3 files changed, 66 insertions, 0 deletions
diff --git a/roles/proxmox/system/tasks/main.yml b/roles/proxmox/system/tasks/main.yml
new file mode 100644
index 0000000..ac84900
--- /dev/null
+++ b/roles/proxmox/system/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: remove enterprise repo
+  file:
+    path: /etc/apt/sources.list.d/pve-enterprise.list
+    state: absent
+- name: add proxmox no subscription repo
+  apt_repository:
+    repo: deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
+- name: create non-root user
+  user:
+    name: "{{ proxmox_username }}"
+    groups:
+      - sudo
+    shell: /bin/bash
+- name: give passwordless sudo to sudo group
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+    validate: '/usr/sbin/visudo -cf %s'
+- name: deploy ssh public key
+  authorized_key:
+    user: "{{ proxmox_username }}"
+    state: present
+    key: "{{ lookup('file', 'data/common/id_rsa.pub') }}"
diff --git a/roles/proxmox/system/tasks/proxmox_repo.yml b/roles/proxmox/system/tasks/proxmox_repo.yml
new file mode 100644
index 0000000..bf2508d
--- /dev/null
+++ b/roles/proxmox/system/tasks/proxmox_repo.yml
@@ -0,0 +1,8 @@
+- name: remove enterprise repo
+  file:
+    path: /etc/apt/sources.list.d/pve-enterprise.list
+    state: absent
+- name: add proxmox no subscription repo
+  apt_repository:
+    repo: deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
diff --git a/roles/proxmox/system/tasks/user.yml b/roles/proxmox/system/tasks/user.yml
new file mode 100644
index 0000000..2ba337a
--- /dev/null
+++ b/roles/proxmox/system/tasks/user.yml
@@ -0,0 +1,28 @@
+- name: create non-root user
+  user:
+    name: "{{ username }}"
+    password: "{{ password | password_hash('sha512') }}"
+    groups:
+      - sudo
+    shell: /bin/bash
+    update_password: on_create
+  register: newuser
+- name: ensure primary user group exists
+  group:
+    name: "{{ username }}"
+    state: present
+- name: give passwordless sudo to sudo group
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+    validate: '/usr/sbin/visudo -cf %s'
+- name: deploy ssh public key
+  authorized_key:
+    user: "{{ username }}"
+    state: present
+    key: "{{ ssh_public_key }}"

diff --git a/roles/proxmox/system/tasks/main.yml b/roles/proxmox/system/tasks/main.yml new file mode 100644 index 0000000..ac84900 --- /dev/null +++ b/roles/proxmox/system/tasks/main.yml
@@ -0,0 +1,30 @@
	1	---
	2	- name: remove enterprise repo
	3	file:
	4	path: /etc/apt/sources.list.d/pve-enterprise.list
	5	state: absent
	6
	7	- name: add proxmox no subscription repo
	8	apt_repository:
	9	repo: deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
	10
	11	- name: create non-root user
	12	user:
	13	name: "{{ proxmox_username }}"
	14	groups:
	15	- sudo
	16	shell: /bin/bash
	17
	18	- name: give passwordless sudo to sudo group
	19	lineinfile:
	20	path: /etc/sudoers
	21	state: present
	22	regexp: '^%sudo'
	23	line: '%sudo ALL=(ALL) NOPASSWD: ALL'
	24	validate: '/usr/sbin/visudo -cf %s'
	25
	26	- name: deploy ssh public key
	27	authorized_key:
	28	user: "{{ proxmox_username }}"
	29	state: present
	30	key: "{{ lookup('file', 'data/common/id_rsa.pub') }}"


diff --git a/roles/proxmox/system/tasks/proxmox_repo.yml b/roles/proxmox/system/tasks/proxmox_repo.yml new file mode 100644 index 0000000..bf2508d --- /dev/null +++ b/roles/proxmox/system/tasks/proxmox_repo.yml
@@ -0,0 +1,8 @@
	1	- name: remove enterprise repo
	2	file:
	3	path: /etc/apt/sources.list.d/pve-enterprise.list
	4	state: absent
	5
	6	- name: add proxmox no subscription repo
	7	apt_repository:
	8	repo: deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription


diff --git a/roles/proxmox/system/tasks/user.yml b/roles/proxmox/system/tasks/user.yml new file mode 100644 index 0000000..2ba337a --- /dev/null +++ b/roles/proxmox/system/tasks/user.yml
@@ -0,0 +1,28 @@
	1	- name: create non-root user
	2	user:
	3	name: "{{ username }}"
	4	password: "{{ password \| password_hash('sha512') }}"
	5	groups:
	6	- sudo
	7	shell: /bin/bash
	8	update_password: on_create
	9	register: newuser
	10
	11	- name: ensure primary user group exists
	12	group:
	13	name: "{{ username }}"
	14	state: present
	15
	16	- name: give passwordless sudo to sudo group
	17	lineinfile:
	18	path: /etc/sudoers
	19	state: present
	20	regexp: '^%sudo'
	21	line: '%sudo ALL=(ALL) NOPASSWD: ALL'
	22	validate: '/usr/sbin/visudo -cf %s'
	23
	24	- name: deploy ssh public key
	25	authorized_key:
	26	user: "{{ username }}"
	27	state: present
	28	key: "{{ ssh_public_key }}"