diff --git a/roles/pve_apt/tasks/ceph.yaml b/roles/pve_apt/tasks/ceph.yaml new file mode 100644 index 0000000..fb40cff --- /dev/null +++ b/roles/pve_apt/tasks/ceph.yaml @@ -0,0 +1,22 @@ +- name: Make sure ceph list file exists + ansible.builtin.file: + path: /etc/apt/sources.list.d/ceph.list + owner: root + group: root + mode: "0644" + state: touch + +- name: Remove Ceph Quincy enterprise repository + register: pve_apt_ceph_enterprise + ansible.builtin.lineinfile: + path: /etc/apt/sources.list.d/ceph.list + line: deb https://enterprise.proxmox.com/debian/ceph-quincy bookworm enterprise + state: absent + +- name: Add Ceph Quincy no-subscription repository + register: pve_apt_ceph_no_sub + ansible.builtin.lineinfile: + path: /etc/apt/sources.list.d/ceph.list + regexp: "^deb http://download.proxmox.com/debian/ceph-quincy.*" + line: deb http://download.proxmox.com/debian/ceph-quincy bookworm no-subscription + state: present diff --git a/roles/pve_apt/tasks/main.yaml b/roles/pve_apt/tasks/main.yaml new file mode 100644 index 0000000..54a735e --- /dev/null +++ b/roles/pve_apt/tasks/main.yaml @@ -0,0 +1,22 @@ +- name: Get Debian version + ansible.builtin.shell: + cmd: | + set -o pipefail + grep 'VERSION=' /etc/os-release | grep -Eo '[a-z]+' + args: + executable: /bin/bash + register: debver + changed_when: false + +- name: Configure pve repositories + ansible.builtin.include_tasks: + file: pve.yaml + +- name: Configure ceph repositories + ansible.builtin.include_tasks: + file: ceph.yaml + +- name: APT update + when: pve_apt_enterprise.changed or pve_apt_nosub.changed or pve_apt_ceph_enterprise.changed or pve_apt_ceph_no_sub.changed + ansible.builtin.apt: + update_cache: true diff --git a/roles/pve_apt/tasks/main.yml b/roles/pve_apt/tasks/main.yml deleted file mode 100644 index 2b6973f..0000000 --- a/roles/pve_apt/tasks/main.yml +++ /dev/null @@ -1,53 +0,0 @@ -- name: Remove enteprise repository - register: pve_apt_enterprise - ansible.builtin.file: - path: /etc/apt/sources.list.d/pve-enterprise.list - state: absent - -- name: Get Debian version - ansible.builtin.shell: - cmd: | - set -o pipefail - grep 'VERSION=' /etc/os-release | grep -Eo '[a-z]+' - args: - executable: /bin/bash - register: debver - changed_when: false - -- name: Add free (no-subscription) repository - register: pve_apt_nosub - ansible.builtin.copy: - dest: /etc/apt/sources.list.d/pve-no-subscription.list - owner: root - group: root - mode: "0640" - content: | - deb http://download.proxmox.com/debian/pve {{ debver.stdout }} pve-no-subscription - -- name: Make sure ceph list file exists - ansible.builtin.file: - path: /etc/apt/sources.list.d/ceph.list - owner: root - group: root - mode: "0644" - state: touch - -- name: Remove Ceph Quincy enterprise repository - register: pve_apt_ceph_enterprise - ansible.builtin.lineinfile: - path: /etc/apt/sources.list.d/ceph.list - line: deb https://enterprise.proxmox.com/debian/ceph-quincy bookworm enterprise - state: absent - -- name: Add Ceph Quincy no-subscription repository - register: pve_apt_ceph_no_sub - ansible.builtin.lineinfile: - path: /etc/apt/sources.list.d/ceph.list - regexp: "^deb http://download.proxmox.com/debian/ceph-quincy.*" - line: deb http://download.proxmox.com/debian/ceph-quincy bookworm no-subscription - state: present - -- name: APT update - when: pve_apt_enterprise.changed or pve_apt_nosub.changed or pve_apt_ceph_enterprise.changed or pve_apt_ceph_no_sub.changed - ansible.builtin.apt: - update_cache: true diff --git a/roles/pve_apt/tasks/pve.yaml b/roles/pve_apt/tasks/pve.yaml new file mode 100644 index 0000000..d1d86ed --- /dev/null +++ b/roles/pve_apt/tasks/pve.yaml @@ -0,0 +1,15 @@ +- name: Remove enteprise repository + register: pve_apt_enterprise + ansible.builtin.file: + path: /etc/apt/sources.list.d/pve-enterprise.list + state: absent + +- name: Add free (no-subscription) repository + register: pve_apt_nosub + ansible.builtin.copy: + dest: /etc/apt/sources.list.d/pve-no-subscription.list + owner: root + group: root + mode: "0640" + content: | + deb http://download.proxmox.com/debian/pve {{ debver.stdout }} pve-no-subscription \ No newline at end of file diff --git a/roles/pve_https_forward/tasks/main.yml b/roles/pve_https_forward/tasks/main.yml index dcb0363..b6cdfce 100644 --- a/roles/pve_https_forward/tasks/main.yml +++ b/roles/pve_https_forward/tasks/main.yml @@ -4,9 +4,10 @@ chain: PREROUTING protocol: tcp destination_port: 443 - to_ports: 8006 - source: "{{ ansible_host }}" # To avoid collision with other services exposing the same port on a different ip - jump: REDIRECT + match: tcp + to_destination: "{{ ansible_host }}:8006" + destination: "{{ ansible_host }}" # To avoid collision with other services exposing the same port on a different ip + jump: DNAT comment: "Enable Proxmox admin interface on 443" in_interface: vmbr0 # Must be specified to prevent docker containers calling 443 to be redirected to local @@ -19,6 +20,14 @@ set -o pipefail iptables-save -t nat | grep 'Proxmox' +- name: Create iptables directory + ansible.builtin.file: + path: /etc/iptables + state: directory + owner: root + group: root + mode: "0640" + - name: "Save iptables state to a file" ansible.builtin.copy: dest: /etc/iptables/nat.rules.v4 diff --git a/roles/pve_nosubs_warning/tasks/main.yaml b/roles/pve_nosubs_warning/tasks/main.yaml new file mode 100644 index 0000000..970496e --- /dev/null +++ b/roles/pve_nosubs_warning/tasks/main.yaml @@ -0,0 +1,7 @@ +- name: Replace dialog script + ansible.builtin.replace: + path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js + before: "title:\\s+gettext\\('No valid subscription'\\)" + regexp: 'Ext\.Msg\.show' + replace: 'void' + backup: true \ No newline at end of file diff --git a/roles/pve_users/tasks/main.yml b/roles/pve_users/tasks/main.yml index b0c57e7..01be00e 100644 --- a/roles/pve_users/tasks/main.yml +++ b/roles/pve_users/tasks/main.yml @@ -15,9 +15,3 @@ when: pve_users is defined vars: user: "{{ item }}" - -- name: Remove root@pam user - ansible.builtin.lineinfile: - path: /etc/pve/user.cfg - state: absent - regex: "^user:root@pam:(.*)"