From 2d680cec4ef32478db3d0b686668817e6db77cfc Mon Sep 17 00:00:00 2001
From: Tellsanguis <mael.bene@tellserv.fr>
Date: Tue, 9 Dec 2025 13:44:57 +0100
Subject: [PATCH] Ajout snippets cloud-init

---
 snippets/README.md                    | 34 ++++++++++++++++++
 snippets/cloud-init-etcd-witness.yaml | 50 +++++++++++++++++++++++++++
 snippets/cloud-init-k3s-server-1.yaml | 50 +++++++++++++++++++++++++++
 snippets/cloud-init-k3s-server-2.yaml | 50 +++++++++++++++++++++++++++
 4 files changed, 184 insertions(+)
 create mode 100644 snippets/README.md
 create mode 100644 snippets/cloud-init-etcd-witness.yaml
 create mode 100644 snippets/cloud-init-k3s-server-1.yaml
 create mode 100644 snippets/cloud-init-k3s-server-2.yaml

diff --git a/snippets/README.md b/snippets/README.md
new file mode 100644
index 0000000..251f895
--- /dev/null
+++ b/snippets/README.md
@@ -0,0 +1,34 @@
+# Cloud-Init Snippets pour Proxmox
+
+## Avant l'upload
+
+Remplace les placeholders dans chaque fichier YAML :
+
+- `YOUR_SSH_PUBLIC_KEY` : Ta clé SSH publique
+- `YOUR_FORGEJO_REPO_URL` : URL du dépôt Forgejo (ex: https://forgejo.tellserv.fr/Tellsanguis/Homelab.git)
+- `YOUR_FORGEJO_TOKEN` : Token Forgejo
+- `YOUR_K3S_TOKEN` : Token K3S cluster
+
+## Upload via interface Proxmox
+
+### acemagician (k3s-server-1)
+1. Proxmox → acemagician → Datacenter → Storage → local
+2. Content → Snippets → Upload
+3. Upload `cloud-init-k3s-server-1.yaml`
+
+### elitedesk (k3s-server-2)
+1. Proxmox → elitedesk → Datacenter → Storage → local
+2. Content → Snippets → Upload
+3. Upload `cloud-init-k3s-server-2.yaml`
+
+### thinkpad (etcd-witness)
+1. Proxmox → thinkpad → Datacenter → Storage → local
+2. Content → Snippets → Upload
+3. Upload `cloud-init-etcd-witness.yaml`
+
+## Vérification
+
+Après upload, les fichiers doivent être présents dans :
+- `/var/lib/vz/snippets/cloud-init-k3s-server-1.yaml` (acemagician)
+- `/var/lib/vz/snippets/cloud-init-k3s-server-2.yaml` (elitedesk)
+- `/var/lib/vz/snippets/cloud-init-etcd-witness.yaml` (thinkpad)
diff --git a/snippets/cloud-init-etcd-witness.yaml b/snippets/cloud-init-etcd-witness.yaml
new file mode 100644
index 0000000..c7b5ccd
--- /dev/null
+++ b/snippets/cloud-init-etcd-witness.yaml
@@ -0,0 +1,50 @@
+package_upgrade: true
+packages:
+  - ansible
+  - git
+  - curl
+  - wget
+  - ca-certificates
+  - gnupg
+  - lsb-release
+users:
+  - name: ansible
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    shell: /bin/bash
+    ssh_authorized_keys:
+      - YOUR_SSH_PUBLIC_KEY
+    groups: sudo
+timezone: Europe/Paris
+write_files:
+  - path: /etc/node-role
+    content: witness
+    permissions: "0644"
+  - path: /etc/ansible-pull.conf
+    content: |
+      REPO_URL=YOUR_FORGEJO_REPO_URL
+      FORGEJO_TOKEN=YOUR_FORGEJO_TOKEN
+      K3S_VERSION=v1.28.5+k3s1
+      K3S_TOKEN=YOUR_K3S_TOKEN
+    permissions: "0600"
+  - path: /usr/local/bin/ansible-pull-wrapper.sh
+    content: |
+      #!/bin/bash
+      set -e
+      source /etc/ansible-pull.conf
+      export K3S_TOKEN
+      export FORGEJO_TOKEN
+      export REPO_URL
+      WORK_DIR="/var/lib/ansible-local"
+      mkdir -p $WORK_DIR
+      cd $WORK_DIR
+      REPO_WITH_AUTH=$(echo $REPO_URL | sed "s|https://|https://git:$FORGEJO_TOKEN@|")
+      if [ -d ".git" ]; then
+        git pull origin main 2>&1 | logger -t ansible-pull
+      else
+        git clone $REPO_WITH_AUTH . 2>&1 | logger -t ansible-pull
+      fi
+      ansible-playbook ansible/site.yml -i localhost, --connection=local -e "k3s_version=$K3S_VERSION" 2>&1 | logger -t ansible-pull
+    permissions: "0755"
+runcmd:
+  - echo '*/15 * * * * root /usr/local/bin/ansible-pull-wrapper.sh' > /etc/cron.d/ansible-pull
+  - sleep 60 && /usr/local/bin/ansible-pull-wrapper.sh &
diff --git a/snippets/cloud-init-k3s-server-1.yaml b/snippets/cloud-init-k3s-server-1.yaml
new file mode 100644
index 0000000..4d55fbf
--- /dev/null
+++ b/snippets/cloud-init-k3s-server-1.yaml
@@ -0,0 +1,50 @@
+package_upgrade: true
+packages:
+  - ansible
+  - git
+  - curl
+  - wget
+  - ca-certificates
+  - gnupg
+  - lsb-release
+users:
+  - name: ansible
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    shell: /bin/bash
+    ssh_authorized_keys:
+      - YOUR_SSH_PUBLIC_KEY
+    groups: sudo
+timezone: Europe/Paris
+write_files:
+  - path: /etc/node-role
+    content: server
+    permissions: "0644"
+  - path: /etc/ansible-pull.conf
+    content: |
+      REPO_URL=YOUR_FORGEJO_REPO_URL
+      FORGEJO_TOKEN=YOUR_FORGEJO_TOKEN
+      K3S_VERSION=v1.28.5+k3s1
+      K3S_TOKEN=YOUR_K3S_TOKEN
+    permissions: "0600"
+  - path: /usr/local/bin/ansible-pull-wrapper.sh
+    content: |
+      #!/bin/bash
+      set -e
+      source /etc/ansible-pull.conf
+      export K3S_TOKEN
+      export FORGEJO_TOKEN
+      export REPO_URL
+      WORK_DIR="/var/lib/ansible-local"
+      mkdir -p $WORK_DIR
+      cd $WORK_DIR
+      REPO_WITH_AUTH=$(echo $REPO_URL | sed "s|https://|https://git:$FORGEJO_TOKEN@|")
+      if [ -d ".git" ]; then
+        git pull origin main 2>&1 | logger -t ansible-pull
+      else
+        git clone $REPO_WITH_AUTH . 2>&1 | logger -t ansible-pull
+      fi
+      ansible-playbook ansible/site.yml -i localhost, --connection=local -e "k3s_version=$K3S_VERSION" 2>&1 | logger -t ansible-pull
+    permissions: "0755"
+runcmd:
+  - echo '*/15 * * * * root /usr/local/bin/ansible-pull-wrapper.sh' > /etc/cron.d/ansible-pull
+  - sleep 60 && /usr/local/bin/ansible-pull-wrapper.sh &
diff --git a/snippets/cloud-init-k3s-server-2.yaml b/snippets/cloud-init-k3s-server-2.yaml
new file mode 100644
index 0000000..4d55fbf
--- /dev/null
+++ b/snippets/cloud-init-k3s-server-2.yaml
@@ -0,0 +1,50 @@
+package_upgrade: true
+packages:
+  - ansible
+  - git
+  - curl
+  - wget
+  - ca-certificates
+  - gnupg
+  - lsb-release
+users:
+  - name: ansible
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    shell: /bin/bash
+    ssh_authorized_keys:
+      - YOUR_SSH_PUBLIC_KEY
+    groups: sudo
+timezone: Europe/Paris
+write_files:
+  - path: /etc/node-role
+    content: server
+    permissions: "0644"
+  - path: /etc/ansible-pull.conf
+    content: |
+      REPO_URL=YOUR_FORGEJO_REPO_URL
+      FORGEJO_TOKEN=YOUR_FORGEJO_TOKEN
+      K3S_VERSION=v1.28.5+k3s1
+      K3S_TOKEN=YOUR_K3S_TOKEN
+    permissions: "0600"
+  - path: /usr/local/bin/ansible-pull-wrapper.sh
+    content: |
+      #!/bin/bash
+      set -e
+      source /etc/ansible-pull.conf
+      export K3S_TOKEN
+      export FORGEJO_TOKEN
+      export REPO_URL
+      WORK_DIR="/var/lib/ansible-local"
+      mkdir -p $WORK_DIR
+      cd $WORK_DIR
+      REPO_WITH_AUTH=$(echo $REPO_URL | sed "s|https://|https://git:$FORGEJO_TOKEN@|")
+      if [ -d ".git" ]; then
+        git pull origin main 2>&1 | logger -t ansible-pull
+      else
+        git clone $REPO_WITH_AUTH . 2>&1 | logger -t ansible-pull
+      fi
+      ansible-playbook ansible/site.yml -i localhost, --connection=local -e "k3s_version=$K3S_VERSION" 2>&1 | logger -t ansible-pull
+    permissions: "0755"
+runcmd:
+  - echo '*/15 * * * * root /usr/local/bin/ansible-pull-wrapper.sh' > /etc/cron.d/ansible-pull
+  - sleep 60 && /usr/local/bin/ansible-pull-wrapper.sh &