Buonanotte

ansible.cfg

@@ -0,0 +1,7 @@
+[defaults]
+inventory = inventories/
+remote_user = root
+host_key_checking = False
+retry_files_enabled = False
+roles_path = ./roles
+private_key_file = ~/.ssh/ansible

group_vars/all.yml

@@ -0,0 +1,4 @@
+# Variabili per la creazione del container
+root_password: "{{ lookup('env', 'XMPP_PASSWORD') }}"
+ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
+

group_vars/proxmox_nodes.yml

@@ -0,0 +1,3 @@
+proxmox_host: 192.168.1.100:8006
+proxmox_user: root@pam
+proxmox_password: "{{ lookup('env', 'PROXMOX_PASSWORD') }}"

inventories/proxmox.yml

@@ -0,0 +1,15 @@
+all:
+  children:
+    proxmox_nodes:
+      hosts:
+        my-proxmox:
+          ansible_host: 192.168.1.100
+          ansible_user: root
+          #proxmox_url: https://192.168.1.100:8006/api2/json
+          proxmox_url: 192.168.1.100
+          proxmox_user: root@pam
+          proxmox_password: "{{ lookup('env', 'PROXMOX_PASSWORD') }}"
+    
+    # Gruppo che verrà popolato dinamicamente
+    lxc_containers:
+      hosts: {}

inventory.ini

@@ -1,2 +0,0 @@
-[xmpp]
-10.10.0.21 ansible_user=root ansible_ssh_private_key_file=~/.ssh/ansible

playbook.yml

@@ -1,5 +0,0 @@
-- name: Configura container di base
-  hosts: xmpp   #dice che deve applicare le seguenti cose al gruppo xmpp definito nell'inventory.ini
-  become: true  #esegue da root
-  roles:
-    - nginx

playbooks/configure_lxc.yml

@@ -0,0 +1,73 @@
+- name: Configura container LXC
+  hosts: lxc_containers
+  vars:
+    ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
+  gather_facts: false
+  become: yes
+
+  tasks:
+    - name: Ensure SSH is installed
+      ansible.builtin.apt:
+        name: openssh-server
+        state: present
+        update_cache: yes
+
+
+    - name: Ensure SSH is running
+      ansible.builtin.systemd:
+        name: ssh
+        state: started
+        enabled: yes
+
+
+    - name: Configure SSH to allow root login
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^#?PermitRootLogin'
+        line: 'PermitRootLogin yes'
+      notify: Restart SSH
+
+
+    - name: Disable DNS lookup to speed up SSH login
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^#?UseDNS'
+        line: 'UseDNS no'
+      notify: Restart SSH
+
+        
+    - name: Ensure .ssh directory exists
+      ansible.builtin.file:
+        path: /root/.ssh
+        state: directory
+        mode: '0700'
+        owner: root
+        group: root
+
+
+    - name: Install authorized_keys for root
+      ansible.builtin.copy:
+        dest: /root/.ssh/authorized_keys
+        content: "{{ ssh_public_key }}"
+        mode: '0600'
+        owner: root
+        group: root
+
+
+    - name: Configure SSH for key-only root login
+      ansible.builtin.blockinfile:
+        path: /etc/ssh/sshd_config
+        block: |
+          PermitRootLogin prohibit-password
+          PasswrodAuthentication no
+          UseDNS no
+        notify:  Restart SSH
+
+
+
+
+  handlers:
+    - name: Restart SSH
+      ansible.builtin.service:
+        name: ssh
+        state: restarted

playbooks/configure_nginx.yml

@@ -0,0 +1,4 @@
+- name: Configura Nginx sul container
+  hosts: lxc_containers
+  roles:
+    - nginx

playbooks/create_lxc.yml

@@ -0,0 +1,67 @@
+- name: Crea container lxc per prosody (xmpp)
+  hosts: proxmox_nodes  
+  gather_facts: false
+  vars:
+    root_password: "{{ lookup('env', 'XMPP_PASSWORD') }}"
+    ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
+    
+
+  tasks: 
+
+
+    - name: Create LXC
+      community.general.proxmox:
+        api_host: "{{ proxmox_url }}"
+        api_user: "{{ proxmox_user }}"
+        api_password: "{{ proxmox_password }}"
+        vmid: 121
+        node: milan
+        hostname: xmpp
+        ostemplate: "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
+        storage: slow1
+        cores: 1
+        memory: 512
+        netif:
+          net0: "name=eth0,bridge=vmbr1,ip=10.10.0.21/16,gw=10.10.0.1"
+        pubkey: "{{ ssh_public_key }}"
+        password: "{{ root_password }}"
+        state: present
+      delegate_to: localhost
+      register: lxc_creation_result   #booooh, capiremo questo che vuol dire. Intanto registriamolo... immagino... 
+
+
+    - name: Start LXC container
+      community.general.proxmox:
+        api_host: "{{ proxmox_url }}"
+        api_user: "{{ proxmox_user }}"
+        api_password: "{{ proxmox_password }}"
+        vmid: 121
+        node: milan
+        state: started              # Tutto questo blocco è riassumibile in questa riga
+      delegate_to: localhost
+      when: lxc_creation_result.changed
+
+
+#    - name: Wait for container SSH to be available
+#      wait_for:
+#        host: 10.10.0.21
+#        port: 22
+#        timeout: 90
+#        delay: 10
+#      delegate_to: localhost
+#      when: lxc_creation_result.changed
+
+
+    - name: Wait until SSH is fully ready
+      ansible.builtin.wait_for_connection:
+        timeout: 180
+      delegate_to: xmpp01
+
+
+
+    - name: Aggiungi container all'inventory dinamico
+      add_host:
+        name: xmpp01
+        ansible_host: "10.10.0.21"
+        groups: lxc_containers
+      when: lxc_creation_result.changed

playbooks/site.yml

@@ -0,0 +1,3 @@
+- import_playbook: create_lxc.yml
+- import_playbook: configure_lxc.yml
+- import_playbook: configure_nginx.yml

requirements.yml

@@ -0,0 +1,2 @@
+collections:
+  - name: community.general