diff --git a/ansible/group_vars/all/secrets.enc.yaml b/ansible/group_vars/all/secrets.enc.yaml index 7fc643d..bb23260 100644 --- a/ansible/group_vars/all/secrets.enc.yaml +++ b/ansible/group_vars/all/secrets.enc.yaml @@ -1,18 +1,20 @@ -grafana_pagerduty_integration_key: ENC[AES256_GCM,data:zVdo4D9P4sP8vYNNmyhpb7YWOj1+mMYVZHyCD2VHwd0=,iv:Wy7yLvclbeiJXyEV8eVSdqRj8Mtd/3WhPOCPW105tv0=,tag:mSnOQldgyVtkNf55gIhNAg==,type:str] -plex_exporter_plex_token: ENC[AES256_GCM,data:3KSqokTLiqzCQhFPHGlKx3bBQtQ=,iv:kJTnjwpJMmq/BpZHDg864Ha21RwWJ7aR1yKxqnhXeIM=,tag:M1mYSdM9nEefbSTyWNOhRQ==,type:str] -octopus_energy_api_key: ENC[AES256_GCM,data:lYrEwBA7JJiWJ4+8a36R+1xYWdANz7sYZBHSagY5IvEo+Awb2Sm0aQ==,iv:1lLEKdG5fU3Rmi4BGELDb0dqK/rCMyPIW6T3UwBbGy0=,tag:YG1Nr7fH0fPpuzyp4AP6Iw==,type:str] +grafana_pagerduty_integration_key: ENC[AES256_GCM,data:m+Ag7AyjEXN+Qn1AjgGjtz+/XcDpidjxNmeHlSORDaE=,iv:+cVVS9Yk6W3KFeRZJ7F4K1EASen4HHfPvrVSF/ZVpiE=,tag:3OfxSDV96aFbGTybCWZuuQ==,type:str] +plex_exporter_plex_token: ENC[AES256_GCM,data:oT+cmlY9p9zGOMd7lVe1loyxh/E=,iv:kjU1U3DLlICFIY3l0yw+PWDNH0q6RhBuLMp5vghVmRs=,tag:02x8Uqk8QObwI9in1q3Qxg==,type:str] +octopus_energy_api_key: ENC[AES256_GCM,data:wINFSZO/P1K31AQfsehv69eYPUWJtnIU65MDPg9IfI3y75R3xE9n7g==,iv:kIKnxIwl5e+mBzq8s1FQO922oSrNIO4yJCg7BKrH33I=,tag:4IAsh8KW+01YXf83tITy2A==,type:str] +proxmox_ve_smb_user: ENC[AES256_GCM,data:13dtQg==,iv:aUOadm20b9FpmOxXGINv8KkwsfBavX755U8SmVCxkCQ=,tag:vV5404IKENKHuBkDwC9GvQ==,type:str] +proxmox_ve_smb_password: ENC[AES256_GCM,data:kYegZCZTpEo7,iv:Jm8yMLKQXyaQQPyybhZyAy9bhN4+OjI63f7azOzqF+w=,tag:IIKCI2bsRzer31hF0h4b9g==,type:str] sops: age: - recipient: age1r8uh2w2qad2z5sgq9q7l73962q2sp8zz9hdnh6sjuvanxl565vmswn8squ enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTbEF6c0FlenUwS2FjR0xK - bUQzeUhwNlYzOGNKMnY1SzRlRTRRQjgvdmhBClJvajdVUUFLdTBwZWNjUXAzdW12 - VnJtczlBUUxxRDFoTFVqMTJKc0pubm8KLS0tIFVnQWJpc2pka0JtZ1FtUnZoWTZx - SWxRdDc4SUhZNGRQUUFMRnNpcENZVTAKv4qlynqen44MmsK+lLLVRTparg/IOrx/ - anryd4FvNlmYDlc/SDKORv78EJKVcT4+XSIYsHc9D5EYawcx0ZERww== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzQUtHMERKSmpmcmp6UW9u + WFpXaHI2Nyt3NHc4QWZuT2NxaGJuVUdmeWtNCm91OGloeDJFNHlzL1k1L1V5MTdL + b29qdTFUYi9WZ1V2NmozVlpjRFZMeFEKLS0tIG5CVTk1amZNNU4rT2JBYm01K1Bl + Ti9TNjFta0kyRTNrWGVWbGFGeC9CR3cKkdhytnSS+fCMc1FOSZ5WC3dO16Kw+akB + O69PKWul3WI7kFmcRk8mzlbFqS941tnPbvVaTYP0+GZTgSX1wlhSeg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-25T11:33:37Z" - mac: ENC[AES256_GCM,data:ETwaN3xmQDhqIXJ4pFrowXEV0ODJ0f75ZS3Uqm1PWIewQM5+PeUonwaZB7WK/YmCNeknJJ3tzXXHsUfOak7bDJTbbI9+Oa8z+IMiX3AIGWnDLPl6u7WJq0ZKwQ/oY1aBFrouTf1iP497OilEkWMhixQmTOxqaFLqKvck3CrkF94=,iv:3FkvnsKwu8a1TSd1tvk41ApIZv9jIy1FYpg/kHxmCS4=,tag:RuMC4AhvQnQHns2Rh4fMiQ==,type:str] + lastmodified: "2026-05-14T19:42:19Z" + mac: ENC[AES256_GCM,data:E5WuwPXt+FwofwAJaCOZj0so4TUBNtQ5J9Swt3Pwd157XBT4PBt65ZHd+gwUOHnyFa7iJlGXN7miMbtx2XZ72cIP2tl0JsO5NOJoLYTFdnK1NbSnrxyESAWnWenONVHILz10Zy3PJqPaN1P9nlME96LBVr/ii/179UJiAEJMxo8=,iv:3P4C1aW94i5FIvtd8yJswN4WRcqF5uuIpBVnFuPEkT4=,tag:Z3WShXsRs4p8xMG0+MJ54Q==,type:str] unencrypted_suffix: _unencrypted version: 3.12.2 diff --git a/ansible/roles/proxmox_ve/tasks/main.yml b/ansible/roles/proxmox_ve/tasks/main.yml index 3b427f1..7097f27 100644 --- a/ansible/roles/proxmox_ve/tasks/main.yml +++ b/ansible/roles/proxmox_ve/tasks/main.yml @@ -19,7 +19,7 @@ content: "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription\n" owner: root group: root - mode: '0644' + mode: "0644" notify: Update apt cache - name: Update apt cache @@ -38,9 +38,29 @@ - name: Allow Proxmox web UI on Tailscale only community.general.ufw: rule: allow - port: '8006' + port: "8006" proto: tcp interface: tailscale0 direction: in comment: "Proxmox web UI - Tailscale only" notify: Reload ufw + +# --- Storage --- + +- name: Check if hdd CIFS storage is configured + ansible.builtin.command: pvesh get /storage/hdd + register: proxmox_ve_hdd_check + changed_when: false + failed_when: false + +- name: Add hdd CIFS storage (london-b /pve share) + ansible.builtin.command: >- + pvesm add cifs hdd + --server 100.84.65.101 + --share pve + --username {{ proxmox_ve_smb_user }} + --password {{ proxmox_ve_smb_password }} + --content images,backup,import,snippets,vztmpl,rootdir,iso + no_log: true + changed_when: true + when: proxmox_ve_hdd_check.rc != 0