From 7fcee3912f60d34460eb1ff17c15b94a71a898fe Mon Sep 17 00:00:00 2001
From: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
Date: Sun, 27 Apr 2025 17:46:41 +0200
Subject: [PATCH] refactor(ansible): refactor common role application and
 improve vm ssh config

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
---
 group_vars/all/vars.yml                     | 16 ----------------
 group_vars/proxmox/secrets_vm.yml           | 14 +++++++-------
 playbooks/proxmox.yml                       |  4 ++++
 production.ini                              |  1 +
 roles/common/tasks/hostname.yml             |  4 ++--
 roles/common/vars/main.yml                  | 15 +++++++++++++++
 roles/proxmox/tasks/56_provision_new_vm.yml |  7 +++++--
 7 files changed, 34 insertions(+), 27 deletions(-)
 create mode 100644 roles/common/vars/main.yml

diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 6b94e03..bb56366 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -17,20 +17,4 @@ internal_domain: seyshiro.de
 # Packages
 #
 
-common_packages:
-  - build-essential
-  - curl
-  - git
-  - iperf3
-  - neovim
-  - rsync
-  - smartmontools
-  - sudo
-  - systemd-timesyncd
-  - tree
-  - screen
-  - bat
-  - fd-find
-  - ripgrep
-
 arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
diff --git a/group_vars/proxmox/secrets_vm.yml b/group_vars/proxmox/secrets_vm.yml
index 5908811..98f34a3 100644
--- a/group_vars/proxmox/secrets_vm.yml
+++ b/group_vars/proxmox/secrets_vm.yml
@@ -1,8 +1,8 @@
 $ANSIBLE_VAULT;1.1;AES256
-62653436363035633565383636383931353765663136646362366439306635306430313763323331
-3533346430316564356463613664366261336139636331320a636532633836303161396238663163
-39643765613162346261643662333633323133373830313365326534626161326235363038383462
-6531643136646464610a383532316434383264326665613436623331333730633035316530663031
-63343539393062383065396638363064613932363164346632366134333637343337353033346131
-30613162303536313366656137306165303032636366376362656137343235313838356463306532
-653164653834613431633563633739313936
+64623839343136343037346662393336313734626237393336666138303264646634363535356632
+6161643031656639383939616338353432303832633466320a376135363361613563343231326430
+36316264346434343366396334643466366364386266316261363336396539626132613865353236
+6366633136613064650a303831646430343431323338653566633665653162633664366163653864
+35326266646534366665366238656132393163306161393966353338626266313339396465333539
+63663133323231623030633964383239373337313439396363306134353961616661343963363332
+663962656462316461643565383833396164
diff --git a/playbooks/proxmox.yml b/playbooks/proxmox.yml
index f3d9fff..52e7472 100644
--- a/playbooks/proxmox.yml
+++ b/playbooks/proxmox.yml
@@ -8,6 +8,10 @@
     is_localhost: "{{ inventory_hostname == '127.0.0.1' }}"
     is_proxmox_node: "{{ 'proxmox_nodes' in group_names }}"
   roles:
+    - role: common
+      tags:
+        - common
+      when: not is_localhost
     - role: proxmox
       tags:
         - proxmox
diff --git a/production.ini b/production.ini
index 78dc966..813d160 100644
--- a/production.ini
+++ b/production.ini
@@ -56,3 +56,4 @@ docker-host[00:01]
 
 [docker_lb]
 docker-lb
+test-vm-00
diff --git a/roles/common/tasks/hostname.yml b/roles/common/tasks/hostname.yml
index 0ab30a8..aac5087 100644
--- a/roles/common/tasks/hostname.yml
+++ b/roles/common/tasks/hostname.yml
@@ -1,14 +1,14 @@
 ---
 - name: Set a hostname
   ansible.builtin.hostname:
-    name: "{{ host.hostname }}"
+    name: "{{ inventory_hostname }}"
   become: true
 
 - name: Update /etc/hosts to reflect the new hostname
   ansible.builtin.lineinfile:
     path: /etc/hosts
     regexp: '^127\.0\.1\.1'
-    line: "127.0.1.1 {{ host.hostname }}"
+    line: "127.0.1.1 {{ inventory_hostname }}"
     state: present
     backup: true
   become: true
diff --git a/roles/common/vars/main.yml b/roles/common/vars/main.yml
new file mode 100644
index 0000000..f904520
--- /dev/null
+++ b/roles/common/vars/main.yml
@@ -0,0 +1,15 @@
+common_packages:
+  - build-essential
+  - curl
+  - git
+  - iperf3
+  - neovim
+  - rsync
+  - smartmontools
+  - sudo
+  - systemd-timesyncd
+  - tree
+  - screen
+  - bat
+  - fd-find
+  - ripgrep
diff --git a/roles/proxmox/tasks/56_provision_new_vm.yml b/roles/proxmox/tasks/56_provision_new_vm.yml
index 934ca52..e24be2e 100644
--- a/roles/proxmox/tasks/56_provision_new_vm.yml
+++ b/roles/proxmox/tasks/56_provision_new_vm.yml
@@ -51,9 +51,12 @@
       Host {{ vm.name }}
           HostName {{ vm_found_ip }}
           Port 22
-          User tudattr
-          IdentityFile /media/veracrypt1/genesis
+          User {{ user }}
+          IdentityFile {{ pk_path }}
+          IdentityFile ~/.ssh/id_ed25519
+          IdentityFile ~/.ssh/id_ed25519-cert.pub
           ProxyJump {{ vm.node }}
+          StrictHostKeyChecking no
 
 - name: Append new VM to SSH config
   ansible.builtin.blockinfile: