zailon/olimp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
89832f1252
olimp/roles/proxmox_base_setup/tasks/main.yml
Administrator a948ee74a8 Update 12 files 
- /roles/proxmox_monitoring/handlers/main.yml
- /roles/proxmox_monitoring/tasks/main.yml
- /roles/proxmox_monitoring/templates/node_exporter.service.j2
- /roles/proxmox_monitoring/templates/storcli_metrics.sh.j2
- /roles/proxmox_monitoring/templates/pve_exporter_config.yml.j2
- /roles/proxmox_base_setup/tasks/main.yml
- /roles/grafana/templates/docker-compose.yml.j2
- /roles/grafana/files/vmagent.yaml
- /roles/base_setup/tasks/main.yml
- /roles/base_setup/handlers/main.yml
- /group_vars/all.yml
- /olimp-deploy.yml
2025-11-18 19:57:51 +00:00

152 lines
3.9 KiB
YAML
Raw Blame History

---
- name: Update package cache
apt:
update_cache: yes
cache_valid_time: 86400
- name: Upgrade installed packages (safe — не трогает pve-kernel и pve-пакеты)
apt:
upgrade: safe
notify: reboot if kernel updated
- name: Install essential base packages
apt:
name:
- curl
- wget
- gnupg
- apt-transport-https
- ca-certificates
- lsb-release
- net-tools
- iproute2
- pciutils
- smartmontools
- htop
- vim
- bash-completion
state: present
- name: Ensure 'locales' is installed (required for locale_gen)
apt:
name: locales
state: present
when: system_locale is defined and system_locale | length > 0
- name: Remove unused packages
apt:
autoremove: yes
autoclean: yes
- name: Disable IPv6 via sysctl
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
sysctl_set: yes
state: present
reload: yes
loop:
- { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }
- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }
- name: Ensure /root/.bashrc exists
file:
path: /root/.bashrc
state: touch
mode: '0644'
- name: Add custom aliases and env to ~/.bashrc
blockinfile:
path: /root/.bashrc
marker: "# {mark} ANSIBLE MANAGED BLOCK: PROXMOX CUSTOM ALIASES"
block: |
# ——— Общие ———
alias rm='rm -i' # Защита от случайного удаления
alias cp='cp -i'
alias mv='mv -i'
alias ls='ls --color=auto'
alias ll='ls -lah'
alias l.='ls -d .* --color=auto'
alias mount='mount | column -t'
alias h='history'
alias c='clear'
alias now='date +%T'
alias nowdate='date +%Y-%m-%d'
alias ping5='ping -c 5'
alias ports='ss -tulnp' # современная замена netstat
alias meminfo='free -h'
alias psmem='ps aux --sort=-%mem | head -11'
# ——— Proxmox ———
alias lxcstat='pct list'
alias qmstat='qm list'
alias ha='pvecm status && pve-ha-manager status'
alias stor='pvesm status'
# ——— RAID / Диски ———
alias storcli='/opt/MegaRAID/storcli/storcli64'
# ——— Обновление ———
alias aptup='apt update && apt list --upgradable'
owner: root
mode: '0644'
- name: Configure timezone
timezone:
name: "{{ timezone }}"
- name: Generate system locale
locale_gen:
name: "{{ system_locale }}"
state: present
when: system_locale is defined and system_locale | length > 0
- name: Set default LANG in /etc/default/locale
lineinfile:
path: /etc/default/locale
regexp: '^LANG='
line: "LANG={{ system_locale }}"
state: present
create: yes
when: system_locale is defined and system_locale | length > 0
- name: Ensure common dirs exist
file:
path: "{{ item }}"
state: directory
mode: '0755'
loop:
- /opt/scripts
- /etc/apt/keyrings
- name: Ensure python3-requests is available (for custom scripts)
apt:
name: python3-requests
state: present
- name: Ensure SSH directory exists
file:
path: /root/.ssh
state: directory
mode: '0700'
- name: Add authorized SSH keys for root
authorized_key:
user: root
state: present
key: "{{ item }}"
loop: "{{ ssh_public_keys | default([]) }}"
- name: Harden SSH configuration
lineinfile:
path: /etc/ssh/sshd_config
regexp: "^{{ item.key }}\\s"
line: "{{ item.key }} {{ item.value }}"
state: present
loop:
- { key: 'PasswordAuthentication', value: 'no' }
- { key: 'PermitRootLogin', value: 'prohibit-password' }
- { key: 'PubkeyAuthentication', value: 'yes' }
- { key: 'X11Forwarding', value: 'no' }
notify: restart ssh
Reference in New Issue View Git Blame Copy Permalink