Enhance Ansible playbooks and documentation for Debian and Proxmox management. Add new playbooks for Debian hardening, maintenance, SSH key rotation, and Proxmox cluster setup. Update README.md with quick start instructions for Debian and Proxmox operations. Modify group_vars to include Argo CD application settings, improving deployment flexibility and clarity.

2026-04-01 01:19:50 -04:00
parent 89be30884e
commit c15bf4d708
33 changed files with 682 additions and 5 deletions
--- a/ansible/roles/proxmox_maintenance/defaults/main.yml
+++ b/ansible/roles/proxmox_maintenance/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+proxmox_upgrade_apt_cache_valid_time: 3600
+proxmox_upgrade_autoremove: true
+proxmox_upgrade_autoclean: true
+proxmox_upgrade_reboot_if_required: true
+proxmox_upgrade_reboot_timeout: 1800
--- a/ansible/roles/proxmox_maintenance/tasks/main.yml
+++ b/ansible/roles/proxmox_maintenance/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: Refresh apt cache
+  ansible.builtin.apt:
+    update_cache: true
+    cache_valid_time: "{{ proxmox_upgrade_apt_cache_valid_time }}"
+
+- name: Upgrade Proxmox host packages
+  ansible.builtin.apt:
+    upgrade: dist
+
+- name: Remove orphaned packages
+  ansible.builtin.apt:
+    autoremove: "{{ proxmox_upgrade_autoremove }}"
+
+- name: Clean apt package cache
+  ansible.builtin.apt:
+    autoclean: "{{ proxmox_upgrade_autoclean }}"
+
+- name: Check if reboot is required
+  ansible.builtin.stat:
+    path: /var/run/reboot-required
+  register: proxmox_reboot_required_file
+
+- name: Reboot when required by package upgrades
+  ansible.builtin.reboot:
+    reboot_timeout: "{{ proxmox_upgrade_reboot_timeout }}"
+    msg: "Reboot initiated by Ansible Proxmox maintenance playbook"
+  when:
+    - proxmox_upgrade_reboot_if_required | bool
+    - proxmox_reboot_required_file.stat.exists | default(false)