Project files added.

.gitignore

@@ -0,0 +1 @@
+/.DS_Store

README.md

@@ -0,0 +1,17 @@
+<img align="right" width="15%" src="docs/proxmox.svg" alt="Proxmox logo"/>
+
+# Ansible Proxmox
+
+Changes settings on the virtualization host <b>Proxmox</b>.
+
+The following steps will be performed:
+- Update login manager configuration to turn off the screen without suspending
+- Remove Proxmox enterprise repository
+- Add Proxmox no-subscription repository
+- Enable the Web UI on port 443
+
+For the last point *(Web UI on port 443)* the recommendation from the [official documentation](https://pve.proxmox.com/wiki/Web_Interface_Via_Nginx_Proxy) was used.
+
+## Workspace
+
+Open the workspace file `ansible-proxmox.code-workspace` to access the predefined build tasks with Visual Studio Code.

ansible-proxmox.code-workspace

@@ -0,0 +1,58 @@
+{
+	"folders": [
+		{
+			"path": "."
+		}
+	],
+	"tasks": {
+		"version": "2.0.0",
+		"tasks": [
+			{
+				"label": "🚀 Deploy",
+				"detail": "Run the main playbook with all tasks.",
+				"type": "shell",
+				"command": "ansible-playbook --inventory inventory.yml playbook.yml --vault-password-file ~/.vault",
+				"args": [],
+				"problemMatcher": [],
+				"group": {
+					"kind": "build",
+					"isDefault": true
+				}
+			},
+			{
+				"label": "🧪 Check",
+				"detail": "Check the code without making any changes.",
+				"type": "shell",
+				"command": "ansible-playbook --inventory inventory.yml playbook.yml --check --vault-password-file ~/.vault",
+				"args": [],
+				"problemMatcher": [],
+				"group": {
+					"kind": "build",
+					"isDefault": true
+				}
+			},
+			{
+				"label": "🔑 Edit vault",
+				"detail": "Edits the encrypted vault file.",
+				"type": "shell",
+				"command": "ansible-vault edit ./group_vars/all/vault.yml --vault-password-file ~/.vault",
+				"args": [],
+				"problemMatcher": [],
+				"group": {
+					"kind": "none",
+				},
+				"options": {
+					"env": {
+						"EDITOR": "code -w" // Use VSCode to edit the vault file.
+					}
+				}
+			}
+		]
+	},
+	"settings": {
+		"workbench.colorCustomizations": {
+			"titleBar.activeBackground": "#E57000",
+			"titleBar.activeForeground": "#FFFFFF",
+		}
+	}
+}

group_vars/all/vault.yml

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+66323439393031343635353934653135646262646161383666643765383761333238303962616137
+3162646230323466316663396666303734623039333239630a616432353838306638393734323036
+62396134626538386264353364306336363430326339346565383965333936666634373131636137
+3664323032633137300a343430356630616538653138383436636331326133656362313637656135
+3535

inventory.yml

@@ -0,0 +1,8 @@
+all:
+  hosts:
+    proxmox:
+      ansible_user: root
+      ansible_host: proxmox.thinkbox.center
+      ansible_python_interpreter: /usr/bin/python3
+  vars:
+    ansible_ssh_pipelining: true

playbook.yml

@@ -0,0 +1,92 @@
+- name: Proxmox
+  hosts: proxmox
+  gather_facts: true
+  become: true
+  tasks:
+    - name: Template login manager configuration
+      ansible.builtin.template:
+        src: logind.conf.j2
+        dest: /etc/systemd/logind.conf
+        owner: root
+        group: root
+        mode: 0644
+      notify:
+        - Restart login manager
+
+    - name: Configure repositories
+      block:
+        - name: Remove Proxmox enterprise repository
+          ansible.builtin.apt_repository:
+            repo: deb https://enterprise.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-enterprise
+            filename: pve-enterprise
+            state: absent
+            update_cache: true
+
+        - name: Add Proxmox no-subscription repository
+          ansible.builtin.apt_repository:
+            repo: deb http://download.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-no-subscription
+            filename: pve-no-subscription
+            state: present
+            update_cache: true
+
+    - name: Install nginx
+      ansible.builtin.apt:
+        name:
+          - nginx
+        policy_rc_d: 101 # Prevent autostart
+
+    - name: Configure nginx
+      notify:
+        - Stop nginx
+      block:
+        - name: Remove nginx default configuration
+          ansible.builtin.file:
+            path: "{{ item }}"
+            state: absent
+          loop:
+            - /etc/nginx/conf.d/default
+            - /etc/nginx/sites-enabled/default
+            - /etc/nginx/sites-available/default
+            - /var/www/html/index.nginx-debian.html
+
+        - name: Template nginx configuration
+          ansible.builtin.template:
+            src: proxmox.conf.j2
+            dest: /etc/nginx/conf.d/proxmox.conf
+            owner: root
+            group: root
+            mode: 0644
+
+        - name: Ensure nginx override folder exists
+          ansible.builtin.file:
+            path: /etc/systemd/system/nginx.service.d
+            state: directory
+            mode: 0755
+
+        - name: Template nginx override configuration
+          ansible.builtin.template:
+            src: override.conf.j2
+            dest: /etc/systemd/system/nginx.service.d/override.conf
+            owner: root
+            group: root
+            mode: 0644
+
+    - name: Stop nginx if configuration has changed
+      ansible.builtin.meta: flush_handlers
+
+    - name: Ensure nginx is started
+      ansible.builtin.service:
+        name: nginx
+        state: started
+        enabled: true
+
+  handlers:
+    - name: Stop nginx
+      ansible.builtin.service:
+        name: nginx
+        state: stopped
+
+    - name: Restart login manager
+      ansible.builtin.service:
+        name: systemd-logind
+        state: restarted

templates/logind.conf.j2

@@ -0,0 +1,42 @@
+# {{ ansible_managed }}
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See logind.conf(5) for details.
+
+[Login]
+#NAutoVTs=6
+#ReserveVT=6
+#KillUserProcesses=no
+#KillOnlyUsers=
+#KillExcludeUsers=root
+#InhibitDelayMaxSec=5
+#UserStopDelaySec=10
+#HandlePowerKey=poweroff
+#HandleSuspendKey=suspend
+#HandleHibernateKey=hibernate
+HandleLidSwitch=ignore
+#HandleLidSwitchExternalPower=suspend
+#HandleLidSwitchDocked=ignore
+#HandleRebootKey=reboot
+#PowerKeyIgnoreInhibited=no
+#SuspendKeyIgnoreInhibited=no
+#HibernateKeyIgnoreInhibited=no
+#LidSwitchIgnoreInhibited=yes
+#RebootKeyIgnoreInhibited=no
+#HoldoffTimeoutSec=30s
+#IdleAction=ignore
+#IdleActionSec=30min
+#RuntimeDirectorySize=10%
+#RuntimeDirectoryInodes=400k
+#RemoveIPC=yes
+#InhibitorsMax=8192
+#SessionsMax=8192

templates/override.conf.j2

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+[Unit]
+Requires=pve-cluster.service
+After=pve-cluster.service

templates/proxmox.conf.j2

@@ -0,0 +1,31 @@
+# {{ ansible_managed }}
+
+upstream proxmox {
+    server "proxmox.thinkbox.center";
+}
+
+server {
+    listen 80 default_server;
+    rewrite ^(.*) https://$host$1 permanent;
+}
+
+server {
+    listen 443 ssl;
+    server_name _;
+    ssl_certificate /etc/pve/local/pveproxy-ssl.pem;
+    ssl_certificate_key /etc/pve/local/pveproxy-ssl.key;
+    proxy_redirect off;
+
+    location / {
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_pass https://localhost:8006;
+        proxy_buffering off;
+        client_max_body_size 0;
+        proxy_connect_timeout  3600s;
+        proxy_read_timeout  3600s;
+        proxy_send_timeout  3600s;
+        send_timeout  3600s;
+    }
+}