diff --git a/.drone.jsonnet b/.drone.jsonnet deleted file mode 100644 index ea2de9e..0000000 --- a/.drone.jsonnet +++ /dev/null @@ -1,124 +0,0 @@ -local PipelineLinting = { - kind: 'pipeline', - name: 'linting', - platform: { - os: 'linux', - arch: 'amd64', - }, - steps: [ - { - name: 'ansible-later', - image: 'thegeeklab/ansible-later', - commands: [ - 'ansible-later', - ], - }, - { - name: 'python-format', - image: 'python:3.11', - environment: { - PY_COLORS: 1, - }, - commands: [ - 'pip install -qq yapf', - '[ -z "$(find . -type f -name *.py)" ] || (yapf -rd ./)', - ], - }, - { - name: 'python-flake8', - image: 'python:3.11', - environment: { - PY_COLORS: 1, - }, - commands: [ - 'pip install -qq flake8', - 'flake8', - ], - }, - ], - trigger: { - ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'], - }, -}; - -local PipelineDocumentation = { - kind: 'pipeline', - name: 'documentation', - platform: { - os: 'linux', - arch: 'amd64', - }, - steps: [ - { - name: 'generate', - image: 'thegeeklab/ansible-doctor', - environment: { - ANSIBLE_DOCTOR_LOG_LEVEL: 'INFO', - ANSIBLE_DOCTOR_FORCE_OVERWRITE: true, - ANSIBLE_DOCTOR_EXCLUDE_FILES: 'molecule/', - ANSIBLE_DOCTOR_TEMPLATE: 'hugo-book', - ANSIBLE_DOCTOR_ROLE_NAME: '${DRONE_REPO_NAME#*.}', - ANSIBLE_DOCTOR_OUTPUT_DIR: '_docs/', - }, - }, - { - name: 'publish', - image: 'plugins/gh-pages', - settings: { - remote_url: 'https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}', - netrc_machine: 'gitea.rknet.org', - username: { from_secret: 'gitea_username' }, - password: { from_secret: 'gitea_token' }, - pages_directory: '_docs/', - target_branch: 'docs', - }, - when: { - ref: ['refs/heads/main'], - }, - }, - ], - trigger: { - ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'], - }, - depends_on: [ - 'linting', - ], -}; - -local PipelineNotification = { - kind: 'pipeline', - name: 'notification', - platform: { - os: 'linux', - arch: 'amd64', - }, - clone: { - disable: true, - }, - steps: [ - { - name: 'matrix', - image: 'thegeeklab/drone-matrix', - settings: { - homeserver: { from_secret: 'matrix_homeserver' }, - roomid: { from_secret: 'matrix_roomid' }, - template: 'Status: **{{ .Build.Status }}**
Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}
Message: {{ .Commit.Message.Title }}', - username: { from_secret: 'matrix_username' }, - password: { from_secret: 'matrix_password' }, - }, - }, - ], - depends_on: [ - 'documentation', - ], - trigger: { - status: ['success', 'failure'], - ref: ['refs/heads/main', 'refs/tags/**'], - }, -}; - -[ - PipelineLinting, - PipelineDocumentation, - PipelineNotification, -] diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 2a04ec0..0000000 --- a/.drone.yml +++ /dev/null @@ -1,120 +0,0 @@ ---- -kind: pipeline -name: linting - -platform: - os: linux - arch: amd64 - -steps: - - name: ansible-later - image: thegeeklab/ansible-later - commands: - - ansible-later - - - name: python-format - image: python:3.11 - commands: - - pip install -qq yapf - - "[ -z \"$(find . -type f -name *.py)\" ] || (yapf -rd ./)" - environment: - PY_COLORS: 1 - - - name: python-flake8 - image: python:3.11 - commands: - - pip install -qq flake8 - - flake8 - environment: - PY_COLORS: 1 - -trigger: - ref: - - refs/heads/main - - refs/tags/** - - refs/pull/** - ---- -kind: pipeline -name: documentation - -platform: - os: linux - arch: amd64 - -steps: - - name: generate - image: thegeeklab/ansible-doctor - environment: - ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/ - ANSIBLE_DOCTOR_FORCE_OVERWRITE: true - ANSIBLE_DOCTOR_LOG_LEVEL: INFO - ANSIBLE_DOCTOR_OUTPUT_DIR: _docs/ - ANSIBLE_DOCTOR_ROLE_NAME: ${DRONE_REPO_NAME#*.} - ANSIBLE_DOCTOR_TEMPLATE: hugo-book - - - name: publish - image: plugins/gh-pages - settings: - netrc_machine: gitea.rknet.org - pages_directory: _docs/ - password: - from_secret: gitea_token - remote_url: https://gitea.rknet.org/ansible/${DRONE_REPO_NAME} - target_branch: docs - username: - from_secret: gitea_username - when: - ref: - - refs/heads/main - -trigger: - ref: - - refs/heads/main - - refs/tags/** - - refs/pull/** - -depends_on: - - linting - ---- -kind: pipeline -name: notification - -platform: - os: linux - arch: amd64 - -clone: - disable: true - -steps: - - name: matrix - image: thegeeklab/drone-matrix - settings: - homeserver: - from_secret: matrix_homeserver - password: - from_secret: matrix_password - roomid: - from_secret: matrix_roomid - template: "Status: **{{ .Build.Status }}**
Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}
Message: {{ .Commit.Message.Title }}" - username: - from_secret: matrix_username - -trigger: - ref: - - refs/heads/main - - refs/tags/** - status: - - success - - failure - -depends_on: - - documentation - ---- -kind: signature -hmac: 1a3ce5b5857b054706ade18a5857e0ee7ad6edb68e38fe41eef57dac6caf4e05 - -... diff --git a/.gitignore b/.gitignore index 9d13a2b..d97b7cd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ # ---> Ansible *.retry -filter/plugins/ +plugins library # ---> Python @@ -9,5 +9,3 @@ __pycache__/ *.py[cod] *$py.class -# ---> Docs -/_docs diff --git a/.later.yml b/.later.yml index 0efe5d5..2703cb9 100644 --- a/.later.yml +++ b/.later.yml @@ -10,10 +10,6 @@ ansible: rules: exclude_files: - - molecule/ - "LICENSE*" - "**/*.md" - "**/*.ini" - - exclude_filter: - - LINT0009 diff --git a/.markdownlint.yml b/.markdownlint.yml new file mode 100644 index 0000000..da116c7 --- /dev/null +++ b/.markdownlint.yml @@ -0,0 +1,7 @@ +--- +default: True +MD013: False +MD041: False +MD024: False +MD004: + style: dash diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..6b1d0bf --- /dev/null +++ b/.prettierignore @@ -0,0 +1 @@ +LICENSE diff --git a/.woodpecker/docs.yaml b/.woodpecker/docs.yaml new file mode 100644 index 0000000..9a20b42 --- /dev/null +++ b/.woodpecker/docs.yaml @@ -0,0 +1,47 @@ +--- +when: + - event: [pull_request] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +steps: + - name: generate + image: quay.io/thegeeklab/ansible-doctor + environment: + ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/ + ANSIBLE_DOCTOR_FORCE_OVERWRITE: "true" + ANSIBLE_DOCTOR_LOG_LEVEL: INFO + ANSIBLE_DOCTOR_ROLE_NAME: ${CI_REPO_NAME} + ANSIBLE_DOCTOR_TEMPLATE: readme + + - name: format + image: quay.io/thegeeklab/alpine-tools + commands: + - prettier -w README.md + + - name: diff + image: quay.io/thegeeklab/alpine-tools + commands: + - git diff --color=always README.md + + - name: publish + image: quay.io/thegeeklab/wp-git-action + settings: + action: + - commit + - push + author_email: ci-bot@rknet.org + author_name: ci-bot + branch: main + message: "[skip ci] automated docs update" + netrc_machine: gitea.rknet.org + netrc_password: + from_secret: gitea_token + when: + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +depends_on: + - lint diff --git a/.woodpecker/lint.yaml b/.woodpecker/lint.yaml new file mode 100644 index 0000000..ca4facd --- /dev/null +++ b/.woodpecker/lint.yaml @@ -0,0 +1,30 @@ +--- +when: + - event: [pull_request, tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +steps: + - name: ansible-later + image: quay.io/thegeeklab/ansible-later:4 + commands: + - ansible-later + environment: + FORCE_COLOR: "1" + + - name: python-format + image: docker.io/python:3.12 + commands: + - pip install -qq ruff + - ruff format --check --diff . + environment: + PY_COLORS: "1" + + - name: python-lint + image: docker.io/python:3.12 + commands: + - pip install -qq ruff + - ruff . + environment: + PY_COLORS: "1" diff --git a/.woodpecker/notify.yml b/.woodpecker/notify.yml new file mode 100644 index 0000000..9957125 --- /dev/null +++ b/.woodpecker/notify.yml @@ -0,0 +1,26 @@ +--- +when: + - event: [tag] + - event: [push, manual] + branch: + - ${CI_REPO_DEFAULT_BRANCH} + +runs_on: [success, failure] + +steps: + - name: matrix + image: quay.io/thegeeklab/wp-matrix + settings: + homeserver: + from_secret: matrix_homeserver + password: + from_secret: matrix_password + roomid: + from_secret: matrix_roomid + username: + from_secret: matrix_username + when: + - status: [success, failure] + +depends_on: + - docs diff --git a/README.md b/README.md index 31f998d..64837d9 100644 --- a/README.md +++ b/README.md @@ -1,12 +1 @@ # xoxys.pve - -[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.pve?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.pve) -[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE) - -Basic role to configure a [Proxmox VE](https://www.proxmox.com/en/proxmox-ve) server. Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization that tightly integrates KVM hypervisor and LXC containers, software-defined storage and networking functionality on a single platform. - -You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/cloud/pve/). - -## License - -This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. diff --git a/defaults/main.yml b/defaults/main.yml index 6e6e2ef..3b7c5ad 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,9 +1,6 @@ --- pve_nodes: - node1 -pve_tls_enabled: False -pve_tls_cert_source: mycert.pem -pve_tls_key_source: mykey.pem pve_pamd_motd_enabled: True diff --git a/handlers/main.yml b/handlers/main.yml deleted file mode 100644 index 5f63af6..0000000 --- a/handlers/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Restart pveproxy - service: - state: restarted - name: pveproxy - listen: __pveproxy_restart - become: True - become_user: root diff --git a/meta/main.yml b/meta/main.yml index eaef02a..f78dbff 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,4 +1,3 @@ -# Standards: 0.2 --- galaxy_info: # @meta author:value: [Robert Kaussow](https://gitea.rknet.org/xoxys) @@ -6,9 +5,8 @@ galaxy_info: namespace: xoxys role_name: pve # @meta description: > - # [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.pve) - # [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.pve?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.pve) - # [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.pve/src/branch/main/LICENSE) + # [![Build Status](https://ci.rknet.org/api/badges/ansible/xoxys.pve/status.svg)](https://ci.rknet.org/repos/ansible/xoxys.pve) + # [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.pve/src/branch/main/LICENSE) # # Basic role to configure a [Proxmox VE](https://www.proxmox.com/en/proxmox-ve) server. # Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization @@ -21,11 +19,11 @@ galaxy_info: # @end description: Basic role to configure a Proxmox VE server license: MIT - min_ansible_version: 2.10 + min_ansible_version: "2.10" platforms: - - name: EL + - name: Debian versions: - - 7 + - "bookworm" galaxy_tags: - pve - kvm diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..7193140 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,17 @@ +[tool.ruff] +exclude = [".git", "__pycache__"] + +line-length = 99 +indent-width = 4 + +[tool.ruff.lint] +ignore = ["W191", "E111", "E114", "E117", "S101", "S105"] +select = ["F", "E", "I", "W", "S"] + +[tool.ruff.format] +quote-style = "double" +indent-style = "space" +line-ending = "lf" + +[tool.pytest.ini_options] +filterwarnings = ["ignore::FutureWarning", "ignore::DeprecationWarning"] diff --git a/setup.cfg b/setup.cfg deleted file mode 100644 index 2bb8674..0000000 --- a/setup.cfg +++ /dev/null @@ -1,12 +0,0 @@ -[flake8] -ignore = D100, D101, D102, D103, D105, D107, E402, W503 -max-line-length = 99 -inline-quotes = double -exclude = .git,.tox,__pycache__,build,dist,tests,*.pyc,*.egg-info,.cache,.eggs,env* - -[yapf] -based_on_style = google -column_limit = 99 -dedent_closing_brackets = true -coalesce_brackets = true -split_before_logical_operator = true diff --git a/tasks/auth.yml b/tasks/auth.yml index 696524d..9a20f9d 100644 --- a/tasks/auth.yml +++ b/tasks/auth.yml @@ -1,47 +1,42 @@ --- -- block: - - name: Create tmp folder for pve - file: - path: "{{ __pve_tmp_dir }}" - recurse: yes - state: directory +- name: Create tmp folder for pve + ansible.builtin.file: + path: "{{ __pve_tmp_dir }}" + recurse: True + state: directory - - name: Configure auth provider - template: - src: etc/pve/domains.cfg.j2 - dest: "{{ __pve_tmp_dir }}/domains.cfg" - owner: root - group: www-data - mode: 0640 - register: __pve_domains_copy +- name: Configure auth provider + ansible.builtin.template: + src: etc/pve/domains.cfg.j2 + dest: "{{ __pve_tmp_dir }}/domains.cfg" + owner: root + group: www-data + mode: "0640" + register: __pve_domains_copy - - name: Copy auth provider to pve filesystem - command: "/bin/cp -rf {{ __pve_tmp_dir }}/domains.cfg {{ __pve_base_dir }}/domains.cfg" - changed_when: __pve_domains_copy.changed - become: True - become_user: root +- name: Copy auth provider to pve filesystem + ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/domains.cfg {{ __pve_base_dir }}/domains.cfg" + changed_when: __pve_domains_copy.changed -- block: +- when: + - pve_auth_ldap_enabled | bool + - pve_auth_ldap_bind_password is defined + block: - name: Ensure path for auth file exists - file: + ansible.builtin.file: path: "{{ __pve_base_dir }}/priv/ldap" - recurse: yes + recurse: True state: directory - name: Add passwd file for ldap bind - template: + ansible.builtin.template: src: etc/pve/priv/ldap.pw.j2 dest: "{{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw" owner: root group: www-data - mode: 0640 + mode: "0640" register: __pve_auth_copy - name: Copy passwd file to pve filesystem - command: "/bin/cp -rf {{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw {{ __pve_base_dir }}/priv/ldap/{{ pve_auth_ldap_realm }}.pw" + ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw {{ __pve_base_dir }}/priv/ldap/{{ pve_auth_ldap_realm }}.pw" changed_when: __pve_auth_copy.changed - become: True - become_user: root - when: - - pve_auth_ldap_enabled | bool - - pve_auth_ldap_bind_password is defined diff --git a/tasks/main.yml b/tasks/main.yml index ee6e82f..04c4de2 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,7 +1,4 @@ --- -- import_tasks: pve.yml -- import_tasks: pam.yml -- import_tasks: auth.yml -- import_tasks: tls.yml - when: pve_tls_enabled | bool - tags: tls_renewal +- ansible.builtin.import_tasks: pve.yml +- ansible.builtin.import_tasks: pam.yml +- ansible.builtin.import_tasks: auth.yml diff --git a/tasks/pam.yml b/tasks/pam.yml index ea8dcaf..ff099ce 100644 --- a/tasks/pam.yml +++ b/tasks/pam.yml @@ -1,14 +1,18 @@ --- - name: Remove motd from oam stack - pamd: + community.general.pamd: name: "{{ item.name }}" type: "{{ item.type }}" control: "{{ item.control }}" module_path: "{{ item.path }}" state: absent loop: - - { name: 'login', type: 'session', control: 'optional', path: 'pam_motd.so' } - - { name: 'sshd', type: 'session', control: 'optional', path: 'pam_motd.so' } - become: True - become_user: root + - name: "login" + type: "session" + control: "optional" + path: "pam_motd.so" + - name: "sshd" + type: "session" + control: "optional" + path: "pam_motd.so" when: not pve_pamd_motd_enabled | bool diff --git a/tasks/pve.yml b/tasks/pve.yml index f319ce0..10edaea 100644 --- a/tasks/pve.yml +++ b/tasks/pve.yml @@ -1,23 +1,20 @@ --- -- block: - - name: Ensure mountpoints are present - file: - path: "{{ item.path }}" - recurse: yes - state: directory - loop: "{{ pve_disk_mount }}" - loop_control: - label: "{{ item.path }}" +- name: Ensure mountpoints are present + ansible.builtin.file: + path: "{{ item.path }}" + recurse: yes + state: directory + loop: "{{ pve_disk_mount }}" + loop_control: + label: "{{ item.path }}" - - name: Add diskmounts to fstab - mount: - path: "{{ item.path }}" - src: "{{ item.src }}" - fstype: "{{ item.fstype }}" - opts: "{{ item.opts | default(omit) }}" - state: "{{ item.state | default('mounted') }}" - loop: "{{ pve_disk_mount }}" - loop_control: - label: "{{ item.src }} {{ item.path }}" - become: True - become_user: root +- name: Add diskmounts to fstab + ansible.posix.mount: + path: "{{ item.path }}" + src: "{{ item.src }}" + fstype: "{{ item.fstype }}" + opts: "{{ item.opts | default(omit) }}" + state: "{{ item.state | default('mounted') }}" + loop: "{{ pve_disk_mount }}" + loop_control: + label: "{{ item.src }} {{ item.path }}" diff --git a/tasks/tls.yml b/tasks/tls.yml deleted file mode 100644 index c3f35b6..0000000 --- a/tasks/tls.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- block: - - name: Create pki folder structure - file: - path: "{{ item }}" - state: directory - recurse: True - loop: - - /etc/pki/tls/certs - - /etc/pki/tls/private - - - name: Copy certs and private key - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - loop: - - { src: "{{ pve_tls_cert_source }}", dest: "/etc/pki/tls/certs/pveproxy-ssl.pem", mode: "0750" } - - { src: "{{ pve_tls_key_source }}", dest: "/etc/pki/tls/private/pveproxy-ssl.key", mode: "0600" } - loop_control: - label: "{{ item.dest }}" - register: __pve_tls_copy - - - name: Copy cert/key to pve filesystem - command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}" - changed_when: item[0].changed - loop: "{{ __pve_tls_copy.results | product(pve_nodes) | list }}" - loop_control: - label: "/etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}" - notify: __pveproxy_restart - become: True - become_user: root