Compare commits
No commits in common. "main" and "docs" have entirely different histories.
|
@ -1,11 +0,0 @@
|
||||||
# ---> Ansible
|
|
||||||
*.retry
|
|
||||||
plugins
|
|
||||||
library
|
|
||||||
|
|
||||||
# ---> Python
|
|
||||||
# Byte-compiled / optimized / DLL files
|
|
||||||
__pycache__/
|
|
||||||
*.py[cod]
|
|
||||||
*$py.class
|
|
||||||
|
|
15
.later.yml
15
.later.yml
|
@ -1,15 +0,0 @@
|
||||||
---
|
|
||||||
ansible:
|
|
||||||
custom_modules:
|
|
||||||
- iptables_raw
|
|
||||||
- openssl_pkcs12
|
|
||||||
- proxmox_kvm
|
|
||||||
- ucr
|
|
||||||
- corenetworks_dns
|
|
||||||
- corenetworks_token
|
|
||||||
|
|
||||||
rules:
|
|
||||||
exclude_files:
|
|
||||||
- "LICENSE*"
|
|
||||||
- "**/*.md"
|
|
||||||
- "**/*.ini"
|
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
default: True
|
|
||||||
MD013: False
|
|
||||||
MD041: False
|
|
||||||
MD024: False
|
|
||||||
MD004:
|
|
||||||
style: dash
|
|
|
@ -1 +0,0 @@
|
||||||
LICENSE
|
|
|
@ -1,47 +0,0 @@
|
||||||
---
|
|
||||||
when:
|
|
||||||
- event: [pull_request]
|
|
||||||
- event: [push, manual]
|
|
||||||
branch:
|
|
||||||
- ${CI_REPO_DEFAULT_BRANCH}
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: generate
|
|
||||||
image: quay.io/thegeeklab/ansible-doctor
|
|
||||||
environment:
|
|
||||||
ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
|
|
||||||
ANSIBLE_DOCTOR_FORCE_OVERWRITE: "true"
|
|
||||||
ANSIBLE_DOCTOR_LOG_LEVEL: INFO
|
|
||||||
ANSIBLE_DOCTOR_ROLE_NAME: ${CI_REPO_NAME}
|
|
||||||
ANSIBLE_DOCTOR_TEMPLATE: readme
|
|
||||||
|
|
||||||
- name: format
|
|
||||||
image: quay.io/thegeeklab/alpine-tools
|
|
||||||
commands:
|
|
||||||
- prettier -w README.md
|
|
||||||
|
|
||||||
- name: diff
|
|
||||||
image: quay.io/thegeeklab/alpine-tools
|
|
||||||
commands:
|
|
||||||
- git diff --color=always README.md
|
|
||||||
|
|
||||||
- name: publish
|
|
||||||
image: quay.io/thegeeklab/wp-git-action
|
|
||||||
settings:
|
|
||||||
action:
|
|
||||||
- commit
|
|
||||||
- push
|
|
||||||
author_email: ci-bot@rknet.org
|
|
||||||
author_name: ci-bot
|
|
||||||
branch: main
|
|
||||||
message: "[skip ci] automated docs update"
|
|
||||||
netrc_machine: gitea.rknet.org
|
|
||||||
netrc_password:
|
|
||||||
from_secret: gitea_token
|
|
||||||
when:
|
|
||||||
- event: [push, manual]
|
|
||||||
branch:
|
|
||||||
- ${CI_REPO_DEFAULT_BRANCH}
|
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- lint
|
|
|
@ -1,30 +0,0 @@
|
||||||
---
|
|
||||||
when:
|
|
||||||
- event: [pull_request, tag]
|
|
||||||
- event: [push, manual]
|
|
||||||
branch:
|
|
||||||
- ${CI_REPO_DEFAULT_BRANCH}
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: ansible-later
|
|
||||||
image: quay.io/thegeeklab/ansible-later:4
|
|
||||||
commands:
|
|
||||||
- ansible-later
|
|
||||||
environment:
|
|
||||||
FORCE_COLOR: "1"
|
|
||||||
|
|
||||||
- name: python-format
|
|
||||||
image: docker.io/python:3.12
|
|
||||||
commands:
|
|
||||||
- pip install -qq ruff
|
|
||||||
- ruff format --check --diff .
|
|
||||||
environment:
|
|
||||||
PY_COLORS: "1"
|
|
||||||
|
|
||||||
- name: python-lint
|
|
||||||
image: docker.io/python:3.12
|
|
||||||
commands:
|
|
||||||
- pip install -qq ruff
|
|
||||||
- ruff .
|
|
||||||
environment:
|
|
||||||
PY_COLORS: "1"
|
|
|
@ -1,26 +0,0 @@
|
||||||
---
|
|
||||||
when:
|
|
||||||
- event: [tag]
|
|
||||||
- event: [push, manual]
|
|
||||||
branch:
|
|
||||||
- ${CI_REPO_DEFAULT_BRANCH}
|
|
||||||
|
|
||||||
runs_on: [success, failure]
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: matrix
|
|
||||||
image: quay.io/thegeeklab/wp-matrix
|
|
||||||
settings:
|
|
||||||
homeserver:
|
|
||||||
from_secret: matrix_homeserver
|
|
||||||
password:
|
|
||||||
from_secret: matrix_password
|
|
||||||
roomid:
|
|
||||||
from_secret: matrix_roomid
|
|
||||||
username:
|
|
||||||
from_secret: matrix_username
|
|
||||||
when:
|
|
||||||
- status: [success, failure]
|
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- docs
|
|
21
LICENSE
21
LICENSE
|
@ -1,21 +0,0 @@
|
||||||
MIT License
|
|
||||||
|
|
||||||
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
|
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
of this software and associated documentation files (the "Software"), to deal
|
|
||||||
in the Software without restriction, including without limitation the rights
|
|
||||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
copies of the Software, and to permit persons to whom the Software is furnished
|
|
||||||
to do so, subject to the following conditions:
|
|
||||||
|
|
||||||
The above copyright notice and this permission notice (including the next
|
|
||||||
paragraph) shall be included in all copies or substantial portions of the
|
|
||||||
Software.
|
|
||||||
|
|
||||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
|
||||||
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
|
|
||||||
OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
|
||||||
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
|
|
||||||
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
|
@ -1,7 +1,11 @@
|
||||||
# xoxys.pve
|
---
|
||||||
|
title: pve
|
||||||
|
type: docs
|
||||||
|
---
|
||||||
|
|
||||||
[![Build Status](https://ci.rknet.org/api/badges/ansible/xoxys.pve/status.svg)](https://ci.rknet.org/repos/ansible/xoxys.pve)
|
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.pve)
|
||||||
[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.pve/src/branch/main/LICENSE)
|
[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.pve?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.pve)
|
||||||
|
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.pve/src/branch/main/LICENSE)
|
||||||
|
|
||||||
Basic role to configure a [Proxmox VE](https://www.proxmox.com/en/proxmox-ve) server.
|
Basic role to configure a [Proxmox VE](https://www.proxmox.com/en/proxmox-ve) server.
|
||||||
Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization
|
Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization
|
||||||
|
@ -12,7 +16,7 @@ networking functionality on a single platform.
|
||||||
This role covers only some really basic configurations and should be considered as not production ready.
|
This role covers only some really basic configurations and should be considered as not production ready.
|
||||||
{{< /hint >}}
|
{{< /hint >}}
|
||||||
|
|
||||||
## Table of content
|
<!--more-->
|
||||||
|
|
||||||
- [Requirements](#requirements)
|
- [Requirements](#requirements)
|
||||||
- [Default Variables](#default-variables)
|
- [Default Variables](#default-variables)
|
||||||
|
@ -24,15 +28,17 @@ This role covers only some really basic configurations and should be considered
|
||||||
- [pve_disk_mount](#pve_disk_mount)
|
- [pve_disk_mount](#pve_disk_mount)
|
||||||
- [pve_nodes](#pve_nodes)
|
- [pve_nodes](#pve_nodes)
|
||||||
- [pve_pamd_motd_enabled](#pve_pamd_motd_enabled)
|
- [pve_pamd_motd_enabled](#pve_pamd_motd_enabled)
|
||||||
|
- [pve_tls_cert_source](#pve_tls_cert_source)
|
||||||
|
- [pve_tls_enabled](#pve_tls_enabled)
|
||||||
|
- [pve_tls_key_source](#pve_tls_key_source)
|
||||||
|
- [Discovered Tags](#discovered-tags)
|
||||||
- [Dependencies](#dependencies)
|
- [Dependencies](#dependencies)
|
||||||
- [License](#license)
|
|
||||||
- [Author](#author)
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
- Minimum Ansible version: `2.10`
|
- Minimum Ansible version: `2.1`
|
||||||
|
|
||||||
## Default Variables
|
## Default Variables
|
||||||
|
|
||||||
|
@ -101,14 +107,36 @@ pve_nodes:
|
||||||
pve_pamd_motd_enabled: true
|
pve_pamd_motd_enabled: true
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### pve_tls_cert_source
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_tls_cert_source: mycert.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_tls_enabled
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_tls_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_tls_key_source
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_tls_key_source: mykey.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
## Discovered Tags
|
||||||
|
|
||||||
|
tls_renewal
|
||||||
|
:
|
||||||
|
|
||||||
|
|
||||||
## Dependencies
|
## Dependencies
|
||||||
|
|
||||||
None.
|
None.
|
||||||
|
|
||||||
## License
|
|
||||||
|
|
||||||
MIT
|
|
||||||
|
|
||||||
## Author
|
|
||||||
|
|
||||||
[Robert Kaussow](https://gitea.rknet.org/xoxys)
|
|
|
@ -1,35 +0,0 @@
|
||||||
---
|
|
||||||
pve_nodes:
|
|
||||||
- node1
|
|
||||||
|
|
||||||
pve_pamd_motd_enabled: True
|
|
||||||
|
|
||||||
pve_disk_mount: []
|
|
||||||
## Example:
|
|
||||||
# pve_disk_mount:
|
|
||||||
# - path: /mnt/backup
|
|
||||||
# src: /dev/sdX
|
|
||||||
# fstype: ext4
|
|
||||||
# opts:
|
|
||||||
# state: present
|
|
||||||
|
|
||||||
# Configure pam auth
|
|
||||||
pve_auth_pam_is_default: True
|
|
||||||
pve_auth_pam_description: Linux PAM standard authentication
|
|
||||||
|
|
||||||
pve_auth_pve_is_default: False
|
|
||||||
pve_auth_pve_description: Linux pve standard authentication
|
|
||||||
|
|
||||||
# Enable ldap auth against an external server
|
|
||||||
pve_auth_ldap_enabled: False
|
|
||||||
# pve_auth_ldap_is_default: False
|
|
||||||
# pve_auth_ldap_realm: ldap
|
|
||||||
# pve_auth_ldap_description: MyLDAP authentication server
|
|
||||||
# pve_auth_ldap_base_dn: dc=example,dc=com
|
|
||||||
# pve_auth_ldap_user_attr: uid
|
|
||||||
# pve_auth_ldap_primary_server: server1.example.com
|
|
||||||
# pve_auth_ldap_secondary_server: server2.example.com (defaults to not set)
|
|
||||||
# pve_auth_ldap_bind_dn: uid=proxy-user,cn=users,dc=example,dc=com (defaults to not set)
|
|
||||||
# pve_auth_ldap_bind_password: my_secret (defaults to not set)
|
|
||||||
# pve_auth_ldap_port: 389
|
|
||||||
# pve_auth_ldap_tls_enabled: False
|
|
|
@ -0,0 +1,202 @@
|
||||||
|
---
|
||||||
|
title: pve
|
||||||
|
type: docs
|
||||||
|
---
|
||||||
|
|
||||||
|
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.pve) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.pve?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.pve) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.pve/src/branch/main/LICENSE)
|
||||||
|
|
||||||
|
Basic role to configure a [Proxmox VE](https://www.proxmox.com/en/proxmox-ve) server. Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization that tightly integrates KVM hypervisor and LXC containers, software-defined storage and networking functionality on a single platform.
|
||||||
|
|
||||||
|
{{< hint type=important >}} This role covers only some really basic configurations and should be considered as not production ready. {{< /hint >}}
|
||||||
|
|
||||||
|
<!--more-->
|
||||||
|
|
||||||
|
- [Default Variables](#default-variables)
|
||||||
|
- [pve_auth_ldap_enabled](#pve_auth_ldap_enabled)
|
||||||
|
- [pve_auth_ldap_tfa_oath_enabled](#pve_auth_ldap_tfa_oath_enabled)
|
||||||
|
- [pve_auth_ldap_tfa_oath_pwlength](#pve_auth_ldap_tfa_oath_pwlength)
|
||||||
|
- [pve_auth_ldap_tfa_oath_timestep](#pve_auth_ldap_tfa_oath_timestep)
|
||||||
|
- [pve_auth_ldap_tfa_yubico_enabled](#pve_auth_ldap_tfa_yubico_enabled)
|
||||||
|
- [pve_auth_pam_description](#pve_auth_pam_description)
|
||||||
|
- [pve_auth_pam_is_default](#pve_auth_pam_is_default)
|
||||||
|
- [pve_auth_pam_tfa_oath_enabled](#pve_auth_pam_tfa_oath_enabled)
|
||||||
|
- [pve_auth_pam_tfa_yubico_enabled](#pve_auth_pam_tfa_yubico_enabled)
|
||||||
|
- [pve_auth_pve_description](#pve_auth_pve_description)
|
||||||
|
- [pve_auth_pve_is_default](#pve_auth_pve_is_default)
|
||||||
|
- [pve_auth_pve_tfa_oath_enabled](#pve_auth_pve_tfa_oath_enabled)
|
||||||
|
- [pve_auth_pve_tfa_yubico_enabled](#pve_auth_pve_tfa_yubico_enabled)
|
||||||
|
- [pve_disk_mount](#pve_disk_mount)
|
||||||
|
- [pve_nodes](#pve_nodes)
|
||||||
|
- [pve_pamd_motd_enabled](#pve_pamd_motd_enabled)
|
||||||
|
- [pve_tls_cert_source](#pve_tls_cert_source)
|
||||||
|
- [pve_tls_enabled](#pve_tls_enabled)
|
||||||
|
- [pve_tls_key_source](#pve_tls_key_source)
|
||||||
|
- [Discovered Tags](#discovered-tags)
|
||||||
|
- [Dependencies](#dependencies)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Default Variables
|
||||||
|
|
||||||
|
### pve_auth_ldap_enabled
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_auth_ldap_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_auth_ldap_tfa_oath_enabled
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_auth_ldap_tfa_oath_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_auth_ldap_tfa_oath_pwlength
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_auth_ldap_tfa_oath_pwlength: 6
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_auth_ldap_tfa_oath_timestep
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_auth_ldap_tfa_oath_timestep: 30
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_auth_ldap_tfa_yubico_enabled
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_auth_ldap_tfa_yubico_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_auth_pam_description
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_auth_pam_description: Linux PAM standard authentication
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_auth_pam_is_default
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_auth_pam_is_default: true
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_auth_pam_tfa_oath_enabled
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_auth_pam_tfa_oath_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_auth_pam_tfa_yubico_enabled
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_auth_pam_tfa_yubico_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_auth_pve_description
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_auth_pve_description: Linux pve standard authentication
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_auth_pve_is_default
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_auth_pve_is_default: false
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_auth_pve_tfa_oath_enabled
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_auth_pve_tfa_oath_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_auth_pve_tfa_yubico_enabled
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_auth_pve_tfa_yubico_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_disk_mount
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_disk_mount: []
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_nodes
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_nodes:
|
||||||
|
- node1
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_pamd_motd_enabled
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_pamd_motd_enabled: true
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_tls_cert_source
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_tls_cert_source: mycert.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_tls_enabled
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_tls_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
### pve_tls_key_source
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
pve_tls_key_source: mykey.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
## Discovered Tags
|
||||||
|
|
||||||
|
tls_renewal
|
||||||
|
:
|
||||||
|
|
||||||
|
|
||||||
|
## Dependencies
|
||||||
|
|
||||||
|
None.
|
|
@ -1,34 +0,0 @@
|
||||||
---
|
|
||||||
galaxy_info:
|
|
||||||
# @meta author:value: [Robert Kaussow](https://gitea.rknet.org/xoxys)
|
|
||||||
author: Robert Kaussow <mail@thegeeklab.de>
|
|
||||||
namespace: xoxys
|
|
||||||
role_name: pve
|
|
||||||
# @meta description: >
|
|
||||||
# [![Build Status](https://ci.rknet.org/api/badges/ansible/xoxys.pve/status.svg)](https://ci.rknet.org/repos/ansible/xoxys.pve)
|
|
||||||
# [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.pve/src/branch/main/LICENSE)
|
|
||||||
#
|
|
||||||
# Basic role to configure a [Proxmox VE](https://www.proxmox.com/en/proxmox-ve) server.
|
|
||||||
# Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization
|
|
||||||
# that tightly integrates KVM hypervisor and LXC containers, software-defined storage and
|
|
||||||
# networking functionality on a single platform.
|
|
||||||
#
|
|
||||||
# {{< hint type=important >}}
|
|
||||||
# This role covers only some really basic configurations and should be considered as not production ready.
|
|
||||||
# {{< /hint >}}
|
|
||||||
# @end
|
|
||||||
description: Basic role to configure a Proxmox VE server
|
|
||||||
license: MIT
|
|
||||||
min_ansible_version: "2.10"
|
|
||||||
platforms:
|
|
||||||
- name: Debian
|
|
||||||
versions:
|
|
||||||
- "bookworm"
|
|
||||||
galaxy_tags:
|
|
||||||
- pve
|
|
||||||
- kvm
|
|
||||||
- proxmox
|
|
||||||
- virtual
|
|
||||||
dependencies: []
|
|
||||||
collections:
|
|
||||||
- community.general
|
|
|
@ -1,17 +0,0 @@
|
||||||
[tool.ruff]
|
|
||||||
exclude = [".git", "__pycache__"]
|
|
||||||
|
|
||||||
line-length = 99
|
|
||||||
indent-width = 4
|
|
||||||
|
|
||||||
[tool.ruff.lint]
|
|
||||||
ignore = ["W191", "E111", "E114", "E117", "S101", "S105"]
|
|
||||||
select = ["F", "E", "I", "W", "S"]
|
|
||||||
|
|
||||||
[tool.ruff.format]
|
|
||||||
quote-style = "double"
|
|
||||||
indent-style = "space"
|
|
||||||
line-ending = "lf"
|
|
||||||
|
|
||||||
[tool.pytest.ini_options]
|
|
||||||
filterwarnings = ["ignore::FutureWarning", "ignore::DeprecationWarning"]
|
|
|
@ -1,42 +0,0 @@
|
||||||
---
|
|
||||||
- name: Create tmp folder for pve
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ __pve_tmp_dir }}"
|
|
||||||
recurse: True
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Configure auth provider
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: etc/pve/domains.cfg.j2
|
|
||||||
dest: "{{ __pve_tmp_dir }}/domains.cfg"
|
|
||||||
owner: root
|
|
||||||
group: www-data
|
|
||||||
mode: "0640"
|
|
||||||
register: __pve_domains_copy
|
|
||||||
|
|
||||||
- name: Copy auth provider to pve filesystem
|
|
||||||
ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/domains.cfg {{ __pve_base_dir }}/domains.cfg"
|
|
||||||
changed_when: __pve_domains_copy.changed
|
|
||||||
|
|
||||||
- when:
|
|
||||||
- pve_auth_ldap_enabled | bool
|
|
||||||
- pve_auth_ldap_bind_password is defined
|
|
||||||
block:
|
|
||||||
- name: Ensure path for auth file exists
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ __pve_base_dir }}/priv/ldap"
|
|
||||||
recurse: True
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Add passwd file for ldap bind
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: etc/pve/priv/ldap.pw.j2
|
|
||||||
dest: "{{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw"
|
|
||||||
owner: root
|
|
||||||
group: www-data
|
|
||||||
mode: "0640"
|
|
||||||
register: __pve_auth_copy
|
|
||||||
|
|
||||||
- name: Copy passwd file to pve filesystem
|
|
||||||
ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw {{ __pve_base_dir }}/priv/ldap/{{ pve_auth_ldap_realm }}.pw"
|
|
||||||
changed_when: __pve_auth_copy.changed
|
|
|
@ -1,4 +0,0 @@
|
||||||
---
|
|
||||||
- ansible.builtin.import_tasks: pve.yml
|
|
||||||
- ansible.builtin.import_tasks: pam.yml
|
|
||||||
- ansible.builtin.import_tasks: auth.yml
|
|
|
@ -1,18 +0,0 @@
|
||||||
---
|
|
||||||
- name: Remove motd from oam stack
|
|
||||||
community.general.pamd:
|
|
||||||
name: "{{ item.name }}"
|
|
||||||
type: "{{ item.type }}"
|
|
||||||
control: "{{ item.control }}"
|
|
||||||
module_path: "{{ item.path }}"
|
|
||||||
state: absent
|
|
||||||
loop:
|
|
||||||
- name: "login"
|
|
||||||
type: "session"
|
|
||||||
control: "optional"
|
|
||||||
path: "pam_motd.so"
|
|
||||||
- name: "sshd"
|
|
||||||
type: "session"
|
|
||||||
control: "optional"
|
|
||||||
path: "pam_motd.so"
|
|
||||||
when: not pve_pamd_motd_enabled | bool
|
|
|
@ -1,20 +0,0 @@
|
||||||
---
|
|
||||||
- name: Ensure mountpoints are present
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ item.path }}"
|
|
||||||
recurse: yes
|
|
||||||
state: directory
|
|
||||||
loop: "{{ pve_disk_mount }}"
|
|
||||||
loop_control:
|
|
||||||
label: "{{ item.path }}"
|
|
||||||
|
|
||||||
- name: Add diskmounts to fstab
|
|
||||||
ansible.posix.mount:
|
|
||||||
path: "{{ item.path }}"
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
fstype: "{{ item.fstype }}"
|
|
||||||
opts: "{{ item.opts | default(omit) }}"
|
|
||||||
state: "{{ item.state | default('mounted') }}"
|
|
||||||
loop: "{{ pve_disk_mount }}"
|
|
||||||
loop_control:
|
|
||||||
label: "{{ item.src }} {{ item.path }}"
|
|
|
@ -1,25 +0,0 @@
|
||||||
#jinja2:lstrip_blocks: True
|
|
||||||
pam: pam
|
|
||||||
comment {{ pve_auth_pam_description }}
|
|
||||||
default {{ 1 if pve_auth_pam_is_default else 0 }}
|
|
||||||
|
|
||||||
pve: pve
|
|
||||||
comment {{ pve_auth_pve_description }}
|
|
||||||
default {{ 1 if pve_auth_pve_is_default else 0 }}
|
|
||||||
{% if pve_auth_ldap_enabled %}
|
|
||||||
|
|
||||||
ldap: {{ pve_auth_ldap_realm }}
|
|
||||||
comment {{ pve_auth_ldap_description }}
|
|
||||||
base_dn {{ pve_auth_ldap_base_dn }}
|
|
||||||
server1 {{ pve_auth_ldap_primary_server }}
|
|
||||||
{% if pve_auth_ldap_secondary_server is defined %}
|
|
||||||
server2 {{ pve_auth_ldap_secondary_server }}
|
|
||||||
{% endif %}
|
|
||||||
user_attr {{ pve_auth_ldap_user_attr }}
|
|
||||||
{% if pve_auth_ldap_bind_dn is defined %}
|
|
||||||
bind_dn {{ pve_auth_ldap_bind_dn }}
|
|
||||||
{% endif %}
|
|
||||||
default {{ 1 if pve_auth_ldap_is_default else 0 }}
|
|
||||||
port {{ pve_auth_ldap_port }}
|
|
||||||
secure {{ 1 if pve_auth_ldap_tls_enabled else 0 }}
|
|
||||||
{% endif %}
|
|
|
@ -1 +0,0 @@
|
||||||
{{ pve_auth_ldap_bind_password }}
|
|
|
@ -1,3 +0,0 @@
|
||||||
---
|
|
||||||
__pve_base_dir: /etc/pve
|
|
||||||
__pve_tmp_dir: /var/tmp/pve
|
|
Loading…
Reference in New Issue