113 lines
3.2 KiB
YAML
113 lines
3.2 KiB
YAML
---
|
|
- name: PVE base configuration
|
|
hosts: proxmox
|
|
gather_facts: false
|
|
serial: 1 # one host at a time
|
|
|
|
tasks:
|
|
- name: UI primary IP (/etc/hosts)
|
|
tags: network
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/hosts
|
|
regexp: ' {{ inventory_hostname_short }}$'
|
|
line: '{{ primary_ipv6 | split("/") | first }} {{ inventory_hostname }} {{ inventory_hostname_short }}'
|
|
|
|
- name: /etc/network/interfaces
|
|
tags: network
|
|
ansible.builtin.template:
|
|
src: templates/network.interfaces.j2
|
|
dest: /etc/network/interfaces
|
|
notify: reload networking
|
|
|
|
- name: admin convenience packages
|
|
tags: dep
|
|
apt:
|
|
state: latest
|
|
pkg:
|
|
- byobu
|
|
- mosh
|
|
- vim
|
|
- ncdu
|
|
- htop
|
|
# - git
|
|
|
|
- name: scripting dependencies
|
|
tags: dep
|
|
apt:
|
|
state: latest
|
|
pkg:
|
|
- jq
|
|
- yq
|
|
- curl
|
|
- guestfs-tools
|
|
- restic
|
|
|
|
# adding non-free-firmware component currently left manual, as it is hard to do reliably across upgrades + format will change with next major upg + not planning to add new nodes atm
|
|
|
|
- name: CPU microcode (Intel)
|
|
tags: dep
|
|
when: "'GenuineIntel' in ansible_processor"
|
|
apt:
|
|
state: latest
|
|
pkg: intel-microcode
|
|
|
|
- name: CPU microcode (AMD)
|
|
tags: dep
|
|
when: "'AuthenticAMD' in ansible_processor"
|
|
apt:
|
|
state: latest
|
|
pkg: amd64-microcode
|
|
|
|
- name: enable hardware watchdog
|
|
tags: dep
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/default/pve-ha-manager
|
|
regexp: 'WATCHDOG_MODULE=ipmi_watchdog$'
|
|
line: 'WATCHDOG_MODULE=ipmi_watchdog'
|
|
|
|
- name: dedup on rpool
|
|
ansible.builtin.shell: zfs set dedup=on rpool
|
|
|
|
# https://forum.proxmox.com/threads/problem-activating-memory-hotplug.66790/ https://lists.proxmox.com/pipermail/pve-devel/2016-December/024519.html can reproduce in 2020, 2022, 2025
|
|
- name: increase max_mem_regions
|
|
ansible.builtin.copy:
|
|
content: 'options vhost max_mem_regions=512'
|
|
dest: /etc/modprobe.d/vhost.conf
|
|
|
|
handlers:
|
|
- name: reload networking
|
|
ansible.builtin.systemd_service:
|
|
name: networking.service
|
|
state: reloaded
|
|
|
|
- name: PVE admin tooling
|
|
hosts: proxmox
|
|
tasks:
|
|
- name: README
|
|
ansible.builtin.copy:
|
|
content: |
|
|
https://git.k-space.ee/k-space/ansible/src/branch/main/proxmox
|
|
https://wiki.k-space.ee/en/hosting/proxmox
|
|
dest: /root/README
|
|
- name: admin_scripts directory
|
|
ansible.builtin.copy:
|
|
src: admin_scripts/
|
|
dest: /root/admin_scripts/
|
|
|
|
- name: load secrets
|
|
ansible.builtin.include_vars:
|
|
file: ../secrets/pve-telegram.yaml
|
|
- name: install telegram.env
|
|
ansible.builtin.template:
|
|
src: templates/telegram.env.j2
|
|
dest: /root/telegram.env
|
|
- name: install broadcast_reboot.service
|
|
ansible.builtin.copy:
|
|
src: templates/broadcast_reboot.service
|
|
dest: /etc/systemd/system/broadcast_reboot.service
|
|
- name: enable broadcast_reboot.service
|
|
ansible.builtin.systemd_service:
|
|
name: broadcast_reboot.service
|
|
enabled: true
|
|
state: started
|