 131 | + - path: /home |
| 132 | + src: "{{ os_mnt_home_src }}" |
| 133 | + fstype: "{{ os_mnt_home_filesystem }}" |
| 134 | + opts: "{{ os_mnt_home_options }}" |
| 135 | + enabled: "{{ os_mnt_home_enabled }}" |
| 136 | + mode: "{{ os_mnt_home_dir_mode }}" |
| 137 | + group: "{{ os_mnt_home_group }}" |
| 138 | + owner: "{{ os_mnt_home_owner }}" |
| 139 | + dump: "{{ os_mnt_home_dump }}" |
| 140 | + passno: "{{ os_mnt_home_passno }}" |
| 141 | + - path: /run |
| 142 | + src: "{{ os_mnt_run_src }}" |
| 143 | + fstype: "{{ os_mnt_run_filesystem }}" |
| 144 | + opts: "{{ os_mnt_run_options }}" |
| 145 | + enabled: "{{ os_mnt_run_enabled }}" |
| 146 | + mode: "{{ os_mnt_run_dir_mode }}" |
| 147 | + group: "{{ os_mnt_run_group }}" |
| 148 | + owner: "{{ os_mnt_run_owner }}" |
| 149 | + dump: "{{ os_mnt_run_dump }}" |
| 150 | + passno: "{{ os_mnt_run_passno }}" |
| 151 | + - path: /tmp |
| 152 | + src: "{{ os_mnt_tmp_src }}" |
| 153 | + fstype: "{{ os_mnt_tmp_filesystem }}" |
| 154 | + opts: "{{ os_mnt_tmp_options }}" |
| 155 | + enabled: "{{ os_mnt_tmp_enabled }}" |
| 156 | + mode: "{{ os_mnt_tmp_dir_mode }}" |
| 157 | + group: "{{ os_mnt_tmp_group }}" |
| 158 | + owner: "{{ os_mnt_tmp_owner }}" |
| 159 | + dump: "{{ os_mnt_tmp_dump }}" |
| 160 | + passno: "{{ os_mnt_tmp_passno }}" |
| 161 | + - path: /var |
| 162 | + src: "{{ os_mnt_var_src }}" |
| 163 | + fstype: "{{ os_mnt_var_filesystem }}" |
| 164 | + opts: "{{ os_mnt_var_options }}" |
| 165 | + enabled: "{{ os_mnt_var_enabled }}" |
| 166 | + mode: "{{ os_mnt_var_dir_mode }}" |
| 167 | + group: "{{ os_mnt_var_group }}" |
| 168 | + owner: "{{ os_mnt_var_owner }}" |
| 169 | + dump: "{{ os_mnt_var_dump }}" |
| 170 | + passno: "{{ os_mnt_var_passno }}" |
| 171 | + - path: /var/log |
| 172 | + src: "{{ os_mnt_var_log_src }}" |
| 173 | + fstype: "{{ os_mnt_var_log_filesystem }}" |
| 174 | + opts: "{{ os_mnt_var_log_options }}" |
| 175 | + enabled: "{{ os_mnt_var_log_enabled }}" |
| 176 | + mode: "{{ os_mnt_var_log_dir_mode }}" |
| 177 | + group: "{{ os_mnt_var_log_group }}" |
| 178 | + owner: "{{ os_mnt_var_log_owner }}" |
| 179 | + dump: "{{ os_mnt_var_log_dump }}" |
| 180 | + passno: "{{ os_mnt_var_log_passno }}" |
| 181 | + - path: /var/log/audit |
| 182 | + src: "{{ os_mnt_var_log_audit_src }}" |
| 183 | + fstype: "{{ os_mnt_var_log_audit_filesystem }}" |
| 184 | + opts: "{{ os_mnt_var_log_audit_options }}" |
| 185 | + enabled: "{{ os_mnt_var_log_audit_enabled }}" |
| 186 | + mode: "{{ os_mnt_var_log_audit_dir_mode }}" |
| 187 | + group: "{{ os_mnt_var_log_audit_group }}" |
| 188 | + owner: "{{ os_mnt_var_log_audit_owner }}" |
| 189 | + dump: "{{ os_mnt_var_log_audit_dump }}" |
| 190 | + passno: "{{ os_mnt_var_log_audit_passno }}" |
| 191 | + - path: /var/tmp |
| 192 | + src: "{{ os_mnt_var_tmp_src }}" |
| 193 | + fstype: "{{ os_mnt_var_tmp_filesystem }}" |
| 194 | + opts: "{{ os_mnt_var_tmp_options }}" |
| 195 | + enabled: "{{ os_mnt_var_tmp_enabled }}" |
| 196 | + mode: "{{ os_mnt_var_tmp_dir_mode }}" |
| 197 | + group: "{{ os_mnt_var_tmp_group }}" |
| 198 | + owner: "{{ os_mnt_var_tmp_owner }}" |
| 199 | + dump: "{{ os_mnt_var_tmp_dump }}" |
| 200 | + passno: "{{ os_mnt_var_tmp_passno }}" |
| 201 | + |
| 202 | +- name: Extract distinct groups from filesystems |
| 203 | + set_fact: |
| 204 | + distinct_groups: "{{ filesystems | map(attribute='group') | unique | list }}" |
| 205 | + |
| 206 | +- name: Ensure all distinct groups exist |
| 207 | + ansible.builtin.group: |
| 208 | + name: "{{ item }}" |
| 209 | + state: present |
| 210 | + loop: "{{ distinct_groups }}" |
| 211 | + when: distinct_groups is defined |
| 212 | + |
98 | 213 | - name: Minimize access for filesystems |
99 | 214 | ansible.builtin.include_tasks: minimize_access_fs.yml |
100 | 215 | loop_control: |
101 | 216 | loop_var: mount |
102 | | - loop: |
103 | | - - path: /boot |
104 | | - src: "{{ os_mnt_boot_src }}" |
105 | | - fstype: "{{ os_mnt_boot_filesystem }}" |
106 | | - opts: "{{ os_mnt_boot_options }}" |
107 | | - enabled: "{{ os_mnt_boot_enabled }}" |
108 | | - mode: "{{ os_mnt_boot_dir_mode }}" |
109 | | - group: "{{ os_mnt_boot_group }}" |
110 | | - owner: "{{ os_mnt_boot_owner }}" |
111 | | - dump: "{{ os_mnt_boot_dump }}" |
112 | | - passno: "{{ os_mnt_boot_passno }}" |
113 | | - - path: /dev |
114 | | - src: "{{ os_mnt_dev_src }}" |
115 | | - fstype: "{{ os_mnt_dev_filesystem }}" |
116 | | - opts: "{{ os_mnt_dev_options }}" |
117 | | - enabled: "{{ os_mnt_dev_enabled }}" |
118 | | - mode: "{{ os_mnt_dev_dir_mode }}" |
119 | | - group: "{{ os_mnt_dev_group }}" |
120 | | - owner: "{{ os_mnt_dev_owner }}" |
121 | | - dump: "{{ os_mnt_dev_dump }}" |
122 | | - passno: "{{ os_mnt_dev_passno }}" |
123 | | - - path: /dev/shm |
124 | | - src: "{{ os_mnt_dev_shm_src }}" |
125 | | - fstype: "{{ os_mnt_dev_shm_filesystem }}" |
126 | | - opts: "{{ os_mnt_dev_shm_options }}" |
127 | | - enabled: "{{ os_mnt_dev_shm_enabled }}" |
128 | | - mode: "{{ os_mnt_dev_shm_dir_mode }}" |
129 | | - group: "{{ os_mnt_dev_shm_group }}" |
130 | | - owner: "{{ os_mnt_dev_shm_owner }}" |
131 | | - dump: "{{ os_mnt_dev_shm_dump }}" |
132 | | - passno: "{{ os_mnt_dev_shm_passno }}" |
133 | | - - path: /home |
134 | | - src: "{{ os_mnt_home_src }}" |
135 | | - fstype: "{{ os_mnt_home_filesystem }}" |
136 | | - opts: "{{ os_mnt_home_options }}" |
137 | | - enabled: "{{ os_mnt_home_enabled }}" |
138 | | - mode: "{{ os_mnt_home_dir_mode }}" |
139 | | - group: "{{ os_mnt_home_group }}" |
140 | | - owner: "{{ os_mnt_home_owner }}" |
141 | | - dump: "{{ os_mnt_home_dump }}" |
142 | | - passno: "{{ os_mnt_home_passno }}" |
143 | | - - path: /run |
144 | | - src: "{{ os_mnt_run_src }}" |
145 | | - fstype: "{{ os_mnt_run_filesystem }}" |
146 | | - opts: "{{ os_mnt_run_options }}" |
147 | | - enabled: "{{ os_mnt_run_enabled }}" |
148 | | - mode: "{{ os_mnt_run_dir_mode }}" |
149 | | - group: "{{ os_mnt_run_group }}" |
150 | | - owner: "{{ os_mnt_run_owner }}" |
151 | | - dump: "{{ os_mnt_run_dump }}" |
152 | | - passno: "{{ os_mnt_run_passno }}" |
153 | | - - path: /tmp |
154 | | - src: "{{ os_mnt_tmp_src }}" |
155 | | - fstype: "{{ os_mnt_tmp_filesystem }}" |
156 | | - opts: "{{ os_mnt_tmp_options }}" |
157 | | - enabled: "{{ os_mnt_tmp_enabled }}" |
158 | | - mode: "{{ os_mnt_tmp_dir_mode }}" |
159 | | - group: "{{ os_mnt_tmp_group }}" |
160 | | - owner: "{{ os_mnt_tmp_owner }}" |
161 | | - dump: "{{ os_mnt_tmp_dump }}" |
162 | | - passno: "{{ os_mnt_tmp_passno }}" |
163 | | - - path: /var |
164 | | - src: "{{ os_mnt_var_src }}" |
165 | | - fstype: "{{ os_mnt_var_filesystem }}" |
166 | | - opts: "{{ os_mnt_var_options }}" |
167 | | - enabled: "{{ os_mnt_var_enabled }}" |
168 | | - mode: "{{ os_mnt_var_dir_mode }}" |
169 | | - group: "{{ os_mnt_var_group }}" |
170 | | - owner: "{{ os_mnt_var_owner }}" |
171 | | - dump: "{{ os_mnt_var_dump }}" |
172 | | - passno: "{{ os_mnt_var_passno }}" |
173 | | - - path: /var/log |
174 | | - src: "{{ os_mnt_var_log_src }}" |
175 | | - fstype: "{{ os_mnt_var_log_filesystem }}" |
176 | | - opts: "{{ os_mnt_var_log_options }}" |
177 | | - enabled: "{{ os_mnt_var_log_enabled }}" |
178 | | - mode: "{{ os_mnt_var_log_dir_mode }}" |
179 | | - group: "{{ os_mnt_var_log_group }}" |
180 | | - owner: "{{ os_mnt_var_log_owner }}" |
181 | | - dump: "{{ os_mnt_var_log_dump }}" |
182 | | - passno: "{{ os_mnt_var_log_passno }}" |
183 | | - - path: /var/log/audit |
184 | | - src: "{{ os_mnt_var_log_audit_src }}" |
185 | | - fstype: "{{ os_mnt_var_log_audit_filesystem }}" |
186 | | - opts: "{{ os_mnt_var_log_audit_options }}" |
187 | | - enabled: "{{ os_mnt_var_log_audit_enabled }}" |
188 | | - mode: "{{ os_mnt_var_log_audit_dir_mode }}" |
189 | | - group: "{{ os_mnt_var_log_audit_group }}" |
190 | | - owner: "{{ os_mnt_var_log_audit_owner }}" |
191 | | - dump: "{{ os_mnt_var_log_audit_dump }}" |
192 | | - passno: "{{ os_mnt_var_log_audit_passno }}" |
193 | | - - path: /var/tmp |
194 | | - src: "{{ os_mnt_var_tmp_src }}" |
195 | | - fstype: "{{ os_mnt_var_tmp_filesystem }}" |
196 | | - opts: "{{ os_mnt_var_tmp_options }}" |
197 | | - enabled: "{{ os_mnt_var_tmp_enabled }}" |
198 | | - mode: "{{ os_mnt_var_tmp_dir_mode }}" |
199 | | - group: "{{ os_mnt_var_tmp_group }}" |
200 | | - owner: "{{ os_mnt_var_tmp_owner }}" |
201 | | - dump: "{{ os_mnt_var_tmp_dump }}" |
202 | | - passno: "{{ os_mnt_var_tmp_passno }}" |
| 217 | + loop: "{{ filesystems }}" |
0 commit comments