homelab/ansible/README.md

67 lines
2.7 KiB
Markdown

# Ansible
This directory contains host-level automation. It bootstraps machines, installs
K3s, prepares storage, and manages services that intentionally run outside the
cluster.
## Inventory
`inventory.yaml` defines three groups:
| Group | Host | Purpose |
| --- | --- | --- |
| `k3s_server` | `minisforum` | K3s server at `192.168.7.77` |
| `k3s_agents` | `debian` | K3s agent and NFS storage at `192.168.7.183` |
| `mac_mini` | `mac-mini` | Docker/Ollama host at `192.168.7.96` |
All hosts use the `nik` user and the SSH key configured in `inventory.yaml`.
## Common Playbooks
```bash
ansible-playbook -i ansible/inventory.yaml ansible/playbooks/bootstrap-minisforum.yaml -K
ansible-playbook -i ansible/inventory.yaml ansible/playbooks/setup-k3s.yaml -K
ansible-playbook -i ansible/inventory.yaml ansible/playbooks/setup-nfs-debian.yaml -K
ansible-playbook -i ansible/inventory.yaml ansible/playbooks/join-debian-agent.yaml -K
```
Additional services:
```bash
export GITEA_RUNNER_TOKEN=...
ansible-playbook -i ansible/inventory.yaml ansible/playbooks/setup-monitoring.yaml -K
ansible-playbook -i ansible/inventory.yaml ansible/playbooks/setup-gitea-runner.yaml -K
ansible-playbook -i ansible/inventory.yaml ansible/playbooks/setup-glances-debian.yaml -K
ansible-playbook -i ansible/inventory.yaml ansible/playbooks/setup-ollama.yaml -K
ansible-playbook -i ansible/inventory.yaml ansible/playbooks/deploy-watch-party.yaml
ansible-playbook -i ansible/inventory.yaml ansible/playbooks/wireguard.yaml -K
```
## Roles
| Role | Responsibility |
| --- | --- |
| `common` | Packages, user setup, firewall, base data directories |
| `k3s-server` | K3s server install, kubeconfig fetch, Helm install, primary node label |
| `k3s-agent` | K3s agent join and storage node label |
| `nfs-server` | Export `/mnt/storage` from Debian to the K3s server |
| `monitoring` | Host directories and ownership for Prometheus/Loki |
| `gitea-runner` | Gitea Actions runner systemd service |
| `glances` | Host-level Glances service |
| `ollama` | Ollama service on the Mac Mini |
| `watch-party` | Watch Party Docker Compose deployment on the Mac Mini |
| `wireguard` | WireGuard server configuration |
| `homeassistant` | Legacy standalone Home Assistant deployment |
## Notes
- K3s version is set in `roles/k3s-server/defaults/main.yaml` and
`roles/k3s-agent/defaults/main.yaml`.
- `setup-gitea-runner.yaml` reads `GITEA_RUNNER_TOKEN` from the local
environment.
- The K3s role disables bundled Traefik because Traefik is managed by Argo CD.
- The Debian storage role exports `/mnt/storage`; several Kubernetes manifests
mount that export directly.
- Keep host automation idempotent where practical. These playbooks are meant to
be rerunnable during rebuilds.