ansible_samba_tasks/tasks/setupacdc.yml

---
- name: Create and provision LXC container on Proxmox
  hosts: node0
  gather_facts: no
  become: yes
  become_user: root
    
  vars:
    node_ip: "{{ hostvars['node0']['ansible_host'] }}"
    mac_address: '8E:90:31:DE:31:36'

    container_id: 200
    container_template: '/var/lib/vz/template/cache/ubuntu-25.04-standard_25.04-1.1_amd64.tar.zst'
    # container_template: '/var/lib/vz/template/cache/debian-13-standard_13.1-1_amd64.tar.zst'
    # container_template: '/var/lib/vz/template/cache/debian-12-standard_12.12-1_amd64.tar.zst'
    container_ostype: ubuntu
    # container_ostype: debian
    container_hostname: '{{ addc_hostname }}'
    container_password: '{{ addc_admin_password }}'
    container_storage: local-lvm
    container_rootfs_size: 8G
    container_memory: 1024
    container_swap: 256
    container_cores: 2
    container_net: name=eth0,bridge=vmbr0,ip={{ addc_ansible_host }}/24,gw={{ location_gateway }},hwaddr={{ mac_address }}
    container_features: 'keyctl=1,nesting=1,mount=cifs'
    container_description: default lxc
    container_onboot: 1
    container_protection: 0
    container_unprivileged: 1
    container_pubkey: '{{ ssh_public_keys[0] }}'
    container_tags: 
      - ansible_managed
      - test

  tasks:

    - name: Combine SSH public keys into one file
      ansible.builtin.copy:
        dest: '{{ ssh_keys_file }}'
        content: |
          {% for key in ssh_public_keys %}
          {{ key }}
          {% endfor %}
        mode: '0644'

    - name: debug
      # Comment
      ansible.builtin.debug:
        msg: 'Hello world! {{ container_password }}'
        verbosity: 0
    

    - name: Create LXC container {{ container_hostname }} with id {{ container_id }} using pct command on shell
      ansible.builtin.shell: |
        set -e
        pct create {{ container_id }} {{ container_template }} \
          -ostype {{ container_ostype }} \
          -hostname {{ container_hostname }} \
          -password '{{ container_password }}' \
          -ssh-public-keys '{{ ssh_keys_file }}' \
          -cores {{ container_cores }} \
          -memory {{ container_memory }} \
          -swap {{ container_swap }} \
          -net0 '{{container_net}}' \
          -storage {{ container_storage }} \
          -description '{{ container_description }}' \
          -onboot {{ container_onboot }} \
          -protection {{ container_protection }} \
          -unprivileged {{ container_unprivileged }} \
          -tags '{{ container_tags | join(',') }}' \
          -features '{{ container_features }}'
      args:
        creates: '/etc/pve/lxc/{{ container_id }}.conf'
      no_log: false
# -password {{ container_password }} \
# -rootfs {{ container_storage }}:{{ container_id }}/vm-{{ container_id }}-disk-0.raw,size=7G \
   
# -timezone: {{ localization_timezone }} \

    - name: Check if LXC container {{ container_hostname }} is running
      ansible.builtin.command:
        cmd: pct status {{ container_id }}
      register: pct_status
      changed_when: false

    - name: Start the LXC container {{ container_hostname }} if stopped
      ansible.builtin.command:
        cmd: pct start {{ container_id }}
      when: "'status: stopped' in pct_status.stdout"
      register: start_result
      changed_when: "'status: stopped' in pct_status.stdout"

    - name: Wait until container has an IP address
      ansible.builtin.shell: "pct exec {{ container_id }} -- hostname -I | awk '{print $1}'"
      register: lxc_ip
      until: lxc_ip.stdout != ''
      retries: 10
      delay: 5
      changed_when: false
      failed_when: lxc_ip.stdout == ''

    - name: Wait for SSH to become available
      ansible.builtin.wait_for:
        host: '{{ lxc_ip.stdout }}'
        port: 22
        delay: 5
        timeout: 60
      retries: 10
      delay: 5
      changed_when: false

# --- DC‑1 Provisioning Play --------------------------------------------

- name: Provision dc1 LXC
  hosts: dc1
  gather_facts: true
  become: true

  # vars:
  #   addc_admin_password: '{{ addc_adminpass }}'

  tasks:

  # - name: Ensure SSH authorized keys are present
  #   ansible.posix.authorized_key:
  #     user: root
  #     key: '{{ item }}'
  #     state: present
  #   loop: '{{ ssh_public_keys }}'

  - name: Install useful packages
    ansible.builtin.package:
      name:
        - nano
        - tzdata
        # - openssh-server
      state: present

  - name: Update all packages, autoclean, and autoremove
    ansible.builtin.apt:
      name: '*'
      state: latest
      autoclean: yes
      autoremove: yes
      purge: true

  - name: Set timezone to {{ localization_timezone }}
    community.general.timezone:
      name: '{{ localization_timezone }}'
    notify: Restart sshd
    tags: [timezone]

  - name: Ensure update-manager-core is installed
    ansible.builtin.apt:
      name: update-manager-core
      state: present
      update_cache: true

  - name: Run Ubuntu release upgrade (non-interactive)
    ansible.builtin.command:
      cmd: do-release-upgrade -f DistUpgradeViewNonInteractive
    register: upgrade_output
    changed_when: "'No new release found' not in upgrade_output.stdout"

  - name: Reboot if kernel updated
    ansible.builtin.reboot:
      msg: "Rebooting after Ubuntu upgrade"
      connect_timeout: 5
      reboot_timeout: 600
    when: upgrade_output is changed


  - name: Deploy the Samba AD DC role
    ansible.builtin.include_role:
      name: ansible_samba_ad_dc
      
# --- Global Handlers ----------------------------------------------

  handlers:
    - name: Restart sshd
      ansible.builtin.service:
        name: ssh
        state: restarted
      when: localization_timezone | bool