From 95b73daa36b23565a8566f71f9b202d3459b685f Mon Sep 17 00:00:00 2001
From: Sam Chudnick <sam@chudnick.com>
Date: Sun, 25 Jun 2023 09:52:36 -0400
Subject: Initial Commit

---
 roles/proxmox/system/defaults/main.yml      |  8 ++++++++
 roles/proxmox/system/tasks/main.yml         | 30 +++++++++++++++++++++++++++++
 roles/proxmox/system/tasks/proxmox_repo.yml |  8 ++++++++
 roles/proxmox/system/tasks/user.yml         | 28 +++++++++++++++++++++++++++
 4 files changed, 74 insertions(+)
 create mode 100644 roles/proxmox/system/defaults/main.yml
 create mode 100644 roles/proxmox/system/tasks/main.yml
 create mode 100644 roles/proxmox/system/tasks/proxmox_repo.yml
 create mode 100644 roles/proxmox/system/tasks/user.yml

(limited to 'roles/proxmox/system')

diff --git a/roles/proxmox/system/defaults/main.yml b/roles/proxmox/system/defaults/main.yml
new file mode 100644
index 0000000..0091ea1
--- /dev/null
+++ b/roles/proxmox/system/defaults/main.yml
@@ -0,0 +1,8 @@
+username: vmadmin
+ssh_public_key: changme
+oath_key: changeme
+raid_id: "0"
+raid_level: "1"
+raid_devices: "/dev/sda1 /dev/sdb1"
+raid_name: "prometheus:0"
+
diff --git a/roles/proxmox/system/tasks/main.yml b/roles/proxmox/system/tasks/main.yml
new file mode 100644
index 0000000..ac84900
--- /dev/null
+++ b/roles/proxmox/system/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: remove enterprise repo
+  file:
+    path: /etc/apt/sources.list.d/pve-enterprise.list
+    state: absent
+
+- name: add proxmox no subscription repo
+  apt_repository:
+    repo: deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
+
+- name: create non-root user
+  user:
+    name: "{{ proxmox_username }}"
+    groups:
+      - sudo
+    shell: /bin/bash
+
+- name: give passwordless sudo to sudo group
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+    validate: '/usr/sbin/visudo -cf %s'
+
+- name: deploy ssh public key
+  authorized_key:
+    user: "{{ proxmox_username }}"
+    state: present
+    key: "{{ lookup('file', 'data/common/id_rsa.pub') }}"
diff --git a/roles/proxmox/system/tasks/proxmox_repo.yml b/roles/proxmox/system/tasks/proxmox_repo.yml
new file mode 100644
index 0000000..bf2508d
--- /dev/null
+++ b/roles/proxmox/system/tasks/proxmox_repo.yml
@@ -0,0 +1,8 @@
+- name: remove enterprise repo
+  file:
+    path: /etc/apt/sources.list.d/pve-enterprise.list
+    state: absent
+
+- name: add proxmox no subscription repo
+  apt_repository:
+    repo: deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
diff --git a/roles/proxmox/system/tasks/user.yml b/roles/proxmox/system/tasks/user.yml
new file mode 100644
index 0000000..2ba337a
--- /dev/null
+++ b/roles/proxmox/system/tasks/user.yml
@@ -0,0 +1,28 @@
+- name: create non-root user
+  user:
+    name: "{{ username }}"
+    password: "{{ password | password_hash('sha512') }}"
+    groups:
+      - sudo
+    shell: /bin/bash
+    update_password: on_create
+  register: newuser
+
+- name: ensure primary user group exists
+  group:
+    name: "{{ username }}"
+    state: present
+
+- name: give passwordless sudo to sudo group
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+    validate: '/usr/sbin/visudo -cf %s'
+
+- name: deploy ssh public key
+  authorized_key:
+    user: "{{ username }}"
+    state: present
+    key: "{{ ssh_public_key }}"
-- 
cgit v1.2.3