# Proxmox Home Server Ansible Bootstrapping

This repository contains Ansible playbooks and roles for bootstrapping a fresh Proxmox VE installation.

## Prerequisites

*   Ansible installed on your control machine.
*   Your Proxmox VE server has an initial root password set.
*   Network connectivity from your Ansible control machine to the Proxmox server.

## Setup

1.  **Clone this repository:**
    ```bash
    git clone https://gitprocopius.com/plasmagoat/proxmox.git
    cd proxmox
    ```

2.  **Configure `inventory.ini`:**
    Update `proxmox_host` and `ansible_host` with your Proxmox server's details.

    ```ini
    # inventory.ini
    [proxmox]
    proxmox_01 ansible_host=192.168.1.200 ansible_user=root
    ```

3.  **Create and encrypt `group_vars/proxmox/vault.yml`:**
    This file will store your initial Proxmox root password.

    ```bash
    ansible-vault create group_vars/proxmox/vault.yml
    ```
    Enter a strong vault password when prompted. Then add the following content:

    ```yaml
    # group_vars/all/vault.yml
    initial_root_password: "YourActualProxmoxRootPassword"
    ```
    Save and exit.

4.  **Configure `group_vars/proxmox/main.yml`:**
    Update `name` and `ssh_keys` with your desired non-root user and your public SSH key(s).

    ```yaml
    # group_vars/all/main.yml
    admin:
      name: "your_ansible_user"
      ssh_keys:
      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB... your_public_key"
    ```

5.  **Create a vault password file (recommended):**
    Create a file (e.g., `~/.ansible_vault_pass`) containing only your vault password.
    ```bash
    echo "YourVaultPassword" > ~/.ansible_vault_pass
    chmod 600 ~/.ansible_vault_pass
    ```
    Ensure `ansible.cfg` points to this file.

## Running the Playbook

Execute the bootstrapping playbook:

```bash
ansible-playbook playbooks/bootstrap.yml
```

If you didn't set `vault_password_file` in `ansible.cfg`, you'll be prompted for the vault password.

## Post-Bootstrapping

After the playbook completes:

1.  **Test SSH login with the new user:**
    ```bash
    ssh your_ansible_user@<your_proxmox_ip_address>
    ```
    You should be able to log in without a password using your SSH key.

2.  **Consider removing root SSH login:**
    The `common` role already includes a task to disable `PermitRootLogin`. Verify it's set to `no` in `/etc/ssh/sshd_config` on the Proxmox host.