aboutsummaryrefslogtreecommitdiffstats
path: root/roles/proxmox_hypervisor/templates
diff options
context:
space:
mode:
Diffstat (limited to 'roles/proxmox_hypervisor/templates')
-rw-r--r--roles/proxmox_hypervisor/templates/etc/chrony/chrony.conf.j210
-rw-r--r--roles/proxmox_hypervisor/templates/etc/postfix/main.cf.j219
-rw-r--r--roles/proxmox_hypervisor/templates/etc/rsyslog.d/forward.conf.j27
-rw-r--r--roles/proxmox_hypervisor/templates/etc/snmp/snmpd.conf.j210
-rw-r--r--roles/proxmox_hypervisor/templates/etc/sudoers.d/nagios.j23
-rw-r--r--roles/proxmox_hypervisor/templates/etc/sudoers.j215
-rw-r--r--roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-scrub@.service.j211
-rw-r--r--roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-scrub@.timer.j210
-rw-r--r--roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-trim@.service.j211
-rw-r--r--roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-trim@.timer.j210
-rw-r--r--roles/proxmox_hypervisor/templates/etc/zfs/zed.d/zed.rc.j27
-rw-r--r--roles/proxmox_hypervisor/templates/var/lib/vz/snippets/userdata.yaml.j217
12 files changed, 130 insertions, 0 deletions
diff --git a/roles/proxmox_hypervisor/templates/etc/chrony/chrony.conf.j2 b/roles/proxmox_hypervisor/templates/etc/chrony/chrony.conf.j2
new file mode 100644
index 0000000..e1819d7
--- /dev/null
+++ b/roles/proxmox_hypervisor/templates/etc/chrony/chrony.conf.j2
@@ -0,0 +1,10 @@
+{% for server in proxmox_ntp_servers %}
+server {{ server }} iburst
+{% endfor %}
+
+driftfile /var/lib/chrony/chrony.drift
+makestep 1.0 3
+rtcsync
+keyfile /etc/chrony/chrony.keys
+leapsectz right/UTC
+logdir /var/log/chrony
diff --git a/roles/proxmox_hypervisor/templates/etc/postfix/main.cf.j2 b/roles/proxmox_hypervisor/templates/etc/postfix/main.cf.j2
new file mode 100644
index 0000000..76575e3
--- /dev/null
+++ b/roles/proxmox_hypervisor/templates/etc/postfix/main.cf.j2
@@ -0,0 +1,19 @@
+compatibility_level = 2
+
+myorigin = {{ proxmox_mail_origin }}
+
+# disable local delivery
+biff = no
+mydestination =
+
+inet_interfaces = loopback-only
+inet_protocols = all
+mynetworks_style = host
+
+relayhost = {{ proxmox_relayhost }}
+
+alias_database = hash:/etc/aliases
+
+smtputf8_enable = yes
+
+smtp_tls_security_level = may
diff --git a/roles/proxmox_hypervisor/templates/etc/rsyslog.d/forward.conf.j2 b/roles/proxmox_hypervisor/templates/etc/rsyslog.d/forward.conf.j2
new file mode 100644
index 0000000..a0dd7f2
--- /dev/null
+++ b/roles/proxmox_hypervisor/templates/etc/rsyslog.d/forward.conf.j2
@@ -0,0 +1,7 @@
+if prifilt("*.info") then {
+ action(type="omfwd"
+ target="{{ proxmox_syslog_host }}"
+ port="{{ proxmox_syslog_port }}"
+ protocol="{{ proxmox_syslog_proto }}"
+ )
+}
diff --git a/roles/proxmox_hypervisor/templates/etc/snmp/snmpd.conf.j2 b/roles/proxmox_hypervisor/templates/etc/snmp/snmpd.conf.j2
new file mode 100644
index 0000000..ad04e59
--- /dev/null
+++ b/roles/proxmox_hypervisor/templates/etc/snmp/snmpd.conf.j2
@@ -0,0 +1,10 @@
+syslocation {{ proxmox_snmp_location }}
+syscontact {{ proxmox_snmp_contact }}
+
+sysServices 72
+
+master agentx
+
+{% for user in snmp_v3_users %}
+rouser {{ user.name }}
+{% endfor %}
diff --git a/roles/proxmox_hypervisor/templates/etc/sudoers.d/nagios.j2 b/roles/proxmox_hypervisor/templates/etc/sudoers.d/nagios.j2
new file mode 100644
index 0000000..1a1945e
--- /dev/null
+++ b/roles/proxmox_hypervisor/templates/etc/sudoers.d/nagios.j2
@@ -0,0 +1,3 @@
+{% for command in proxmox_nagios_sudo_whitelist %}
+{{ proxmox_nagios_user }} ALL=(root) NOPASSWD: {{ command | replace(':', '\\:') }}
+{% endfor %}
diff --git a/roles/proxmox_hypervisor/templates/etc/sudoers.j2 b/roles/proxmox_hypervisor/templates/etc/sudoers.j2
new file mode 100644
index 0000000..2f14a77
--- /dev/null
+++ b/roles/proxmox_hypervisor/templates/etc/sudoers.j2
@@ -0,0 +1,15 @@
+Defaults env_reset
+Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+Defaults mailto = "{{ proxmox_sudo_mailto }}"
+Defaults mail_badpass
+Defaults mail_no_host
+Defaults mail_no_perms
+Defaults mail_no_user
+
+root ALL=(ALL:ALL) ALL
+
+# Allow members of group sudo to execute any command
+%sudo ALL=(ALL:ALL) ALL
+
+@includedir /etc/sudoers.d
diff --git a/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-scrub@.service.j2 b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-scrub@.service.j2
new file mode 100644
index 0000000..3dfb199
--- /dev/null
+++ b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-scrub@.service.j2
@@ -0,0 +1,11 @@
+[Unit]
+Description=zpool scrub for %i
+
+[Service]
+Nice=19
+IOSchedulingClass=idle
+KillSignal=SIGINT
+ExecStart=zpool scrub %i
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-scrub@.timer.j2 b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-scrub@.timer.j2
new file mode 100644
index 0000000..efc33f0
--- /dev/null
+++ b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-scrub@.timer.j2
@@ -0,0 +1,10 @@
+[Unit]
+Description=zpool scrub for %i on calendar interval
+
+[Timer]
+OnCalendar={{ proxmox_zfs_scrub_on_calendar }}
+AccuracySec=1h
+Persistent=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-trim@.service.j2 b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-trim@.service.j2
new file mode 100644
index 0000000..ef3ec43
--- /dev/null
+++ b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-trim@.service.j2
@@ -0,0 +1,11 @@
+[Unit]
+Description=zpool trim for %i
+
+[Service]
+Nice=19
+IOSchedulingClass=idle
+KillSignal=SIGINT
+ExecStart=zpool trim %i
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-trim@.timer.j2 b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-trim@.timer.j2
new file mode 100644
index 0000000..2867d0d
--- /dev/null
+++ b/roles/proxmox_hypervisor/templates/etc/systemd/system/zfs-trim@.timer.j2
@@ -0,0 +1,10 @@
+[Unit]
+Description=Zpool trim for %i on calendar interval
+
+[Timer]
+OnCalendar={{ proxmox_zfs_trim_on_calendar }}
+AccuracySec=1h
+Persistent=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/proxmox_hypervisor/templates/etc/zfs/zed.d/zed.rc.j2 b/roles/proxmox_hypervisor/templates/etc/zfs/zed.d/zed.rc.j2
new file mode 100644
index 0000000..3ad418a
--- /dev/null
+++ b/roles/proxmox_hypervisor/templates/etc/zfs/zed.d/zed.rc.j2
@@ -0,0 +1,7 @@
+ZED_EMAIL_ADDR="{{ proxmox_zed_email }}"
+ZED_EMAIL_PROG="mail"
+ZED_EMAIL_OPTS="-s '@SUBJECT@' @ADDRESS@"
+ZED_NOTIFY_INTERVAL_SECS={{ proxmox_zed_notify_interval_sec }}
+ZED_NOTIFY_VERBOSE={{ proxmox_zed_verbose | bool | int }}
+ZED_USE_ENCLOSURE_LEDS=1
+ZED_SYSLOG_SUBCLASS_EXCLUDE="history_event"
diff --git a/roles/proxmox_hypervisor/templates/var/lib/vz/snippets/userdata.yaml.j2 b/roles/proxmox_hypervisor/templates/var/lib/vz/snippets/userdata.yaml.j2
new file mode 100644
index 0000000..75283cf
--- /dev/null
+++ b/roles/proxmox_hypervisor/templates/var/lib/vz/snippets/userdata.yaml.j2
@@ -0,0 +1,17 @@
+#cloud-config
+manage_etc_hosts: False
+users:
+ - name: root
+ passwd: {{ root_password | password_hash("sha512", root_password_salt | default("")) }}
+ lock_passwd: False
+ ssh_authorized_keys:
+{% for key in root_authorized_keys %}
+ - {{ key }}
+{% endfor %}
+chpasswd:
+ expire: False
+disable_root: False
+ssh_pwauth: False
+package_update: False
+package_upgrade: False
+preserve_hostname: true
generated by cgit (git 2.34.1) at 2024-09-19 17:13:14 -0400