exolobe5, vmhost-minimal: adjust for freshly reinstalled server

Sponsored-by: author

3 files changed, 119 insertions, 3 deletions

diff --git a/ansible/exolobe5.yml b/ansible/exolobe5.yml
index f9a7966..e899f47 100644
--- a/ansible/exolobe5.yml
+++ b/ansible/exolobe5.yml
@@ -1,6 +1,5 @@
 - hosts: exolobe5
-  remote_user: liw
-  become: yes
+  remote_user: root
   roles:
     - sane_debian_system
     - ssd
@@ -14,12 +13,106 @@
         name:
           - jq
           - vmadm
+          - python3-lxml
+          - bridge-utils
+    - name: "configure loopback network interface"
+      copy:
+        content: |
+          auto lo
+          iface lo inet loopback
+        dest: /etc/network/interfaces.d/lo
+    - name: "configure main network interface"
+      copy:
+        content: |
+          auto enp6s0
+          iface enp6s0 inet manual
+        dest: /etc/network/interfaces.d/enp6s0
+    - name: "configure bridge br0 for virtual machines to use"
+      copy:
+        content: |
+          auto br0
+          iface br0 inet dhcp
+            bridge_ports enp6s0
+        dest: /etc/network/interfaces.d/br0
+    - name: "configure /etc/network/interfaces"
+      copy:
+        content: |
+          source /etc/network/interfaces.d/*
+        dest: /etc/network/interfaces
+    - name: "bring up network interfaces"
+      shell: |
+        ifup -a
+    - name: "create ~liw/base-images"
+      file:
+        state: directory
+        path: /home/liw/base-images
+        owner: liw
+        group: liw
+        mode: 0755
+    - name: "create ~liw/vm"
+      file:
+        state: directory
+        path: /home/liw/vm
+        owner: liw
+        group: liw
+        mode: 0755
+    - name: "fetch cloud images"
+      get_url:
+        url: "{{ item.url }}"
+        dest: "/home/liw/base-images/{{ item.file }}"
+        owner: liw
+        group: liw
+        mode: 0644
+      with_items:
+        - url: https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-generic-amd64.qcow2
+          file: bullseye.qcow2
+    - name: "create ~liw/.ssh"
+      file:
+        state: directory
+        path: /home/liw/.ssh
+        owner: liw
+        group: liw
+        mode: 0755
+    - name: install SSH public key for liw
+      copy:
+        content: "{{ liw_personal_ssh_pub }}"
+        dest: /home/liw/.ssh/id_personal.pub
+        owner: liw
+        group: liw
+        mode: 0644
+    - name: "install SSH CA key"
+      copy:
+        content: "{{ lookup('pipe', 'pass show sshca/vmadm-v1') }}"
+        dest: /home/liw/.ssh/vmadm
+        owner: liw
+        group: liw
+        mode: 0600
+    - name: "ensure SSH CA key file ends in a newline"
+      shell: |
+        if [ "$(tail -n1 /home/liw/.ssh/vmadm | wc -l)" = 0 ]
+        then
+            echo >> /home/liw/.ssh/vmadm
+        fi
+    - name: "create ~liw/.config/vmadm"
+      file:
+        state: directory
+        path: /home/liw/.config/vmadm
+        owner: liw
+        group: liw
+        mode: 0755
+    - name: "configure vmadm"
+      copy:
+        src: vmadm.yaml
+        dest: /home/liw/.config/vmadm/config.yaml
+        owner: liw
+        group: liw
+        mode: 0644
   vars:
     ansible_python_interpreter: /usr/bin/python3
 
     sane_debian_system_version: 2
     sane_debian_system_hostname: exolobe5
-    sane_debian_system_codename: buster
+    sane_debian_system_codename: bullseye
     sane_debian_system_sources_lists:
       - repo: |
           deb http://security.debian.org/debian-security buster/updates main contrib non-free
@@ -35,6 +128,8 @@
       - username: liw
         comment: Lars Wirzenius
         sudo: yes
+        groups:
+          - libvirt
         authorized_keys: |
           {{ liw_personal_ssh_pub }}
 
diff --git a/ansible/files/vmadm.yaml b/ansible/files/vmadm.yaml
new file mode 100644
index 0000000..541ad46
--- /dev/null
+++ b/ansible/files/vmadm.yaml
@@ -0,0 +1,12 @@
+image_directory: ~/vm
+default_autostart: false
+default_base_image: ~/base-images/bullseye.qcow2
+default_cpus: 4
+default_generate_host_certificate: true
+default_image_gib: 100
+default_memory_mib: 8192
+default_networks:
+  - bridge=br0
+authorized_keys:
+    - ~/.ssh/id_personal.pub
+ca_key: ~/.ssh/vmadm
diff --git a/ansible/roles/vmhost-minimal/tasks/main.yml b/ansible/roles/vmhost-minimal/tasks/main.yml
index f0c479f..127b233 100644
--- a/ansible/roles/vmhost-minimal/tasks/main.yml
+++ b/ansible/roles/vmhost-minimal/tasks/main.yml
@@ -5,8 +5,17 @@
     - virtinst
     - libvirt-daemon-system
     - libvirt-clients
+#    - libnss-libvirt
+    - vmadm
 
 - name: "enable nested KVM if possible"
   copy:
     src: kvm-nested.conf
     dest: /etc/modprobe.d/kvm-nested.conf
+
+# - name: "add libvirt_guest to /etc/nsswitch.conf"
+#   shell: |
+#     if awk '$1 == "hosts:" && !/libvirt_guest/' /etc/nsswitch.conf | grep .
+#     then
+#         sed -i '/hosts:/s/files /files libvirt libvirt_guest /' /etc/nsswitch.conf
+#     fi