diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/proxmox_hypervisor/templates | |
download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip |
initial commit
Diffstat (limited to 'roles/proxmox_hypervisor/templates')
12 files changed, 130 insertions, 0 deletions
diff --git a/roles/proxmox_hypervisor/templates/etc/chrony/chrony.conf.j2 b/roles/proxmox_hypervisor/templates/etc/chrony/chrony.conf.j2 new file mode 100644 index 0000000..e1819d7 --- /dev/null +++ b/roles/proxmox_hypervisor/templates/etc/chrony/chrony.conf.j2 @@ -0,0 +1,10 @@ +{% for server in proxmox_ntp_servers %} +server {{ server }} iburst +{% endfor %} + +driftfile /var/lib/chrony/chrony.drift +makestep 1.0 3 +rtcsync +keyfile /etc/chrony/chrony.keys +leapsectz right/UTC +logdir /var/log/chrony diff --git a/roles/proxmox_hypervisor/templates/etc/postfix/main.cf.j2 b/roles/proxmox_hypervisor/templates/etc/postfix/main.cf.j2 new file mode 100644 index 0000000..76575e3 --- /dev/null +++ b/roles/proxmox_hypervisor/templates/etc/postfix/main.cf.j2 @@ -0,0 +1,19 @@ +compatibility_level = 2 + +myorigin = {{ proxmox_mail_origin }} + +# disable local delivery +biff = no +mydestination = + +inet_interfaces = loopback-only +inet_protocols = all +mynetworks_style = host + +relayhost = {{ proxmox_relayhost }} + +alias_database = hash:/etc/aliases + +smtputf8_enable = yes + +smtp_tls_security_level = may diff --git a/roles/proxmox_hypervisor/templates/etc/rsyslog.d/forward.conf.j2 b/roles/proxmox_hypervisor/templates/etc/rsyslog.d/forward.conf.j2 new file mode 100644 index 0000000..a0dd7f2 --- /dev/null +++ b/roles/proxmox_hypervisor/templates/etc/rsyslog.d/forward.conf.j2 @@ -0,0 +1,7 @@ +if prifilt("*.info") then { + action(type="omfwd" + target="{{ proxmox_syslog_host }}" + port="{{ proxmox_syslog_port }}" + protocol="{{ proxmox_syslog_proto }}" + ) +} diff --git a/roles/proxmox_hypervisor/templates/etc/snmp/snmpd.conf.j2 b/roles/proxmox_hypervisor/templates/etc/snmp/snmpd.conf.j2 new file mode 100644 index 0000000..ad04e59 --- /dev/null +++ b/roles/proxmox_hypervisor/templates/etc/snmp/snmpd.conf.j2 @@ -0,0 +1,10 @@ +syslocation {{ proxmox_snmp_location }} +syscontact {{ proxmox_snmp_contact }} + +sysServices 72 + +master agentx + +{% for user in snmp_v3_users %} +rouser {{ user.name }} +{% endfor %} diff --git a/roles/proxmox_hypervisor/templates/etc/sudoers.d/nagios.j2 b/roles/proxmox_hypervisor/templates/etc/sudoers.d/nagios.j2 new file mode 100644 index 0000000..1a1945e --- /dev/null +++ b/roles/proxmox_hypervisor/templates/etc/sudoers.d/nagios.j2 @@ -0,0 +1,3 @@ +{% for command in proxmox_nagios_sudo_whitelist %} +{{ proxmox_nagios_user }} ALL=(root) NOPASSWD: {{ command | replace(':', '\\:') }} +{% endfor %} diff --git a/roles/proxmox_hypervisor/templates/etc/sudoers.j2 b/roles/proxmox_hypervisor/templates/etc/sudoers.j2 new file mode 100644 index 0000000..2f14a77 --- /dev/null +++ b/roles/proxmox_hypervisor/templates/etc/sudoers.j2 @@ -0,0 +1,15 @@ +Defaults env_reset +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +Defaults mailto = "{{ proxmox_sudo_mailto }}" +Defaults mail_badpass +Defaults mail_no_host +Defaults mail_no_perms +Defaults mail_no_user + +root ALL=(ALL:ALL) ALL + +# Allow members of group sudo to execute any command +%sudo ALL=(ALL:ALL) ALL + +@includedir /etc/sudoers.d diff --git a/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-scrub@.service.j2 b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-scrub@.service.j2 new file mode 100644 index 0000000..3dfb199 --- /dev/null +++ b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-scrub@.service.j2 @@ -0,0 +1,11 @@ +[Unit] +Description=zpool scrub for %i + +[Service] +Nice=19 +IOSchedulingClass=idle +KillSignal=SIGINT +ExecStart=zpool scrub %i + +[Install] +WantedBy=multi-user.target diff --git a/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-scrub@.timer.j2 b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-scrub@.timer.j2 new file mode 100644 index 0000000..efc33f0 --- /dev/null +++ b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-scrub@.timer.j2 @@ -0,0 +1,10 @@ +[Unit] +Description=zpool scrub for %i on calendar interval + +[Timer] +OnCalendar={{ proxmox_zfs_scrub_on_calendar }} +AccuracySec=1h +Persistent=true + +[Install] +WantedBy=multi-user.target diff --git a/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-trim@.service.j2 b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-trim@.service.j2 new file mode 100644 index 0000000..ef3ec43 --- /dev/null +++ b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-trim@.service.j2 @@ -0,0 +1,11 @@ +[Unit] +Description=zpool trim for %i + +[Service] +Nice=19 +IOSchedulingClass=idle +KillSignal=SIGINT +ExecStart=zpool trim %i + +[Install] +WantedBy=multi-user.target diff --git a/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-trim@.timer.j2 b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-trim@.timer.j2 new file mode 100644 index 0000000..2867d0d --- /dev/null +++ b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-trim@.timer.j2 @@ -0,0 +1,10 @@ +[Unit] +Description=Zpool trim for %i on calendar interval + +[Timer] +OnCalendar={{ proxmox_zfs_trim_on_calendar }} +AccuracySec=1h +Persistent=true + +[Install] +WantedBy=multi-user.target diff --git a/roles/proxmox_hypervisor/templates/etc/zfs/zed.d/zed.rc.j2 b/roles/proxmox_hypervisor/templates/etc/zfs/zed.d/zed.rc.j2 new file mode 100644 index 0000000..3ad418a --- /dev/null +++ b/roles/proxmox_hypervisor/templates/etc/zfs/zed.d/zed.rc.j2 @@ -0,0 +1,7 @@ +ZED_EMAIL_ADDR="{{ proxmox_zed_email }}" +ZED_EMAIL_PROG="mail" +ZED_EMAIL_OPTS="-s '@SUBJECT@' @ADDRESS@" +ZED_NOTIFY_INTERVAL_SECS={{ proxmox_zed_notify_interval_sec }} +ZED_NOTIFY_VERBOSE={{ proxmox_zed_verbose | bool | int }} +ZED_USE_ENCLOSURE_LEDS=1 +ZED_SYSLOG_SUBCLASS_EXCLUDE="history_event" diff --git a/roles/proxmox_hypervisor/templates/var/lib/vz/snippets/userdata.yaml.j2 b/roles/proxmox_hypervisor/templates/var/lib/vz/snippets/userdata.yaml.j2 new file mode 100644 index 0000000..75283cf --- /dev/null +++ b/roles/proxmox_hypervisor/templates/var/lib/vz/snippets/userdata.yaml.j2 @@ -0,0 +1,17 @@ +#cloud-config +manage_etc_hosts: False +users: + - name: root + passwd: {{ root_password | password_hash("sha512", root_password_salt | default("")) }} + lock_passwd: False + ssh_authorized_keys: +{% for key in root_authorized_keys %} + - {{ key }} +{% endfor %} +chpasswd: + expire: False +disable_root: False +ssh_pwauth: False +package_update: False +package_upgrade: False +preserve_hostname: true |