Add pn01 and pn02 to hosts-generated.tf for Vault AppRole access.
Fix provision-approle.yml: the localhost play was skipped when using
-l filter, since localhost didn't match the target. Merged into a
single play using delegate_to: localhost for the bao commands.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add reboot.yml playbook with rolling reboot (serial: 1)
- Uses systemd reboot.target for NixOS compatibility
- Waits for each host to come back before proceeding
- Update dynamic inventory to use short hostnames
- ansible_host set to FQDN for connections
- Allows -l testvm01 instead of -l testvm01.home.2rjus.net
- Update static.yml to match short hostname convention
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Use result_format=yaml with builtin default callback instead of
the removed community.general.yaml plugin.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move playbooks/ to ansible/playbooks/
- Add dynamic inventory script that extracts hosts from flake
- Groups by tier (tier_test, tier_prod) and role (role_dns, etc.)
- Reads homelab.host.* options for metadata
- Add static inventory for non-flake hosts (Proxmox)
- Add ansible.cfg with inventory path and SSH optimizations
- Add group_vars/all.yml for common variables
- Add restart-service.yml playbook for restarting systemd services
- Update provision-approle.yml with single-host safeguard
- Add ANSIBLE_CONFIG to devshell for automatic inventory discovery
- Add ansible = "false" label to template2 to exclude from inventory
- Update CLAUDE.md to reference ansible/README.md for details
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
