diff options
| author | heqnx <root@heqnx.com> | 2025-06-22 21:37:01 +0300 |
|---|---|---|
| committer | heqnx <root@heqnx.com> | 2025-06-22 21:37:01 +0300 |
| commit | a75493e62c8bd5f1daee90e7ee55bcd67b4b95b8 (patch) | |
| tree | 3f0f0568529f22a9e429359035dc7f4ecdb92bc4 /tasks/pve_configure.yaml | |
| parent | a6ec8f8947e1d6e56d1c0af6b67af2e7468ef98f (diff) | |
| download | ansible-pve-host-a75493e62c8bd5f1daee90e7ee55bcd67b4b95b8.tar.gz ansible-pve-host-a75493e62c8bd5f1daee90e7ee55bcd67b4b95b8.zip | |
added preflight, renamed tasks, added local non-pam user
Diffstat (limited to 'tasks/pve_configure.yaml')
| -rw-r--r-- | tasks/pve_configure.yaml | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/tasks/pve_configure.yaml b/tasks/pve_configure.yaml new file mode 100644 index 0000000..c67be1a --- /dev/null +++ b/tasks/pve_configure.yaml @@ -0,0 +1,89 @@ +- name: detect default public interface + set_fact: + public_interface: "{{ ansible_default_ipv4.interface }}" + +- name: get gateway info from ip route + shell: ip route get 1.1.1.1 | grep -oP 'via \K[\d.]+' | head -n1 + register: detected_gateway + changed_when: false + +- name: set public gateway fact + set_fact: + public_gateway: "{{ detected_gateway.stdout }}" + +- name: deploy /etc/network/interfaces + template: + src: interfaces.j2 + dest: /etc/network/interfaces + owner: root + group: root + mode: '0644' + +- name: set pveproxy config + copy: + src: files/pveproxy + dest: /etc/default/pveproxy + mode: '0644' + +- name: deploy /etc/iptables/rules.v4 + template: + src: rules.v4.j2 + dest: /etc/iptables/rules.v4 + owner: root + group: root + mode: '0644' + +- name: enable ipv4 forwarding + sysctl: + name: net.ipv4.ip_forward + value: '1' + state: present + reload: yes + +- name: restart pveproxy + systemd: + name: pveproxy + state: restarted + enabled: true + when: ansible_service_mgr == 'systemd' + +- name: restart networking + systemd: + name: networking + state: restarted + enabled: true + when: ansible_service_mgr == 'systemd' + +- name: generate secure 32-character password + set_fact: + pve_admin_user: "pveadmin@pve" + pve_admin_group: "admin" + pve_admin_group_comment: "System Administrators" + pve_admin_password_file: "/root/pve_admin_password.txt" + pve_admin_password: "{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}" + +- name: save password to file + copy: + content: "{{ pve_admin_password }}" + dest: "{{ pve_admin_password_file }}" + owner: root + group: root + mode: '0600' + +- name: create proxmox user + command: pveum useradd {{ pve_admin_user }} --password {{ pve_admin_password | quote }} + register: create_user + failed_when: create_user.rc != 0 + +- name: create proxmox admin group + command: pveum groupadd {{ pve_admin_group }} -comment "{{ pve_admin_group_comment }}" + register: create_group + failed_when: create_group.rc != 0 + +- name: assign administrator role to group + command: pveum aclmod / -group {{ pve_admin_group }} -role Administrator + register: assign_role + +- name: add user to admin group + command: pveum usermod {{ pve_admin_user }} -group {{ pve_admin_group }} + register: add_to_group |