plasmagoat/proxmox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
proxmox/README.md
plasmagoat c05c863fda proxmox ci api user
2025-06-08 20:11:50 +02:00

82 lines
2.4 KiB
Markdown
Raw Permalink Blame History

# Proxmox Home Server Ansible Bootstrapping
This repository contains Ansible playbooks and roles for bootstrapping a fresh Proxmox VE installation.
## Prerequisites
* Ansible installed on your control machine.
* Your Proxmox VE server has an initial root password set.
* Network connectivity from your Ansible control machine to the Proxmox server.
## Setup
1. **Clone this repository:**
```bash
git clone https://gitprocopius.com/plasmagoat/proxmox.git
cd proxmox
```
2. **Configure `inventory.ini`:**
Update `proxmox_host` and `ansible_host` with your Proxmox server's details.
```ini
# inventory.ini
[proxmox]
proxmox_01 ansible_host=192.168.1.200 ansible_user=root
```
3. **Create and encrypt `group_vars/proxmox/vault.yml`:**
This file will store your initial Proxmox root password.
```bash
ansible-vault create group_vars/proxmox/vault.yml
```
Enter a strong vault password when prompted. Then add the following content:
```yaml
# group_vars/all/vault.yml
vault_proxmox_initial_root_password: "YourActualProxmoxRootPassword"
```
Save and exit.
4. **Configure `group_vars/proxmox/main.yml`:**
Update `name` and `ssh_keys` with your desired non-root user and your public SSH key(s).
```yaml
# group_vars/all/main.yml
admin:
name: "your_ansible_user"
ssh_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB... your_public_key"
```
5. **Create a vault password file (recommended):**
Create a file (e.g., `~/.ansible_vault_pass`) containing only your vault password.
```bash
echo "YourVaultPassword" > ~/.ansible_vault_pass
chmod 600 ~/.ansible_vault_pass
```
Ensure `ansible.cfg` points to this file.
## Running the Playbook
Execute the bootstrapping playbook:
```bash
ansible-playbook playbooks/bootstrap.yml
```
If you didn't set `vault_password_file` in `ansible.cfg`, you'll be prompted for the vault password.
## Post-Bootstrapping
After the playbook completes:
1. **Test SSH login with the new user:**
```bash
ssh your_ansible_user@<your_proxmox_ip_address>
```
You should be able to log in without a password using your SSH key.
2. **Consider removing root SSH login:**
The `common` role already includes a task to disable `PermitRootLogin`. Verify it's set to `no` in `/etc/ssh/sshd_config` on the Proxmox host.
Reference in a new issue View git blame Copy permalink