docs: Add granular Proxmox API token permissions to README and fix inventory file paths in LXC playbooks.

README.md

@@ -36,7 +36,10 @@ ansible-galaxy collection install community.general
 2.  **Create Token**: Go to **API Tokens**, add a token for `ansible@pve` (e.g., `ansible-token`). **Save the Secret!**
 3.  **Permissions**: Go to **Permissions**, add User Permission for `ansible@pve`:
     -   Path: `/`
-    -   Role: `Administrator` (or a custom role with VM/CT creation privileges).
+    -   Role: `Administrator` (Easiest)
+    -   **OR** Granular Roles:
+        -   Path: `/` -> `PVEVMAdmin` + `Sys.Audit`
+        -   Path: `/storage/local` (or your storage ID) -> `Datastore.AllocateSpace` + `Datastore.Audit`
 
 ### 3. Configure Secrets
 Update your `secrets.yml` (do not commit this file!) with the credentials:

playbooks/create_lxc.yml

@@ -72,7 +72,7 @@
 
     - name: Add new host to local hosts.ini file (persistency)
       ansible.builtin.blockinfile:
-        path: "{{ inventory_dir }}/hosts.ini"
+        path: "{{ playbook_dir }}/../inventory/hosts.ini"
         block: |
           {{ container_name }} ansible_host={{ container_ip_cidr | split('/') | first }} ansible_user=root
         insertafter: "^\\[new\\]"

playbooks/lxc_setup_ubuntu.yml

@@ -66,7 +66,7 @@
   tasks:
     - name: Remove host from the [new] group
       ansible.builtin.lineinfile:
-        path: "{{ inventory_dir }}/hosts.ini"
+        path: "{{ playbook_dir }}/../inventory/hosts.ini"
         regexp: "^{{ item }}\\s" # Match the start of the line with the hostname
         state: absent
       loop: "{{ groups['new'] }}" # Loop over all hosts in the 'new' group