feat(ansible): restructure Ansible configuration and add essential files for infrastructure management

2026-04-13 19:34:39 -04:00 · 2026-04-13 19:34:39 -04:00 · 7a3ba409e6
commit 7a3ba409e6
parent e16f98a183
8 changed files with 207 additions and 9 deletions
--- a/ansible/.ansible-lint
+++ b/ansible/.ansible-lint
@ -20,15 +20,12 @@ skip_list:
 exclude_paths:
  - .cache/
  - .git/
+  - archive/               # Legacy reference files
  - roles/external/        # Don't lint roles downloaded from Galaxy

-# Enforce specific tagging for organization
-require_status:
-  - shared
-  - production
+# Enable offline mode for airgapped environments
+offline: false

-# Custom configurations for specific rules
-# Ensures we always use Fully Qualified Collection Names (FQCN)
+# Enable FQCN enforcement (Fully Qualified Collection Names)
 # e.g., ansible.builtin.copy instead of just 'copy'
-fqcn:
-  - ansible.builtin
+# This is now enforced by the 'safety' profile by default
--- a/ansible/README.md
+++ b/ansible/README.md
@ -1 +1,47 @@
-# ansible folder
+# Ansible Infrastructure Automation
+
+This directory contains the Ansible automation framework for homelab infrastructure management.
+
+## 📁 Directory Structure
+
+```
+ansible/
+├── .ansible-lint              # Linting rules (enforces safety & best practices)
+├── .ansible-standards.md      # Architectural standards and conventions
+├── DEVELOPMENT-SETUP.md       # Control node setup requirements
+├── README.md                  # This file
+└── archive/                   # ⚠️ REFERENCE ONLY - Legacy implementation
+```
+
+---
+
+## ⚠️ Important: Archive Directory
+
+**The `archive/` directory contains the previous iteration of the Ansible infrastructure.**
+
+- **Purpose:** Reference and migration source only
+- **Status:** Not actively maintained
+- **Action:** Do NOT execute playbooks or use configurations directly from `archive/`
+- **Migration Status:** In progress - components are being refactored into the new structure
+
+---
+
+## 🚀 Getting Started
+
+### Prerequisites
+
+Refer to [DEVELOPMENT-SETUP.md](DEVELOPMENT-SETUP.md) for:
+- Required CLI tools (ansible-core, ansible-lint, proxmoxer)
+- VSCode extensions (recommended for development)
+- SSH key generation and vault configuration
+
+### Control Node Setup
+
+Watchtower (10.0.0.200) is the designated Ansible control node for this lab.
+
+---
+
+## 📚 Additional Resources
+
+- **Standards:** See [.ansible-standards.md](.ansible-standards.md) for architectural requirements
+- **Legacy Documentation:** Available in `archive/documentation/` for historical reference
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@ -0,0 +1,36 @@
+[defaults]
+# Inventory configuration
+inventory = inventory/hosts.ini
+host_key_checking = False
+deprecation_warnings = False
+interpreter_python = auto_silent
+
+# Paths (relative to this ansible/ directory)
+roles_path = ./roles:~/.ansible/roles:/usr/share/ansible/roles
+
+# Vault configuration
+vault_password_file = vault/.vault_pass
+
+# Performance tuning
+forks = 5
+timeout = 30
+gathering = smart
+fact_caching = jsonfile
+fact_caching_connection = /tmp/ansible_facts
+fact_caching_timeout = 3600
+
+# Callbacks for better output
+callbacks_enabled = timer, profile_tasks
+
+# Logging
+log_path = ansible.log
+
+[privilege_escalation]
+become = True
+become_method = sudo
+become_user = root
+become_ask_pass = False
+
+[ssh_connection]
+ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
+pipelining = True
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -0,0 +1,37 @@
+---
+# Global variables for all hosts
+# These apply to every host in the inventory unless overridden
+
+# Network Configuration
+network:
+  gateway: 10.0.0.2
+  dns_servers:
+    - 10.0.0.2
+    - 8.8.8.8
+  subnet: 10.0.0.0/24
+
+# Time and Locale
+timezone: America/New_York
+locale: en_US.UTF-8
+
+# SSH Configuration
+ssh_port: 22
+ssh_key_type: ed25519
+
+# Docker Configuration
+docker:
+  version: latest
+  compose_version: latest
+  registry_mirrors: []
+
+# Security Defaults
+security:
+  ufw_enabled: false
+  fail2ban_enabled: false
+  automatic_updates: true
+
+# Maintenance Windows
+maintenance:
+  reboot_allowed: true
+  reboot_time: "03:00"
+  update_cache_valid_time: 3600
--- a/ansible/inventory/hosts.ini
+++ b/ansible/inventory/hosts.ini
@ -0,0 +1,29 @@
+# Ansible Inventory for Homelab Infrastructure
+# This is the active inventory - do NOT use archive/inventory/hosts.ini
+
+# =============================================================================
+# Control Plane
+# =============================================================================
+[control_plane]
+watchtower ansible_host=10.0.0.200 ansible_user=chester
+
+# =============================================================================
+# Add your managed nodes below
+# =============================================================================
+
+# Example structure:
+# [docker_swarm_managers]
+# heimdall ansible_host=10.0.0.X ansible_user=chester
+
+# [docker_swarm_workers]
+# waldorf ansible_host=10.0.0.X ansible_user=chester
+
+# [proxmox_cluster]
+# pve-node1 ansible_host=10.0.0.X ansible_user=root
+
+# =============================================================================
+# Group Variables
+# =============================================================================
+[all:vars]
+ansible_python_interpreter=/usr/bin/python3
+ansible_ssh_private_key_file=~/.ssh/id_ed25519
--- a/ansible/playbooks/test-connection.yml
+++ b/ansible/playbooks/test-connection.yml
@ -0,0 +1,14 @@
+---
+# Test playbook to verify Ansible control node setup
+# Usage: ansible-playbook playbooks/test-connection.yml
+
+- name: Test connection to all hosts
+  hosts: all
+  gather_facts: true
+  tasks:
+    - name: Ping all hosts
+      ansible.builtin.ping:
+
+    - name: Display host information
+      ansible.builtin.debug:
+        msg: "Connected to {{ inventory_hostname }} ({{ ansible_host }})"
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -0,0 +1,33 @@
+---
+# Ansible Galaxy requirements
+# Install with: ansible-galaxy install -r requirements.yml
+#
+# This file tracks all external collections and roles required by this repository.
+# Version pinning ensures reproducible deployments.
+#
+# Last updated: 2026-01-10
+
+collections:
+  # Community General Collection
+  # Used for: proxmox modules, docker modules, general utilities
+  # Docs: https://docs.ansible.com/ansible/latest/collections/community/general/
+  - name: community.general
+    version: ">=8.0.0"
+
+  # Community Docker Collection
+  # Used for: docker_swarm, docker_container, docker_network modules
+  # Docs: https://docs.ansible.com/ansible/latest/collections/community/docker/
+  - name: community.docker
+    version: ">=3.0.0"
+
+  # Ansible POSIX Collection
+  # Used for: authorized_key, synchronize, sysctl modules
+  # Docs: https://docs.ansible.com/ansible/latest/collections/ansible/posix/
+  - name: ansible.posix
+    version: ">=1.5.0"
+
+# roles:
+  # Add external roles here as needed
+  # Example:
+  # - name: geerlingguy.docker
+  #   version: "6.1.0"
--- a/ansible/vault/.gitignore
+++ b/ansible/vault/.gitignore
@ -0,0 +1,6 @@
+# Vault password files should NEVER be committed
+.vault_pass
+*.vault_pass
+
+# Encrypted variables can be committed
+# vault.yml