From 84bece942ac0084d69dc91e12f192245dbb30f48 Mon Sep 17 00:00:00 2001
From: Patrick <29308797+patbec@users.noreply.github.com>
Date: Sat, 7 Jan 2023 16:22:44 +0100
Subject: [PATCH] Project files added.
---
.gitignore | 1 +
README.md | 17 +++++++
ansible-proxmox.code-workspace | 58 +++++++++++++++++++++
docs/proxmox.svg | 8 +++
group_vars/all/vault.yml | 6 +++
inventory.yml | 8 +++
playbook.yml | 92 ++++++++++++++++++++++++++++++++++
templates/logind.conf.j2 | 42 ++++++++++++++++
templates/override.conf.j2 | 5 ++
templates/proxmox.conf.j2 | 31 ++++++++++++
10 files changed, 268 insertions(+)
create mode 100644 .gitignore
create mode 100644 README.md
create mode 100644 ansible-proxmox.code-workspace
create mode 100644 docs/proxmox.svg
create mode 100644 group_vars/all/vault.yml
create mode 100644 inventory.yml
create mode 100644 playbook.yml
create mode 100644 templates/logind.conf.j2
create mode 100644 templates/override.conf.j2
create mode 100644 templates/proxmox.conf.j2
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c96066d
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/.DS_Store
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..99d3538
--- /dev/null
+++ b/README.md
@@ -0,0 +1,17 @@
+
+
+# Ansible Proxmox
+
+Changes settings on the virtualization host Proxmox.
+
+The following steps will be performed:
+- Update login manager configuration to turn off the screen without suspending
+- Remove Proxmox enterprise repository
+- Add Proxmox no-subscription repository
+- Enable the Web UI on port 443
+
+For the last point *(Web UI on port 443)* the recommendation from the [official documentation](https://pve.proxmox.com/wiki/Web_Interface_Via_Nginx_Proxy) was used.
+
+## Workspace
+
+Open the workspace file `ansible-proxmox.code-workspace` to access the predefined build tasks with Visual Studio Code.
\ No newline at end of file
diff --git a/ansible-proxmox.code-workspace b/ansible-proxmox.code-workspace
new file mode 100644
index 0000000..d77e04e
--- /dev/null
+++ b/ansible-proxmox.code-workspace
@@ -0,0 +1,58 @@
+{
+ "folders": [
+ {
+ "path": "."
+ }
+ ],
+ "tasks": {
+ "version": "2.0.0",
+ "tasks": [
+ {
+ "label": "๐ Deploy",
+ "detail": "Run the main playbook with all tasks.",
+ "type": "shell",
+ "command": "ansible-playbook --inventory inventory.yml playbook.yml --vault-password-file ~/.vault",
+ "args": [],
+ "problemMatcher": [],
+ "group": {
+ "kind": "build",
+ "isDefault": true
+ }
+ },
+ {
+ "label": "๐งช Check",
+ "detail": "Check the code without making any changes.",
+ "type": "shell",
+ "command": "ansible-playbook --inventory inventory.yml playbook.yml --check --vault-password-file ~/.vault",
+ "args": [],
+ "problemMatcher": [],
+ "group": {
+ "kind": "build",
+ "isDefault": true
+ }
+ },
+ {
+ "label": "๐ Edit vault",
+ "detail": "Edits the encrypted vault file.",
+ "type": "shell",
+ "command": "ansible-vault edit ./group_vars/all/vault.yml --vault-password-file ~/.vault",
+ "args": [],
+ "problemMatcher": [],
+ "group": {
+ "kind": "none",
+ },
+ "options": {
+ "env": {
+ "EDITOR": "code -w" // Use VSCode to edit the vault file.
+ }
+ }
+ }
+ ]
+ },
+ "settings": {
+ "workbench.colorCustomizations": {
+ "titleBar.activeBackground": "#E57000",
+ "titleBar.activeForeground": "#FFFFFF",
+ }
+ }
+}
\ No newline at end of file
diff --git a/docs/proxmox.svg b/docs/proxmox.svg
new file mode 100644
index 0000000..9a85e1f
--- /dev/null
+++ b/docs/proxmox.svg
@@ -0,0 +1,8 @@
+
\ No newline at end of file
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
new file mode 100644
index 0000000..9876df7
--- /dev/null
+++ b/group_vars/all/vault.yml
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+66323439393031343635353934653135646262646161383666643765383761333238303962616137
+3162646230323466316663396666303734623039333239630a616432353838306638393734323036
+62396134626538386264353364306336363430326339346565383965333936666634373131636137
+3664323032633137300a343430356630616538653138383436636331326133656362313637656135
+3535
diff --git a/inventory.yml b/inventory.yml
new file mode 100644
index 0000000..14a620f
--- /dev/null
+++ b/inventory.yml
@@ -0,0 +1,8 @@
+all:
+ hosts:
+ proxmox:
+ ansible_user: root
+ ansible_host: proxmox.thinkbox.center
+ ansible_python_interpreter: /usr/bin/python3
+ vars:
+ ansible_ssh_pipelining: true
diff --git a/playbook.yml b/playbook.yml
new file mode 100644
index 0000000..00baaf2
--- /dev/null
+++ b/playbook.yml
@@ -0,0 +1,92 @@
+- name: Proxmox
+ hosts: proxmox
+ gather_facts: true
+ become: true
+ tasks:
+ - name: Template login manager configuration
+ ansible.builtin.template:
+ src: logind.conf.j2
+ dest: /etc/systemd/logind.conf
+ owner: root
+ group: root
+ mode: 0644
+ notify:
+ - Restart login manager
+
+ - name: Configure repositories
+ block:
+ - name: Remove Proxmox enterprise repository
+ ansible.builtin.apt_repository:
+ repo: deb https://enterprise.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-enterprise
+ filename: pve-enterprise
+ state: absent
+ update_cache: true
+
+ - name: Add Proxmox no-subscription repository
+ ansible.builtin.apt_repository:
+ repo: deb http://download.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-no-subscription
+ filename: pve-no-subscription
+ state: present
+ update_cache: true
+
+ - name: Install nginx
+ ansible.builtin.apt:
+ name:
+ - nginx
+ policy_rc_d: 101 # Prevent autostart
+
+ - name: Configure nginx
+ notify:
+ - Stop nginx
+ block:
+ - name: Remove nginx default configuration
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: absent
+ loop:
+ - /etc/nginx/conf.d/default
+ - /etc/nginx/sites-enabled/default
+ - /etc/nginx/sites-available/default
+ - /var/www/html/index.nginx-debian.html
+
+ - name: Template nginx configuration
+ ansible.builtin.template:
+ src: proxmox.conf.j2
+ dest: /etc/nginx/conf.d/proxmox.conf
+ owner: root
+ group: root
+ mode: 0644
+
+ - name: Ensure nginx override folder exists
+ ansible.builtin.file:
+ path: /etc/systemd/system/nginx.service.d
+ state: directory
+ mode: 0755
+
+ - name: Template nginx override configuration
+ ansible.builtin.template:
+ src: override.conf.j2
+ dest: /etc/systemd/system/nginx.service.d/override.conf
+ owner: root
+ group: root
+ mode: 0644
+
+ - name: Stop nginx if configuration has changed
+ ansible.builtin.meta: flush_handlers
+
+ - name: Ensure nginx is started
+ ansible.builtin.service:
+ name: nginx
+ state: started
+ enabled: true
+
+ handlers:
+ - name: Stop nginx
+ ansible.builtin.service:
+ name: nginx
+ state: stopped
+
+ - name: Restart login manager
+ ansible.builtin.service:
+ name: systemd-logind
+ state: restarted
diff --git a/templates/logind.conf.j2 b/templates/logind.conf.j2
new file mode 100644
index 0000000..7052ebb
--- /dev/null
+++ b/templates/logind.conf.j2
@@ -0,0 +1,42 @@
+# {{ ansible_managed }}
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See logind.conf(5) for details.
+
+[Login]
+#NAutoVTs=6
+#ReserveVT=6
+#KillUserProcesses=no
+#KillOnlyUsers=
+#KillExcludeUsers=root
+#InhibitDelayMaxSec=5
+#UserStopDelaySec=10
+#HandlePowerKey=poweroff
+#HandleSuspendKey=suspend
+#HandleHibernateKey=hibernate
+HandleLidSwitch=ignore
+#HandleLidSwitchExternalPower=suspend
+#HandleLidSwitchDocked=ignore
+#HandleRebootKey=reboot
+#PowerKeyIgnoreInhibited=no
+#SuspendKeyIgnoreInhibited=no
+#HibernateKeyIgnoreInhibited=no
+#LidSwitchIgnoreInhibited=yes
+#RebootKeyIgnoreInhibited=no
+#HoldoffTimeoutSec=30s
+#IdleAction=ignore
+#IdleActionSec=30min
+#RuntimeDirectorySize=10%
+#RuntimeDirectoryInodes=400k
+#RemoveIPC=yes
+#InhibitorsMax=8192
+#SessionsMax=8192
\ No newline at end of file
diff --git a/templates/override.conf.j2 b/templates/override.conf.j2
new file mode 100644
index 0000000..3ef39e3
--- /dev/null
+++ b/templates/override.conf.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+[Unit]
+Requires=pve-cluster.service
+After=pve-cluster.service
\ No newline at end of file
diff --git a/templates/proxmox.conf.j2 b/templates/proxmox.conf.j2
new file mode 100644
index 0000000..ca00984
--- /dev/null
+++ b/templates/proxmox.conf.j2
@@ -0,0 +1,31 @@
+# {{ ansible_managed }}
+
+upstream proxmox {
+ server "proxmox.thinkbox.center";
+}
+
+server {
+ listen 80 default_server;
+ rewrite ^(.*) https://$host$1 permanent;
+}
+
+server {
+ listen 443 ssl;
+ server_name _;
+ ssl_certificate /etc/pve/local/pveproxy-ssl.pem;
+ ssl_certificate_key /etc/pve/local/pveproxy-ssl.key;
+ proxy_redirect off;
+
+ location / {
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_pass https://localhost:8006;
+ proxy_buffering off;
+ client_max_body_size 0;
+ proxy_connect_timeout 3600s;
+ proxy_read_timeout 3600s;
+ proxy_send_timeout 3600s;
+ send_timeout 3600s;
+ }
+}
\ No newline at end of file