From aa8d8498256714db9feb69438048c777e27545bb Mon Sep 17 00:00:00 2001
From: Freek Kettone <federico.ds25@gmail.com>
Date: Wed, 3 Sep 2025 06:23:21 +0200
Subject: [PATCH] Buonanotte

---
 ansible.cfg                   |  7 ++++
 group_vars/all.yml            |  4 ++
 group_vars/proxmox_nodes.yml  |  3 ++
 inventories/proxmox.yml       | 15 +++++++
 inventory.ini                 |  2 -
 playbook.yml                  |  5 ---
 playbooks/configure_lxc.yml   | 73 +++++++++++++++++++++++++++++++++++
 playbooks/configure_nginx.yml |  4 ++
 playbooks/create_lxc.yml      | 67 ++++++++++++++++++++++++++++++++
 playbooks/site.yml            |  3 ++
 requirements.yml              |  2 +
 11 files changed, 178 insertions(+), 7 deletions(-)
 create mode 100644 ansible.cfg
 create mode 100644 group_vars/all.yml
 create mode 100644 group_vars/proxmox_nodes.yml
 create mode 100644 inventories/proxmox.yml
 delete mode 100644 inventory.ini
 delete mode 100644 playbook.yml
 create mode 100644 playbooks/configure_lxc.yml
 create mode 100644 playbooks/configure_nginx.yml
 create mode 100644 playbooks/create_lxc.yml
 create mode 100644 playbooks/site.yml
 create mode 100644 requirements.yml

diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..bd6b167
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,7 @@
+[defaults]
+inventory = inventories/
+remote_user = root
+host_key_checking = False
+retry_files_enabled = False
+roles_path = ./roles
+private_key_file = ~/.ssh/ansible
diff --git a/group_vars/all.yml b/group_vars/all.yml
new file mode 100644
index 0000000..d72d304
--- /dev/null
+++ b/group_vars/all.yml
@@ -0,0 +1,4 @@
+# Variabili per la creazione del container
+root_password: "{{ lookup('env', 'XMPP_PASSWORD') }}"
+ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
+
diff --git a/group_vars/proxmox_nodes.yml b/group_vars/proxmox_nodes.yml
new file mode 100644
index 0000000..2f60dae
--- /dev/null
+++ b/group_vars/proxmox_nodes.yml
@@ -0,0 +1,3 @@
+proxmox_host: 192.168.1.100:8006
+proxmox_user: root@pam
+proxmox_password: "{{ lookup('env', 'PROXMOX_PASSWORD') }}"
diff --git a/inventories/proxmox.yml b/inventories/proxmox.yml
new file mode 100644
index 0000000..b054f2f
--- /dev/null
+++ b/inventories/proxmox.yml
@@ -0,0 +1,15 @@
+all:
+  children:
+    proxmox_nodes:
+      hosts:
+        my-proxmox:
+          ansible_host: 192.168.1.100
+          ansible_user: root
+          #proxmox_url: https://192.168.1.100:8006/api2/json
+          proxmox_url: 192.168.1.100
+          proxmox_user: root@pam
+          proxmox_password: "{{ lookup('env', 'PROXMOX_PASSWORD') }}"
+    
+    # Gruppo che verrà popolato dinamicamente
+    lxc_containers:
+      hosts: {}
diff --git a/inventory.ini b/inventory.ini
deleted file mode 100644
index 6936a01..0000000
--- a/inventory.ini
+++ /dev/null
@@ -1,2 +0,0 @@
-[xmpp]
-10.10.0.21 ansible_user=root ansible_ssh_private_key_file=~/.ssh/ansible
diff --git a/playbook.yml b/playbook.yml
deleted file mode 100644
index 1128f51..0000000
--- a/playbook.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: Configura container di base
-  hosts: xmpp   #dice che deve applicare le seguenti cose al gruppo xmpp definito nell'inventory.ini
-  become: true  #esegue da root
-  roles:
-    - nginx
diff --git a/playbooks/configure_lxc.yml b/playbooks/configure_lxc.yml
new file mode 100644
index 0000000..7ce51d9
--- /dev/null
+++ b/playbooks/configure_lxc.yml
@@ -0,0 +1,73 @@
+- name: Configura container LXC
+  hosts: lxc_containers
+  vars:
+    ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
+  gather_facts: false
+  become: yes
+
+  tasks:
+    - name: Ensure SSH is installed
+      ansible.builtin.apt:
+        name: openssh-server
+        state: present
+        update_cache: yes
+
+
+    - name: Ensure SSH is running
+      ansible.builtin.systemd:
+        name: ssh
+        state: started
+        enabled: yes
+
+
+    - name: Configure SSH to allow root login
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^#?PermitRootLogin'
+        line: 'PermitRootLogin yes'
+      notify: Restart SSH
+
+
+    - name: Disable DNS lookup to speed up SSH login
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^#?UseDNS'
+        line: 'UseDNS no'
+      notify: Restart SSH
+
+        
+    - name: Ensure .ssh directory exists
+      ansible.builtin.file:
+        path: /root/.ssh
+        state: directory
+        mode: '0700'
+        owner: root
+        group: root
+
+
+    - name: Install authorized_keys for root
+      ansible.builtin.copy:
+        dest: /root/.ssh/authorized_keys
+        content: "{{ ssh_public_key }}"
+        mode: '0600'
+        owner: root
+        group: root
+
+
+    - name: Configure SSH for key-only root login
+      ansible.builtin.blockinfile:
+        path: /etc/ssh/sshd_config
+        block: |
+          PermitRootLogin prohibit-password
+          PasswrodAuthentication no
+          UseDNS no
+        notify:  Restart SSH
+
+
+
+
+  handlers:
+    - name: Restart SSH
+      ansible.builtin.service:
+        name: ssh
+        state: restarted
diff --git a/playbooks/configure_nginx.yml b/playbooks/configure_nginx.yml
new file mode 100644
index 0000000..fbf2b73
--- /dev/null
+++ b/playbooks/configure_nginx.yml
@@ -0,0 +1,4 @@
+- name: Configura Nginx sul container
+  hosts: lxc_containers
+  roles:
+    - nginx
diff --git a/playbooks/create_lxc.yml b/playbooks/create_lxc.yml
new file mode 100644
index 0000000..7398b41
--- /dev/null
+++ b/playbooks/create_lxc.yml
@@ -0,0 +1,67 @@
+- name: Crea container lxc per prosody (xmpp)
+  hosts: proxmox_nodes  
+  gather_facts: false
+  vars:
+    root_password: "{{ lookup('env', 'XMPP_PASSWORD') }}"
+    ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
+    
+
+  tasks: 
+
+
+    - name: Create LXC
+      community.general.proxmox:
+        api_host: "{{ proxmox_url }}"
+        api_user: "{{ proxmox_user }}"
+        api_password: "{{ proxmox_password }}"
+        vmid: 121
+        node: milan
+        hostname: xmpp
+        ostemplate: "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
+        storage: slow1
+        cores: 1
+        memory: 512
+        netif:
+          net0: "name=eth0,bridge=vmbr1,ip=10.10.0.21/16,gw=10.10.0.1"
+        pubkey: "{{ ssh_public_key }}"
+        password: "{{ root_password }}"
+        state: present
+      delegate_to: localhost
+      register: lxc_creation_result   #booooh, capiremo questo che vuol dire. Intanto registriamolo... immagino... 
+
+
+    - name: Start LXC container
+      community.general.proxmox:
+        api_host: "{{ proxmox_url }}"
+        api_user: "{{ proxmox_user }}"
+        api_password: "{{ proxmox_password }}"
+        vmid: 121
+        node: milan
+        state: started              # Tutto questo blocco è riassumibile in questa riga
+      delegate_to: localhost
+      when: lxc_creation_result.changed
+
+
+#    - name: Wait for container SSH to be available
+#      wait_for:
+#        host: 10.10.0.21
+#        port: 22
+#        timeout: 90
+#        delay: 10
+#      delegate_to: localhost
+#      when: lxc_creation_result.changed
+
+
+    - name: Wait until SSH is fully ready
+      ansible.builtin.wait_for_connection:
+        timeout: 180
+      delegate_to: xmpp01
+
+
+
+    - name: Aggiungi container all'inventory dinamico
+      add_host:
+        name: xmpp01
+        ansible_host: "10.10.0.21"
+        groups: lxc_containers
+      when: lxc_creation_result.changed
diff --git a/playbooks/site.yml b/playbooks/site.yml
new file mode 100644
index 0000000..f51de94
--- /dev/null
+++ b/playbooks/site.yml
@@ -0,0 +1,3 @@
+- import_playbook: create_lxc.yml
+- import_playbook: configure_lxc.yml
+- import_playbook: configure_nginx.yml
diff --git a/requirements.yml b/requirements.yml
new file mode 100644
index 0000000..72fe72d
--- /dev/null
+++ b/requirements.yml
@@ -0,0 +1,2 @@
+collections:
+  - name: community.general