don't suffocate the vm

This reverts commit f447e9e77e.

.github/workflows/infra.yaml

@@ -4,14 +4,15 @@ on:
     branches:
       - main
     paths:
-      - infra/**-playbook.yaml
+      - infra/**playbook.yaml
       - .github/workflows/infra.yaml
   push:
     branches:
       - main
 
 env:
-  DEPLOY: ${{ github.ref == 'refs/heads/main' && ((startsWith(github.event.head_commit.message, '[deploy-all]') && 'all') || ('some')) || 'none' }}
+  # DEPLOY: ${{ github.ref == 'refs/heads/main' && ((startsWith(github.event.head_commit.message, '[deploy-all]') && 'all') || ('some')) || 'none' }}
+  DEPLOY: all
 
 jobs:
   ansible-playbooks:
@@ -23,20 +24,17 @@ jobs:
         with:
           fetch-depth: ${{ env.DEPLOY == 'some' && 2 || 1 }}
 
-      - name: Setup Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: "3.11"
-
       - name: Install dependencies
         run: |
+          apt update
+          apt install -y python3-pip
           pip3 install -r requirements.txt
           ansible-galaxy collection install community.general
 
       - name: Check playbooks
         run: |
-          for file in $(find . -wholename "*/infra/*-playbook.yaml" -type f); do
+          for file in $(find . -wholename "*/infra/*playbook.yaml" -type f); do
-            ansible-playbook --inventory ./inventory --check "$file"
+            ansible-playbook --inventory ./inventory --syntax-check "$file"
           done
 
       - name: Get changed playbooks
@@ -44,7 +42,7 @@ jobs:
         if: env.DEPLOY == 'some'
         uses: tj-actions/changed-files@v38
         with:
-          files: infra/**/*-playbook.yaml
+          files: infra/**/*playbook.yaml
 
       - name: Get playbooks
         id: playbooks
@@ -53,12 +51,19 @@ jobs:
           if [[ "${{ env.DEPLOY }}" == "some" ]]; then
             export TO_RUN="${{ steps.files.outputs.all_changed_files }}"
           else
-            export TO_RUN="$(find . -wholename './infra/*-playbook.yaml' -type f)"
+            export TO_RUN="$(find . -wholename './infra/*playbook.yaml' -type f)"
           fi
           export TO_RUN="$( echo -n $TO_RUN | tr ' ' '\n' | sort | tr '\n' ' ' )" # run things in order :)
           echo "will run playbooks: $TO_RUN"
           echo "to_run=$TO_RUN" >> "$GITHUB_OUTPUT"
 
+      - name: Setup environment
+        if: env.DEPLOY != 'none' && steps.playbooks.outputs.to_run != ''
+        run: |
+          mkdir -p -m 700 ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+
       - name: Run playbooks
         if: env.DEPLOY != 'none' && steps.playbooks.outputs.to_run != ''
         env:
@@ -66,4 +71,5 @@ jobs:
           PROXMOX_USER: ${{ secrets.PROXMOX_USER }}
           PROXMOX_TOKEN_ID: ${{ secrets.PROXMOX_TOKEN_ID }}
           PROXMOX_TOKEN_SECRET: ${{ secrets.PROXMOX_TOKEN_SECRET }}
+          SSH_PUBLIC: ${{ secrets.SSH_PUBLIC }}
         run: ansible-playbook --inventory ./inventory ${{ steps.playbooks.outputs.to_run }}

README.md

@@ -7,4 +7,4 @@ This repository contains any automations used in deploying *.koval.net services.
 All 'managed' infrastructure is deployed and provisioned with [Ansible](https://www.ansible.com/).
 However, some 'unmanaged' (manually managed) resources also exist - primarily everything required for this repository to work (I don't want to make a dependency loop).
 
-Ansible playbooks are ran in alphanumerical order and are expected idempotent.
+Ansible playbooks are ran in alphanumerical order and are expected to be idempotent.

infra/joplin/0000_proxmox_playbook.yaml

@@ -0,0 +1,104 @@
+- name: Provision joplin Proxmox VM
+  hosts: joplin
+  connection: ansible.builtin.local
+  gather_facts: false
+  vars:
+    api_user: "{{ lookup('ansible.builtin.env', 'PROXMOX_USER') }}"
+    api_host: "{{ lookup('ansible.builtin.env', 'PROXMOX_HOST' ) }}"
+    api_token_id: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_ID') }}"
+    api_token_secret: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_SECRET') }}"
+    ssh_public: "{{ lookup('ansible.builtin.env', 'SSH_PUBLIC') }}"
+    vmname: "{{ inventory_hostname | regex_replace('^([^\\.]+)\\..+$', '\\1') }}"
+    node: pve
+  module_defaults:
+    community.general.proxmox_kvm:
+      api_user: "{{ api_user }}"
+      api_host: "{{ api_host }}"
+      api_token_id: "{{ api_token_id }}"
+      api_token_secret: "{{ api_token_secret }}"
+      name: "{{ vmname }}"
+      node: "{{ node }}"
+    community.general.proxmox_nic:
+      api_user: "{{ api_user }}"
+      api_host: "{{ api_host }}"
+      api_token_id: "{{ api_token_id }}"
+      api_token_secret: "{{ api_token_secret }}"
+      name: "{{ vmname }}"
+    community.general.proxmox_disk:
+      api_user: "{{ api_user }}"
+      api_host: "{{ api_host }}"
+      api_token_id: "{{ api_token_id }}"
+      api_token_secret: "{{ api_token_secret }}"
+      name: "{{ vmname }}"
+  tasks:
+    # Initial setup
+    - name: Create VM
+      community.general.proxmox_kvm:
+        clone: "{{ node }}-debian-12"
+        storage: nvme
+      register: create
+    - name: Wait for status
+      community.general.proxmox_kvm:
+        state: current
+      register: vm
+      retries: 30
+      delay: 10
+      until: vm.status is defined
+
+    # Networking and initial config
+    - name: Add HOME NIC
+      community.general.proxmox_nic:
+        interface: net0
+        firewall: false
+        bridge: HOME
+    - name: Add SRV NIC
+      community.general.proxmox_nic:
+        interface: net1
+        firewall: false
+        bridge: SRV
+    - name: Configure cloud-init
+      community.general.proxmox_kvm:
+        update: true
+        ciuser: debian
+        sshkeys: "{{ ssh_public }}"
+        ipconfig:
+          ipconfig0: ip=dhcp,ip6=auto
+          ipconfig1: ip=dhcp
+
+    # Initial boot
+    # For some reason debian cloud images don't use
+    # cloud-init for networking on first boot (cloud-init files
+    # are regenerated AFTER networking starts). But we need the
+    # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯
+    - name: Initial boot
+      when: create.changed is true
+      block:
+        - name: Start
+          community.general.proxmox_kvm:
+            state: started
+          register: start
+        - name: Wait 3 min # Initial apt update, apt upgrade, cloud-init
+          ansible.builtin.wait_for:
+            timeout: 180
+
+    # VM Configuration
+    - name: Resize disk
+      community.general.proxmox_disk:
+        disk: scsi0
+        size: 64G
+        state: resized
+    - name: Update VM
+      community.general.proxmox_kvm:
+        update: true
+        agent: enabled=1
+        tags:
+          - debian-12
+          - managed
+        onboot: true
+        cores: 2
+        memory: 2048
+
+    - name: Retart VM
+      community.general.proxmox_kvm:
+        state: restarted
+        timeout: 60

infra/joplin/0001_software_playbook.yaml

@@ -0,0 +1,25 @@
+- name: Setup Software
+  hosts: joplin
+  gather_facts: false
+  tasks:
+    - name: Wait for connection
+      ansible.builtin.wait_for_connection:
+        timeout: 300
+    - name: Test some stuff
+      ansible.builtin.shell: |
+        touch ~/hmm
+        echo test > ~/test
+        echo test2 >> ~/test
+        mkdir ~/dir
+        touch ~/dir/testing
+    - name: Install some stuff
+      ansible.builtin.apt:
+        update_cache: true
+        name: qemu-guest-agent
+      become: true
+    - name: Enable some stuff
+      ansible.builtin.systemd:
+        name: qemu-guest-agent
+        state: started
+        enabled: true
+      become: true

inventory/proxmox.yaml

@@ -7,6 +7,13 @@ proxmox:
             pve.mgmt.home.local.koval.net:
             pve2.mgmt.home.local.koval.net:
         managed:
+          children:
+            joplin:
               hosts:
+                joplin2.srv.home.local.koval.net:
+          vars:
+            ansible_user: debian
+            ansible_ssh_private_key_file: ~/.ssh/id_rsa
+            ansible_ssh_common_args: -o StrictHostKeyChecking=accept-new # TODO: Improve this
         unmanaged:
           hosts: