1 files changed, 107 insertions, 0 deletions

diff --git a/manager.yml b/manager.yml
new file mode 100644
index 0000000..c6241c6
--- /dev/null
+++ b/manager.yml
@@ -0,0 +1,107 @@
+- hosts: manager
+  remote_user: debian
+  become: true
+  tasks:
+    - name: "configure modprobe to enable nested VMs"
+      copy:
+        content: |
+          options kvm-intel nested=1
+          options kvm-intel enable_shadow_vmcs=1
+          options kvm-intel enable_apicv=1
+          options kvm-intel ept=1
+        dest: /etc/modprobe.d/kvm-nested.conf
+
+    - name: "install needed packages"
+      apt:
+        name:
+          - ssh
+          - sudo
+          - qemu-system-x86
+          - virtinst
+          - libvirt-daemon-system
+          - libvirt-clients
+          - locales-all
+          - jq
+          - rsync
+          - kpartx
+          - python3-lxml
+          - ansible
+
+    - name: change IP block in default virtual network
+      replace:
+          path: /etc/libvirt/qemu/networks/default.xml
+          regexp: '192\.168\.122\.'
+          replace: '192.168.88.'
+
+    - name: configure default virtual network
+      command: /usr/bin/virsh net-define /etc/libvirt/qemu/networks/default.xml
+
+    - name: start default network now
+      virt_net:
+        state: active
+        name: default
+
+    - name: start default network at boot
+      virt_net:
+        autostart: yes
+        name: default
+
+    - name: "create manager user"
+      user:
+        comment: "Manager"
+        name: manager
+        shell: /bin/bash
+        groups:
+          - libvirt
+
+    - name: "create ~manager/.ssh"
+      file:
+        state: directory
+        path: /home/manager/.ssh
+        owner: manager
+        group: manager
+        mode: 0700
+
+    - name: "copy root authorized_keys to manager user"
+      shell: |
+        install -o manager -g manager /root/.ssh/authorized_keys /home/manager/.ssh/authorized_keys
+        sed -i 's/^.* ssh-rsa /ssh-rsa /'  /home/manager/.ssh/authorized_keys
+        
+    - name: "give manager sudo"
+      copy:
+        content: |
+          manager ALL=(ALL:ALL) NOPASSWD: ALL
+        dest: /etc/sudoers.d/manager
+        owner: root
+        group: root
+        mode: 0600
+
+    - name: "create ~manager/.ssh"
+      file:
+        state: directory
+        path: /home/manager/.ssh
+        owner: manager
+        group: manager
+        mode: 0700
+
+    - name: "add SSH keys to manager"
+      copy:
+        src: "{{ item }}"
+        dest: "/home/manager/.ssh/{{ item }}"
+        owner: manager
+        group: manager
+        mode: 0600
+      with_items:
+        - manager.key
+        - manager.key.pub
+
+    - name: "configure manager's ssh"
+      copy:
+        src: manager-ssh-config
+        dest: /home/manager/.ssh/config
+        owner: manager
+        group: manager
+        mode: 0600
+
+  vars:
+    ansible_python_interpreter: /usr/bin/python3