RWejlgaard/pez-infra
1
0
Fork 0
mirror of https://github.com/RWejlgaard/pez-infra.git synced 2026-05-06 04:14:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
pez-infra/ansible/README.md
Rasmus Wejlgaard 737d6e0bc1 initial commit
2026-03-28 12:39:41 +00:00

73 lines
2.4 KiB
Markdown
Raw Blame History

# Ansible — Deploy & Maintain
One-command deploy playbook for rebuilding hosts from repo state.
## Quick Start
```bash
cd ansible/
# Install dependencies
make deps
# Dry run — see what would change
make deploy-check
# Deploy everything
make deploy
# Deploy a single host
make deploy-host HOST=helsinki-a
```
## Playbooks
| Playbook | Purpose | Usage |
|----------|---------|-------|
| `deploy.yml` | Full host rebuild from repo | `make deploy` or `--limit <host>` |
| `playbooks/update-all.yml` | OS package updates (all hosts) | `make update-all` |
| `playbooks/update-linux.yml` | Linux-only updates (apt + apk) | `make update-linux` |
| `playbooks/update-freebsd.yml` | FreeBSD-only updates (pkg) | `make update-freebsd` |
| `playbooks/docker-status.yml` | Show running containers | `make docker-status` |
| `playbooks/reboot.yml` | Safe reboot with pre-flight | `make reboot HOST=<host>` |
## Deploy Stages
The deploy playbook runs in stages, each independently taggable:
1. **common** — Baseline packages, SSH hardening, fish shell
2. **docker** — Docker engine on container hosts
3. **node-exporter** — Prometheus monitoring agent on all hosts
4. **services** — Per-host service deployment:
- `helsinki-a`: Caddy reverse proxy
- `london-b`: Docker Compose services (Nextcloud, Jellyseer, etc.)
- `nuremberg-a`: poste.io mail
- `copenhagen-a`: Minecraft + MaNGOS systemd services
- `london-a`: Prometheus + Grafana (FreeBSD)
5. **verify** — Post-deploy health check
Run a single stage: `ansible-playbook deploy.yml --tags docker`
## Roles
| Role | Description |
|------|-------------|
| `common` | Base packages, SSH hardening, fish shell |
| `docker` | Docker engine install and setup |
| `docker-services` | Deploy compose files from `services/` |
| `dotfiles` | Shell config from `dotfiles/` |
| `caddy` | Caddy reverse proxy (helsinki-a) |
| `node-exporter` | Prometheus node_exporter |
| `systemd-services` | Custom systemd units from `services/` |
## Inventory
Hosts are grouped by OS and role. All use Tailscale IPs, SSH as root.
Per-host variables in `inventory/host_vars/<hostname>.yml`.
## Safety Notes
- **london-b**: Reboot playbook requires interactive confirmation (critical storage)
- **copenhagen-a**: Reboot includes netplan pre-flight check (static IP verification)
- All playbooks use `ignore_unreachable: true` for fleet operations
- `--check --diff` is your friend — always dry-run first on production
Reference in a new issue View git blame Copy permalink