[toc]
This repository provides secure and automated configuration of a Proxmox VE server using Ansible and Terraform. It also manages GitHub repositories for configuration publishing.
- π SSH security hardening
- π€ Proxmox roles, users, and token creation
- π§ Ubuntu Cloud-Init VM templates
- π GitHub repository provisioning with Terraform
.
βββ ansible
β βββ ansible.cfg
β βββ host_vars
β β βββ pve
β βββ inventory.yml
β βββ playbook.yml
β βββ roles
β β βββ configure
β β βββ manage
β βββ SHA256SUMS
βββ check_ansible_vault.sh
βββ LICENSE
βββ README.md
βββ requirements.txt
βββ terraform
βββ github
βββ data_sources.tf
βββ main.tf
βββ outputs.tf
βββ providers.tf
βββ terraform.tfstate
βββ terraform.tfvars
βββ variables.tf- π Ansible
- π Terraform
- π SSH access to your Proxmox instance
- π GitHub access with a personal token
pip install -r requirements.txt
pre-commit installCopy the example environment file and customize it:
cp .env.example .env
chmod 600 .envEdit .env and set your values:
SSH_USER: SSH user for VM connections (default: ansible)SSH_KEY_FILE: Path to SSH public key (default: ~/.ssh/proxmox.pub)PROXMOX_IP: Your Proxmox server IP addressGEN_PASS: Password for Proxmox users (store in Ansible Vault)CLOUD_INIT_ROOT_PASSWD: Root password for VM templates
.env to version control!
- Token Generation Workflow - Complete guide for Proxmox API tokens
mkdir -p ~/Worspace/tmp/proxmox
cd ~/Worspace/tmp/proxmoxwget https://enterprise.proxmox.com/iso/proxmox-ve_9.0-1.iso
wget https://enterprise.proxmox.com/iso/SHA256SUMScat SHA256SUMS | grep proxmox-ve_9.0-1.iso | sha256sum -c
# Output:
# proxmox-ve_9.0-1.iso: OKπ See Ventoy official site or Ubuntu-fr doc
If you have a USB drive with Ventoy, simply copy the ISO:
cp ~/Workspace/tmp/proxmox/proxmox-ve_9.0-1.iso /media/xgueret/VentoyβΉοΈ At startup, press the
Deletekey to access the BIOS menu
- β Disable Secure Boot
- β Enable VT-x/Virtualization
π Use the USB drive with Ventoy on your Acer XC-605 to boot and install Proxmox
β¨οΈ At startup, press F12 to access the boot menu
π‘ If you encounter an issue during Proxmox 9 installation (see Proxmox forum thread):
β‘οΈ At the installation menu, press e to edit boot options.
β‘οΈ At the line starting with linux, append:
nomodesetpress F10
Then proceed with installation π
ssh-keygen -t rsa -b 4096 -f ~/.ssh/proxmox -C "[email protected]"βΉοΈ Include a passphrase if necessary π Check keys:
ls -al ~/.sshssh-copy-id -i ~/.ssh/proxmox.pub [email protected]eval $(ssh-agent)
ssh-add ~/.ssh/proxmox
ssh [email protected]cd ~/Workspace
git clone <REPO_URL>
cd proxmox
cd ansibleMake sure Python venv is activated and Ansible is installed
Edit the file:
ansible/inventory.ymlAdd your Proxmox host.
Passwords and IPs are encrypted in:
ansible/host_vars/<host>/vault/main.yml(i) check all with pre-commit
pre-commit run --all-files
ansible-playbook -u root playbook.yml --tags "security_ssh_hardening"ansible-playbook playbook.yml
- Author: Xavier GUERET
Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the MIT License - see the LICENSE file for details.