From fa6c3d16800d85c2a1f6b8a5bdb7fbc706b45510 Mon Sep 17 00:00:00 2001
From: Murat Aybars <39916128+aybarsm@users.noreply.github.com>
Date: Sun, 28 Jul 2024 15:24:30 +0100
Subject: [PATCH] Role: auth:: optimisation

---
 .../etc/ssh/sshd_config.d/50-ansible.conf.j2  | 15 ++++++++++-
 roles/network/defaults/main.yml               |  7 +++++
 roles/network/tasks/hostname.yml              |  7 +++++
 roles/network/tasks/main.yml                  |  7 +++++
 roles/proxmox/defaults/main.yml               | 17 ++++++++----
 roles/proxmox/tasks/main.yml                  |  4 +++
 roles/proxmox/tasks/set_facts.yml             | 26 +++++++++++++++++++
 roles/proxmox/vars/main.yml                   |  5 +++-
 8 files changed, 81 insertions(+), 7 deletions(-)
 create mode 100644 roles/network/tasks/hostname.yml
 create mode 100644 roles/proxmox/tasks/set_facts.yml

diff --git a/roles/auth/templates/etc/ssh/sshd_config.d/50-ansible.conf.j2 b/roles/auth/templates/etc/ssh/sshd_config.d/50-ansible.conf.j2
index 002347d..763656a 100644
--- a/roles/auth/templates/etc/ssh/sshd_config.d/50-ansible.conf.j2
+++ b/roles/auth/templates/etc/ssh/sshd_config.d/50-ansible.conf.j2
@@ -1,2 +1,15 @@
 {{ ansible_managed | comment }}
-{{ auth__sshd_config_all | aybarsm.helper.to_querystring('name', 'value', ' ', '\n', 'children', 4, ' ', true) }}
+
+{% for main_item in auth__sshd_config_all %}
+{% if 'value' in main_item %}
+{{ main_item.name }} {{ main_item.value }}
+{% else %}
+{{ main_item.name }}
+{% endif %}
+{% if 'children' in main_item %}
+{{ main_item.children | aybarsm.helper.to_querystring('name', 'value', ' ', '\n', 'children', 4, ' ', true) | indent(4, true) }}
+{% endif %}
+{% if main_item.name.startswith('Match ') %}
+Match all
+{% endif %}
+{% endfor %}
\ No newline at end of file
diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml
index ea94d4d..10e40e8 100644
--- a/roles/network/defaults/main.yml
+++ b/roles/network/defaults/main.yml
@@ -3,6 +3,7 @@ network__role_enabled: false
 network__manage_systemd: false
 network__manage_interfaces: false
 network__manage_sysctl: false
+network__manage_hostname: false
 network__manage_hosts: false
 
 network__default: []
@@ -69,6 +70,12 @@ network__interfaces_change_strategy:
 # No specific configuration is required for sysctl
 ##### END: network sysctl vars
 
+##### BEGIN: network hostname vars
+network__hostname: "{{ inventory_hostname }}"
+# Consult with https://docs.ansible.com/ansible/latest/collections/ansible/builtin/hostname_module.html
+# network__hostname_use: ''
+##### END: network hostname vars
+
 ##### BEGIN: network hosts vars
 network__hosts_file: /etc/hosts
 network__hosts_template: etc/hosts.j2
diff --git a/roles/network/tasks/hostname.yml b/roles/network/tasks/hostname.yml
new file mode 100644
index 0000000..4e10265
--- /dev/null
+++ b/roles/network/tasks/hostname.yml
@@ -0,0 +1,7 @@
+---
+- name: Deploy hostname configuration
+  become: true
+  ansible.builtin.hostname:
+    name: "{{ network__hostname }}"
+    use: "{{ network__hostname_use | default(omit) }}"
+  register: network__hostname_deploy
diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml
index 79898ea..4b34415 100644
--- a/roles/network/tasks/main.yml
+++ b/roles/network/tasks/main.yml
@@ -25,6 +25,13 @@
     - network__role_enabled | default(false) | bool
     - network__manage_sysctl | default(false) | bool
 
+- name: Include hostname tasks
+  ansible.builtin.include_tasks:
+    file: hostname.yml
+  when:
+    - network__role_enabled | default(false) | bool
+    - network__manage_hostname | default(false) | bool
+
 - name: Include hosts tasks
   ansible.builtin.include_tasks:
     file: hosts.yml
diff --git a/roles/proxmox/defaults/main.yml b/roles/proxmox/defaults/main.yml
index 708334e..b609544 100644
--- a/roles/proxmox/defaults/main.yml
+++ b/roles/proxmox/defaults/main.yml
@@ -1,18 +1,25 @@
 proxmox__role_enabled: false
 
 proxmox__manage_cluster: false
+proxmox__manage_cluster_hosts: false
 proxmox__manage_cluster_ssh_config: false
 
-proxmox__cluster_name: ''
-# For inventory specs, consult https://docs.ansible.com/ansible/latest/inventory_guide/intro_patterns.html for more information
-# i.e. proxmox__cluster_inventory: 'proxmox:&atlanta'
-proxmox__cluster_inventory: ''
-# Ip addresses for the cluster links (will be automatically prioritized regarding the posisiton in the list)
+# Cluster configuration
+# For target inventory specs, consult https://docs.ansible.com/ansible/latest/inventory_guide/intro_patterns.html for more information
+# proxmox__clusters:
+#   - name: 'pve-london01'
+#     target: 'proxmox:&london'
+#   - name: 'pve-atlanta01'
+#     target: 'proxmox:&atlanta'
+proxmox__clusters: []
+# Ip addresses for the cluster links for the host (will be automatically prioritized regarding the posisiton in the list)
 proxmox__cluster_links: []
 # If set to any integer higher than 0, cluster links will be prioritized automatically regarding the step.
 # i.e. proxmox__cluster_links: ['10.0.0.2', 'fd00::2'] and proxmox__cluster_links_auto_priority_step: 10 will be prioritized as 10.0.0.2 = 20 and fd00::2 = 10
 proxmox__cluster_links_auto_priority_step: 0
 
+proxmox__ssh_port: 22
+
 proxmox__repo_url_enterprise: https://enterprise.proxmox.com/debian
 proxmox__repo_url_no_subscription: http://download.proxmox.com/debian
 
diff --git a/roles/proxmox/tasks/main.yml b/roles/proxmox/tasks/main.yml
index 0e18fa7..8e010ac 100644
--- a/roles/proxmox/tasks/main.yml
+++ b/roles/proxmox/tasks/main.yml
@@ -3,6 +3,10 @@
   ansible.builtin.include_vars: ../ansible/vars/main.yml
   when: __ansible__config is undefined
 
+- name: Include set fact tasks
+  ansible.builtin.include_tasks:
+    file: set_facts.yml
+
 # - name: Proxmox Query
 #   become: true
 #   proxmox_query:
diff --git a/roles/proxmox/tasks/set_facts.yml b/roles/proxmox/tasks/set_facts.yml
new file mode 100644
index 0000000..7c6c9b2
--- /dev/null
+++ b/roles/proxmox/tasks/set_facts.yml
@@ -0,0 +1,26 @@
+---
+- name: Set fact for main proxmox cluster configuration
+  ansible.builtin.set_fact:
+    __proxmox__clusters: "{{ __proxmox__clusters | default([]) + cluster_config }}"
+  vars:
+    cluster_inventory: "{{ lookup('ansible.builtin.inventory_hostnames', item) | split(',') }}"
+    cluster_query: "{{ __proxmox__cluster_query | replace('__MEMBERS__', ('[`' + (cluster_inventory | join('`,`')) + '`]')) }}"
+    cluster_config: "{{ dict(hostvars) | community.general.json_query(cluster_query) | map('combine', proxmox__clusters[config_index]) }}"
+  loop: "{{ proxmox__clusters | map(attribute='target') }}"
+  loop_control:
+    index_var: config_index
+  delegate_to: localhost
+  run_once: true
+  when:
+    - proxmox__clusters is defined
+    - proxmox__clusters | length > 0
+    - __proxmox__cluster_query is defined
+
+- name: Set facts for proxmox cluster configuration
+  ansible.builtin.set_fact:
+    __proxmox__clusters: "{{ __proxmox__clusters | default([]) + cluster_config }}"
+  vars:
+    __proxmox__play: "{{ __proxmox__clusters | selectattr('host', 'equalto', inventory_hostname) | default(None) | first }}"
+  when:
+    - __proxmox__clusters | length > 0
+    - __proxmox__play is not None
\ No newline at end of file
diff --git a/roles/proxmox/vars/main.yml b/roles/proxmox/vars/main.yml
index e099ac7..393db39 100644
--- a/roles/proxmox/vars/main.yml
+++ b/roles/proxmox/vars/main.yml
@@ -48,4 +48,7 @@ __proxmox__purpose_packages: >-
 __proxmox_cluster_links: >-
     {%- set proxmox_links = [] -%}
     {%- if proxmox__manage_purpose_package_setup is defined and proxmox__manage_purpose_package_setup and proxmox__all.purposes is defined -%}
-    {%- endif -%}
\ No newline at end of file
+    {%- endif -%}
+
+__proxmox__cluster_query: '*.{host: inventory_hostname, fqdn: ansible_facts.fqdn, hostname: ansible_facts.hostname, links: proxmox__cluster_links} |
+    [?not_null(links) && contains(__MEMBERS__, host)]'
\ No newline at end of file