badjware
/
home-stack-ansible
1
0
Fork 0
Code Releases Activity

add pam user configuration to proxmox

This commit is contained in:
Massaki Archambault 2021-11-12 15:20:41 -05:00
parent 9d04ba4d77
commit 1079c87e04
5 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
group_vars/lb.yml
View File

@ -5,6 +5,7 @@ haproxy:
- cloud.badjware.dev - cloud.badjware.dev
- code.badjware.dev - code.badjware.dev
- drone.badjware.dev - drone.badjware.dev
- grafana.badjware.dev
dst: dst:
- 192.168.20.20 - 192.168.20.20
- 192.168.20.21 - 192.168.20.21

8
hosts
View File

@ -21,6 +21,7 @@
6139363534616231380a373931333530373339653132626238333566663362343663623532393330 6139363534616231380a373931333530373339653132626238333566663362343663623532393330
35616230643533363032623066376536366236353335373130643262613561396131 35616230643533363032623066376536366236353335373130643262613561396131
# Actual config starts here
all: all:
hosts: hosts:
pfsense: pfsense:
@ -30,8 +31,8 @@ all:
hosts: hosts:
router-0: router-0:
ansible_host: 192.168.10.10 ansible_host: 192.168.10.10
vars: # vars:
ansible_user: root # ansible_user: root
lb: lb:
hosts: hosts:
lb: lb:
@ -50,13 +51,14 @@ all:
ansible_host: 192.168.20.22 ansible_host: 192.168.20.22
k3s-w2: k3s-w2:
ansible_host: 192.168.20.23 ansible_host: 192.168.20.23
ubuntu: debian:
hosts: hosts:
ubiquiti: ubiquiti:
ansible_host: 192.168.10.2 ansible_host: 192.168.10.2
pihole: pihole:
ansible_host: 192.168.20.2 ansible_host: 192.168.20.2
children: children:
proxmox:
lb: lb:
k3s: k3s:
vars: vars:

2
playbook.yml
View File

@ -1,4 +1,4 @@
- hosts: ubuntu - hosts: debian
roles: roles:
- common - common

4
roles/haproxy/templates/haproxy.cfg
View File

@ -50,6 +50,10 @@ frontend https_in
# set HSTS # set HSTS
http-response set-header Strict-Transport-Security "max-age=15552000; includeSubDomains;" http-response set-header Strict-Transport-Security "max-age=15552000; includeSubDomains;"
# set X-Forwarded-Proto
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request set-header X-Forwarded-Proto https if { ssl_fc }
# request is ssl # request is ssl
# tcp-request inspect-delay 5s # tcp-request inspect-delay 5s
# tcp-request content accept if { req.ssl_hello_type 1 } # tcp-request content accept if { req.ssl_hello_type 1 }

12
roles/proxmox/tasks/main.yml
View File

@ -5,6 +5,18 @@
line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on"' line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on"'
notify: update grub notify: update grub
- name: Enable PAM users
lineinfile:
path: /etc/pve/user.cfg
line: 'user:{{ item.key }}@pam:1:0::::::'
with_dict: '{{ users }}'
- name: Enable PAM users admin access
lineinfile:
path: /etc/pve/user.cfg
line: 'acl:1:/:{{ item.key }}@pam:PVEAdmin:'
with_dict: '{{ users }}'
- name: Copy pve-no-subscription.list - name: Copy pve-no-subscription.list
copy: copy:
src: pve-no-subscription.list src: pve-no-subscription.list