refactor(ansible): refactor common role application and improve vm ssh config

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
2025-04-27 17:46:41 +02:00
parent 591342f580
commit 7fcee3912f
7 changed files with 34 additions and 27 deletions
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -17,20 +17,4 @@ internal_domain: seyshiro.de
 # Packages
 #

-common_packages:
-  - build-essential
-  - curl
-  - git
-  - iperf3
-  - neovim
-  - rsync
-  - smartmontools
-  - sudo
-  - systemd-timesyncd
-  - tree
-  - screen
-  - bat
-  - fd-find
-  - ripgrep
-
 arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
--- a/group_vars/proxmox/secrets_vm.yml
+++ b/group_vars/proxmox/secrets_vm.yml
@@ -1,8 +1,8 @@
 $ANSIBLE_VAULT;1.1;AES256
-62653436363035633565383636383931353765663136646362366439306635306430313763323331
-3533346430316564356463613664366261336139636331320a636532633836303161396238663163
-39643765613162346261643662333633323133373830313365326534626161326235363038383462
-6531643136646464610a383532316434383264326665613436623331333730633035316530663031
-63343539393062383065396638363064613932363164346632366134333637343337353033346131
-30613162303536313366656137306165303032636366376362656137343235313838356463306532
-653164653834613431633563633739313936
+64623839343136343037346662393336313734626237393336666138303264646634363535356632
+6161643031656639383939616338353432303832633466320a376135363361613563343231326430
+36316264346434343366396334643466366364386266316261363336396539626132613865353236
+6366633136613064650a303831646430343431323338653566633665653162633664366163653864
+35326266646534366665366238656132393163306161393966353338626266313339396465333539
+63663133323231623030633964383239373337313439396363306134353961616661343963363332
+663962656462316461643565383833396164
--- a/playbooks/proxmox.yml
+++ b/playbooks/proxmox.yml
@@ -8,6 +8,10 @@
    is_localhost: "{{ inventory_hostname == '127.0.0.1' }}"
    is_proxmox_node: "{{ 'proxmox_nodes' in group_names }}"
  roles:
+    - role: common
+      tags:
+        - common
+      when: not is_localhost
    - role: proxmox
      tags:
        - proxmox
--- a/production.ini
+++ b/production.ini
@@ -56,3 +56,4 @@ docker-host[00:01]

 [docker_lb]
 docker-lb
+test-vm-00
--- a/roles/common/tasks/hostname.yml
+++ b/roles/common/tasks/hostname.yml
@@ -1,14 +1,14 @@
 ---
 - name: Set a hostname
  ansible.builtin.hostname:
-    name: "{{ host.hostname }}"
+    name: "{{ inventory_hostname }}"
  become: true

 - name: Update /etc/hosts to reflect the new hostname
  ansible.builtin.lineinfile:
    path: /etc/hosts
    regexp: '^127\.0\.1\.1'
-    line: "127.0.1.1 {{ host.hostname }}"
+    line: "127.0.1.1 {{ inventory_hostname }}"
    state: present
    backup: true
  become: true
--- a/roles/common/vars/main.yml
+++ b/roles/common/vars/main.yml
@@ -0,0 +1,15 @@
+common_packages:
+  - build-essential
+  - curl
+  - git
+  - iperf3
+  - neovim
+  - rsync
+  - smartmontools
+  - sudo
+  - systemd-timesyncd
+  - tree
+  - screen
+  - bat
+  - fd-find
+  - ripgrep
--- a/roles/proxmox/tasks/56_provision_new_vm.yml
+++ b/roles/proxmox/tasks/56_provision_new_vm.yml
@@ -51,9 +51,12 @@
      Host {{ vm.name }}
          HostName {{ vm_found_ip }}
          Port 22
-          User tudattr
-          IdentityFile /media/veracrypt1/genesis
+          User {{ user }}
+          IdentityFile {{ pk_path }}
+          IdentityFile ~/.ssh/id_ed25519
+          IdentityFile ~/.ssh/id_ed25519-cert.pub
          ProxyJump {{ vm.node }}
+          StrictHostKeyChecking no

 - name: Append new VM to SSH config
  ansible.builtin.blockinfile: