RWejlgaard/pez-infra
1
0
Fork 0
mirror of https://github.com/RWejlgaard/pez-infra.git synced 2026-05-06 04:14:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
pez-infra/ansible
History
Rasmus Wejlgaard 39e3835c33 Clean up stale DNS records and Caddyfile entries 
Remove webdav.pez.sh DNS record (WebDAV replaced by Nextcloud AIO on cloud.pez.sh)
Remove alertmanager.pez.sh DNS record and Caddyfile block (Alertmanager not running on london-a)
Remove status-https HTTPS record pointing to old statuspage.io (status.pez.sh is self-hosted on helsinki-a)
Remove commented-out WebDAV block from Caddyfile
Remove empty section headers for decommissioned hosts (london-c, copenhagen-b, copenhagen-c)

Closes PESO-102
2026-03-30 20:11:36 +00:00
..
dotfiles remove pr-test.yml 2026-03-28 13:11:34 +00:00
group_vars/all initial commit 2026-03-28 12:39:41 +00:00
inventory Add Docker official apt repo to docker role (#24) 2026-03-29 21:11:33 +01:00
playbooks Add ZFS management role: scrub scheduling and pool monitoring (#18) 2026-03-29 19:12:42 +01:00
roles fix: remove docker-compose-v2 before installing docker-compose-plugin 2026-03-30 18:08:50 +00:00
scripts Capture london-b media stack and systemd services (#19) 2026-03-29 19:13:48 +01:00
services Clean up stale DNS records and Caddyfile entries 2026-03-30 20:11:36 +00:00
.yamllint ignore all SOPS-encrypted files in yamllint 2026-03-28 18:50:08 +00:00
ansible.cfg initial commit 2026-03-28 12:39:41 +00:00
deploy.yml Capture london-b media stack and systemd services (#19) 2026-03-29 19:13:48 +01:00
Makefile initial commit 2026-03-28 12:39:41 +00:00
README.md initial commit 2026-03-28 12:39:41 +00:00
requirements.yml initial commit 2026-03-28 12:39:41 +00:00

README.md

Ansible — Deploy & Maintain

One-command deploy playbook for rebuilding hosts from repo state.

Quick Start

cd ansible/

# Install dependencies
make deps

# Dry run — see what would change
make deploy-check

# Deploy everything
make deploy

# Deploy a single host
make deploy-host HOST=helsinki-a

Playbooks

Playbook Purpose Usage
deploy.yml Full host rebuild from repo make deploy or --limit <host>
playbooks/update-all.yml OS package updates (all hosts) make update-all
playbooks/update-linux.yml Linux-only updates (apt + apk) make update-linux
playbooks/update-freebsd.yml FreeBSD-only updates (pkg) make update-freebsd
playbooks/docker-status.yml Show running containers make docker-status
playbooks/reboot.yml Safe reboot with pre-flight make reboot HOST=<host>

Deploy Stages

The deploy playbook runs in stages, each independently taggable:

  1. common — Baseline packages, SSH hardening, fish shell
  2. docker — Docker engine on container hosts
  3. node-exporter — Prometheus monitoring agent on all hosts
  4. services — Per-host service deployment:
    • helsinki-a: Caddy reverse proxy
    • london-b: Docker Compose services (Nextcloud, Jellyseer, etc.)
    • nuremberg-a: poste.io mail
    • copenhagen-a: Minecraft + MaNGOS systemd services
    • london-a: Prometheus + Grafana (FreeBSD)
  5. verify — Post-deploy health check

Run a single stage: ansible-playbook deploy.yml --tags docker

Roles

Role Description
common Base packages, SSH hardening, fish shell
docker Docker engine install and setup
docker-services Deploy compose files from services/
dotfiles Shell config from dotfiles/
caddy Caddy reverse proxy (helsinki-a)
node-exporter Prometheus node_exporter
systemd-services Custom systemd units from services/

Inventory

Hosts are grouped by OS and role. All use Tailscale IPs, SSH as root. Per-host variables in inventory/host_vars/<hostname>.yml.

Safety Notes

  • london-b: Reboot playbook requires interactive confirmation (critical storage)
  • copenhagen-a: Reboot includes netplan pre-flight check (static IP verification)
  • All playbooks use ignore_unreachable: true for fleet operations
  • --check --diff is your friend — always dry-run first on production