mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-07-04 15:46:16 +00:00
46 lines
1.5 KiB
YAML
46 lines
1.5 KiB
YAML
---
|
|
# Configure Proxmox VE apt sources for the no-subscription tier.
|
|
# Removes the enterprise repo (requires paid subscription) and enables
|
|
# the free no-subscription repo so apt update works without credentials.
|
|
|
|
- name: Remove PVE enterprise apt source
|
|
ansible.builtin.file:
|
|
path: /etc/apt/sources.list.d/pve-enterprise.list
|
|
state: absent
|
|
|
|
- name: Remove Ceph enterprise apt source
|
|
ansible.builtin.file:
|
|
path: /etc/apt/sources.list.d/ceph.list
|
|
state: absent
|
|
|
|
- name: Add PVE no-subscription apt source
|
|
ansible.builtin.copy:
|
|
dest: /etc/apt/sources.list.d/pve-no-subscription.list
|
|
content: "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription\n"
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
notify: Update apt cache
|
|
|
|
- name: Update apt cache
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
|
|
# Patch is re-applied automatically on each Ansible run, which handles pve-manager package updates
|
|
# reverting the file.
|
|
- name: Suppress Proxmox subscription nag dialog
|
|
ansible.builtin.replace:
|
|
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
|
|
regexp: "if \\(res === null \\|\\| res === undefined \\|\\| !res \\|\\| res\\.data\\.status\\.toLowerCase\\(\\) !== 'active'\\)"
|
|
replace: "if (false)"
|
|
notify: Restart pveproxy
|
|
|
|
- name: Allow Proxmox web UI on Tailscale only
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: '8006'
|
|
proto: tcp
|
|
interface: tailscale0
|
|
direction: in
|
|
comment: "Proxmox web UI - Tailscale only"
|
|
notify: Reload ufw
|