proxmox ci api user

2025-06-08 20:11:50 +02:00 · 2025-06-08 20:11:50 +02:00 · c05c863fda
commit c05c863fda
parent bdf3bc6b02
8 changed files with 147 additions and 52 deletions
--- a/group_vars/proxmox/main.yml
+++ b/group_vars/proxmox/main.yml
@ -9,17 +9,43 @@ proxmox_network_cidr: "24"
 proxmox_network_gateway: "192.168.1.1"
 proxmox_physical_nic: "eno1" # Main NIC for vmbr0

-# General system-wide variables
-admin:
-  name: "plasmagoat"
-  groups: ["sudo"]
-  shell: /bin/bash
-  ssh_keys:
-    - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICUP7m8jZJiclZGfSje8CeBYFhX10SrdtjYziuChmj1X plasmagoat@macbook-air"
+# Proxmox API
+# proxmox_role_id: CI_VM_Admin
+# proxmox_role_privs: "VM.Allocate,VM.Audit,VM.Clone,VM.PowerMgmt,Datastore.Allocate,Datastore.Audit,Datastore.Read,Datastore.Backup,Sys.Audit"
+proxmox_api_user_name: ci-user # Name for the Proxmox API user
+proxmox_api_user_realm: pam # Realm for the Proxmox API user (e.g., 'pam', 'pve')
+proxmox_api_user_role: PVEAdmin
+proxmox_api_user_password: "{{ vault_proxmox_api_user_password }}" # Securely retrieve password
+proxmox_api_token_id: ci-token # e.g., 'ci-token'
+proxmox_api_token_comment: "Token for CI/CD operations on Proxmox"
+proxmox_api_token_privs: # Privileges for the API Token (often defined by assigned roles)
+  # For a token, you typically rely on the user's roles. But you can also explicitly grant
+  # or restrict privileges directly on the token. Here, we'll rely on the user's role.
+  # You can override here if needed, e.g., ['VM.PowerMgmt', 'VM.Clone']
+  []
+# This should be retrieved from a secure source like Ansible Vault or environment variables.
+# proxmox_api_token_secret: "{{ lookup('ansible.builtin.env', 'PROXMOX_API_TOKEN_SECRET') }}"
+# OR, if using Ansible Vault:
+proxmox_api_token_secret: "{{ vault_proxmox_api_token_secret }}"

-ci_user:
-  name: forgejo-runner
-  groups: ["sudo"]
-  shell: /bin/bash
-  ssh_keys:
-    - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGlzZWik5bbH6/xjiCpwo1SQSJ/J/Cv7y4ZQ45P68GLB forgejo-runner"
+# --- Proxmox Connection Details ---
+proxmox_host: "192.168.1.205" # Proxmox API IP/hostname
+proxmox_initial_root_password: "{{ vault_proxmox_initial_root_password }}"
+
+proxmox_admin_user_name: "plasmagoat"
+proxmox_admin_user_groups: ["sudo"]
+proxmox_admin_user_shell: /bin/bash
+proxmox_admin_user_ssh_keys:
+  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICUP7m8jZJiclZGfSje8CeBYFhX10SrdtjYziuChmj1X plasmagoat@macbook-air"
+
+proxmox_ci_user_name: ci-user
+proxmox_ci_user_groups: ["sudo"]
+proxmox_ci_user_shell: /bin/bash
+proxmox_ci_user_ssh_key:
+  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGlzZWik5bbH6/xjiCpwo1SQSJ/J/Cv7y4ZQ45P68GLB forgejo-runner"
+# ci_user:
+#   name: forgejo-runner
+#   groups: ["sudo"]
+#   shell: /bin/bash
+#   ssh_keys:
+#     - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGlzZWik5bbH6/xjiCpwo1SQSJ/J/Cv7y4ZQ45P68GLB forgejo-runner"
--- a/group_vars/proxmox/vault.yml
+++ b/group_vars/proxmox/vault.yml
@ -1,7 +1,14 @@
 $ANSIBLE_VAULT;1.1;AES256
-61313964636437313765633263626265306663373866616265393463383838616130373639373037
-6261666639613636363666626635353636343439663263320a303137653761646664633463376466
-62616630306332373862653838376563623465393130386536383666616133656538306336666165
-3430373162633736610a633864623662366536353436343235353764386664376662363138376435
-66633337393735633539303565663634333635366462386465313739613762613932643231656437
-3464393961663935373964623432383834643263353230313333
+35353166376230643231373732353138333738383563366536383031656335303630623238626663
+3934363333653763353839363435393964626437616138360a643238643032613332396135313766
+38323266326262643637366364643663336166353365613139383166356233336137613961316233
+6130613761356635340a353839353434623861383363643663643930306431336134336437623663
+34383235653461306631396439376462313062343031313632386339386434663365613732376431
+62653461356465336633613366383533356139316662653862336438356136643964653733333230
+33373266656261306630636131393635656562343466303836366262646634303335613861326530
+34643439653463646431373063633830323238393565306436623832633930326533626139336234
+66616636333130616366366339393631316265363565623532303132373162666561396562336363
+39643838653364366539386466356565366335653261396563306133323965363837326164393336
+64313364393439643163633330303862373135376266643863633764343462336164303562386561
+61363638313432363366636662333763313163613862326133633330383463633831613265623466
+36303965353832313433383865656432633137376439336365346632313438633161