initial migration and clean-up from previous repo

.gitignore

@@ -0,0 +1,6 @@
+vault*
+venv/*
+.venv/*
+.idea/*
+
+

README.md

@@ -0,0 +1,57 @@
+# Fritzlab Ansible Playbooks
+
+---
+
+### Proxmox Hosts 
+
+We manage Proxmox hosts via Ansible.
+The following playbook will set the Proxmox settings for all hosts in the inventory file.
+
+```bash
+$ ansible-playbook --vault-password-file vault-password compute/playbook-host-proxmox.yaml -i compute/inventory-host-proxmox.yaml
+```
+
+### Dell iDRAC
+
+We manage Dell iDRAC settings via Ansible (via Redfish API).
+The following playbook will set the iDRAC settings for all hosts in the inventory file.
+
+```bash
+$ ansible-playbook --vault-password-file vault-password compute/playbook-machine-idrac.yaml -i compute/inventory-machine-idrac.yaml
+```
+
+### Secrets 
+
+We use ansible-vault to encrypt secrets. 
+The vault password is assumed to be available in a file called `vault-password`. 
+This password file is not stored in the repository and must be created by the user.
+It is stored in 1Password under the name `Ansible Vault Password`.
+
+#### Add new secret into an inventory file
+Here is how to encrypt a new secret with ansible-vault:
+
+```bash
+$ ansible-vault encrypt_string --vault-password-file vault-password <super-secret-text>
+!vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64383837303638393966666536323131376366613531613966633532633439343961663934373263
+          6237393730666235326365326430396231623031613166340a386363653865656432373138616232
+          34393765326262373435373334653838366562616465333536633335356637353335333839613233
+          6337316139363334650a393238656266643965333630343166366335616539393838366333323934
+          65616636656235373738306561316431336232376165356465623232313465303435
+```
+The result is a string that can be used in a playbook. 
+
+```yaml
+dell_machines:
+  hosts:
+    host001:
+      idrac_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          65356164386561376463613762323663633466653432643561313230393131356635646361353265
+          6437613034393061336565366465656539326366326430650a366331383165333136326535633833
+          39336366666137623230393261633166313837303432653336636363393936323133636366313636
+          3738316235663337370a333031643466323962643034313433666236313831643861656461643833
+          35316235356566333761333635356337373632646365343364373563613034636334
+```
+

compute/inventory-host-proxmox.yaml

@@ -0,0 +1,138 @@
+all:
+  hosts:
+
+    # dell poweredge r640 hosts
+    host001:
+      ansible_user: root
+      ansible_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          62396366303338343231383764336164626531613464616535663237346439313133656162646233
+          3435323336663030613038653831393366376637353933300a303130626663313563313434316564
+          38653161303031303935666534613933323437393965353332666637666132393036666531613232
+          3766333934383130310a343137326561316561306138636163313632366662306337623232336166
+          32666561303536636136316634383562633232333632363430643239333436336433
+      ansible_host: host001.sjc001.fritzlab.net
+      ipv4_address: 172.25.6.101
+      ipv6_address: 2602:817:3000:c206::101
+    host002:
+      ansible_user: root
+      ansible_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          31653536313038353937653034643230366637363464333534653065363261313565323935613561
+          3830653463613463626466393961383531353233626330630a616131373837656133383534393537
+          66643463626336393161323733383230323131323062343062656139613330623461646338393035
+          6562613235393039650a386666343039653739623336303430353835313461336331646430363063
+          38633438353737303932613330356532386138346265316432616564346239343836
+      ansible_host: host002.sjc001.fritzlab.net
+      ipv4_address: 172.25.6.102
+      ipv6_address: 2602:817:3000:c206::102
+    host003:
+      ansible_user: root
+      ansible_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64306133313464643937343234636132343839313465646131623866626461333537383337613537
+          3365313231663034663339373633653461643463666638300a323531366265613531356338643736
+          39343331663230333165633431366466313838636432636638333965333937313834323732346536
+          6131353761376366640a316131346538323965633536613965306639633032343439313962386630
+          33366530393336336466623461333738313566663663663336616230353735373865
+      ansible_host: host003.sjc001.fritzlab.net
+      ipv4_address: 172.25.6.103
+      ipv6_address: 2602:817:3000:c206::103
+    host004:
+      ansible_user: root
+      ansible_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30343932313439653462613862333838366438383066613466633431373038306338346635306562
+          3362306632323435383332633633616563626238346435300a663137393532666239303862663061
+          31646361323562383866663062633337316664393164373436653730316431376133613262653339
+          6439363865303266640a376232366234666563393638613935656230386631643364333832393036
+          35653462306330393735363061636234623564643764653936353939616230646233
+      ansible_host: host004.sjc001.fritzlab.net
+      ipv4_address: 172.25.6.104
+      ipv6_address: 2602:817:3000:c206::104
+
+    # Intel NUC hosts
+    host201:
+      ansible_user: root
+      ansible_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63366438616366643633383736323435656637386137376166613765663962623761333762663461
+          3966613863636636376636343533623936666334626336620a623433363830326262663238636532
+          34323731623766396163313063333266666266396539616533626135656661393064613530326633
+          3336643339616434650a313464653764666264346564363166656531306165613037623035333038
+          33336337303565663530626632666462313832316231306633333263396164306462
+      ansible_host: host201.sjc001.fritzlab.net
+      ipv4_address: 172.25.6.201
+      ipv6_address: 2602:817:3000:c206::201
+    host202:
+      ansible_user: root
+      ansible_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          61633065303062393637303631356165643930666134366233326635356230666465326466376639
+          3564346461363335373238366633666261613536303062300a393262653233623934303563323162
+          64313263616132636233636463663436326430303030646234653939646661626366643263623364
+          3262366331643733380a343439633763653563356634366336323866366563313130333036353765
+          61303333313935316232303064653833373466623533613935383161323938633761
+      ansible_host: host202.sjc001.fritzlab.net
+      ipv4_address: 172.25.6.202
+      ipv6_address: 2602:817:3000:c206::202
+    host203:
+      ansible_user: root
+      ansible_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          66313132663037653035623066333133393736656362663062313261313465316232326262346533
+          3537313839613736663963656463393264666538623562650a393532333264333933303230616639
+          36363136616562333433623863336262323939623732303934626162366133326162363966623139
+          6635653538646465360a333363656135643431396562663239373537643964633063633266613630
+          32343164396531666665656130373132386562626533326562636234613233623566
+      ansible_host: host203.sjc001.fritzlab.net
+      ipv4_address: 172.25.6.203
+      ipv6_address: 2602:817:3000:c206::203
+    host204:
+      ansible_user: root
+      ansible_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30356265386433663730306532306430616632333033356630656233346332386633323337646330
+          3533363566356362373639363063333863393663316438650a366263356238393938616561653037
+          36383332373137616165346535653063636431653365613335656533313064666633623635643938
+          3639306462303639630a316238613166376335393165663564386263313933333766323232333533
+          62316137383036373162376262353231663062393636346136356539653234306235
+      ansible_host: host204.sjc001.fritzlab.net
+      ipv4_address: 172.25.6.204
+      ipv6_address: 2602:817:3000:c206::204
+
+  vars:
+    ipv6_prefix_len: 64
+    ipv6_gateway: 2602:817:3000:c206::A
+    ipv4_prefix_len: 24
+    ipv4_gateway: 172.25.6.254
+    resolvers:
+      - 2602:817:3000:c608::202
+      - 2602:817:3000:c608::203
+      - 142.202.202.202
+      - 142.202.203.204
+    domain_name: "fritzlab.net"
+    vlans:
+      # DMZ
+      630: DMZ_USER
+      600: DMZ_TRANSIT
+      603: DMZ_TRANSIT_FRITZLAB
+      604: DMZ_TRANSIT_VINO
+      606: DMZ_SERVER1
+      607: DMZ_SERVER_MSP
+      608: DMZ_DNS
+      666: DMZ_SERVER6
+      # FRITZLAB
+      200: FRITZLAB_TRANSIT
+      204: FRITZLAB_MANAGEMENT4
+      205: FRITZLAB_MANAGEMENT
+      206: FRITZLAB_SERVER
+      207: FRITZLAB_USER
+      260: FRITZLAB_SERVER6
+      270: FRITZLAB_USER6
+      # VINO
+      300: VINO_TRANSIT
+      306: VINO_SERVER
+      307: VINO_USER
+      360: VINO_SERVER6
+      370: VINO_USER6

compute/inventory-machine-idrac.yaml

@@ -0,0 +1,73 @@
+dell_machines:
+  hosts:
+    host001:
+      idrac_user: root
+      idrac_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          65356164386561376463613762323663633466653432643561313230393131356635646361353265
+          6437613034393061336565366465656539326366326430650a366331383165333136326535633833
+          39336366666137623230393261633166313837303432653336636363393936323133636366313636
+          3738316235663337370a333031643466323962643034313433666236313831643861656461643833
+          35316235356566333761333635356337373632646365343364373563613034636334
+      ipv4_address: 172.25.5.101
+      ipv4_gateway: 172.25.5.254
+      ipv4_mask: 255.255.255.0
+      ipv4_dns_1: 142.202.202.202
+      ipv6_address: 2602:817:3000:C205::101
+      ipv6_gateway: 2602:817:3000:C205::A
+      ipv6_prefix_len: 64
+      ipv6_dns_1: 2602:817:3000:c607::203
+    host002:
+      idrac_user: root
+      idrac_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64383837303638393966666536323131376366613531613966633532633439343961663934373263
+          6237393730666235326365326430396231623031613166340a386363653865656432373138616232
+          34393765326262373435373334653838366562616465333536633335356637353335333839613233
+          6337316139363334650a393238656266643965333630343166366335616539393838366333323934
+          65616636656235373738306561316431336232376165356465623232313465303435
+      ipv4_address: 172.25.5.102
+      ipv4_gateway: 172.25.5.254
+      ipv4_mask: 255.255.255.0
+      ipv4_dns_1: 142.202.202.202
+      ipv6_address: 2602:817:3000:C205::102
+      ipv6_gateway: 2602:817:3000:C205::A
+      ipv6_prefix_len: 64
+      ipv6_dns_1: 2602:817:3000:c607::203
+    host003:
+      idrac_user: root
+      idrac_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          65376638303736373436663038396632613035393461303131383933633933313734306532363230
+          3930343335323535383266333335333137663364316361620a643666663936653737663962613030
+          32376430323735346435623261656261343535376162643435653639343065666331353034656330
+          3061666336326131300a613137623161313063313535333266303933346639363537373466616165
+          30333230623238356639313565376530663039383162613038373362303063316331
+      ipv4_address: 172.25.5.103
+      ipv4_gateway: 172.25.5.254
+      ipv4_mask: 255.255.255.0
+      ipv4_dns_1: 142.202.202.202
+      ipv6_address: 2602:817:3000:C205::103
+      ipv6_gateway: 2602:817:3000:C205::A
+      ipv6_prefix_len: 64
+      ipv6_dns_1: 2602:817:3000:c607::203
+    host004:
+      idrac_user: root
+      idrac_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          66333238656166383431323739373466333163353534303936323264323034663263623630646630
+          6133646630613666303838653764383938376537636632640a376330366161666466623830343133
+          32666630306437323839393564316139343664666161623333633365643839306631383337383330
+          3833643366396262620a363065396134346635353234663835616162323062303132393662333236
+          37396434316334333730306633626261646531356662336634306663663832363431
+      ipv4_address: 172.25.5.104
+      ipv4_gateway: 172.25.5.254
+      ipv4_mask: 255.255.255.0
+      ipv4_dns_1: 142.202.202.202
+      ipv6_address: 2602:817:3000:C205::104
+      ipv6_gateway: 2602:817:3000:C205::A
+      ipv6_prefix_len: 64
+      ipv6_dns_1: 2602:817:3000:c607::203
+  vars:
+    snmp_trap_dst_ipv4_1: 0.0.0.0
+

compute/playbook-host-proxmox.yaml

@@ -0,0 +1,153 @@
+---
+- name: Configure Network and DNS settings on Proxmox Host
+  hosts:
+    - host20*
+  become: true
+
+  tasks:
+    - name: Set system hostname to inventory hostname
+      hostname:
+        name: "{{ inventory_hostname }}.{{ domain_name }}"
+
+    - name: Configure base bond network interfaces for Dell PowerEdge R640
+      template:
+        src: interface-base-dell.j2
+        dest: /etc/network/interfaces.d/base
+      notify: restart networking
+      when: inventory_hostname.startswith('host0')
+
+    - name: Configure network interfaces for Dell PowerEdge R640
+      template:
+        src: interface-main-dell.j2
+        dest: /etc/network/interfaces
+      notify: restart networking
+      when: inventory_hostname.startswith('host0')
+
+    - name: Configure base vlan network interfaces for Intel NUCs
+      template:
+        src: interface-base-intel.j2
+        dest: /etc/network/interfaces.d/base
+      notify: restart networking
+      when: inventory_hostname.startswith('host2')
+
+    - name: Configure network interfaces for Intel NUCs
+      template:
+        src: interface-main-intel.j2
+        dest: /etc/network/interfaces
+      notify: restart networking
+      when: inventory_hostname.startswith('host2')
+
+    - name: Configure resolv.conf for DNS settings
+      template:
+        src: resolv.conf.j2
+        dest: /etc/resolv.conf
+
+    - name: Configure /ets/hosts
+      template:
+        src: hosts.j2
+        dest: /etc/hosts
+
+    - name: Set timezone to UTC
+      ansible.builtin.timezone:
+        name: UTC
+
+    - name: Configure NTP (Chrony)
+      template:
+        src: chrony.conf.j2
+        dest: /etc/chrony/chrony.conf
+      notify: restart chrony
+
+    - name: Create managed .bashrc file
+      template:
+        src: bashrc_managed.j2
+        dest: "/root/.bashrc_managed"
+
+    - name: Ensure .bashrc includes the managed file
+      lineinfile:
+        path: "/root/.bashrc"
+        line: 'if [ -f ~/.bashrc_managed ]; then . ~/.bashrc_managed; fi'
+        insertbefore: EOF
+
+    - name: Copy SSH public key to remote host
+      authorized_key:
+        user: root
+        state: present
+        key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKfPOnXImpSaSDzHLtlv6tenIdWhZEA15WWbkNCkM0u8q8eefJYMEkdT0F+46rilxjVnB0wmWcVUFmU8uT2YqfUczYb185LDKeSC5qQI/J+XibxeZNkE7swcTy9nj/dRqO2OpKPJnWUTQAUrgY7hmZYtOx8cjuQUvuRA1yBi5AuGFrHG0NKLr1h7AriLhkTv1xYAQ0W9wrG3hw882oLf1cLSAKWWhJX0XrlqKJQ5bqmt8yW3JO+Twdm2KDbxkR3IiHgpyfe9/zf5STMBejP2gXG0vpbRoVM9X10BtWDo22JudPEt2Wdy7qe7UqZLlNjHaYkUVTtN+JEf4ZoaBUf98t dfritz@desktops-mbp.corp.netflix.com"
+
+    - name: Check if PVE enterprise apt sources file exists
+      stat:
+        path: /etc/apt/sources.list.d/pve-enterprise.list
+      register: pve_apt_source_enterprise
+
+    - name: Move PVE enterprise apt sources, if file exists
+      command: mv /etc/apt/sources.list.d/pve-enterprise.list /etc/apt/sources.list.d/pve-enterprise.list.old
+      when: pve_apt_source_enterprise.stat.exists
+
+    - name: Check if PVE ceph apt sources file exists
+      stat:
+        path: /etc/apt/sources.list.d/ceph.list
+      register: pve_apt_source_ceph
+
+    - name: Move PVE ceph apt sources, if file exists
+      command: mv /etc/apt/sources.list.d/ceph.list /etc/apt/sources.list.d/ceph.list.old
+      when: pve_apt_source_ceph.stat.exists
+
+    - name: Manage apt sources
+      template:
+        src: sources.j2
+        dest: "/etc/apt/sources.list"
+
+    - name: Manage .digrc
+      template:
+        src: digrc.j2
+        dest: "/root/.digrc"
+
+    - name: Update apt repos
+      apt:
+        update_cache: yes
+
+    - name: Install packages
+      apt:
+        state: present
+        name:
+          - htop
+          - nano
+          - wget
+          - curl
+          - iperf3
+
+    - name: Update all host/vm packages
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 3600
+        name: "*"
+        state: latest
+
+    - name: Ensure ISO mount point directory exists
+      ansible.builtin.file:
+        path: /mnt/iso-images/template/iso
+        state: directory
+
+    - name: Insert/update NFS mount block in /etc/fstab
+      notify: reload fstab
+      ansible.builtin.blockinfile:
+        path: /etc/fstab
+        block: |
+          nas001.sjc001.fritzlab.net:/mnt/main/iso /mnt/iso-images/template/iso nfs4 rw 0 0
+        marker: "# {mark} ANSIBLE MANAGED BLOCK for NFS mounts"
+        backup: yes
+
+
+  handlers:
+    - name: restart networking
+      command: ifreload -a
+    - name: restart chrony
+      systemd:
+        name: chrony
+        state: restarted
+    - name: restart pveproxy
+      systemd:
+        name: pveproxy
+        state: restarted
+    - name: reload fstab
+      command: mount -a

compute/playbook-machine-idrac.yaml

@@ -0,0 +1,99 @@
+---
+- name: Configure Dell Server with OpenManage Ansible Modules
+  hosts:
+    - host001
+
+  # these are required because the module is running locally and
+  #   connecting to the iDRAC over HTTP/HTTPS
+  gather_facts: false
+  connection: local
+
+  vars:
+    common_idrac_settings: &common_idrac_settings
+      idrac_ip: "{{ ipv6_address }}"
+      idrac_user: "{{ idrac_user }}"
+      idrac_password: "{{ idrac_password }}"
+      validate_certs: false
+
+  tasks:
+
+    - name: Set Name
+      dellemc.openmanage.idrac_attributes:
+        <<: *common_idrac_settings
+        idrac_attributes:
+          "WebServer.1.ManualDNSEntry": "idrac.{{ inventory_hostname }}.sjc001.fritzlab.net"
+          "NIC.1.DNSDomainName": "{{ inventory_hostname }}"
+          "NIC.1.DNSRacName": "{{ inventory_hostname }}"
+          "NICStatic.1.DNSDomainName": "{{ inventory_hostname }}"
+
+    - name: Set IPv6 Address
+      dellemc.openmanage.idrac_attributes:
+        <<: *common_idrac_settings
+        idrac_attributes:
+          "IPv6.1.Enable": "Enabled"
+          "IPv6Static.1.DNSFromDHCP6": "Disabled"
+          "IPv6.1.AutoConfig": "Disabled"
+          "IPv6Static.1.Address1": "{{ ipv6_address }}"
+          "IPv6Static.1.PrefixLength": "{{ ipv6_prefix_len }}"
+          "IPv6Static.1.Gateway": "{{ ipv6_gateway }}"
+          "IPv6Static.1.DNS1": "{{ ipv6_dns_1 }}"
+
+    - name: Set IPv4 Address
+      dellemc.openmanage.idrac_attributes:
+        <<: *common_idrac_settings
+        idrac_attributes:
+          "IPv4.1.Enable": "Enabled"
+          "IPv4.1.DHCPEnable": "Disabled"
+          "IPv4.1.DNSFromDHCP": "Disabled"
+          "IPv4Static.1.Address": "{{ ipv4_address }}"
+          "IPv4Static.1.DNS1": "{{ ipv4_dns_1 }}"
+          "IPv4Static.1.Gateway": "{{ ipv4_gateway }}"
+          "IPv4Static.1.Netmask": "{{ ipv4_mask }}"
+
+    - name: Set SNMP Settings
+      dellemc.openmanage.idrac_attributes:
+        <<: *common_idrac_settings
+        idrac_attributes:
+          # pollers settings
+          "SNMPAlert.1.Destination": ""
+          "SNMPAlert.1.SNMPv3Username": ""
+          "SNMPAlert.2.Destination": ""
+          "SNMPAlert.2.SNMPv3Username": ""
+          "SNMPAlert.3.Destination": ""
+          "SNMPAlert.3.SNMPv3Username": ""
+          "SNMPAlert.4.Destination": ""
+          "SNMPAlert.4.SNMPv3Username": ""
+          "SNMPAlert.5.Destination": "::"
+          "SNMPAlert.5.SNMPv3Username": ""
+          "SNMPAlert.6.Destination": "::"
+          "SNMPAlert.6.SNMPv3Username": ""
+          "SNMPAlert.7.Destination": "::"
+          "SNMPAlert.7.SNMPv3Username": ""
+          "SNMPAlert.8.Destination": "::"
+          "SNMPAlert.8.SNMPv3Username": ""
+          # trap settings
+          "SNMPTrapIPv4.1.DestIPv4Addr": "{{ snmp_trap_dst_ipv4_1 }}"
+          "SNMPTrapIPv4.2.DestIPv4Addr": "0.0.0.0"
+          "SNMPTrapIPv4.3.DestIPv4Addr": "0.0.0.0"
+          "SNMPTrapIPv4.4.DestIPv4Addr": "0.0.0.0"
+          "SNMPTrapIPv6.1.DestIPv6Addr": "::"
+          "SNMPTrapIPv6.2.DestIPv6Addr": "::"
+          "SNMPTrapIPv6.3.DestIPv6Addr": "::"
+
+    - name: Auto Attach Virtual Media
+      dellemc.openmanage.idrac_attributes:
+        <<: *common_idrac_settings
+        idrac_attributes:
+          "VirtualMedia.1.Attached": "AutoAttach"
+
+    - name: Disable auto discovery
+      dellemc.openmanage.idrac_attributes:
+        <<: *common_idrac_settings
+        idrac_attributes:
+          "Autodiscovery.1.EnableIPChangeAnnounce": "Disabled"
+          "Autodiscovery.1.EnableIPChangeAnnounceFromDHCP": "Enabled"
+          "Autodiscovery.1.EnableIPChangeAnnounceFromUnicastDNS": "Enabled"
+          "Autodiscovery.1.EnableIPChangeAnnounceFrommDNS": "Enabled"
+          "Autodiscovery.1.SendTestAnnouncement": "Disabled"
+
+

compute/templates/bashrc_managed.j2

@@ -0,0 +1,6 @@
+#
+# This file is managed by Ansible, do not edit manually.
+#
+
+alias ll="ls -lFah"
+alias sudo=""

compute/templates/chrony.conf.j2

@@ -0,0 +1,27 @@
+#
+# This file is managed by Ansible, do not edit manually.
+#
+
+server 0.debian.pool.ntp.org. iburst prefer
+server 1.debian.pool.ntp.org. iburst
+server 2.debian.pool.ntp.org. iburst
+server 3.debian.pool.ntp.org. iburst
+
+# Log files location.
+logdir /var/log/chrony
+
+# Stop bad estimates upsetting machine clock.
+maxupdateskew 100.0
+
+# This directive enables kernel synchronisation (every 11 minutes) of the
+# real-time clock. Note that it can't be used along with the 'rtcfile' directive.
+rtcsync
+
+# Step the system clock instead of slewing it if the adjustment is larger than
+# one second, but only in the first three clock updates.
+makestep 1 3
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+# This directive must be commented out when using time sources serving
+# leap-smeared time.
+leapsectz right/UTC

compute/templates/digrc.j2

@@ -0,0 +1 @@
+-t aaaa

compute/templates/fstab.j2

@@ -0,0 +1,4 @@
+
+
+nas001.sjc001.fritzlab.net:/mnt/main/iso /mnt/iso-images/template/iso nfs4 rw 0 0
+

compute/templates/hosts.j2

@@ -0,0 +1,34 @@
+#
+# This file is managed by Ansible, do not edit manually.
+#
+
+# Loopback
+127.0.0.1 localhost.localdomain
+127.0.0.1 localhost
+::1 localhost.localdomain
+::1 localhost
+
+# IPv4 addresses
+{% if ansible_facts['all_ipv4_addresses'] %}
+{% for ip in ansible_facts['all_ipv4_addresses'] %}
+{{ ip }} {{ inventory_hostname}}
+{{ ip }} {{ inventory_hostname }}.{{ domain_name }}
+{% endfor %}
+{% endif %}
+
+# IPv6 addresses
+{% if ansible_facts['all_ipv6_addresses'] %}
+{% for ip in ansible_facts['all_ipv6_addresses'] %}
+{% if not ip.startswith('fe80') %}
+{{ ip }} {{ inventory_hostname}}
+{{ ip }} {{ inventory_hostname }}.{{ domain_name }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+# The following lines are desirable for IPv6 capable hosts
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+ff02::3 ip6-allhosts

compute/templates/interface-base-dell.j2

@@ -0,0 +1,44 @@
+#
+# This file is managed by Ansible, do not edit manually.
+#
+
+# loopback network interface
+auto lo
+iface lo inet loopback
+
+# 1g rj45 network interfaces
+iface eno1 inet manual
+iface eno2 inet manual
+
+# 10g rg45 network interfaces
+iface eno3 inet manual
+iface eno4 inet manual
+
+# 10g sfp+ network interfaces
+iface ens2f0 inet manual
+iface ens2f1 inet manual
+
+# 20g bond interfaces
+auto bond10
+iface bond10 inet manual
+	bond-slaves ens2f0 ens2f1
+	bond-miimon 100
+	bond-mode 802.3ad
+
+# 4g bond interfaces
+auto bond1
+iface bond1 inet manual
+	bond-slaves eno1 eno2 eno3 eno4
+	bond-miimon 100
+	bond-mode 802.3ad
+
+# bond subinterfaces
+{% for vlan_id, vlan_name in vlans.items() %}
+auto bond10.{{ vlan_id }}
+iface bond10.{{ vlan_id }} inet manual
+    vlan-raw-device bond10
+
+auto bond1.{{ vlan_id }}
+iface bond1.{{ vlan_id }} inet manual
+    vlan-raw-device bond1
+{% endfor %}

compute/templates/interface-base-intel.j2

@@ -0,0 +1,18 @@
+#
+# This file is managed by Ansible, do not edit manually.
+#
+
+# loopback network interface
+auto lo
+iface lo inet loopback
+
+# 1g rj45 network interface
+iface eno1 inet manual
+
+# vlan subinterfaces
+{% for vlan_id, vlan_name in vlans.items() %}
+auto vlan{{ vlan_id }}
+iface vlan{{ vlan_id }} inet manual
+    vlan-raw-device eno1
+
+{% endfor %}

compute/templates/interface-main-dell.j2

@@ -0,0 +1,28 @@
+#
+# This file is managed by Ansible, do not edit manually.
+#
+
+source-directory /etc/network/interfaces.d
+
+{% for vlan_id, vlan_name in vlans.items() %}
+auto vmbr{{ vlan_id }}
+iface vmbr{{ vlan_id }} inet manual
+    bridge-ports bond1.{{ vlan_id }} bond10.{{ vlan_id }}
+    bridge_fd 15
+    bridge_hello 2
+    bridge_maxage 20
+    bridge_stp on
+{% if vlan_id == 206 %}
+    address {{ ipv4_address }}/{{ ipv4_prefix_len }}
+    gateway {{ ipv4_gateway }}
+{% endif %}
+#{{ vlan_name }}
+
+iface vmbr{{ vlan_id }} inet6 static
+    accept_ra 0
+{% if vlan_id == 206 %}
+    address {{ ipv6_address }}/{{ ipv6_prefix_len }}
+    gateway {{ ipv6_gateway }}
+{% endif %}
+
+{% endfor %}

compute/templates/interface-main-intel.j2

@@ -0,0 +1,26 @@
+#
+# This file is managed by Ansible, do not edit manually.
+#
+
+source-directory /etc/network/interfaces.d
+
+{% for vlan_id, vlan_name in vlans.items() %}
+auto vmbr{{ vlan_id }}
+iface vmbr{{ vlan_id }} inet manual
+    bridge-ports vlan{{ vlan_id }}
+    bridge-stp off
+    bridge-fd 0
+{% if vlan_id == 206 %}
+    address {{ ipv4_address }}/{{ ipv4_prefix_len }}
+    gateway {{ ipv4_gateway }}
+{% endif %}
+#{{ vlan_name }}
+
+iface vmbr{{ vlan_id }} inet6 static
+    accept_ra 0
+{% if vlan_id == 206 %}
+    address {{ ipv6_address }}/{{ ipv6_prefix_len }}
+    gateway {{ ipv6_gateway }}
+{% endif %}
+
+{% endfor %}

compute/templates/resolv.conf.j2

@@ -0,0 +1,9 @@
+#
+# This file is managed by Ansible, do not edit manually.
+#
+options rotate
+{% for resolver in resolvers %}
+nameserver {{ resolver }}
+{% endfor %}
+
+search {{ domain_name }}

compute/templates/sources.j2

@@ -0,0 +1,22 @@
+#
+# This file is managed by Ansible, do not edit manually.
+#
+
+# copied from docs at:
+#  https://pve.proxmox.com/wiki/Package_Repositories#sysadmin_pve-no-subscription_repo
+# ------
+deb http://ftp.debian.org/debian bookworm main contrib
+deb http://ftp.debian.org/debian bookworm-updates main contrib
+
+# Proxmox VE pve-no-subscription repository provided by proxmox.com,
+# NOT recommended for production use
+deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
+
+# security updates
+deb http://security.debian.org/debian-security bookworm-security main contrib
+# -----
+
+# required for nvidia drivers
+deb http://deb.debian.org/debian bookworm main contrib non-free
+deb http://deb.debian.org/debian bookworm-updates main contrib non-free
+deb http://security.debian.org/debian-security bookworm-security main contrib non-free