Homelab/Ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Enhance LXC creation playbook with SSH key injection and new parameters, introduce Ansible configuration, and adjust script paths and secret variable names.

Browse Source
This commit is contained in:
Maksym Buz
2026-01-04 12:49:48 +01:00
parent 5e7073e414
commit deefc70056
5 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ansible.cfg Normal file
View File

@@ -0,0 +1,3 @@
[defaults]
host_key_checking = False
inventory = inventory/hosts.ini

2
apt_upgrade.sh
View File

@@ -1 +1 @@
cd /home/mbuz/git/homelab/Ansible/ && ansible-playbook -i inventory/hosts.ini playbooks/apt_upgrade.yml -l ubuntu --extra-vars "@vars.yml" --extra-vars "@secrets.yml" cd /opt/ansible/ && ansible-playbook -i inventory/hosts.ini playbooks/apt_upgrade.yml -l ubuntu --extra-vars "@vars.yml" --extra-vars "@secrets.yml"

2
example_secrets.yml
View File

@@ -1,7 +1,7 @@
### Copy this into secrets.yml and replate with a real values ### ### Copy this into secrets.yml and replate with a real values ###
# Password used for Ansible to connect to LXC as root (if not using SSH keys) # Password used for Ansible to connect to LXC as root (if not using SSH keys)
ansible_password: 'REPLACE_WITH_ROOT_PASSWORD' lxc_root_password: 'REPLACE_WITH_ROOT_PASSWORD'
# Zabbix proxy parameters for connecting to Zabbix server # Zabbix proxy parameters for connecting to Zabbix server
zabbix_server_address: 'x.x.x.x' zabbix_server_address: 'x.x.x.x'
zabbix_psk_identity: '<zabbix_psk_identity' zabbix_psk_identity: '<zabbix_psk_identity'

11
playbooks/README.md
View File

@@ -6,12 +6,13 @@ This directory contains automation playbooks for managing the homelab infrastruc
### `create_lxc.yml` ### `create_lxc.yml`
**Creates and bootstraps a new LXC container on Proxmox.** **Creates and bootstraps a new LXC container on Proxmox.**
- **Input**: Prompts for Container Name and IP Address. - **Input**: Prompts for Container Name, IP Address, VMID, CPU Cores, and Memory.
- **Actions**: - **Actions**:
1. Connects to Proxmox API to create a new unprivileged LXC container (Ubuntu 24.04). 1. Connects to Proxmox API to create a new unprivileged LXC container.
2. Starts the container and waits for connectivity. 2. **Injects SSH Keys**: Uses `vars.yml` to inject public keys directly into `/root/.ssh/authorized_keys` (bypassing password auth).
3. Temporarily adds the host to the inventory. 3. Starts the container and waits for connectivity.
4. Automatically triggers `lxc_setup_ubuntu.yml` to secure the new container. 4. Automatically secures the container (creates `mbuz` user, secures SSH, disables root) effectively running the logic of `lxc_setup_ubuntu.yml`.
5. Adds the new host to `inventory/hosts.ini` in the `[lxc]` group.
### `lxc_setup_ubuntu.yml` ### `lxc_setup_ubuntu.yml`
**Secures a fresh Ubuntu installation.** **Secures a fresh Ubuntu installation.**

2
playbooks/create_lxc.yml
View File

@@ -40,7 +40,7 @@
ostemplate: '{{ proxmox_storage }}:vztmpl/ubuntu-24.04-standard_24.04-2_amd64.tar.zst' ostemplate: '{{ proxmox_storage }}:vztmpl/ubuntu-24.04-standard_24.04-2_amd64.tar.zst'
vmid: "{{ container_id }}" vmid: "{{ container_id }}"
hostname: "{{ container_name }}" hostname: "{{ container_name }}"
password: "{{ ansible_password }}" password: "{{ lxc_root_password }}"
pubkey: "{{ my_public_keys | join('\n') }}" pubkey: "{{ my_public_keys | join('\n') }}"
netif: netif:
net0: "name=eth0,gw=10.0.0.1,ip={{ container_ip_cidr }},bridge=vmbr0" net0: "name=eth0,gw=10.0.0.1,ip={{ container_ip_cidr }},bridge=vmbr0"