wip

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>

.ansible-lint

@@ -0,0 +1,31 @@
+---
+# .ansible-lint
+
+# Specify exclude paths to prevent linting vendor roles, etc.
+exclude_paths:
+  - ./.git/
+  - ./.venv/
+  - ./galaxy_roles/
+
+# A list of rules to skip. This is a more modern and readable alternative to 'skip_list'.
+skip_list:
+  - experimental
+  - fqcn-builtins
+  - no-handler
+  - var-naming
+
+# Enforce certain rules that are not enabled by default.
+enable_list:
+  - no-free-form
+  - var-spacing
+  - no-log-password
+  - no-relative-path
+  - command-instead-of-module
+  - fqcn[deep]
+  - no-changed-when
+
+# Offline mode disables any features that require internet access.
+offline: true
+
+# Set the desired verbosity level.
+verbosity: 1

.editorconfig

@@ -0,0 +1,17 @@
+root = true
+
+[*]
+indent_style = space
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{yml,yaml}]
+indent_size = 2
+
+[*.py]
+indent_size = 4
+
+[*.md]
+trim_trailing_whitespace = false

group_vars/docker/docker.yml

@@ -7,32 +7,6 @@ docker:
     compose: "/opt/docker/compose/"
 
 services:
-  - name: syncthing
-    vm:
-      - docker-host11
-    container_name: syncthing
-    image: syncthing/syncthing:1.29
-    volumes:
-      - name: "Data"
-        internal: /var/syncthing/
-        external: /media/docker/data/syncthing/
-    ports:
-      - name: "http"
-        internal: 8384
-        external: "{{ services_external_http.syncthing }}"
-      - name: ""
-        internal: 22000
-        external: 22000
-      - name: ""
-        internal: 22000
-        external: 22000
-      - name: ""
-        internal: 21027
-        external: 21027
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Europe/Berlin
   - name: status
     vm:
       - docker-host12
@@ -52,7 +26,7 @@ services:
       - TZ=Europe/Berlin
   - name: plex
     vm:
-      - docker-host11
+      - docker-host10
     container_name: plex
     image: lscr.io/linuxserver/plex:1.41.5
     volumes:
@@ -435,7 +409,7 @@ services:
   - name: cadvisor
     vm:
       - docker-host12
-      - docker-host11
+      - docker-host10
       - docker-host01
     container_name: cadvisor
     image: gcr.io/cadvisor/cadvisor:v0.52.1

group_vars/docker/port_mapping.yml

@@ -1,5 +1,4 @@
 services_external_http:
-  syncthing: 8384
   kuma: 3001
   plex: 32400
   jellyfin: 8096

group_vars/proxmox/secrets_vm.yml

@@ -1,17 +1,20 @@
 $ANSIBLE_VAULT;1.1;AES256
-66386330343432366236303530313838613830376162613265346533336232393838323136306433
+35616266333838306161336339353538306634373132626132643732303066303163343630333630
-6631643363643761313164376132386433623137386539360a333263393236616432616439613733
+6338393762616262303038373334663230383464643836370a656538393531393134616463643239
-33653832333534333563623164616164663034303331373135633665636230333035373262656338
+36383330653339393362353838313639333432643535643833396535653632376336613130646663
-3038383463366466640a666264653332616637616661376666303331353333383833323538633666
+3532646538363137630a363731613235653935316531616430346264643837306434386333373033
-30656266353439366461636162336266356433336438393134326166343934353933633131343163
+33663135653931373963343734366562386263663939383536663439383537333264666233343233
-61643233616166316236636333633136353830626265343834333937353361363962656463656538
+62626162666538333435396638393338393734656131303065616534613733353335643939333765
-32336435643531613936343136663632386564373764306333323262306432626237323434336333
+38326237343337363064666530303664326563633262313432343030336266373437353837346461
-35323365326432616563663936623630386436336364323530613137636434653138383539623166
+63333363626164316638346635666537613963383537313965373638303732353365623166363736
-32326436643861366536393937343863653032336334333739653434346263393364666565316563
+31633239646262613539646637663664313337353465636366313338303439613638653530656631
-63353634313033316265666235366339653366363031343230313035336535643361616233646535
+62396536316561623736633631623336313537646138383431633538303163303261323864383538
-65396162326230656162313535646539663830646637623939613365363534663434343532653465
+38626338373332653561343036323236383337343037356366626230646432646538373836303063
-31613066353565626137363232386263666134613335656333616565643339386231646664343134
+61346339376561626630653562346439306561643664666437386562356535303264646338326261
-36333765366632386133313835306332646565353238633233613237343330316564343437313963
+33636536663161366635666264663539653037306339316233643662643134396636636162656333
-61636662353936323237393831326138363263306130633461323437616430323234646666313935
+36666139376263646130333263653335333165356462363434373439313330383331356138333431
-32643466323064623630363962316438386232333238633839613035643933633263663161316563
+31633362343639376436616339656561316433346532346533336261383433366366396261366134
-63616638313534643632
+35363264373335616165643665653466613434386630373232386261393464376361313131386462
+33333531336334386562356338623233313862316232356562373561633364363263306465333439
+37386631626538636365376464653837333662363361653237366161316431653266643238346336
+363863376530613036313866323965326638

group_vars/proxmox/vms.yml

@@ -1,15 +1,17 @@
 vms:
   - name: "docker-host10"
-    node: "inko"
+    node: "lulu"
     vmid: 410
     cores: 2
     memory: 4096 # in MiB
     net:
       net0: "virtio,bridge=vmbr0,firewall=1"
-    boot_image: "{{ proxmox_cloud_init_images.ubuntu.name }}"
+    boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
     ciuser: "{{ user }}"
     sshkeys: "{{ pubkey }}"
     disk_size: 128 # in Gb
+    hostpci:
+      hostpci0: "0000:00:02.0"
   - name: "docker-host11"
     node: "lulu"
     vmid: 411
@@ -21,13 +23,11 @@ vms:
     ciuser: "{{ user }}"
     sshkeys: "{{ pubkey }}"
     disk_size: 128 # in Gb
-    hostpci:
-      hostpci0: "0000:00:02.0"
   - name: "docker-host12"
     node: "naruto01"
     vmid: 412
-    cores: 2
+    cores: 4
-    memory: 4096 # in MiB
+    memory: 8192
     net:
       net0: "virtio,bridge=vmbr0,firewall=1"
     boot_image: "{{ proxmox_cloud_init_images.ubuntu.name }}"

production.ini

@@ -23,7 +23,7 @@ k3s-loadbalancer
 k3s-agent[00:02]
 k3s-server[00:02]
 k3s-longhorn[00:02]
-docker-host[00:01]
+# docker-host[00:01]
 
 [k3s_nodes]
 k3s-server[00:02]
@@ -31,8 +31,9 @@ k3s-agent[00:02]
 k3s-longhorn[00:02]
 
 [docker]
-docker-host[00:01]
+docker-host01
-docker-host[10:12]
+docker-host10
+docker-host12
 docker-lb
 
 [vps]
@@ -54,8 +55,9 @@ k3s-postgres
 k3s-loadbalancer
 
 [docker_host]
-docker-host[00:01]
+docker-host01
-docker-host[10:12]
+docker-host10
+docker-host12
 
 [docker_lb]
 docker-lb

roles/docker_host/handlers/main.yml

@@ -11,9 +11,11 @@
     state: present
   retries: 3
   delay: 5
+  become: true
 
 - name: Restart host
   ansible.builtin.reboot:
     connect_timeout: 5
     reboot_timeout: 600
     test_command: whoami
+  become: true

roles/docker_host/tasks/10_setup.yml

@@ -1,4 +1,17 @@
 ---
+- name: Check if debian.sources file exists
+  ansible.builtin.stat:
+    path: /etc/apt/sources.list.d/debian.sources
+  register: debian_sources_stat
+
+- name: Replace Components line to include non-free and non-free-firmware
+  ansible.builtin.replace:
+    path: /etc/apt/sources.list.d/debian.sources
+    regexp: "^Components:.*$"
+    replace: "Components: main non-free non-free-firmware"
+  when: debian_sources_stat.stat.exists
+  become: true
+
 - name: Setup VM Packages
   ansible.builtin.apt:
     name: "{{ item }}"
@@ -6,3 +19,32 @@
     update_cache: true
   loop: "{{ docker_host_package_common_dependencies }}"
   become: true
+
+- name: Gather installed package facts
+  ansible.builtin.package_facts:
+    manager: auto
+
+- name: Filter for specific cloud kernel packages
+  ansible.builtin.set_fact:
+    cloud_kernel_packages: >-
+      {{
+        ansible_facts.packages.keys()
+        | select('search', 'linux-image')
+        | select('search', 'cloud')
+        | list
+      }}
+
+- name: Use the list to remove the found packages
+  ansible.builtin.apt:
+    name: "{{ cloud_kernel_packages }}"
+    state: absent
+    autoremove: true
+  when: cloud_kernel_packages | length > 0
+  become: true
+
+- name: Restart host
+  ansible.builtin.reboot:
+    connect_timeout: 5
+    reboot_timeout: 600
+    test_command: whoami
+  become: true

roles/docker_host/tasks/main.yml

@@ -1,7 +1,6 @@
 ---
 - name: Setup VM
   ansible.builtin.include_tasks: 10_setup.yml
-
 - name: Install docker
   ansible.builtin.include_tasks: 20_installation.yml
 

roles/docker_host/vars/main.yml

@@ -1,2 +1,9 @@
 docker_host_package_common_dependencies:
   - nfs-common
+  - firmware-misc-nonfree
+  - linux-image-amd64
+
+apt_lock_files:
+  - /var/lib/dpkg/lock
+  - /var/lib/dpkg/lock-frontend
+  - /var/cache/apt/archives/lock

roles/proxmox/tasks/42_download_isos.yml

@@ -10,3 +10,19 @@
     dest: "{{ proxmox_dirs.isos }}/{{ distro.name }}"
     mode: "0644"
   when: not image_stat.stat.exists
+
+- name: Set raw image file name fact
+  ansible.builtin.set_fact:
+    raw_image_name: "{{ distro.name | splitext | first }}.img"
+
+- name: Check if raw image already exists
+  ansible.builtin.stat:
+    path: "{{ proxmox_dirs.isos }}/{{ raw_image_name }}"
+  register: raw_image_stat
+
+- name: Convert image to raw format
+  ansible.builtin.command:
+    cmd: "qemu-img convert -O raw {{ proxmox_dirs.isos }}/{{ distro.name }} {{ proxmox_dirs.isos }}/{{ raw_image_name }}"
+  when:
+    - download_result is changed or not raw_image_stat.stat.exists
+    - image_stat.stat.exists

roles/proxmox/tasks/56_provision_new_vm.yml

@@ -32,6 +32,37 @@
     vmid: "{{ vm.vmid }}"
     state: started
 
+- name: Stop VM
+  community.general.proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_host: "192.168.20.12"
+    node: "{{ vm.node }}"
+    vmid: "{{ vm.vmid }}"
+    state: stopped
+    force: true
+
+- name: Wait until VM is fully stopped
+  community.general.proxmox_vm_info:
+    api_user: "root@pam"
+    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_host: "192.168.20.12"
+    node: "{{ vm.node }}"
+    vmid: "{{ vm.vmid }}"
+  register: vm_status_check
+  until: vm_status_check.proxmox_vms[0].status == "stopped"
+  retries: 24
+  delay: 5
+
+- name: Start VM
+  community.general.proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_host: "192.168.20.12"
+    node: "{{ vm.node }}"
+    vmid: "{{ vm.vmid }}"
+    state: started
+
 - name: Wait for VM to appear on network
   ansible.builtin.shell: |
     nmap -sn -n -PR 192.168.20.0/24 | grep -B2 "{{ mac_address }}" | grep "Nmap scan report for"