mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-05-06 04:14:43 +00:00
Rasmus "Pez" Wejlgaard
431c65065a
* Add Docker official apt repo to docker role The docker role was installing docker-compose-plugin which is only available from Docker's official apt repository. helsinki-a had it configured manually, but london-b and copenhagen-a did not, causing deploy failures. Now the role: - Adds Docker's GPG key and apt repo (handles both Debian and Ubuntu) - Installs docker-ce, docker-ce-cli, containerd.io, docker-compose-plugin - Removes conflicting stock packages (docker.io, docker-compose) * fix: resolve yamllint violations in docker role - Remove standalone comment blocks that caused indentation errors - Collapse multiline repo string to single line - Ensure document start marker is present * fix: keep all lines under 160 chars for yamllint Use set_fact to build the Docker repo line in parts instead of one long inline string. * fix: resolve yamllint errors in london-b host_vars and promtail config - Remove trailing blank line in inventory/host_vars/london-b.yml - Add missing document start marker to promtail config - Fix indentation in promtail scrape_configs (indent list items under key) * Remove ansible-lint on push, keep PR-only Lint already runs on pull_request — no need to double up on push to main. |
||
|---|---|---|
| .. | ||
| dotfiles | ||
| group_vars/all | ||
| inventory | ||
| playbooks | ||
| roles | ||
| scripts | ||
| services | ||
| .yamllint | ||
| ansible.cfg | ||
| deploy.yml | ||
| Makefile | ||
| README.md | ||
| requirements.yml | ||
Ansible — Deploy & Maintain
One-command deploy playbook for rebuilding hosts from repo state.
Quick Start
cd ansible/
# Install dependencies
make deps
# Dry run — see what would change
make deploy-check
# Deploy everything
make deploy
# Deploy a single host
make deploy-host HOST=helsinki-a
Playbooks
| Playbook | Purpose | Usage |
|---|---|---|
deploy.yml |
Full host rebuild from repo | make deploy or --limit <host> |
playbooks/update-all.yml |
OS package updates (all hosts) | make update-all |
playbooks/update-linux.yml |
Linux-only updates (apt + apk) | make update-linux |
playbooks/update-freebsd.yml |
FreeBSD-only updates (pkg) | make update-freebsd |
playbooks/docker-status.yml |
Show running containers | make docker-status |
playbooks/reboot.yml |
Safe reboot with pre-flight | make reboot HOST=<host> |
Deploy Stages
The deploy playbook runs in stages, each independently taggable:
- common — Baseline packages, SSH hardening, fish shell
- docker — Docker engine on container hosts
- node-exporter — Prometheus monitoring agent on all hosts
- services — Per-host service deployment:
helsinki-a: Caddy reverse proxylondon-b: Docker Compose services (Nextcloud, Jellyseer, etc.)nuremberg-a: poste.io mailcopenhagen-a: Minecraft + MaNGOS systemd serviceslondon-a: Prometheus + Grafana (FreeBSD)
- verify — Post-deploy health check
Run a single stage: ansible-playbook deploy.yml --tags docker
Roles
| Role | Description |
|---|---|
common |
Base packages, SSH hardening, fish shell |
docker |
Docker engine install and setup |
docker-services |
Deploy compose files from services/ |
dotfiles |
Shell config from dotfiles/ |
caddy |
Caddy reverse proxy (helsinki-a) |
node-exporter |
Prometheus node_exporter |
systemd-services |
Custom systemd units from services/ |
Inventory
Hosts are grouped by OS and role. All use Tailscale IPs, SSH as root.
Per-host variables in inventory/host_vars/<hostname>.yml.
Safety Notes
- london-b: Reboot playbook requires interactive confirmation (critical storage)
- copenhagen-a: Reboot includes netplan pre-flight check (static IP verification)
- All playbooks use
ignore_unreachable: truefor fleet operations --check --diffis your friend — always dry-run first on production