reorganize pve

proxmox/base.yaml

@@ -0,0 +1,104 @@
+---
+- name: PVE base configuration
+  hosts: proxmox
+  tasks:
+    - name: admin convenience packages
+      tags: dep
+      apt:
+        state: latest
+        pkg:
+          - byobu
+          - mosh
+          - vim
+          - ncdu
+          - htop
+#          - git
+
+    - name: scripting dependencies
+      tags: dep
+      apt:
+        state: latest
+        pkg:
+          - jq
+          - yq
+          - curl
+          - guestfs-tools
+          - restic
+
+    # adding non-free-firmware component currently left manual, as it is hard to do reliably across upgrades + format will change with next major upg + not planning to add new nodes atm
+
+    #TODO: Whatever you do, Ansible wants to collect _all_ facts all the time.
+#    - name: Collect processor facts
+#      ansible.builtin.setup:
+#        gather_subset: "!all,!min,processor"
+#    - name: Show Gathered Facts
+#      debug:
+#        msg: "{{ ansible_facts }}"
+#
+#
+#    - name: CPU microcode (Intel)
+#      tags: dep
+#      when: "'GenuineIntel' in ansible_processor"
+#      apt:
+#        state: latest
+#        pkg: intel-microcode
+#
+#    - name: CPU microcode (AMD)
+#      tags: dep
+#      when: "'AuthenticAMD' in ansible_processor"
+#      apt:
+#        state: latest
+#        pkg: amd64-microcode
+
+    - name: enable hardware watchdog
+      tags: dep
+      ansible.builtin.lineinfile:
+        path: /etc/default/pve-ha-manager
+        regexp: 'WATCHDOG_MODULE=ipmi_watchdog$'
+        line: 'WATCHDOG_MODULE=ipmi_watchdog'
+
+    - name: rpool dedup get
+      ansible.builtin.shell: "zfs get dedup rpool -H | awk '{ print $3 }'"
+      changed_when: false
+      register: dedup
+    - name: rpool dedup set on
+      when: "dedup.stdout != 'on'"
+      ansible.builtin.shell: zfs set dedup=on rpool
+
+    # https://forum.proxmox.com/threads/problem-activating-memory-hotplug.66790/ https://lists.proxmox.com/pipermail/pve-devel/2016-December/024519.html can reproduce in 2020, 2022, 2025
+    - name: increase max_mem_regions
+      ansible.builtin.copy:
+        content: |
+          options vhost max_mem_regions=512
+        dest: /etc/modprobe.d/vhost.conf
+
+- name: PVE admin tooling
+  hosts: proxmox
+  tasks:
+    - name: README
+      ansible.builtin.copy:
+        content: |
+          https://git.k-space.ee/k-space/ansible/src/branch/main/proxmox
+          https://wiki.k-space.ee/en/hosting/proxmox
+        dest: /root/README
+    - name: admin_scripts directory
+      ansible.builtin.copy:
+        src: admin_scripts/
+        dest: /root/admin_scripts/
+
+    - name: load secrets
+      ansible.builtin.include_vars:
+        file: ../secrets/pve-telegram.yaml
+    - name: install telegram.env
+      ansible.builtin.template:
+        src: templates/telegram.env.j2
+        dest: /root/telegram.env
+    - name: install broadcast_reboot.service
+      ansible.builtin.copy:
+        src: templates/broadcast_reboot.service
+        dest: /etc/systemd/system/broadcast_reboot.service
+    - name: enable broadcast_reboot.service
+      ansible.builtin.systemd_service:
+        name: broadcast_reboot.service
+        enabled: true
+        state: started