Roxedus/Infra
1
0
Fork 0
Code Issues 1 Pull Requests 6 Projects Releases Wiki Activity

A lil TLC

Browse Source
This commit is contained in:
Roxedus 2022-04-15 15:51:58 +02:00
parent bdbc512647
commit 39b0938d27
Signed by: Roxedus
GPG Key ID: 9B4E311961C63639
33 changed files with 454 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.vscode/settings.json vendored
View File

@ -1,6 +1,13 @@
{
"files.associations": {
"hosts": "ini",
"ansible/**/*.yml": "ansible",
"ansible/roles/pi_updatelist/files/pihole-updatelists.conf": "ini"
},
"yaml.schemas": {
"https://raw.githubusercontent.com/ansible-community/schemas/main/f/ansible-tasks.json": ["roles/**/tasks/**.yml", "roles/**/tasks/**.yaml"],
"https://raw.githubusercontent.com/ansible-community/schemas/main/f/ansible-playbook.json": ["run.yml", "run.yaml"],
"https://json.schemastore.org/github-workflow": [".github/worflows/**.yml", ".github/worflows/**.yaml"],
"https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json": ["docker-compose.yml", "docker-compose.yaml"]
}
}

7
ansible/group_vars/all.yml
View File

@ -2,6 +2,10 @@ ansible_become_password: "{{ secret_sudo }}"
ntp_timezone: "Europe/Oslo"
do_become: true
apt_arch: "{{ _apt_arch.stdout }}"
users:
- username: roxedus
groupname: roxedus
@ -9,9 +13,12 @@ users:
uid: "1000"
gid: "1000"
docker: True
zfs: True
passwordless: True
github: Roxedus
password: "{{ secret_rox_pass }}"
system:
- proxmox
package_list:
- name: bash-completion

2
ansible/group_vars/docker.yml
View File

@ -2,6 +2,8 @@ docker_install_compose: false
docker_users_obj: "{{ users|selectattr('docker', 'defined') }}"
docker_users: "{{ docker_users_obj|map(attribute='username') }}"
docker_apt_arch: "{{ apt_arch }}"
docker_daemon_options:
log-driver: "journald"
log-opts: { "mode": "non-blocking" }

1
ansible/group_vars/kube.yml
View File

@ -1 +0,0 @@
kube_ver: 1.19.4-00

5
ansible/group_vars/piholes.yml
View File

@ -6,6 +6,11 @@ dnsmasq:
host: "{{ secret_wan_domain }}"
- ip: 10.0.0.30
host: "{{ secret_unraid_uuid }}.unraid.net"
- ip: 10.0.0.35
host: "proxmox.{{ dmasq_local_domain }}"
- ip: 10.0.2.70
host: "controlplane.kube.{{ dmasq_local_domain }}"
- ip: 10.0.2.3
host: "vcenter.man.{{ dmasq_local_domain }}"

1
ansible/group_vars/prox.yml Normal file
View File

@ -0,0 +1 @@
do_become: true

2
ansible/group_vars/zfs.yml Normal file
View File

@ -0,0 +1,2 @@
zfs_ver: 0.8.3-1ubuntu12.12
zfs_users: "{{ users|selectattr('zfs', 'defined')|map(attribute='username') }}"

9
ansible/requirements.txt
View File

@ -1,3 +1,6 @@
ansible==4.4.0
ansible-base==2.10.13
jmespath
ansible-lint==5.4.0
yamllint==1.26.3
ansible==5.6.0
ansible-base==2.12.4
wheel==0.37.1
jmespath==0.10.0

10
ansible/requirements.yml
View File

@ -1,6 +1,16 @@
---
roles:
- name: geerlingguy.docker
- name: geerlingguy.nfs
- name: geerlingguy.ntp
- name: geerlingguy.pip
- name: geerlingguy.security
- name: alvistack.cri_o
version: "5.4.0"
- name: alvistack.runc
- name: alvistack.crun
- name: alvistack.containers_common
- name: alvistack.conmon
collections:
- name: sindhuparvathi_gopi.ansible_collection_template

5
ansible/roles/ironicbadger_ansible-role-proxmox-nag-removal/README.md Normal file
View File

@ -0,0 +1,5 @@
# ironicbadger/ansible-role-proxmox-nag-removal
This role removes the obnoxious Proxmox 'please subscribe' dialog box from a non subscribed server. It will also by default ensure that the enterprise repos are disabled.
Tested and working with Proxmox 6.4-1.

5
ansible/roles/ironicbadger_ansible-role-proxmox-nag-removal/defaults/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
remove_nag: True
remove_enterprise_repo: True
add_no_subscription_repo: True

6
ansible/roles/ironicbadger_ansible-role-proxmox-nag-removal/handlers/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: restart pveproxy
service:
name: pveproxy
state: restarted

14
ansible/roles/ironicbadger_ansible-role-proxmox-nag-removal/meta/main.yml Normal file
View File

@ -0,0 +1,14 @@
---
galaxy_info:
author: Alex Kretzschmar
description: Removes Proxmox nag screen
issue_tracker_url: https://github.com/ironicbadger/ansible-role-proxmox-nag-removal/issues
license: GPLv2
min_ansible_version: 2.7
platforms:
- name: Debian
versions:
- all
categories:
- system
- web

6
ansible/roles/ironicbadger_ansible-role-proxmox-nag-removal/tasks/add-no-subscription-repo.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Add No Subscription Repository
apt_repository:
repo: deb http://download.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-no-subscription
filename: pve-no-subscription
state: present

12
ansible/roles/ironicbadger_ansible-role-proxmox-nag-removal/tasks/main.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: removes subscription nag box
include_tasks: remove-nag.yml
when: remove_nag
- name: remove enterprise repo
include_tasks: remove-enterprise-repo.yml
when: remove_enterprise_repo
- name: add no subcription repo
include_tasks: add-no-subscription-repo.yml
when: add_no_subscription_repo

6
ansible/roles/ironicbadger_ansible-role-proxmox-nag-removal/tasks/remove-enterprise-repo.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Ensure enterprise repo file is not present
file:
path: /etc/apt/sources.list.d/pve-enterprise.list
state: absent

10
ansible/roles/ironicbadger_ansible-role-proxmox-nag-removal/tasks/remove-nag.yml Normal file
View File

@ -0,0 +1,10 @@
---
# credit: https://johnscs.com/remove-proxmox51-subscription-notice/ & https://github.com/foundObjects/pve-nag-buster
- name: Modify line in file to remove nag message
become: true
replace:
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
regexp: 'res === null \|\| res === undefined \|\| !res \|\| res[\s\n]*\.data\.status\.toLowerCase\(\) !== .active.'
replace: "false"
backup: yes
notify: restart pveproxy

4
ansible/roles/kubernetes/defaults/main.yml Normal file
View File

@ -0,0 +1,4 @@
kube_release: "1.23"
kube_apt: "{{ kube_release }}.5-00"
cri_o_ver: "{{ kube_release }}:"
cri_o_os: "x{{ ansible_distribution }}_{{ distribution_version }}"

63
ansible/roles/kubernetes/tasks/main.yml Normal file
View File

@ -0,0 +1,63 @@
- name: Disable SWAP
when: ansible_memory_mb.swap.total != 0
register: swap_disable
become: true
ansible.builtin.command: swapoff -a
- name: Remove swapfile from /etc/fstab
become: true
ansible.posix.mount:
name: "{{ item }}"
fstype: swap
state: absent
with_items:
- swap
- name: Set up kmsg in LXC # https://kevingoos.medium.com/kubernetes-inside-proxmox-lxc-cce5c9927942
when: inventory_hostname in groups['lxc_guest']
become: true
ansible.builtin.copy:
content: |
#!/bin/sh -e
if [ ! -e /dev/kmsg ]; then
ln -s /dev/console /dev/kmsg
fi
mount --make-rshared /
dest: /etc/rc.local
mode: "0755"
- name: Add Apt signing key Google
become: true
ansible.builtin.apt_key:
url: "{{ item }}"
state: present
loop:
- https://packages.cloud.google.com/apt/doc/apt-key.gpg
- name: Add repo for kubernetes
become: true
ansible.builtin.apt_repository:
filename: kubernetes
repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main"
mode: "0666"
update_cache: yes
- name: Install packages
become: true
ansible.builtin.apt:
name: "{{ item }}={{ kube_apt }}"
state: present
with_items:
- kubelet
- kubeadm
- kubectl
- name: Hold kubernetes version
become: true
ansible.builtin.dpkg_selections:
name: "{{ item }}"
selection: "hold"
with_items:
- kubelet
- kubeadm
- kubectl

4
ansible/roles/pi_dnsmasq/tasks/main.yml
View File

@ -1,5 +1,5 @@
- name: Check if dnsmasq is setup
stat:
ansible.builtin.stat:
path: "/etc/dnsmasq.d/"
register: dnsmasq_setup
@ -25,7 +25,7 @@
dest: /etc/dnsmasq.d/02-custom.conf
- name: Check if PiHole is installed
stat:
ansible.builtin.stat:
path: "/usr/local/bin/pihole"
register: pihole_bin

8
ansible/roles/pihole/tasks/configure.yml
View File

@ -1,4 +1,5 @@
- name: Set pihole webpassword
become: true
ansible.builtin.lineinfile:
path: /etc/pihole/setupVars.conf
regexp: "^WEBPASSWORD="
@ -6,6 +7,7 @@
create: yes
- name: Set pihole theme
become: true
ansible.builtin.lineinfile:
path: /etc/pihole/setupVars.conf
regexp: "^WEBTHEME="
@ -13,6 +15,7 @@
create: yes
- name: Set pihole layout
become: true
ansible.builtin.lineinfile:
path: /etc/pihole/setupVars.conf
regexp: "^WEBUIBOXEDLAYOUT="
@ -20,13 +23,15 @@
create: yes
- name: Set pihole listen
become: true
ansible.builtin.lineinfile:
path: /etc/pihole/setupVars.conf
regexp: "^DNSMASQ_LISTENING="
line: DNSMASQ_LISTENING=local
line: DNSMASQ_LISTENING=bind
create: yes
- name: Set pihole fqdn forwarding
become: true
ansible.builtin.lineinfile:
path: /etc/pihole/setupVars.conf
regexp: "^DNS_FQDN_REQUIRED="
@ -34,6 +39,7 @@
create: yes
- name: Set pihole reverse lookup
become: true
ansible.builtin.lineinfile:
path: /etc/pihole/setupVars.conf
regexp: "^DNS_BOGUS_PRIV="

4
ansible/roles/pihole/tasks/gather.yml
View File

@ -1,6 +1,6 @@
- name: Get dependencies for PiHole
when: not pihole_setup.stat.exists
become: yes
become: true
ansible.builtin.apt:
name:
[
@ -34,7 +34,7 @@
state: latest
- name: Checkout PiHole
become: yes
become: true
ansible.builtin.git:
repo: "https://github.com/pi-hole/pi-hole.git"
clone: yes

9
ansible/roles/pihole/tasks/main.yml
View File

@ -1,18 +1,17 @@
- name: Check if PiHole is cloned
stat:
ansible.builtin.stat:
path: "/etc/pihole"
register: pihole_clone
- name: Gather PiHole
when: not pihole_clone.stat.exists
include: gather.yml
include_tasks: gather.yml
- name: Check if PiHole is installed
stat:
ansible.builtin.stat:
path: "/usr/local/bin/pihole"
register: pihole_bin
- name: Configure PiHole
when: pihole_bin.stat.exists
include: configure.yml
become: yes
include_tasks: configure.yml

4
ansible/roles/pihole_updatelist/tasks/main.yml
View File

@ -17,12 +17,12 @@
become: true
- name: Check if updatelist is installed
stat:
ansible.builtin.stat:
path: "/usr/local/sbin/pihole-updatelists"
register: updatelist_exec
- name: Activate changes
when: updatelist.changed and updatelist_exec.stat.exists
when: updatelist_exec.stat.exists
become: true
ansible.builtin.command:
argv:

14
ansible/roles/proxmox/tasks/create_user.yml Normal file
View File

@ -0,0 +1,14 @@
- name: Create user
become: "{{ do_become }}"
command:
argv:
- pvesh
- create
- /access/users
- --userid
- "{{ item.username }}@pam"
- --comment
- "Managed by Ansible"
- --password
- "{{ item.password | default(None) }}"
- --output-format=json

34
ansible/roles/proxmox/tasks/main.yml Normal file
View File

@ -0,0 +1,34 @@
- name: Get users
become: "{{ do_become }}"
command:
argv:
- pvesh
- get
- /access/users
- --output-format=json
register: pve_users
- name: Create users
when: item.username not in (pve_users.stdout | from_json | community.general.json_query('[*].userid') |replace("@pam", ""))
include_tasks: create_user.yml
loop: "{{ users | selectattr('system', 'contains', 'proxmox') | flatten(levels=1) }}"
- name: Disable SWAP sysctl on host
become: true
ansible.posix.sysctl:
name: vm.swappiness
value: "0"
state: present
- name: Disable SWAP on host
become: true
ansible.builtin.command: swapoff -a
- name: Remove swapfile from /etc/fstab on host
become: true
ansible.posix.mount:
name: "{{ item }}"
fstype: swap
state: absent
with_items:
- swap

2
ansible/roles/zfs/defaults/main.yml Normal file
View File

@ -0,0 +1,2 @@
zfs_ver: 0.8.3-1ubuntu12.9
zfs_users: user

15
ansible/roles/zfs/tasks/install.yml Normal file
View File

@ -0,0 +1,15 @@
- name: Install packages
become: true
ansible.builtin.apt:
name: "{{ item }}={{ zfs_ver }}"
state: present
with_items:
- zfsutils-linux
- name: Hold ZFS version
become: true
ansible.builtin.dpkg_selections:
name: "{{ item }}"
selection: "hold"
with_items:
- zfsutils-linux

15
ansible/roles/zfs/tasks/main.yml Normal file
View File

@ -0,0 +1,15 @@
- name: Check if ZFS is installed
ansible.builtin.stat:
path: "/usr/sbin/zfs"
register: zfs_bin
- name: Install ZFS
when: not zfs_bin.stat.exists
include_tasks: install.yml
- name: Give user passwordless access to ZFS commands
become: true
lineinfile:
path: /etc/sudoers
line: "{{ item }} ALL=(ALL) NOPASSWD: /usr/sbin/zfs,/usr/sbin/zpool"
loop: "{{ zfs_users }}"

204
ansible/run.yml
View File

@ -1,5 +1,16 @@
- hosts: all
become: yes
become: "{{ do_become }}"
tags: [always]
vars_files:
- "vars/vault.yml"
tasks:
- name: Get dpkg arch
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
ansible.builtin.shell: dpkg --print-architecture
register: _apt_arch
- hosts: all:!unifi
become: "{{ do_become }}"
tags: [never, init]
vars_files:
- "vars/vault.yml"
@ -7,18 +18,23 @@
collections:
- ansible.builtin.apt
- ansible.builtin.apt_key
- ansible.builtin.apt_repository
- ansible.builtin.command
- ansible.builtin.copy
- ansible.builtin.dpkg_selections
- ansible.builtin.file
- ansible.builtin.get_url
- ansible.builtin.git
- ansible.builtin.group
- ansible.builtin.hostname
- ansible.builtin.lineinfile
- ansible.builtin.pip
- ansible.builtin.reboot
- ansible.builtin.stat
- ansible.builtin.template
- ansible.builtin.user
- ansible.posix.authorized_key
- ansible.posix.mount
- ansible.builtin.command
- ansible.builtin.apt_repository
- ansible.builtin.dpkg_selections
pre_tasks:
- include_tasks: tasks/users.yml
@ -52,7 +68,11 @@
test_command: uptime
when: new_hostname.changed
- include_tasks: tasks/remove_prox_ee_apt.yml
when: inventory_hostname in groups['prox']
- name: Update apt cache
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
ansible.builtin.apt:
update_cache: true
cache_valid_time: 1
@ -60,9 +80,10 @@
roles:
- role: geerlingguy.ntp
- role: geerlingguy.security
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
tasks:
- name: Install packages
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
ansible.builtin.apt:
name: "{{ item.name | default(omit) }}"
state: latest
@ -70,8 +91,13 @@
with_items:
- "{{package_list}}"
- name: Install pip packages
ansible.builtin.pip:
name:
- github3.py
- hosts: docker
become: yes
become: true
tags: [docker]
vars_files:
- "vars/vault.yml"
@ -81,10 +107,6 @@
name:
- docker
- name: Get DEB architecture
shell: dpkg --print-architecture
register: deb_architecture
- name: Create plugin directory if not present
ansible.builtin.file:
path: "/home/{{ item.username }}/.docker/cli-plugins/"
@ -94,68 +116,81 @@
mode: "0775"
loop: "{{ docker_users_obj }}"
- name: Get latest release of a public repository
community.general.github_release:
user: docker
repo: compose
action: latest_release
register: comp_cli
- name: Install compose plugin
ansible.builtin.get_url:
url: "https://github.com/docker/compose-cli/releases/download/v2.0.0-rc.1/docker-compose-linux-{{ deb_architecture.stdout }}"
dest: "/home/{{ item.username }}/.docker/cli-plugins/docker-compose"
url: "https://github.com/docker/compose/releases/download/{{comp_cli.tag}}/docker-compose-linux-{{ ansible_architecture }}"
dest: "/home/{{ users.0.username }}/.docker/cli-plugins/docker-compose"
mode: "0755"
owner: "{{ item.username }}"
group: "{{ item.groupname }}"
loop: "{{ docker_users_obj }}"
owner: "{{ users.0.username }}"
group: "{{ users.0.groupname }}"
roles:
- role: geerlingguy.docker
when: ansible_distribution == 'Ubuntu'
- hosts: kube
become: yes
tags: [never, init, kube]
vars_files:
- "vars/vault.yml"
tasks:
- name: Disable SWAP
# ansible.builtin.comman
command: swapoff -a
- name: Include Cri-O role
include_role:
name: alvistack.cri_o
apply:
become: true
- name: Include Runc role
include_role:
name: alvistack.runc
apply:
become: true
- name: Include Crun role
include_role:
name: alvistack.crun
apply:
become: true
- name: Include containers_common role
include_role:
name: alvistack.containers_common
apply:
become: true
- name: Include conmon role
include_role:
name: alvistack.conmon
apply:
become: true
- name: Include Kubernetes role
include_role:
name: kubernetes
- name: Include ZFS role
when: inventory_hostname in groups['zfs']
include_role:
name: zfs
- name: Include NFS role
when: inventory_hostname in groups['nfs']
include_role:
name: geerlingguy.nfs
apply:
become: true
- name: Remove swapfile from /etc/fstab
ansible.posix.mount:
name: "{{ item }}"
fstype: swap
state: absent
with_items:
- swap
- name: Add Apt signing key Google
ansible.builtin.apt_key:
url: "{{ item }}"
state: present
loop:
- https://packages.cloud.google.com/apt/doc/apt-key.gpg
- name: Add repo for kubernetes
ansible.builtin.apt_repository:
filename: kubernetes
repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main"
mode: "0666"
update_cache: yes
- name: Install packages
- hosts: prox
vars_files:
- "vars/vault.yml"
tags: [update, prox]
pre_tasks:
- name: Install sudo
ansible.builtin.apt:
name: "{{ item }}={{ kube_ver }}"
state: present
with_items:
- kubelet
- kubeadm
- kubectl
- name: Hold kubernetes version
become: yes
ansible.builtin.dpkg_selections:
name: "{{ item }}"
selection: "hold"
with_items:
- kubelet
- kubeadm
- kubectl
name: sudo
state: latest
roles:
- role: ironicbadger_ansible-role-proxmox-nag-removal
- role: proxmox
- hosts: piholes
vars_files:
@ -165,9 +200,43 @@
- role: pihole_updatelist
- role: pi_dnsmasq
- role: pihole
tasks:
- name: Install packages
become: true
ansible.builtin.apt:
name: libraspberrypi-bin
- hosts: all
become: yes
- name: Place PoE fan file
become: true
ansible.builtin.copy:
content: |
# Ansible managed
dtoverlay=rpi-poe
dtparam=poe_fan_temp0=57000
dtparam=poe_fan_temp1=60000
dtparam=poe_fan_temp2=63000
dtparam=poe_fan_temp3=66000
dest: /boot/firmware/usercfg.txt
# - hosts: usg
# vars_files:
# - "vars/vault.yml"
# - "vars/wireguard.yml"
# tags: [network, ubnt]
# roles:
# - role: usg
# - hosts: cloud_key
# vars_files:
# - "vars/vault.yml"
# - "vars/wireguard.yml"
# tags: [network, ubnt]
# roles:
# - role: cloud_key
- hosts: all:!unifi
become: "{{ do_become }}"
tags: [update]
vars_files:
- "vars/vault.yml"
@ -175,6 +244,7 @@
tasks:
# https://www.cyberciti.biz/faq/ansible-apt-update-all-packages-on-ubuntu-debian-linux/
- name: Update packages
when: ansible_distribution == 'Ubuntu'
ansible.builtin.apt:
update_cache: "True"
force_apt_get: "True"
@ -191,12 +261,13 @@
- 50-motd-news
- 80-livepatch
- 90-updates-available
- 91-release-upgrade
- 95-hwe-eol
when: ansible_distribution == 'Ubuntu'
- name: Check if pi-hole is installed
when: inventory_hostname in groups['piholes']
stat:
ansible.builtin.stat:
path: "/usr/local/bin/pihole"
register: pihole_exec
@ -208,14 +279,22 @@
- pihole
- -up
- name: Install and update OMP
include_tasks: tasks/omp.yml
- include_tasks: tasks/remove_prox_ee_apt.yml
when: inventory_hostname in groups['prox']
- name: Check if a reboot is needed for Debian and Ubuntu boxes
register: reboot_required_file
stat:
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
ansible.builtin.stat:
path: /var/run/reboot-required
get_md5: no
- name: Reboot the server
throttle: 1
when: reboot_required_file.stat.exists and (ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian')
ansible.builtin.reboot:
msg: "Reboot initiated by Ansible due to kernel updates"
connect_timeout: 5
@ -223,4 +302,3 @@
pre_reboot_delay: 0
post_reboot_delay: 30
test_command: uptime
when: reboot_required_file.stat.exists

34
ansible/tasks/omp.yml Normal file
View File

@ -0,0 +1,34 @@
- name: Check if OMP is installed
ansible.builtin.stat:
path: /opt/scripts/oh-my-posh
register: omp_bin
- name: Check OMP version
when: omp_bin.stat.exists
ansible.builtin.command: /opt/scripts/oh-my-posh -version
register: omp_ver
- name: Get latest release of OMP
community.general.github_release:
user: JanDeDobbeleer
repo: oh-my-posh
action: latest_release
register: omp_latest
- name: Download OMP
when: not omp_bin.stat.exists or omp_latest != ( "v" + omp_ver )
become: "{{ do_become }}"
ansible.builtin.get_url:
url: https://github.com/JanDeDobbeleer/oh-my-posh/releases/download/{{ omp_latest.tag }}/posh-linux-{{ apt_arch }}
dest: /usr/local/bin/oh-my-posh
mode: "0744"
owner: "{{ users.0.username }}"
group: "{{ users.0.groupname }}"
force: "yes"
- name: Add OMP to bash
ansible.builtin.lineinfile:
mode: "0644"
path: /home/{{ users.0.username }}/.bashrc
line: eval "$(oh-my-posh --init --shell bash --config https://gist.githubusercontent.com/Roxedus/6a11a5dbd37c24ecacf02fb9aef06e15/raw/bd0955596238ab4e31db64c0ab1551c0ee375619/oh-my.posh.json)"
create: yes

6
ansible/tasks/remove_prox_ee_apt.yml Normal file
View File

@ -0,0 +1,6 @@
- name: Remove PVE EE repo
ansible.builtin.file:
path: /etc/apt/sources.list.d/{{ item }}.list
state: absent
loop:
- pve-enterprise

10
ansible/tasks/users.yml
View File

@ -1,17 +1,17 @@
- name: Ensure groups exists
ansible.builtin.group:
name: "{{ user.groupname }}"
gid: "{{ user.gid | default(None) }}"
name: "{{ user.groupname | default(user.username) }}"
gid: "{{ user.gid | default(omit) }}"
state: present
- name: Add users
ansible.builtin.user:
name: "{{ user.username }}"
uid: "{{ user.uid | default(None) }}"
uid: "{{ user.uid | default(omit) }}"
group: "{{ user.groupname | default(user.username) }}"
shell: "{{ user.shell | default('/bin/bash') }}"
move_home: "{{ user.home | default(None) }}"
password: "{{ user.password | default(None) }}"
move_home: "{{ user.home | default(omit) }}"
password: "{{ user.password | password_hash('sha512') | default(omit) }}"
- name: Add a Github key ssh key
when: "user.github is defined"