From 504939ce0dfe6a06bddf187f69af3c679bfcd45d Mon Sep 17 00:00:00 2001
From: Gleb Koval <gleb@koval.net>
Date: Sat, 13 Jul 2024 16:13:39 +0100
Subject: [PATCH] unfi VM

---
 infra/unifi/0000_proxmox_playbook.yaml    | 107 ++++++++++++++++++++++
 infra/unifi/0001_initialise_playbook.yaml |  24 +++++
 inventory/proxmox.yaml                    |   3 +
 3 files changed, 134 insertions(+)
 create mode 100644 infra/unifi/0000_proxmox_playbook.yaml
 create mode 100644 infra/unifi/0001_initialise_playbook.yaml

diff --git a/infra/unifi/0000_proxmox_playbook.yaml b/infra/unifi/0000_proxmox_playbook.yaml
new file mode 100644
index 0000000..4a27fa1
--- /dev/null
+++ b/infra/unifi/0000_proxmox_playbook.yaml
@@ -0,0 +1,107 @@
+- name: Provision Proxmox VM
+  hosts: unifi
+  connection: ansible.builtin.local
+  gather_facts: false
+  vars:
+    api_user: "{{ lookup('ansible.builtin.env', 'PROXMOX_USER') }}"
+    api_host: "{{ lookup('ansible.builtin.env', 'PROXMOX_HOST' ) }}"
+    api_token_id: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_ID') }}"
+    api_token_secret: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_SECRET') }}"
+    ssh_public: "{{ lookup('ansible.builtin.env', 'SSH_PUBLIC') }}"
+    vmname: "{{ inventory_hostname | regex_replace('^([^\\.]+)\\..+$', '\\1') }}"
+    node: pve2
+  module_defaults:
+    community.general.proxmox_kvm:
+      api_user: "{{ api_user }}"
+      api_host: "{{ api_host }}"
+      api_token_id: "{{ api_token_id }}"
+      api_token_secret: "{{ api_token_secret }}"
+      name: "{{ vmname }}"
+      node: "{{ node }}"
+    community.general.proxmox_nic:
+      api_user: "{{ api_user }}"
+      api_host: "{{ api_host }}"
+      api_token_id: "{{ api_token_id }}"
+      api_token_secret: "{{ api_token_secret }}"
+      name: "{{ vmname }}"
+    community.general.proxmox_disk:
+      api_user: "{{ api_user }}"
+      api_host: "{{ api_host }}"
+      api_token_id: "{{ api_token_id }}"
+      api_token_secret: "{{ api_token_secret }}"
+      name: "{{ vmname }}"
+  tasks:
+    # Initial setup
+    - name: Create VM
+      community.general.proxmox_kvm:
+        clone: "{{ node }}-debian-12"
+        storage: nvme
+      notify:
+        - Start VM
+        - Wait
+    - name: Wait for status
+      community.general.proxmox_kvm:
+        state: current
+      register: vm
+      retries: 30
+      delay: 10
+      until: vm.status is defined
+
+    # Networking and initial config
+    - name: Add LAN NIC
+      community.general.proxmox_nic:
+        interface: net0
+        firewall: false
+        bridge: vmbr101
+    - name: Add SRV NIC
+      community.general.proxmox_nic:
+        interface: net1
+        firewall: false
+        bridge: SRV
+    - name: Configure cloud-init
+      community.general.proxmox_kvm:
+        update: true
+        ciuser: debian
+        sshkeys: "{{ ssh_public }}"
+        ipconfig:
+          ipconfig0: ip=dhcp,ip6=auto
+          ipconfig1: ip=dhcp
+
+    - name: Force all notified handlers to run
+      ansible.builtin.meta: flush_handlers
+
+    # VM Configuration
+    - name: Resize root disk
+      community.general.proxmox_disk:
+        disk: scsi0
+        size: 48G
+        state: resized
+    - name: Update VM
+      community.general.proxmox_kvm:
+        update: true
+        agent: enabled=1
+        tags:
+          - debian-12
+          - provisioned
+        onboot: true
+        cores: 4
+        memory: 8192
+
+    - name: Retart VM
+      community.general.proxmox_kvm:
+        state: restarted
+        timeout: 60
+
+  handlers:
+    # Initial boot
+    # For some reason debian cloud images don't use
+    # cloud-init for networking on first boot (cloud-init files
+    # are regenerated AFTER networking starts). But we need the
+    # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯
+    - name: Start VM
+      community.general.proxmox_kvm:
+        state: started
+      register: start
+    - name: Wait # Initial apt update, apt upgrade, cloud-init
+      ansible.builtin.wait_for:
+        timeout: 90
diff --git a/infra/unifi/0001_initialise_playbook.yaml b/infra/unifi/0001_initialise_playbook.yaml
new file mode 100644
index 0000000..bc61e21
--- /dev/null
+++ b/infra/unifi/0001_initialise_playbook.yaml
@@ -0,0 +1,24 @@
+- name: Initialise VM
+  hosts: unifi
+  gather_facts: false
+  tasks:
+    - name: Wait for connection
+      ansible.builtin.wait_for_connection:
+        timeout: 300
+
+    - name: Install system packages
+      ansible.builtin.apt:
+        update_cache: true
+        pkg:
+          - qemu-guest-agent
+          - parted
+          # For unifi
+          - ca-certificates
+          - curl
+      become: true
+    - name: Enable qemu-guest-agent
+      ansible.builtin.systemd:
+        name: qemu-guest-agent
+        state: started
+        enabled: true
+      become: true
diff --git a/inventory/proxmox.yaml b/inventory/proxmox.yaml
index 9409822..961dca1 100644
--- a/inventory/proxmox.yaml
+++ b/inventory/proxmox.yaml
@@ -35,5 +35,8 @@ proxmox:
             backups:
               hosts:
                 backups.srv.home.local.koval.net:
+            unifi:
+              hosts:
+                unifi.srv.home.local.koval.net:
       vars:
         infisical_project: d102ada3-7d49-4138-9759-033ca79fe731