A monorepo with Ansible roles, playbooks, etc. for homelab management.
Run on destination PVE node (or just on one if you have a cluster)
PVE_ROLE_NAME=Ansible
PVE_USERNAME=ansible
PVE_TOKEN_NAME=ansible
# Create role with a required permissions
pveum role add $PVE_ROLE_NAME -privs "VM.Audit"
# Create user
pveum user add $PVE_USERNAME@pve
# Assign created role for user
pveum aclmod / -user $PVE_USERNAME@pve -role $PVE_ROLE_NAME
# Create a token for user
pveum user token add $PVE_USERNAME@pve $PVE_TOKEN_NAME --privsep 0- System - Configuring & hardening system as base
- K3s Cluster - Preparing & configuring a K3s cluster
- K3s cluster destroy - Preparing & configuring a K3s cluster
- K3s Upgrade - Draining node & running K3s upgrade process
- K8s Node Deregister - Removing node from the K3s cluster properly and removes K3s from system
- K8s Node Labeling - Getting informations about hardware and role and setting a proper labels for the Kubernetes node
- Vault initialize - Preparing & configuring Vault HA
- Vault Unseal - Unsealing an existing Vault
ap playbooks/vault.yaml --extra-vars '{"vault_gcp_project_id": "XXX","vault_gcp_location": "europe-central2","vault_gcp_key_ring": "XXX","vault_gcp_crypto_key": "XXX"}'ap playbooks/vault-unseal.yaml --extra-vars "$(cat ansible-remote-data/vault-init.json | jq '. | {vault_unseal_keys: .unseal_keys_hex}')"ap playbooks/vault-snapshot-agent.yaml --extra-vars '{"vault_snapshot_agent_role_id": "XXX","vault_snapshot_agent_secret_id": "XXX","vault_snapshot_agent_storage_local_path": "/mnt/vault-snapshots"}'