Rebuilt with multiple roles

.gitmodules

@@ -1,3 +1,12 @@
 [submodule ".submodules/ansible-lxc-ssh"]
 	path = .submodules/ansible-lxc-ssh
 	url = https://github.com/andreasscherbaum/ansible-lxc-ssh.git
+[submodule "roles.extern/deapparmor"]
+	path = roles.extern/deapparmor
+	url = https://git.velt.biz/Ansible/role.deapparmor.git
+[submodule "roles.extern/grub_add_cmdlineparameter"]
+	path = roles.extern/grub_add_cmdlineparameter
+	url = https://git.velt.biz/Ansible/role.grub_add_cmdlineparameter.git
+[submodule "roles.extern/prepare_lxc_host"]
+	path = roles.extern/prepare_lxc_host
+	url = https://git.velt.biz/Ansible/role.prepare_lxc_host.git

ansible.cfg

@@ -1,6 +1,8 @@
 [defaults]
 inventory = ./hosts
 
+roles_path = ./roles.extern
+
 connection_plugins = ./connection_plugins/
 
 interpreter_python = auto

prepare_lxc_host.yml

@@ -0,0 +1,45 @@
+---
+- hosts: all
+
+  gather_facts: no
+
+
+  pre_tasks:
+    - name: 'Output configured connection plugin via "ansible_connection" variable'
+      debug:
+        var: ansible_connection
+      tags:
+        - never
+        - debug
+
+    - name: End for non-LXContainer
+      meta: end_host
+      when: "'lxc' in ansible_connection|default('')"
+      tags:
+        - always
+
+    - name: Manually gather facts (for LXC hosts only)
+      ansible.builtin.gather_facts:
+      tags:
+        - always
+
+
+  roles:
+    - role: deapparmor
+      deapparmor_reboot: True
+      tags:
+        - always
+
+    - role: grub_add_cmdlineparameter
+      grub_add_cmdlineparameter:
+        systemd.unified_cgroup_hierarchy: 0
+        cgroup_enable: memory
+        swapaccount: 1
+        vsyscall: emulate
+      tags:
+        - always
+
+    - role: prepare_lxc_host
+      tags:
+        - always
+

prepare_lxc_hosts.yml

@@ -1,137 +0,0 @@
----
-- hosts:
-  - lxc_hosts
-
-  tasks:
-    - assert:
-        that:
-          - ansible_pkg_mgr == "apt"
-        fail_msg: "Sorry, Debian-like hosts only!"
-
-
-    - name: Just to be sure python3-apt is installed
-      command: apt install -y python3-apt
-      args:
-        creates: /usr/lib/python3/dist-packages/apt
-
-
-    - name: Install packages
-      package:
-        name: "{{ packages }}"
-        state: latest
-      vars:
-        packages:
-          - bridge-utils
-          - dnsmasq
-          - iptables
-          - lxc
-          - python3-lxc
-
-
-    - name: Copy config files
-      copy:
-        src: "{{ item }}"
-        dest: "/{{ item }}"
-        owner: root
-        group: root
-        mode: 0644
-      loop:
-        - etc/dnsmasq.d/br-lxc
-        - etc/lxc/ansible.conf
-        - etc/network/interfaces.d/br-lxc
-      notify:
-        - Restart dnsmasq
-
-
-
-    - name: Fix evil Debian default /etc/network/interfaces
-      lineinfile:
-        dest: /etc/network/interfaces
-        regexp: 'source.*interfaces.d'
-        line: 'source-directory /etc/network/interfaces.d'
-        backup: yes
-
-
-    - name: dnsmasq should use /etc/resolv.conf
-      lineinfile:
-        path: /etc/default/dnsmasq
-        line: 'IGNORE_RESOLVCONF=yes'
-        regexp: '^\s*#*\s*IGNORE_RESOLVCONF=yes'
-        backup: yes
-      notify:
-        - Restart dnsmasq
-
-
-    - name: IPv4-Forwarding
-      sysctl:
-        name: net.ipv4.ip_forward
-        value: '1'
-        sysctl_file: /etc/sysctl.d/lxc.conf
-        sysctl_set: yes
-        state: present
-        reload: yes
-
-
-    - name: Raise inotify limit
-      sysctl:
-        name: fs.inotify.max_user_instances
-        value: '1024'
-        sysctl_file: 30-lxc-inotify.conf
-        sysctl_set: yes
-        state: present
-        reload: yes
-
-
-    - name: Enable CAP_SYS_TIME in Container
-      lineinfile:
-        dest: /usr/share/lxc/config/common.conf
-        backrefs: yes
-        regexp: '(^\s*[^#].*)sys_time ?(.*)$'
-        line: '\1\2'
-        backup: yes
-
-
-    - name: lxc-net with systemd
-      block:
-        - name: Stop lxc-net service
-          systemd:
-            name: lxc-net
-            state: stopped
-
-        - name: Disable lxc-net service
-          systemd:
-            name: lxc-net
-            enabled: no
-
-        - name: Mask lxc-net service
-          systemd:
-            name: lxc-net
-            masked: yes
-      when: ansible_service_mgr == "systemd"
-
-
-    - name: lxc-net without systemd
-      block:
-        - name: Disable lxc-net
-          service:
-            name: lxc-net
-            enabled: no
-            state: stopped
-          ignore_errors: yes
-      when: ansible_service_mgr != "systemd"
-
-
-    - name: Bring up br-lxc
-      command: ifup br-lxc
-      args:
-        creates: /sys/devices/virtual/net/br-lxc
-
-
-
-  handlers:
-    - name: Restart dnsmasq
-      service:
-        name: dnsmasq
-        state: restarted
-      ignore_errors: yes
-

roles.extern/deapparmor

@@ -0,0 +1 @@
+Subproject commit 9cf7fcaa026c3771b7740915d6151f18fdb7fc15

roles.extern/grub_add_cmdlineparameter

@@ -0,0 +1 @@
+Subproject commit d401c517fd71d2f828ee7c4757357dbd090e6dd1

roles.extern/prepare_lxc_host

@@ -0,0 +1 @@
+Subproject commit 70007a299177cf2db2e3aa28ce90fd11f7634f2d