I made this project just for fun, it allows you to create a proxmox host on Hetzner BareMetal
- Debian full crypted ROOT partition
- Install OPNsense as a router. Fake the MAC Address if tge primary Interface and bridged to WAN
- Autoinstall OPNsense (still in progress..)
- Create Backup of OPNsense after setup
- Create Cloud-INIT Images
- Install Proxmox Backup Server
ansible-galaxy collection install community.hrobot
- Need for Hetzner API- Tested on Hetzner Bare Metal EX43 at FSN1-DC7 - last successfully run 27.02.2023 (storage & opnsense)
- Tested on Hetzner Bare Metal EX43 at HEL1 - last successfully run 19.10.2022 (full)
- Tested on Hetzner Bare Metal Server Auction - CPUIntel Core i9-12900K - 2 x nvme - 02.10.2023 (full)
hetzner_pbs_setup
[default:true
]: Install Proxmox Backup Serverhetzner_pve_autorescue
[default:true
]: Set rescue mode automaticly and generate SSH Key if not presenthetzner_pve_hetzner_api_user
[default:secret
]: Hetzner API userhetzner_pve_hetzner_api_pass
[default:secret
]: Hetzner API passwordhetzner_pve_luks_pass
[default:secret
]: Luks encryption passwordhetzner_pve_ssh_keys
[default:secret
]: Your SSH Pubkey to login (openssh,busybox boot) - If no SSH Key is provided, ansible will create a new one at~/.ssh/id_ed25519_ansible
hetzner_pve_acme_mail
[default:[email protected]
]: Mail address for acme by letsencrypthetzner_pve_acme_domain
[default:vmhost.domain.com
]: fqdn from your vmhost - must reachable from externalhetzner_pve_storagebox_server
: storagebox / cifs account to automounthetzner_pve_custom_packages
: list of custom packages to installhetzner_pve_setup_opnsense
[default:true
]: Provision a OPNsense vm Firewallhetzner_pve_setup_opnsense_force
[default:true
]: Destroy the old vm and recreatehetzner_pve_setup_opnsense_enable_ipv6
[default:false
]: Enable IPV6hetzner_pve_setup_opnsense_settings_lan_dhcpd
[default:true
]: Start DHCP on LAN Bridgehetzner_pve_setup_opnsense_user
[default:ansible
]: Create a ansible user for ansiblehetzner_pve_network_lan_subnet
[default: 24"]: Internal LAN Subnethetzner_pve_network_lan_ip
[default: "192.168.49.2"]: Internal LAN IP for Proxmoxhetzner_pve_network_vm_lan_ip
[default: "192.168.49.254"]: Internal LAN IP for OPNsensehetzner_pve_network_vm_lan_dhcp_from
[default: "192.168.49.100"]: OPNsense DHCP range starthetzner_pve_network_vm_lan_dhcp_to
[default: "192.168.49.150"]: OPNsense DHCP range end
-
ansible-playbook playbook.yml -i inventory/hosts
-
When playbook finished
Please change OPNsense password!!! Gui is only reachable by {{ ipify_public_ip }} OPNsense GUI: https://{{ ansible_host }} Username: root Password: opnsense Proxmox GUI: https://{{ ansible_host }}:{{ hetzner_pve_setup_opnsense_fwd_proxmox_gui_port }} Username: root Password: <yoursecret>
-
Inside
tool
folder, there are some utils to help with development/debugging.Please edit tool/.env file accordingly and run: cd tool . run # Run playbook.yml with default settings . run _TST_ # Run tool/test.yml with default settings; this can be useful to execute specific tasks from the playbook.yml, in isolation . run _RSC_ --nh 0 && . run -vvv # Run tool/rescue.yml in same thread and after run main playbook with verbosity level 1 and NOHUP activated . run --help # shows the help page of this tool
- Testing and improvements