diff --git a/.drone.jsonnet b/.drone.jsonnet
deleted file mode 100644
index ea2de9e..0000000
--- a/.drone.jsonnet
+++ /dev/null
@@ -1,124 +0,0 @@
-local PipelineLinting = {
- kind: 'pipeline',
- name: 'linting',
- platform: {
- os: 'linux',
- arch: 'amd64',
- },
- steps: [
- {
- name: 'ansible-later',
- image: 'thegeeklab/ansible-later',
- commands: [
- 'ansible-later',
- ],
- },
- {
- name: 'python-format',
- image: 'python:3.11',
- environment: {
- PY_COLORS: 1,
- },
- commands: [
- 'pip install -qq yapf',
- '[ -z "$(find . -type f -name *.py)" ] || (yapf -rd ./)',
- ],
- },
- {
- name: 'python-flake8',
- image: 'python:3.11',
- environment: {
- PY_COLORS: 1,
- },
- commands: [
- 'pip install -qq flake8',
- 'flake8',
- ],
- },
- ],
- trigger: {
- ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
- },
-};
-
-local PipelineDocumentation = {
- kind: 'pipeline',
- name: 'documentation',
- platform: {
- os: 'linux',
- arch: 'amd64',
- },
- steps: [
- {
- name: 'generate',
- image: 'thegeeklab/ansible-doctor',
- environment: {
- ANSIBLE_DOCTOR_LOG_LEVEL: 'INFO',
- ANSIBLE_DOCTOR_FORCE_OVERWRITE: true,
- ANSIBLE_DOCTOR_EXCLUDE_FILES: 'molecule/',
- ANSIBLE_DOCTOR_TEMPLATE: 'hugo-book',
- ANSIBLE_DOCTOR_ROLE_NAME: '${DRONE_REPO_NAME#*.}',
- ANSIBLE_DOCTOR_OUTPUT_DIR: '_docs/',
- },
- },
- {
- name: 'publish',
- image: 'plugins/gh-pages',
- settings: {
- remote_url: 'https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}',
- netrc_machine: 'gitea.rknet.org',
- username: { from_secret: 'gitea_username' },
- password: { from_secret: 'gitea_token' },
- pages_directory: '_docs/',
- target_branch: 'docs',
- },
- when: {
- ref: ['refs/heads/main'],
- },
- },
- ],
- trigger: {
- ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
- },
- depends_on: [
- 'linting',
- ],
-};
-
-local PipelineNotification = {
- kind: 'pipeline',
- name: 'notification',
- platform: {
- os: 'linux',
- arch: 'amd64',
- },
- clone: {
- disable: true,
- },
- steps: [
- {
- name: 'matrix',
- image: 'thegeeklab/drone-matrix',
- settings: {
- homeserver: { from_secret: 'matrix_homeserver' },
- roomid: { from_secret: 'matrix_roomid' },
- template: 'Status: **{{ .Build.Status }}**
Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}
Message: {{ .Commit.Message.Title }}',
- username: { from_secret: 'matrix_username' },
- password: { from_secret: 'matrix_password' },
- },
- },
- ],
- depends_on: [
- 'documentation',
- ],
- trigger: {
- status: ['success', 'failure'],
- ref: ['refs/heads/main', 'refs/tags/**'],
- },
-};
-
-[
- PipelineLinting,
- PipelineDocumentation,
- PipelineNotification,
-]
diff --git a/.drone.yml b/.drone.yml
deleted file mode 100644
index 2a04ec0..0000000
--- a/.drone.yml
+++ /dev/null
@@ -1,120 +0,0 @@
----
-kind: pipeline
-name: linting
-
-platform:
- os: linux
- arch: amd64
-
-steps:
- - name: ansible-later
- image: thegeeklab/ansible-later
- commands:
- - ansible-later
-
- - name: python-format
- image: python:3.11
- commands:
- - pip install -qq yapf
- - "[ -z \"$(find . -type f -name *.py)\" ] || (yapf -rd ./)"
- environment:
- PY_COLORS: 1
-
- - name: python-flake8
- image: python:3.11
- commands:
- - pip install -qq flake8
- - flake8
- environment:
- PY_COLORS: 1
-
-trigger:
- ref:
- - refs/heads/main
- - refs/tags/**
- - refs/pull/**
-
----
-kind: pipeline
-name: documentation
-
-platform:
- os: linux
- arch: amd64
-
-steps:
- - name: generate
- image: thegeeklab/ansible-doctor
- environment:
- ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
- ANSIBLE_DOCTOR_FORCE_OVERWRITE: true
- ANSIBLE_DOCTOR_LOG_LEVEL: INFO
- ANSIBLE_DOCTOR_OUTPUT_DIR: _docs/
- ANSIBLE_DOCTOR_ROLE_NAME: ${DRONE_REPO_NAME#*.}
- ANSIBLE_DOCTOR_TEMPLATE: hugo-book
-
- - name: publish
- image: plugins/gh-pages
- settings:
- netrc_machine: gitea.rknet.org
- pages_directory: _docs/
- password:
- from_secret: gitea_token
- remote_url: https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}
- target_branch: docs
- username:
- from_secret: gitea_username
- when:
- ref:
- - refs/heads/main
-
-trigger:
- ref:
- - refs/heads/main
- - refs/tags/**
- - refs/pull/**
-
-depends_on:
- - linting
-
----
-kind: pipeline
-name: notification
-
-platform:
- os: linux
- arch: amd64
-
-clone:
- disable: true
-
-steps:
- - name: matrix
- image: thegeeklab/drone-matrix
- settings:
- homeserver:
- from_secret: matrix_homeserver
- password:
- from_secret: matrix_password
- roomid:
- from_secret: matrix_roomid
- template: "Status: **{{ .Build.Status }}**
Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}
Message: {{ .Commit.Message.Title }}"
- username:
- from_secret: matrix_username
-
-trigger:
- ref:
- - refs/heads/main
- - refs/tags/**
- status:
- - success
- - failure
-
-depends_on:
- - documentation
-
----
-kind: signature
-hmac: 1a3ce5b5857b054706ade18a5857e0ee7ad6edb68e38fe41eef57dac6caf4e05
-
-...
diff --git a/.gitignore b/.gitignore
index 9d13a2b..d97b7cd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
# ---> Ansible
*.retry
-filter/plugins/
+plugins
library
# ---> Python
@@ -9,5 +9,3 @@ __pycache__/
*.py[cod]
*$py.class
-# ---> Docs
-/_docs
diff --git a/.later.yml b/.later.yml
index 0efe5d5..2703cb9 100644
--- a/.later.yml
+++ b/.later.yml
@@ -10,10 +10,6 @@ ansible:
rules:
exclude_files:
- - molecule/
- "LICENSE*"
- "**/*.md"
- "**/*.ini"
-
- exclude_filter:
- - LINT0009
diff --git a/.markdownlint.yml b/.markdownlint.yml
new file mode 100644
index 0000000..da116c7
--- /dev/null
+++ b/.markdownlint.yml
@@ -0,0 +1,7 @@
+---
+default: True
+MD013: False
+MD041: False
+MD024: False
+MD004:
+ style: dash
diff --git a/.prettierignore b/.prettierignore
new file mode 100644
index 0000000..6b1d0bf
--- /dev/null
+++ b/.prettierignore
@@ -0,0 +1 @@
+LICENSE
diff --git a/.woodpecker/docs.yaml b/.woodpecker/docs.yaml
new file mode 100644
index 0000000..9a20b42
--- /dev/null
+++ b/.woodpecker/docs.yaml
@@ -0,0 +1,47 @@
+---
+when:
+ - event: [pull_request]
+ - event: [push, manual]
+ branch:
+ - ${CI_REPO_DEFAULT_BRANCH}
+
+steps:
+ - name: generate
+ image: quay.io/thegeeklab/ansible-doctor
+ environment:
+ ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
+ ANSIBLE_DOCTOR_FORCE_OVERWRITE: "true"
+ ANSIBLE_DOCTOR_LOG_LEVEL: INFO
+ ANSIBLE_DOCTOR_ROLE_NAME: ${CI_REPO_NAME}
+ ANSIBLE_DOCTOR_TEMPLATE: readme
+
+ - name: format
+ image: quay.io/thegeeklab/alpine-tools
+ commands:
+ - prettier -w README.md
+
+ - name: diff
+ image: quay.io/thegeeklab/alpine-tools
+ commands:
+ - git diff --color=always README.md
+
+ - name: publish
+ image: quay.io/thegeeklab/wp-git-action
+ settings:
+ action:
+ - commit
+ - push
+ author_email: ci-bot@rknet.org
+ author_name: ci-bot
+ branch: main
+ message: "[skip ci] automated docs update"
+ netrc_machine: gitea.rknet.org
+ netrc_password:
+ from_secret: gitea_token
+ when:
+ - event: [push, manual]
+ branch:
+ - ${CI_REPO_DEFAULT_BRANCH}
+
+depends_on:
+ - lint
diff --git a/.woodpecker/lint.yaml b/.woodpecker/lint.yaml
new file mode 100644
index 0000000..ca4facd
--- /dev/null
+++ b/.woodpecker/lint.yaml
@@ -0,0 +1,30 @@
+---
+when:
+ - event: [pull_request, tag]
+ - event: [push, manual]
+ branch:
+ - ${CI_REPO_DEFAULT_BRANCH}
+
+steps:
+ - name: ansible-later
+ image: quay.io/thegeeklab/ansible-later:4
+ commands:
+ - ansible-later
+ environment:
+ FORCE_COLOR: "1"
+
+ - name: python-format
+ image: docker.io/python:3.12
+ commands:
+ - pip install -qq ruff
+ - ruff format --check --diff .
+ environment:
+ PY_COLORS: "1"
+
+ - name: python-lint
+ image: docker.io/python:3.12
+ commands:
+ - pip install -qq ruff
+ - ruff .
+ environment:
+ PY_COLORS: "1"
diff --git a/.woodpecker/notify.yml b/.woodpecker/notify.yml
new file mode 100644
index 0000000..9957125
--- /dev/null
+++ b/.woodpecker/notify.yml
@@ -0,0 +1,26 @@
+---
+when:
+ - event: [tag]
+ - event: [push, manual]
+ branch:
+ - ${CI_REPO_DEFAULT_BRANCH}
+
+runs_on: [success, failure]
+
+steps:
+ - name: matrix
+ image: quay.io/thegeeklab/wp-matrix
+ settings:
+ homeserver:
+ from_secret: matrix_homeserver
+ password:
+ from_secret: matrix_password
+ roomid:
+ from_secret: matrix_roomid
+ username:
+ from_secret: matrix_username
+ when:
+ - status: [success, failure]
+
+depends_on:
+ - docs
diff --git a/README.md b/README.md
index 31f998d..64837d9 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1 @@
# xoxys.pve
-
-[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.pve?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.pve)
-[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
-
-Basic role to configure a [Proxmox VE](https://www.proxmox.com/en/proxmox-ve) server. Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization that tightly integrates KVM hypervisor and LXC containers, software-defined storage and networking functionality on a single platform.
-
-You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/cloud/pve/).
-
-## License
-
-This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
diff --git a/defaults/main.yml b/defaults/main.yml
index 6e6e2ef..3b7c5ad 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,9 +1,6 @@
---
pve_nodes:
- node1
-pve_tls_enabled: False
-pve_tls_cert_source: mycert.pem
-pve_tls_key_source: mykey.pem
pve_pamd_motd_enabled: True
diff --git a/handlers/main.yml b/handlers/main.yml
deleted file mode 100644
index 5f63af6..0000000
--- a/handlers/main.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-- name: Restart pveproxy
- service:
- state: restarted
- name: pveproxy
- listen: __pveproxy_restart
- become: True
- become_user: root
diff --git a/meta/main.yml b/meta/main.yml
index eaef02a..f78dbff 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,4 +1,3 @@
-# Standards: 0.2
---
galaxy_info:
# @meta author:value: [Robert Kaussow](https://gitea.rknet.org/xoxys)
@@ -6,9 +5,8 @@ galaxy_info:
namespace: xoxys
role_name: pve
# @meta description: >
- # [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.pve)
- # [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.pve?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.pve)
- # [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.pve/src/branch/main/LICENSE)
+ # [![Build Status](https://ci.rknet.org/api/badges/ansible/xoxys.pve/status.svg)](https://ci.rknet.org/repos/ansible/xoxys.pve)
+ # [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.pve/src/branch/main/LICENSE)
#
# Basic role to configure a [Proxmox VE](https://www.proxmox.com/en/proxmox-ve) server.
# Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization
@@ -21,11 +19,11 @@ galaxy_info:
# @end
description: Basic role to configure a Proxmox VE server
license: MIT
- min_ansible_version: 2.10
+ min_ansible_version: "2.10"
platforms:
- - name: EL
+ - name: Debian
versions:
- - 7
+ - "bookworm"
galaxy_tags:
- pve
- kvm
diff --git a/pyproject.toml b/pyproject.toml
new file mode 100644
index 0000000..7193140
--- /dev/null
+++ b/pyproject.toml
@@ -0,0 +1,17 @@
+[tool.ruff]
+exclude = [".git", "__pycache__"]
+
+line-length = 99
+indent-width = 4
+
+[tool.ruff.lint]
+ignore = ["W191", "E111", "E114", "E117", "S101", "S105"]
+select = ["F", "E", "I", "W", "S"]
+
+[tool.ruff.format]
+quote-style = "double"
+indent-style = "space"
+line-ending = "lf"
+
+[tool.pytest.ini_options]
+filterwarnings = ["ignore::FutureWarning", "ignore::DeprecationWarning"]
diff --git a/setup.cfg b/setup.cfg
deleted file mode 100644
index 2bb8674..0000000
--- a/setup.cfg
+++ /dev/null
@@ -1,12 +0,0 @@
-[flake8]
-ignore = D100, D101, D102, D103, D105, D107, E402, W503
-max-line-length = 99
-inline-quotes = double
-exclude = .git,.tox,__pycache__,build,dist,tests,*.pyc,*.egg-info,.cache,.eggs,env*
-
-[yapf]
-based_on_style = google
-column_limit = 99
-dedent_closing_brackets = true
-coalesce_brackets = true
-split_before_logical_operator = true
diff --git a/tasks/auth.yml b/tasks/auth.yml
index 696524d..9a20f9d 100644
--- a/tasks/auth.yml
+++ b/tasks/auth.yml
@@ -1,47 +1,42 @@
---
-- block:
- - name: Create tmp folder for pve
- file:
- path: "{{ __pve_tmp_dir }}"
- recurse: yes
- state: directory
+- name: Create tmp folder for pve
+ ansible.builtin.file:
+ path: "{{ __pve_tmp_dir }}"
+ recurse: True
+ state: directory
- - name: Configure auth provider
- template:
- src: etc/pve/domains.cfg.j2
- dest: "{{ __pve_tmp_dir }}/domains.cfg"
- owner: root
- group: www-data
- mode: 0640
- register: __pve_domains_copy
+- name: Configure auth provider
+ ansible.builtin.template:
+ src: etc/pve/domains.cfg.j2
+ dest: "{{ __pve_tmp_dir }}/domains.cfg"
+ owner: root
+ group: www-data
+ mode: "0640"
+ register: __pve_domains_copy
- - name: Copy auth provider to pve filesystem
- command: "/bin/cp -rf {{ __pve_tmp_dir }}/domains.cfg {{ __pve_base_dir }}/domains.cfg"
- changed_when: __pve_domains_copy.changed
- become: True
- become_user: root
+- name: Copy auth provider to pve filesystem
+ ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/domains.cfg {{ __pve_base_dir }}/domains.cfg"
+ changed_when: __pve_domains_copy.changed
-- block:
+- when:
+ - pve_auth_ldap_enabled | bool
+ - pve_auth_ldap_bind_password is defined
+ block:
- name: Ensure path for auth file exists
- file:
+ ansible.builtin.file:
path: "{{ __pve_base_dir }}/priv/ldap"
- recurse: yes
+ recurse: True
state: directory
- name: Add passwd file for ldap bind
- template:
+ ansible.builtin.template:
src: etc/pve/priv/ldap.pw.j2
dest: "{{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw"
owner: root
group: www-data
- mode: 0640
+ mode: "0640"
register: __pve_auth_copy
- name: Copy passwd file to pve filesystem
- command: "/bin/cp -rf {{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw {{ __pve_base_dir }}/priv/ldap/{{ pve_auth_ldap_realm }}.pw"
+ ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw {{ __pve_base_dir }}/priv/ldap/{{ pve_auth_ldap_realm }}.pw"
changed_when: __pve_auth_copy.changed
- become: True
- become_user: root
- when:
- - pve_auth_ldap_enabled | bool
- - pve_auth_ldap_bind_password is defined
diff --git a/tasks/main.yml b/tasks/main.yml
index ee6e82f..04c4de2 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,7 +1,4 @@
---
-- import_tasks: pve.yml
-- import_tasks: pam.yml
-- import_tasks: auth.yml
-- import_tasks: tls.yml
- when: pve_tls_enabled | bool
- tags: tls_renewal
+- ansible.builtin.import_tasks: pve.yml
+- ansible.builtin.import_tasks: pam.yml
+- ansible.builtin.import_tasks: auth.yml
diff --git a/tasks/pam.yml b/tasks/pam.yml
index ea8dcaf..ff099ce 100644
--- a/tasks/pam.yml
+++ b/tasks/pam.yml
@@ -1,14 +1,18 @@
---
- name: Remove motd from oam stack
- pamd:
+ community.general.pamd:
name: "{{ item.name }}"
type: "{{ item.type }}"
control: "{{ item.control }}"
module_path: "{{ item.path }}"
state: absent
loop:
- - { name: 'login', type: 'session', control: 'optional', path: 'pam_motd.so' }
- - { name: 'sshd', type: 'session', control: 'optional', path: 'pam_motd.so' }
- become: True
- become_user: root
+ - name: "login"
+ type: "session"
+ control: "optional"
+ path: "pam_motd.so"
+ - name: "sshd"
+ type: "session"
+ control: "optional"
+ path: "pam_motd.so"
when: not pve_pamd_motd_enabled | bool
diff --git a/tasks/pve.yml b/tasks/pve.yml
index f319ce0..10edaea 100644
--- a/tasks/pve.yml
+++ b/tasks/pve.yml
@@ -1,23 +1,20 @@
---
-- block:
- - name: Ensure mountpoints are present
- file:
- path: "{{ item.path }}"
- recurse: yes
- state: directory
- loop: "{{ pve_disk_mount }}"
- loop_control:
- label: "{{ item.path }}"
+- name: Ensure mountpoints are present
+ ansible.builtin.file:
+ path: "{{ item.path }}"
+ recurse: yes
+ state: directory
+ loop: "{{ pve_disk_mount }}"
+ loop_control:
+ label: "{{ item.path }}"
- - name: Add diskmounts to fstab
- mount:
- path: "{{ item.path }}"
- src: "{{ item.src }}"
- fstype: "{{ item.fstype }}"
- opts: "{{ item.opts | default(omit) }}"
- state: "{{ item.state | default('mounted') }}"
- loop: "{{ pve_disk_mount }}"
- loop_control:
- label: "{{ item.src }} {{ item.path }}"
- become: True
- become_user: root
+- name: Add diskmounts to fstab
+ ansible.posix.mount:
+ path: "{{ item.path }}"
+ src: "{{ item.src }}"
+ fstype: "{{ item.fstype }}"
+ opts: "{{ item.opts | default(omit) }}"
+ state: "{{ item.state | default('mounted') }}"
+ loop: "{{ pve_disk_mount }}"
+ loop_control:
+ label: "{{ item.src }} {{ item.path }}"
diff --git a/tasks/tls.yml b/tasks/tls.yml
deleted file mode 100644
index c3f35b6..0000000
--- a/tasks/tls.yml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-- block:
- - name: Create pki folder structure
- file:
- path: "{{ item }}"
- state: directory
- recurse: True
- loop:
- - /etc/pki/tls/certs
- - /etc/pki/tls/private
-
- - name: Copy certs and private key
- copy:
- src: "{{ item.src }}"
- dest: "{{ item.dest }}"
- mode: "{{ item.mode }}"
- loop:
- - { src: "{{ pve_tls_cert_source }}", dest: "/etc/pki/tls/certs/pveproxy-ssl.pem", mode: "0750" }
- - { src: "{{ pve_tls_key_source }}", dest: "/etc/pki/tls/private/pveproxy-ssl.key", mode: "0600" }
- loop_control:
- label: "{{ item.dest }}"
- register: __pve_tls_copy
-
- - name: Copy cert/key to pve filesystem
- command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
- changed_when: item[0].changed
- loop: "{{ __pve_tls_copy.results | product(pve_nodes) | list }}"
- loop_control:
- label: "/etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
- notify: __pveproxy_restart
- become: True
- become_user: root