wip

group_vars/infra.yml.template

@@ -13,4 +13,6 @@ networks:
   srv:
     gw: 10.0.0.1/16
 
-services:
+services:
+
+mail_server:

hosts.template

@@ -5,7 +5,7 @@ all:
         ansible:
           ansible_host: 10.0.0.3
           ansible_ssh_private_key_file: /etc/ansible/keys/ansible
-          container_password: ---
+          host_password: ---
           container_id: 100
           container_network: srv
           database: {user: 'test', name: 'test', pass: 'test'}
@@ -15,7 +15,7 @@ all:
       hosts:
         node1:
           ansible_host: 10.0.0.2
-          ansible_password: ---
+          host_password: ---
           ansible_ssh_extra_args: -o StrictHostKeyChecking=no
           external_ipv4: 1.1.1.1
           primary_role: proxmox

mappings.yml

@@ -54,7 +54,7 @@
         - {stage: 1, role: 'common'}
         - {stage: 1, role: 'proxmox', function: 'install'}
         - {stage: 5, role: 'mail-user'}
-        - {stage: 5, role: 'proxmox', function: 'tls'}
+        - {stage: 5, role: 'proxmox', function: 'rproxy'}
         - {stage: 6, role: 'proxmox', function: 'mail'}
       rest-server:
         - {stage: 6, role: 'rest-server', function: 'install'}

roles/common/tasks/debian.yml

@@ -13,7 +13,7 @@
   apt:
     force_apt_get: yes
     update_cache: yes
-  changed_when: false
+  changed_when: no
 
 
 - name: ensure apt-show-versions is installed
@@ -27,13 +27,14 @@
   shell:
     cmd: apt-show-versions --upgradeable
   register: upgradeable
-  changed_when: false
+  changed_when: no
 
 
 - block:
   - name: pause and confirm updates
     pause:
       prompt: "{{ upgradeable.stdout }}"
+    when: interactive | d(true) == true
 
 
   - name: upgrade all packages

roles/proxmox/defaults/main.yml

@@ -1 +1,9 @@
-cpu_governor: conservative
+proxmox_default_config:
+  cpu_governor: conservative
+  auto_reboot: yes
+
+  datacenter:
+    mac_prefix: "{{ mac_prefix }}"
+    email_from: "{{ host_name ~ '@' ~ ((mail_server | d({}))['tld'] | d(tld)) }}"
+
+proxmox_default_packages: []

roles/proxmox/tasks/install.yml

@@ -1,29 +1,38 @@
-- name: set cpu scheduler in cron
-  cron:
-    name: set cpu scheduler
-    special_time: reboot
-    job: 'echo {{ cpu_governor | quote }} | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor > /dev/null'
-    user: root
-
-
+- name: install extra proxmox packages
+  package:
+    name: "{{ item }}"
+  loop: "{{ proxmox_default_packages + (proxmox_packages | d([])) }}"
+  
+  
 - block:
-    - name: get current cpu scheduler types
-      shell:
-        cmd: cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
-      register: result
-      changed_when: false
+    - name: set cpu scheduler in cron
+      cron:
+        name: set cpu scheduler
+        special_time: reboot
+        job: 'echo {{ proxmox_cfg.cpu_governor | quote }} | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor > /dev/null'
+        user: root
+      
+
+    - block:
+        - name: get current cpu scheduler types
+          shell:
+            cmd: cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
+          register: result
+          changed_when: no
 
 
-    - name: change cpu scheduler
-      shell:
-        cmd: 'echo {{ cpu_governor | quote }} | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor'
-      when: (result.stdout_lines | unique | length > 1) or ((result.stdout_lines | unique)[0] != cpu_governor)
+        - name: change cpu scheduler
+          shell:
+            cmd: 'echo {{ proxmox_cfg.cpu_governor | quote }} | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor'
+          when: (result.stdout_lines | unique | length > 1) or ((result.stdout_lines | unique)[0] != proxmox_cfg.cpu_governor)
 
-  rescue:
-    - name: report that cpu scheduler cannot be changed
-      debug:
-        msg: failed to change cpu scheduler
+      rescue:
+        - name: report that cpu scheduler cannot be changed
+          debug:
+            msg: failed to change cpu scheduler
 
+  when: proxmox_cfg.cpu_governor is string
+  
 
 - name: disable enterprise repo
   apt_repository:
@@ -44,17 +53,13 @@
 - name: set datacenter configuration
   lineinfile:
     path: /etc/pve/datacenter.cfg
-    regexp: "^{{ item.name }}: "
-    line: "{{ item.name }}: {{ item.value }}"
+    regexp: "^{{ item.key }}: "
+    line: "{{ item.key }}: {{ item.value }}"
     mode: 0640
     owner: root
     group: www-data
     create: yes
-  loop:
-    - name: mac_prefix
-      value: "{{ mac_prefix }}"
-    - name: email_from
-      value: "{{ host_name }}@{{ mail_server.tld | d(tld) }}"
+  loop: "{{ proxmox_cfg.datacenter | dict2items }}"
 
 
 - name: enable auto-reboot on kernel panic
@@ -62,13 +67,14 @@
     dest: /etc/sysctl.d/90-auto-reboot.conf
     content: "kernel.panic = 5\n"
     mode: 0644
+  when: proxmox_cfg.auto_reboot | d(true) == true
 
 
 - name: set max arc cache size for zfs
   lineinfile:
     path: /etc/modprobe.d/zfs.conf
     regexp: "^options zfs zfs_arc_max="
-    line: "options zfs zfs_arc_max={{ zfs_arc_max }}"
+    line: "options zfs zfs_arc_max={{ proxmox_cfg.zfs_arc_max }}"
     create: yes
     mode: 0644
-  when: zfs_arc_max is defined
+  when: proxmox_cfg.zfs_arc_max is defined

roles/proxmox/tasks/main.yml

@@ -1,11 +1,16 @@
+- name: set proxmox_cfg
+  set_fact:
+    proxmox_cfg: "{{ proxmox_default_config | d({}) | combine(proxmox_config | d({}), recursive=true) }}"
+
+
 - name: proxmox installation
   include_tasks: install.yml
   when: function == 'install'
 
 
-- name: proxmox tls configuration
-  include_tasks: tls.yml
-  when: function == 'tls'
+- name: proxmox reverse proxy configuration
+  include_tasks: rproxy.yml
+  when: function == 'rproxy'
 
 
 - name: proxmox mail configuration

roles/proxmox/tasks/rproxy.yml

@@ -4,8 +4,8 @@
   vars:
     nginx:
       servers:
-        - conf: nginx_server
-      certs: true
+        - conf: rproxy_nginx
+      certs: "{{ host_tls }}"
       conf:
         http:
           ssl_conf_command: []

tasks/includes/role.yml

@@ -7,5 +7,7 @@
 - name: include role
   include_role:
     name: "{{ this_role.role }}"
+    public: "{{ this_role.public | d(false) }}"
+    tasks_from: "{{ this_role.tasks_from | d(omit) }}"
   vars:
     function: "{{ this_role.function | d(None) }}"