117 lines
3.6 KiB
YAML
117 lines
3.6 KiB
YAML
---
|
|
- name: PVE base configuration
|
|
hosts: proxmox
|
|
tasks:
|
|
- name: admin convenience packages
|
|
tags: dep
|
|
apt:
|
|
state: latest
|
|
pkg:
|
|
- byobu
|
|
- mosh
|
|
- vim
|
|
- ncdu
|
|
- htop
|
|
# - git
|
|
|
|
- name: scripting dependencies
|
|
tags: dep
|
|
apt:
|
|
state: latest
|
|
pkg:
|
|
- jq
|
|
- yq
|
|
- curl
|
|
- guestfs-tools
|
|
- restic
|
|
|
|
# adding non-free-firmware component currently left manual, as it is hard to do reliably across upgrades + format will change with next major upg + not planning to add new nodes atm
|
|
|
|
#TODO: Whatever you do, Ansible wants to collect _all_ facts all the time.
|
|
# - name: Collect processor facts
|
|
# ansible.builtin.setup:
|
|
# gather_subset: "!all,!min,processor"
|
|
# - name: Show Gathered Facts
|
|
# debug:
|
|
# msg: "{{ ansible_facts }}"
|
|
#
|
|
#
|
|
# - name: CPU microcode (Intel)
|
|
# tags: dep
|
|
# when: "'GenuineIntel' in ansible_processor"
|
|
# apt:
|
|
# state: latest
|
|
# pkg: intel-microcode
|
|
#
|
|
# - name: CPU microcode (AMD)
|
|
# tags: dep
|
|
# when: "'AuthenticAMD' in ansible_processor"
|
|
# apt:
|
|
# state: latest
|
|
# pkg: amd64-microcode
|
|
|
|
- name: enable hardware watchdog
|
|
tags: dep
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/default/pve-ha-manager
|
|
regexp: 'WATCHDOG_MODULE=ipmi_watchdog$'
|
|
line: 'WATCHDOG_MODULE=ipmi_watchdog'
|
|
|
|
- name: rpool dedup
|
|
ansible.builtin.shell: "zfs get dedup rpool -H | awk '{ print $3 }'"
|
|
changed_when: false
|
|
register: dedup
|
|
- name: rpool dedup=on
|
|
when: "dedup.stdout != 'on'"
|
|
ansible.builtin.shell: zfs set dedup=on rpool
|
|
|
|
# https://forum.proxmox.com/threads/problem-activating-memory-hotplug.66790/ https://lists.proxmox.com/pipermail/pve-devel/2016-December/024519.html can reproduce in 2020, 2022, 2025
|
|
- name: increase max_mem_regions
|
|
ansible.builtin.copy:
|
|
content: |
|
|
options vhost max_mem_regions=512
|
|
dest: /etc/modprobe.d/vhost.conf
|
|
|
|
- name: sysctl.conf UNKNOWN CONFIG DRIFT #TODO: was in /etc/sysctl.conf on all, including new nodes (not present in upstream deb packages), including it just in case. This needs docs on what it is used for / needed by.
|
|
ansible.builtin.copy:
|
|
content: |
|
|
net.ipv4.ip_forward=1
|
|
net.ipv6.conf.all.forwarding=1
|
|
dest: /etc/sysctl.d/99-k-space.conf
|
|
|
|
- name: PVE admin tooling
|
|
hosts: proxmox
|
|
tasks:
|
|
- name: README
|
|
ansible.builtin.copy:
|
|
content: |
|
|
https://git.k-space.ee/k-space/ansible/src/branch/main/proxmox
|
|
^ source for admin_scritps
|
|
https://wiki.k-space.ee/en/hosting/proxmox
|
|
dest: /root/README
|
|
- name: admin_scripts directory
|
|
ansible.builtin.copy:
|
|
src: admin_scripts/
|
|
dest: /root/admin_scripts/
|
|
mode: preserve
|
|
- name: source admin_scripts/bashrc
|
|
ansible.builtin.lineinfile:
|
|
path: /root/.bashrc
|
|
line: 'source /root/admin_scripts/bashrc'
|
|
|
|
- name: load secrets
|
|
ansible.builtin.include_vars:
|
|
file: ../secrets/pve-telegram.yaml
|
|
- name: install telegram.env
|
|
ansible.builtin.template:
|
|
src: templates/telegram.env.j2
|
|
dest: /root/telegram.env
|
|
- name: install broadcast_reboot.service
|
|
ansible.builtin.copy:
|
|
src: templates/broadcast_reboot.service
|
|
dest: /etc/systemd/system/broadcast_reboot.service
|
|
- name: enable broadcast_reboot.service
|
|
ansible.builtin.systemd_service:
|
|
name: broadcast_reboot.service
|
|
enabled: true
|