Enhance Ansible playbooks and documentation for Debian and Proxmox management. Add new playbooks for Debian hardening, maintenance, SSH key rotation, and Proxmox cluster setup. Update README.md with quick start instructions for Debian and Proxmox operations. Modify group_vars to include Argo CD application settings, improving deployment flexibility and clarity.

2026-04-01 01:19:50 -04:00
parent 89be30884e
commit c15bf4d708
33 changed files with 682 additions and 5 deletions
--- a/ansible/group_vars/proxmox_hosts.yml
+++ b/ansible/group_vars/proxmox_hosts.yml
@@ -0,0 +1,37 @@
+---
+# Proxmox repositories
+proxmox_repo_debian_codename: trixie
+proxmox_repo_disable_enterprise: true
+proxmox_repo_disable_ceph_enterprise: true
+proxmox_repo_enable_pve_no_subscription: true
+proxmox_repo_enable_ceph_no_subscription: true
+
+# Suppress "No valid subscription" warning in UI
+proxmox_no_subscription_notice_disable: true
+
+# Public keys to install for root on each Proxmox host.
+proxmox_root_authorized_key_files:
+  - "{{ lookup('env', 'HOME') }}/.ssh/id_ed25519.pub"
+  - "{{ lookup('env', 'HOME') }}/.ssh/ansible.pub"
+
+# Package upgrade/reboot policy
+proxmox_upgrade_apt_cache_valid_time: 3600
+proxmox_upgrade_autoremove: true
+proxmox_upgrade_autoclean: true
+proxmox_upgrade_reboot_if_required: true
+proxmox_upgrade_reboot_timeout: 1800
+
+# Cluster settings
+proxmox_cluster_enabled: true
+proxmox_cluster_name: atomic-hub
+
+# Bootstrap host name from inventory (first host by default if empty)
+proxmox_cluster_master: ""
+
+# Optional explicit IP/FQDN for joining; leave empty to use ansible_host of master
+proxmox_cluster_master_ip: ""
+proxmox_cluster_force: false
+
+# Optional: use only for first cluster joins when inter-node SSH trust is not established.
+# Prefer storing with Ansible Vault if you set this.
+proxmox_cluster_master_root_password: "Hemroid8"