feat: First version

.ansible-lint

@@ -0,0 +1,17 @@
+exclude_paths:
+  - .cache/
+  - .github/
+  - node_modules/
+  - "**/*.sops.yml"
+  - ".sops.yaml"
+
+use_default_rules: true
+
+skip_list:
+  - role-name[path]
+  - name[play]
+  - yaml[octal-values]
+  - yaml[brackets]
+  - yaml[new-line-at-end-of-file]
+
+offline: false

.gitattributes

@@ -0,0 +1,2 @@
+* text=auto,eol=lf
+*.* text eol=lf

.github/semantic.yml

@@ -0,0 +1,11 @@
+titleOnly: true
+types:
+  - feat
+  - fix
+  - docs
+  - refactor
+  - test
+  - build
+  - ci
+  - chore
+  - revert

.github/workflows/ci.yml

@@ -0,0 +1,23 @@
+name: CI
+on:
+  pull_request:
+
+jobs: 
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@master
+
+      - name: Install pre-requisites
+        run: |
+          yarn
+          sudo wget -q -O /usr/bin/sops https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux.amd64
+          sudo chmod a+x /usr/bin/sops
+          sudo pip install --upgrade pip
+          sudo pip uninstall -y ansible-core
+          pip install --force-reinstall ansible==7.6.0
+          pip install --force-reinstall ansible-lint==6.17.0
+
+      - name: Lint Ansible files
+        run: yarn lint

.sops.yaml

@@ -0,0 +1,6 @@
+creation_rules:
+  - path_regex: ".*\\.sops\\.ya?ml$"
+    # Workaround for https://github.com/mozilla/sops/issues/1103 where sops does not currently work correctly with age via YubiKey
+    pgp: 2D1D9C803F35BBC24014C3906601E1EB2454827F # lholota
+    age: >  # GitHub
+      age1zw6c356patclh7q8cq5a99cghpzmnufgtwfaa0tmcg87a038d9ms4xpytn

.vscode/settings.json

@@ -0,0 +1,6 @@
+{
+    "files.eol": "\n",
+    "files.exclude": {
+        "**/node_modules": true
+    }
+}

README.md

@@ -1 +1,27 @@
-# lab
+# Lab environment
+
+This repository contains Ansible playbooks to manage the server hosting [lab environment](TBA). The server is intended to run on best effort basis meaning it does not have any availability strategy and if it gets into a state which is difficult to recover from, it can be easily reinstalled and reconfigured using these playbooks.
+
+## Creating a Lab environment
+- Install Proxmox from the official ISO image with the configuration below:
+    - Disk: ZFS with RAID0 (all disks)
+    - Country: Czechia
+    - Timezone: Europe/Prague
+    - Password: any, just watch out for english keyboard layout when typing numbers
+    - E-mail: anything
+    - Hostname: anything
+    - IP Address: 10.1.8.10/24
+    - Gateway: 10.1.8.1
+- Remove previous SSH keys in case you have re-created the lab using the `yarn clear-keys` command
+- If it's a fresh install, initialize the server using the `yarn run init` command
+- Apply playbooks using the `yarn apply` command
+- After the playbooks have been applied, install the individual Proxmox lab VMs through Proxmox UI with the configuration below:
+  - Disk: ZFS with RAID0
+  - Country: Czechia
+  - Timezone: Europe/Prague
+  - Password: any, just watch out for english keyboard layout when typing numbers and make sure **all nodes have the same password**
+  - E-mail: pve<X>@lab.<domain>
+  - Hostname: pve<X>.lab.<domain>
+  - IP Address: 10.1.8.1<X>/24
+  - Gateway: 10.1.8.1
+- Turn the individual nodes into a Proxmox cluster (there's currently no good way to automate this)

ansible.cfg

@@ -0,0 +1,3 @@
+[defaults]
+vars_plugins_enabled = host_group_vars,community.sops.sops
+timeout = 30

group_vars/all/github-runners.sops.yml

@@ -0,0 +1,30 @@
+github_runner_instance_count: ENC[AES256_GCM,data:mA==,iv:tZXyT9ZymWgL2FyK1mne0SJkoX7zK0RCAlLY0Og0R7g=,tag:bcKLeeC1OJXEEEWiGAML6Q==,type:int]
+github_runner_image_tag: ENC[AES256_GCM,data:X9NC6rKM,iv:YeQgFHOj0gjTlK32GuMmBzY64y/3Kl57bCT2WyHBhxk=,tag:xONE6hc2fZopRANcdMMsdQ==,type:str]
+github_runner_token: ENC[AES256_GCM,data:i1wIp+/Oqimh0SSmLvPK6y/0x0+y8hAn0oju9gpwaRgkUUn/IH/nlhkImyNuTwgNueVYe8Xj4Si9xorq5nsJF5ZS6SJ/U+hcuWzBQu4oBBbg7yza7WkztDkuxrS7,iv:gFomXdy8wW6zEK0eUmKkBomsqdvITO6K9ZiwfVF147Q=,tag:OHFhFKw+BoEstHtOrqj6MA==,type:str]
+github_runner_network:
+    subnet: ENC[AES256_GCM,data:N2HRS7MdiUoNArc=,iv:ycIY1KtaBwejCvgXTFLrCxSaDyTJHgpfdzAfFdELYEw=,tag:GJruj2b62nILAUjNWxzBdQ==,type:str]
+    ip_range: ENC[AES256_GCM,data:q4hBS9jDbF7aMTLI4A==,iv:277/W4bDLSFSDnDnYpKOaS5XgrW80uSOQEL0fQudFnQ=,tag:QLzOvvugavEbVtx8ZcLJUQ==,type:str]
+    gateway: ENC[AES256_GCM,data:+k7XWNRe/ho=,iv:+ejGtMFOuVrgJY2pPIWxJOnkHZIo1YlYH5rO6QOmWvE=,tag:qFq7byuBf5JJxBHSGZMvwQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1zw6c356patclh7q8cq5a99cghpzmnufgtwfaa0tmcg87a038d9ms4xpytn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0V1Y1MlpUcWJ5YnVmK3Ji
+            SG9QRXVVcEpWbEp2T0haV3dpQ3lpYVpIZEQ4CmZ4M0ZRbWU0NUdWTDIxUVNKNk1R
+            Qk5GcTFLaW5lblMvMWFmZWl1L2ZzZW8KLS0tIEhsL3gva0oyNEhxZnJud2hMZFhh
+            Sm9NTXdMOXd0YWh2Z2VWbDdWWXFLQkUKon5P3KZOQFnWHAToI2efSTFLUMLdKCu4
+            DquCDOmiRCidGzVooH2SKRoN5zF0B39UP9ww2uSxCL7UAIEWjQguMA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-11-06T10:04:03Z"
+    mac: ENC[AES256_GCM,data:UvAzTb0cOpWX8WKA1Rzbdj59GJ4jIBmXp12LspxC7fNdeowKk5hMFTQ03ljnnRGFk6srWhXdb3/Clj+ud7Za8lIkYjY8O0CkykFR+2SU5sREjlQ++GbzX8nmHOwAO2dU5aQ0fSQmNxLecT8DcVbtGU8j/W/4ZAGcnDAzvcPC9fs=,iv:iyJcKPDTxQV4N5GY6vNsnDmBabwDoq2nXcw9RbBuCkY=,tag:WLj4MRR9O4EZ3B31afv/rg==,type:str]
+    pgp:
+        - created_at: "2023-10-05T13:12:35Z"
+          enc: "-----BEGIN PGP MESSAGE-----\r\n\r\nhQIMA7Pg+ndCcR5CAQ/+IzFGsg0wMa0G+HjlZuMQLlRxLdl+HYltSS+R88Z36MOs\r\nW2zHCnMQMui3OdvDyOgc2wbd20v2Xf/8EQAlmrqdSFA6XVj5ypby+1fB/B0/NIs9\r\nC9Lw8JH58YrfW4nBQGcDEEMnfr4USp/29PHgpSI2N+I+T0iw0rMuy8d4ID9NpOs+\r\nnsnUupsB/mxgzDZ3mG+4DT/iiFDvegUmjZr2R3ZNxMWBghCO7qsA/h85mqKwLUeX\r\nAsh1TvHY8Wh02vK8RvmunOiABwyZuOwLVJUXP40TogEEADQFugIw66l1fGRv7QKD\r\nK051tBcYx0O1d31tt9tWX9oDPHlbSSWizY56rWORIeRr5um5BZ7qyQdCoxvYTUYw\r\nteDm39vekWbnyWIKFVutNcJYHjXUimpi4KUFIU+WIwn6lXj6PVBuMRwTrRlpc2Ti\r\nt6sxbKtb0ZixbevXMbrBcRWPvSaNuVwLxRLPN3s2ELf/dM2WdmGPUuUYQK1p9SyY\r\nULadjm/I0iRoPC8e+DDN2nqCCGpTSyaaGdkwmHrCuFIJF3oTH6Mc9qESgwmZKqHC\r\ndZiaxtkzG+Oup1QHCSwZJGYEVhtVf8qRCo4muf/A1Poe9BerHwQbv8wYazbs9kFw\r\nk0ViNdUrsR58JcftykA9MV3xtytcEsxd2F/A+p6+WH/3vM5fyvdWa50Jimzszz3S\r\nXAGxLP68inRZiLrcB3EJKlsb8rlaKqOoRqQyMIeV/+Gwn43pZsdFbI0RuOsjbxyd\r\nf0fwcJGXy5Uh9LJGmhiXCX1WSVSwvGFQQJUtBu+dPulfKC3hucAn7RdkQWG+\r\n=FtvM\r\n-----END PGP MESSAGE-----\r\n"
+          fp: 2D1D9C803F35BBC24014C3906601E1EB2454827F
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

group_vars/all/pve.sops.yml

@@ -0,0 +1,51 @@
+pve_default_realm_name: ENC[AES256_GCM,data:VaNF,iv:DVu0ef1Uztb8CJa5PZwzcIKKflgHz1etLiCRu500/2Y=,tag:w2EjGnXsLZmDlIfDvJYKQA==,type:str]
+pve_openid_realms:
+    - name: ENC[AES256_GCM,data:zGGc,iv:0jNuzM3ArlU4hwCB/iZiAvp0OhakmslXk3BJJH7gDLs=,tag:UwNFcC1+XOyb++U9PAtMog==,type:str]
+      display_name: ENC[AES256_GCM,data:yyHnasNbA8MRtUSigSqgmX6moiNXJQ==,iv:bb090tnAH+zJAbYsGnmaYcw8P96SyF+hvODpZOaSkeA=,tag:407MABcbQIHH9iPKX/OQnw==,type:str]
+      client_id: ENC[AES256_GCM,data:VKBxVrxSPhqjTzRxEJKufmq2GA8s4GnZAngsIILOOuq/Gxzr,iv:ln7ec8D1RFwa7XhNo600UKI4j9z5lY0N/Vip/p2tw3w=,tag:nWybBaNkDcWeICsHBjeMcA==,type:str]
+      #ENC[AES256_GCM,data:WtvK0zfpdO549d1cgQrKegV61wG6QL8JTLqjOygzyn3cWghH1jClTxcKUe91sfyVzDAyHsj4IcWe1avgUA==,iv:lf4BwAh7IiCBaeO0ZulhAX6/bSKdWEEDPhieA1ilG1I=,tag:eK8RHfG+4n9buk+IAkS3vQ==,type:comment]
+      client_secret: ENC[AES256_GCM,data:z1HUKTzqRs1RInvWH+/CX3L/0KIF0ijEQR/FqT2aSerYTX3IcGthEQ==,iv:ysw8DWFJFIgDZbtbWZRXobxCyjGRJepkswVX1o/H4IQ=,tag:d5swpiZ/XrK/DA5PTA1KRA==,type:str]
+      url: ENC[AES256_GCM,data:qX4Ztrt7p4+UfbRxqbsGILECMcQEVYJwQHdFkqL6pTgFlkB8yh8Wu4Ag0cuKckoL24cvDaJZDoNZkpbL/uBqvYjSoAU6YXs1hMZz,iv:xkM1csG5YEqkJLyAeF7omx+syRCmvSZc9n+NiUcCln4=,tag:Vb4Rcv1vurFbkmklCLoelA==,type:str]
+      #ENC[AES256_GCM,data:bqetwB8Qqk7uiXisMDTStIR12zsA94YGdJz9i5UC3Yi7zNTHLwQD7FnA4d2IuqXNTG8C3J0Hyvc=,iv:nRjLWXa/EdNidmiyN4AmwzWC+eZOT2rE+JpnZBQdops=,tag:jewew45mABmLbnxHuPQ21g==,type:comment]
+      autocreate_users: ENC[AES256_GCM,data:1HuCqWk=,iv:rtginL+v6lEvi76v0AOIv5OQTSNOEdoB4BYydvhMYN4=,tag:w0y0AJQRewa8l0uax4PXow==,type:bool]
+      username_claim: ENC[AES256_GCM,data:fMhAm2o=,iv:lxP7RfJWSkjg6TufNRbVe/1b4BBQUOrPD7Eyvi+cnpw=,tag:3cf4fN3bZwJM/W/4qdIsrQ==,type:str]
+      scopes: ENC[AES256_GCM,data:OImqiLjLt09kLopZ,iv:Bskb38n6BPvTMOkyBIOcVFo9ZtaG0LGmkUE/w8Pm4W8=,tag:gpI1Uut6dCMAXAyv9KItvw==,type:str]
+pve_users:
+    - username: ENC[AES256_GCM,data:ABDuQALMn070XD45JuA=,iv:16wDOq/kfG1dK9WvToZahyJcuMFeAyBPJZiX0OzGJ3Y=,tag:ZiqWSx5wQ+PVV7rYwSkdmQ==,type:str]
+      realm: ENC[AES256_GCM,data:/+w4,iv:9vDN62iMqM+XRGX+sUlOnefbneHsd4q1JzUNd1mSMqw=,tag:C3Bfcq7Oh+iQQQ6BAVLSAw==,type:str]
+      enabled: ENC[AES256_GCM,data:F8JCHQ==,iv:AknFOkLxLv1wqIkBrMQgwLVpEbGy22qEvqqIaWqmg7E=,tag:sYyy07B0snxg453bQMPIEw==,type:bool]
+      first_name: ENC[AES256_GCM,data:Dxf1zN4=,iv:jnPMKEVCr8xF+Uy2BRY+bBvKPWaQ0declhPJgayRK4c=,tag:y1r0wWkYxJvTXrgAFaLt3A==,type:str]
+      last_name: ENC[AES256_GCM,data:1Mdn/xRX,iv:SaT+uhC4T3cix49p1spajpTiI4tLyIfmHzgu79PGsAQ=,tag:zavT+nukkBBYkF/GweFwfw==,type:str]
+      email: ENC[AES256_GCM,data:w+13Jxnv92qB6Nlx0E8=,iv:QFCrWOU5qqX4CeAG0n6AO0VVKc1v/b943935CrVrqKQ=,tag:GtsM5Pg/KNYG9JAH5SfJMw==,type:str]
+      permissions:
+        - scope: ENC[AES256_GCM,data:2g==,iv:YGysrUjFdMab+YRdVtF+TPAXQLt4fUiqGPYlvqfWvIQ=,tag:Q6PKOSR6/34MlQOaCP2GFg==,type:str]
+          roles:
+            - ENC[AES256_GCM,data:bvbayW6px4Tx2Giwmg==,iv:ynxcFRnlP0uQns1WTL6foZa9uximXYFUyfh8QvD6fDc=,tag:Fatc5DFno63mrdP38U2iHw==,type:str]
+pve_acme_use_staging: ENC[AES256_GCM,data:Hk4o9yM=,iv:Y3gF6X2rirLAPisoLS3PaZ3Fy+q3qKBVlinPHtK/fd4=,tag:Lv0G5vsCfoIpuupzO+3CZw==,type:bool]
+pve_acme_account_email: ENC[AES256_GCM,data:VUvuXLeyKqimSF7dfB6kHSQIIoAFnw==,iv:1glnIQjt+52+2APzH33dJPjuwhFdgskGHmpKaaFpzHc=,tag:fFtec+dCuZfHuI18kywLIw==,type:str]
+pve_acme_root_domain: ENC[AES256_GCM,data:A8aPzVGw7Ezh7WboLg==,iv:6KhF6CZuaY0TCJfhw/Rr7p4w8dSsWFzR5hRqRUmZZrE=,tag:8Vw0Ux6fDkddV8s4RcoOZA==,type:str]
+pve_acme_cloudflare_account_id: ENC[AES256_GCM,data:pD64wGiTCe9uUynC3QoOn5o89nIZeW372cw5Ab6ubHQ=,iv:1lJyedTuv6ZTVEV1XTQHcG60VxuL4gCSNvA6qR/eWz4=,tag:wf/hZVjMfCo6RySsTGkKYQ==,type:str]
+pve_acme_cloudflare_token: ENC[AES256_GCM,data:5xfnW6DLZP5KiUoQYMLNkqchEuAXuiGwGhRji0nRc5Yd9j5o2PDV0g==,iv:5vHgV5af28yKUrn2D5zdoTpg2gwYpz1ZkgHWMFcSqPc=,tag:ygC9EFX7mY4XG1t9ZcYr+w==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1zw6c356patclh7q8cq5a99cghpzmnufgtwfaa0tmcg87a038d9ms4xpytn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTN0d5VVRWc0lZMnNHV3Zt
+            cEJRemxSb1dBb2ppaWY5YTJGUEVtZENJVXhBCnFLcG4yOC9EYWFqcW1tZHRWenlz
+            UGUyK3N5ZGhnSFNqVUgralBPMEMvOUEKLS0tIEU4cUhkN0txVCtGQnA3aXhpVXd6
+            cWZDTjRmQUNqeFFXWVFXYzZaRzRhOWcKhATORzCnrd5mZuSiMZGEuLrk2I8ZSfYU
+            afoukYbYCKvISAZR2YXMhD5hNhifgRD+/SS48e7S5CqqBrMoxP4x7w==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-10-27T12:22:35Z"
+    mac: ENC[AES256_GCM,data:XVCYXjCwkyn1ETx2F4e0fPD155uXncc5qQUlSrjDIR47KsZ7jURv2DATzh8BrAUh9aPKI48lNpfWjCWzjHzHGuK54J1+s6n337wYGBvooQra8XbU1u+PAZP1/ynmvAv3Hf0e/Rin3qGkVE4SH7qIvDHpeHt2eyLsPhxkYeRMV9U=,iv:UpMVY9FppMU1rW27wuNPR8mLPYHwMkeArmYMtHMXqrA=,tag:RzXGHVmqAGIdC9KT6Amp3Q==,type:str]
+    pgp:
+        - created_at: "2023-10-04T19:45:00Z"
+          enc: "-----BEGIN PGP MESSAGE-----\r\n\r\nhQIMA7Pg+ndCcR5CARAAgZKyxWvK6kxZkb2+5h0VV6tMkOxXRDh3iSdCAgUxXHF8\r\nDuu+ZL8CRHLhtmojeAEuehjlolvRczzMYCroxsV5USokfQbANIAk3f+K/EnSvak6\r\nlHyJ3QLcJCHfMbGQDRScFAJmog9py+3y8UPgxMSFePUpwLgbXXDLljBLoaNsGpcq\r\nBq4m4VuEOq8BiRV/MdH3y4/GhIX7F3ywC9f1D/LsjluYRy2+K9X+7xFPolxSR0cM\r\n3FKNvK49rloLjf9uZEVfZ3aGdE5qGn5AJnHRyPidgbk/x8NlOf2g5jTQ4oZfxJrj\r\n5y2FzRjitJl8P6nHYua0lIZkTUED6PCiC2X8SJSajXArerNkMRBKTGb7XTHKZdcT\r\ntey4FiDsTsVPHhGmW1fZ63byILRckDlLgsr7ZEceNWP+rPSVjSH3R5YWuAAjBY2G\r\n3718eLw50naVCnrZ4mMh05gRuAM9MKVhASRFKBKT+5H14Rhc7cT7o0oC2qITsNu1\r\n7I8lhnzutXZmK9ni1g2oB5tjuq2y/cBp0jFR9gMg+usdcZWyeVtNUzKaADe7YCdG\r\nLj59xNL9Pk825CVHwjfnfyb4qbpM8FMW8VX5y8obq0MSdRZPDnMcTiCQk1stmZ6M\r\nWsM8q/Ge899j7uyqZUZiynlE9tW3FvQ5tFPyArjd76Zuuve9WRr5tRe75oYmd+PS\r\nXgHxdN2eUYZlyR0na36CvPP7sO/B1rjbhw1JlaaN5qDiy/2WyJKNd/8vtldEut9O\r\n9JUULZ9WXzqcsBugzWI5FwRlYx9Rq9o0xSIjFjTFEuNvNLzqbJTXtSqfkIRin7Y=\r\n=yq0q\r\n-----END PGP MESSAGE-----\r\n"
+          fp: 2D1D9C803F35BBC24014C3906601E1EB2454827F
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

group_vars/all/pve.yml

@@ -0,0 +1,13 @@
+pve_zfs_max_arc_size_gb: 1
+
+# This creates a circular dependency, but alert e-mails from lab do not really matter
+pve_smtp_host: 10.1.8.130
+pve_smtp_port: 25
+pve_smtp_tls: false
+
+pve_lab_vms_force_recreate: false
+
+pve_lab_vms_count: 3
+pve_lab_vms_os_disk_size_gb: 50
+pve_lab_vms_iso_url: https://enterprise.proxmox.com/iso/proxmox-ve_8.0-2.iso
+pve_lab_vms_iso_checksum: sha256:e2b27648a8a91c0da1e8e718882a5ff87a8f054c4dd7e0ea1d8af85125d82812

group_vars/all/users.sops.yml

@@ -0,0 +1,32 @@
+users_root_password: ENC[AES256_GCM,data:Eb5HH1DqzAGiRysqOL+A6BfQbKww9yF8rg5d,iv:ihevurlTyUflTXL1gHQalEshwJ722M2oSqwjNeSz6dg=,tag:e4/hhNHNC8JNn3Vx/X7UJA==,type:str]
+users_root_password_salt: ENC[AES256_GCM,data:YkeDIcyEnk4OMH905uPjtQ==,iv:FR3uqi4fRdS+siGEELCoEtF6kJlmMwHgkQ6XYboLAd8=,tag:hYAwVJF7QZlDeaHxg+z3mw==,type:str]
+users_admin_users:
+    - username: ENC[AES256_GCM,data:FO5+NoVGEQ==,iv:hAtARX0AlK3iK3MKSVKaFMzJEisIV40h5jf4bm7eF2s=,tag:pINymyHTxG+42OQK2IicLg==,type:str]
+      public_keys:
+        - ENC[AES256_GCM,data:+UB+z2arGXP6jBIih/jcLEefJ7hXG1QvH/85Tl1Jg8V9PV1GwEkNsknVuaG1Hq8dzNyoBA8KYSEweazop1c2+iFszmGjcbo9RTcnlEkkirvDGNIFQYmx1Hyh2hPtcEQvpwZNp8mtTvFYIM6f2QGEhbbyPfG3LUoFdOygOeymGmpd2J3tLunGLIFc3eZSN+2FfF4ny1nzxKVkJWCKIAqOavDC1P4TMwq5CtYFBLhZXCKWWip8rj9mLpTKw+vur06T/5DqhkxEqth87pSCtHaHbD1pIOcUq/uRwG27OBzIbMAuqBesSw6wvYIGh1pA1NTbUaKAsFF4VGrHMylAGj0fEJZXnNEm0kjXIpp2vrcYMCxbe3txjYgfgIJlfGieBwAaaLXalcDz/+HuVBcPUVLfZRoybVvrM55ap1WCkl841y2+CPrP+q4vQpYdH4a+zV2zFa2KHMa79EpJGbmRtVNFi+KgvrVsnIkOAUx/7g7/Lr46ZaqIHYTh14AF+hBcZSzkqB3j/h3Y55QpRiz6yd4pNPmYGkdBubHKGtSQM3WrG1QQn1iWUDSQtgYjyecOKUNt4APPv68UUgHiwrPltX1wB3UiSsA8Cvfy9eKgMIXMppAKhrA/3bBLQ4gNoaqlZv2MjpkjS1/ytpdl9L/oQnfCRTWRFzVHDg9lN2CetciOpdt5vRp88Ffqh8BPvpxMVcIHEWNEU5B8+rWCZJmoY2oomlLgvQhTEW/l6pFERj/c7yHX3HlpzZpVVnN3L2CmqECLHB6/ctsbOMM/aOWZ1QY2EwcUrn3GimMXP+V6timo02fK/Py40K0Kg0+g01uod64eEQdE5kXYPpcoyGmXwlWwtbTmWbrr4BDYXSwqmOVuWa6XR6wiKZdCWh+5AgGle0LUl0svlYnwhEFqvW05PilClfaqr6LA4tljv09sLTebIxesBEzznXqoMLvuYgPl0dCdPGuU7w==,iv:mU2knJRN+ZdF+ZPjrSAFvqxDggjFh4Bxqe0l5glbD/k=,tag:TwCsKM4cNHak9cQvtYP71g==,type:str]
+        - ENC[AES256_GCM,data:dnBnPv/vriHS9EtoAdRpXAmnBAEUSEZYuThiAlKDSyXKjAEoIhSWy9YgNvHkCIiS3Ey8OqOpHzJC6LcDa5J14X7oCtMZAlQpWuEi4K3sj7LZmD7Ddx376t+wEDWabrDy2oAQJ/WAyIbXe12yTSAJR6toBegU5IuIYJ/tixB6ylhIMwJUcHEmG2o+br5HndlNfjtWN2YDYF5ELgTgVJFpih5vZJQjfyqzat6XV0tRPGv05gun1bveYwlYLErUeSyNugGfDDCuPM+M62egYb1U2u8Yyed8sGyx3QnwVGUY72bhPVLOx1ORb4pkLfd9Pux/ssu8lGZT3kCuJQVkiFZK9pxTaFz3qDQsX8nqMWBM5LpHGpKMDrzBzeleTarwD4L8+xPvr2qzBlrEWFZW3IPBtGyW7+qv0mggjzDXMhf2ZWV8jwUkm7shPK5D38dqqeLkPwKZkNtcZDQIBO3xYcSEvdr5Rb9rOZYiMhGQw0JT8RNinb/WrFCd0cCzjuxgL/L7+b6e7fxJTFg3jz2xF4knRrqqPZigrWf5Nyu3Ki0LN8v8N/nLOl90xE9teuOoD9vOfOUMxCO6vKZmZYdK7BgRGDVimMf+BvuMjUyyC2ioMYfSWRznwmlYml98Czm1keUTUjWd5T6WLbOFUnCYW2+CcAMlo0+JVwHJCsOkG+e5XgzQp/i/ukBPI6a2LIPV+mZcmxQdLWxzLbz0NY+cwhlt1UTgrIHEBaLktikTTtrLVwDl7h+6IxhpuKm5nDR0g7cLcMz9LaMuE3TYh/s45Qbel3skZA4ZS9aPkihDke59Bn5lIBCdrrnRCESBmX/BxX/BQ5w6+EA1ha6kGSsIKVwDZrdJ5H33kSkRfGlFkAZjwgFG+Pjn9BSlujkcZkkZ+gv8KK/56EjI7TIPh8xm3/+G9HruBCSeebnl31ktAF9Gd8EBIktTZOJ/uQp1d0U0yNd9xHmEvE2/HRagg71cuoEcEtM9fQ==,iv:yVR1Mekp2XmGUtdN8QakgRi4EfSy5sqx4TBHyRGQick=,tag:8qFbLqSw4J4g4t7zW73gtA==,type:str]
+ssh_allowed_users:
+    - ENC[AES256_GCM,data:BFTfTztNtw==,iv:qdNkFeKIijwKUi02P/TsZQtRWHbG1MDia+MjMBGMmxY=,tag:K9W8rJ8c7G+1IZlg14FnNQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1zw6c356patclh7q8cq5a99cghpzmnufgtwfaa0tmcg87a038d9ms4xpytn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmckpueU1CS1czN0tJWjBu
+            dnR1K2E0UktjSHFTZU1YdXI3bS9YYkY4VlQ4Ckk2bUY3RjZFODVJSVlsU0lxTjJz
+            UmZyNlJ1VFlIYnJIOGNIb2pnelA1WlUKLS0tIG1KWE5rWVpIallWNmw2RHR3VUNJ
+            aitTaEtqVlNVcWQ0Q2FoTkhLU2JiQ2MKhpD/ZMV7OFJ4Y2hguan6qQ++RyzMHp29
+            zLMvVALHfQbBPEHp5rz5RrusdivpM+euOSC9/VzyRtrfpIFTA6PIEA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-10-04T13:40:39Z"
+    mac: ENC[AES256_GCM,data:/VeY/oouT354/D0z3XYsMRHFQov5zDdodqCZnzI5AJf3wgnAI+Hm5aCSYTo8oQ++53pVO60bm5UdboMrEPvldwBwic8Gbkg4Ok088qrbsfByBdG6KMWGqXRF5YJ4r+dYr66ePsc/jpFs+6Vla88PDSvbKqa3Y1L2evITlKtOmWA=,iv:9zSssWzuqZ2uluRxPrlSDtg9+AB9E88tsqr73NyaMdY=,tag:J2Voxj0gsc5rJ68Uv8wwwQ==,type:str]
+    pgp:
+        - created_at: "2023-10-04T13:39:41Z"
+          enc: "-----BEGIN PGP MESSAGE-----\r\n\r\nhQIMA7Pg+ndCcR5CAQ/+KJBiy37oLCInVze3SY8J9GHr+mii9dJ3ZmFIALmo5a/5\r\nWpedezSIVplYGfbmHIKYpM0wPs0Ym0iBgwkXxs4+DlZ2yoOTaVUXph5zBLIKUOV4\r\nINHaEiinuc5FmMxZ50Yigsy5Nye77uEa9sFdcThlszPjiWyH6taJxtwBU30WdAaa\r\nDA28U3yUbKoEAjPnu0au1karZ6sWaOdRgIczTsovWV5d/PUJGvduyTxWlNbwRfoH\r\nKnGJxlpwZLoBr6dabt9lcC57SVKlmsuxQQ1h5f09vustZ+LTLDn5MQX6RurRof/F\r\nNHD1dWLKo4N8JcvNDFdW7RQd2UGQkGBf3v7UfLTmDg8qbwb0TcOjYtrJEx8oJNjF\r\nsKPq8BzrYc+tCtYNiVPLx3B0pNrmLJvQngQGfbmcQwr8uFCd/aFYlYBk3yijv5mr\r\nrGXEeeCkXWdOXapHYR2A9jBKIyM5sU1ouqH92DqWsGJX/K1WSWeT3liRu54bGEVR\r\n8RGCq6j6h2LwuGPf8JiMuayXLlR+tvH7SL7ssustLU6o7YyX2aRCD4jhkgpP762r\r\nrewYjOAiNPHiD0p/eeSxsUm/buacP1P5hergFi1I1FNvvthGzrH0rblw6dg0txA0\r\nlNIaisp2GakZXAIO/TRFh7Nne1idGu0FFmnTdH0Y95+hdYlB/qdtcGB2MxhLyHvS\r\nXgFxXbHwwOuTc48gvikKlsg08JU00Rl8mR9OayVa89HeTRL/3ty+QYCWWDOy92No\r\nU1Vn9xvlYN/OrtEHnYOvDNtQ3yZs+5EPY27HhauqrP+la70K2HNU7M7nJNomk3o=\r\n=acgc\r\n-----END PGP MESSAGE-----\r\n"
+          fp: 2D1D9C803F35BBC24014C3906601E1EB2454827F
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

host_vars/lab/ansible.yml

@@ -0,0 +1,2 @@
+ansible_host: 10.1.8.10
+ansible_user: lholota

inventory.yml

@@ -0,0 +1,3 @@
+all:
+  hosts:
+    lab:

package.json

@@ -0,0 +1,15 @@
+{
+  "name": "@homecentr/platform",
+  "version": "1.0.0",
+  "repository": "[email protected]:homecentr/platform.git",
+  "author": "Lukas Holota",
+  "license": "GPL",
+  "private": true,
+  "scripts": {
+    "lint": "ANSIBLE_CONFIG=\"./ansible.cfg\" ansible-lint",
+    "setup:local": "ansible-galaxy install -r ./requirements.yml --force",
+    "init": "ANSIBLE_HOST_KEY_CHECKING=False ./tools/apply.sh proxmox -u root -e ansible_user=root --tags init -k",
+    "apply": "./tools/apply.sh",
+    "clear-keys": "./tools/clearkeys.sh"
+  }
+}

playbooks/_all.yml

@@ -0,0 +1,4 @@
+- import_playbook: proxmox.yml
+- import_playbook: github-runners.yml
+- import_playbook: proxmox-vms.yml
+- import_playbook: shutdown.yml