# Ansible This directory contains host-level automation. It bootstraps machines, installs K3s, prepares storage, and manages services that intentionally run outside the cluster. ## Inventory `inventory.yaml` defines three groups: | Group | Host | Purpose | | --- | --- | --- | | `k3s_server` | `minisforum` | K3s server at `192.168.7.77` | | `k3s_agents` | `debian` | K3s agent and NFS storage at `192.168.7.183` | | `mac_mini` | `mac-mini` | Docker/Ollama host at `192.168.7.96` | All hosts use the `nik` user and the SSH key configured in `inventory.yaml`. ## Common Playbooks ```bash ansible-playbook -i ansible/inventory.yaml ansible/playbooks/bootstrap-minisforum.yaml -K ansible-playbook -i ansible/inventory.yaml ansible/playbooks/setup-k3s.yaml -K ansible-playbook -i ansible/inventory.yaml ansible/playbooks/setup-nfs-debian.yaml -K ansible-playbook -i ansible/inventory.yaml ansible/playbooks/join-debian-agent.yaml -K ``` Additional services: ```bash export GITEA_RUNNER_TOKEN=... ansible-playbook -i ansible/inventory.yaml ansible/playbooks/setup-monitoring.yaml -K ansible-playbook -i ansible/inventory.yaml ansible/playbooks/setup-gitea-runner.yaml -K ansible-playbook -i ansible/inventory.yaml ansible/playbooks/setup-glances-debian.yaml -K ansible-playbook -i ansible/inventory.yaml ansible/playbooks/setup-ollama.yaml -K ansible-playbook -i ansible/inventory.yaml ansible/playbooks/deploy-watch-party.yaml ansible-playbook -i ansible/inventory.yaml ansible/playbooks/wireguard.yaml -K ``` ## Roles | Role | Responsibility | | --- | --- | | `common` | Packages, user setup, firewall, base data directories | | `k3s-server` | K3s server install, kubeconfig fetch, Helm install, primary node label | | `k3s-agent` | K3s agent join and storage node label | | `nfs-server` | Export `/mnt/storage` from Debian to the K3s server | | `monitoring` | Host directories and ownership for Prometheus/Loki | | `gitea-runner` | Gitea Actions runner systemd service | | `glances` | Host-level Glances service | | `ollama` | Ollama service on the Mac Mini | | `watch-party` | Watch Party Docker Compose deployment on the Mac Mini | | `wireguard` | WireGuard server configuration | | `homeassistant` | Legacy standalone Home Assistant deployment | ## Notes - K3s version is set in `roles/k3s-server/defaults/main.yaml` and `roles/k3s-agent/defaults/main.yaml`. - `setup-gitea-runner.yaml` reads `GITEA_RUNNER_TOKEN` from the local environment. - The K3s role disables bundled Traefik because Traefik is managed by Argo CD. - The Debian storage role exports `/mnt/storage`; several Kubernetes manifests mount that export directly. - Keep host automation idempotent where practical. These playbooks are meant to be rerunnable during rebuilds.