aboutsummaryrefslogtreecommitdiff
path: root/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'tasks')
-rw-r--r--tasks/configure_pve.yaml55
-rw-r--r--tasks/install_proxmox_on_debian12.yaml110
2 files changed, 165 insertions, 0 deletions
diff --git a/tasks/configure_pve.yaml b/tasks/configure_pve.yaml
new file mode 100644
index 0000000..73ef36f
--- /dev/null
+++ b/tasks/configure_pve.yaml
@@ -0,0 +1,55 @@
+- name: detect default public interface
+ set_fact:
+ public_interface: "{{ ansible_default_ipv4.interface }}"
+
+- name: get gateway info from ip route
+ shell: ip route get 1.1.1.1 | grep -oP 'via \K[\d.]+' | head -n1
+ register: detected_gateway
+ changed_when: false
+
+- name: set public gateway fact
+ set_fact:
+ public_gateway: "{{ detected_gateway.stdout }}"
+
+- name: deploy /etc/network/interfaces
+ template:
+ src: interfaces.j2
+ dest: /etc/network/interfaces
+ owner: root
+ group: root
+ mode: '0644'
+
+- name: set pveproxy config
+ copy:
+ src: files/pveproxy
+ dest: /etc/default/pveproxy
+ mode: '0644'
+
+- name: deploy /etc/iptables/rules.v4
+ template:
+ src: rules.v4.j2
+ dest: /etc/iptables/rules.v4
+ owner: root
+ group: root
+ mode: '0644'
+
+- name: enable ipv4 forwarding
+ sysctl:
+ name: net.ipv4.ip_forward
+ value: '1'
+ state: present
+ reload: yes
+
+- name: restart pveproxy
+ systemd:
+ name: pveproxy
+ state: restarted
+ enabled: true
+ when: ansible_service_mgr == 'systemd'
+
+- name: restart networking
+ systemd:
+ name: networking
+ state: restarted
+ enabled: true
+ when: ansible_service_mgr == 'systemd'
diff --git a/tasks/install_proxmox_on_debian12.yaml b/tasks/install_proxmox_on_debian12.yaml
new file mode 100644
index 0000000..1a92aa5
--- /dev/null
+++ b/tasks/install_proxmox_on_debian12.yaml
@@ -0,0 +1,110 @@
+- name: ensure script is run as root
+ ansible.builtin.assert:
+ that:
+ - ansible_effective_user_id == 0
+ fail_msg: "this playbook must be run as root"
+
+- name: check if system is debian-based
+ ansible.builtin.command: dpkg -l
+ register: dpkg_check
+ changed_when: false
+ failed_when: false
+
+- name: fail if not debian-based
+ ansible.builtin.fail:
+ msg: "distribution not Debian-based"
+ when: dpkg_check.rc != 0
+
+- name: generate /etc/hosts from template
+ template:
+ src: templates/hosts.j2
+ dest: /etc/hosts
+ owner: root
+ group: root
+ mode: '0644'
+
+- name: create /etc/apt/sources.list.d directory
+ ansible.builtin.file:
+ path: /etc/apt/sources.list.d
+ state: directory
+ mode: '0755'
+
+- name: deploy proxmox apt sources list
+ copy:
+ src: files/pve-no-subscription.list
+ dest: /etc/apt/sources.list.d/pve-no-subscription.list
+ mode: '0644'
+
+- name: create /etc/apt/trusted.gpg.d directory
+ file:
+ path: /etc/apt/trusted.gpg.d
+ state: directory
+ mode: '0755'
+
+- name: download proxmox gpg key
+ get_url:
+ url: https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg
+ dest: /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+ mode: '0644'
+
+- name: verify proxmox gpg key hash
+ shell: echo "{{ gpg_key_hash }} /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg" | sha512sum -c
+ vars:
+ gpg_key_hash: "7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87"
+ register: gpg_hash_check
+ failed_when: gpg_hash_check.rc != 0
+ changed_when: false
+
+- name: update apt packages
+ apt:
+ update_cache: true
+
+- name: upgrade apt packages
+ apt:
+ upgrade: dist
+
+- name: install apt packages
+ apt:
+ name: "{{ apt_packages }}"
+ state: present
+ update_cache: true
+
+- name: reboot to activate proxmox ve kernel
+ reboot:
+ msg: "rebooting to activate proxmox ve kernel"
+ connect_timeout: 10
+ reboot_timeout: 600
+ pre_reboot_delay: 5
+ post_reboot_delay: 10
+
+- name: install pve packages
+ apt:
+ name: "{{ pve_packages }}"
+ state: present
+ update_cache: true
+
+- name: get current running kernel version
+ command: uname -r
+ register: current_kernel
+ changed_when: false
+
+- name: list installed debian kernel images
+ shell: dpkg -l | awk '/linux-image-[0-9]/{ print $2 }' | grep -v "{{ current_kernel.stdout }}"
+ register: kernels_to_remove
+ changed_when: false
+
+- name: remove debian default kernels (excluding current)
+ apt:
+ name: "{{ kernels_to_remove.stdout_lines }}"
+ state: absent
+ when: kernels_to_remove.stdout_lines | length > 0
+
+- name: update grub bootloader
+ command: update-grub
+ register: grub_update
+ changed_when: "'Generating grub configuration file' in grub_update.stdout"
+
+- name: remove problematic apt packages for pve
+ apt:
+ name: "{{ apt_packages_to_remove }}"
+ state: absent
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-12 21:26:29 +0000