dump

ansible/books/bootstrap/bootstrap-proxmox.yml

@@ -3,37 +3,14 @@
   become: true
 
   pre_tasks:
-    - name: Remove enterprise repository
-      ansible.builtin.apt_repository:
-        update_cache: false
-        repo: deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise
-        state: absent
-    - name: Remove enterprise pbs repository
-      ansible.builtin.apt_repository:
-        update_cache: false
-        repo: deb https://enterprise.proxmox.com/debian/pbs bookworm InRelease
-        state: absent
-    - name: Remove enterprise ceph repository
-      ansible.builtin.apt_repository:
-        update_cache: false
-        repo: deb https://enterprise.proxmox.com/debian/ceph-quincy bookworm enterprise
-        state: absent
-    - name: Add community repository
-      ansible.builtin.apt_repository:
-        update_cache: true
-        repo: deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
-        state: present
+    - import_tasks: ../tasks/proxmox-repos.yml
 
   tasks:
-    - name: Ensure ethtool offload post-up is present for eno1
-      ansible.builtin.lineinfile:
-        path: /etc/network/interfaces
-        line: "\tpost-up ethtool -K eno2 tso off gso off"
-        insertafter: "^iface eno2 inet manual"
-        state: present
-        backup: yes
-
+    - import_tasks: ../tasks/network-interface-patch.yml
     - import_tasks: ../tasks/packages.yml
+    - import_tasks: ../tasks/terraform-user.yml
+    - import_tasks: ../tasks/cloud-init-snippets.yml
+
     # - import_tasks: ../tasks/locale.yml
     # - import_tasks: ../tasks/keyboard.yml
     # - import_tasks: ../tasks/users.yml

ansible/books/tasks/cloud-init-snippets.yml

@@ -0,0 +1,16 @@
+- name: Ensure snippets directory exists
+  ansible.builtin.file:
+    path: /var/lib/vz/snippets
+    state: directory
+    mode: "0755"
+
+- name: Upload cloud-init snippet
+  ansible.builtin.copy:
+    src: cloud-init-user-data.yaml
+    dest: /var/lib/vz/snippets/cloud-init-user-data.yaml
+    mode: "0644"
+
+- name: Verify cloud-init snippet is recognized
+  ansible.builtin.shell: qm cloudinit dump 9000 user
+  register: cloudinit_check
+  ignore_errors: true

ansible/books/tasks/network-interface-patch.yml

@@ -0,0 +1,7 @@
+- name: Ensure ethtool offload post-up is present for eno1
+  ansible.builtin.lineinfile:
+    path: /etc/network/interfaces
+    line: "\tpost-up ethtool -K eno2 tso off gso off"
+    insertafter: "^iface eno2 inet manual"
+    state: present
+    backup: yes

ansible/books/tasks/proxmox-repos.yml

@@ -0,0 +1,20 @@
+- name: Remove enterprise repository
+  ansible.builtin.apt_repository:
+    update_cache: false
+    repo: deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise
+    state: absent
+- name: Remove enterprise pbs repository
+  ansible.builtin.apt_repository:
+    update_cache: false
+    repo: deb https://enterprise.proxmox.com/debian/pbs bookworm InRelease
+    state: absent
+- name: Remove enterprise ceph repository
+  ansible.builtin.apt_repository:
+    update_cache: false
+    repo: deb https://enterprise.proxmox.com/debian/ceph-quincy bookworm enterprise
+    state: absent
+- name: Add community repository
+  ansible.builtin.apt_repository:
+    update_cache: true
+    repo: deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
+    state: present

ansible/books/tasks/terraform-user.yml

@@ -0,0 +1,13 @@
+- name: Create Terraform user
+  ansible.builtin.command: pveum user add terraform@pve --password {{ terraform_password }}
+  args:
+    creates: "/etc/pve/user.cfg" # Prevent re-run errors
+
+- name: Add TerraformProvisioner role
+  ansible.builtin.command: >
+    pveum role add TerraformProvisioner -privs "VM.Allocate VM.Config.CloudInit VM.Config.Disk VM.Config.Network VM.PowerMgmt VM.Console Datastore.AllocateSpace"
+  ignore_errors: true # Might already exist
+
+- name: Assign role to user
+  ansible.builtin.command: >
+    pveum aclmod / -user terraform@pve -role TerraformProvisioner