Torjus Håkestad
6e08ba9720
- Move playbooks/ to ansible/playbooks/ - Add dynamic inventory script that extracts hosts from flake - Groups by tier (tier_test, tier_prod) and role (role_dns, etc.) - Reads homelab.host.* options for metadata - Add static inventory for non-flake hosts (Proxmox) - Add ansible.cfg with inventory path and SSH optimizations - Add group_vars/all.yml for common variables - Add restart-service.yml playbook for restarting systemd services - Update provision-approle.yml with single-host safeguard - Add ANSIBLE_CONFIG to devshell for automatic inventory discovery - Add ansible = "false" label to template2 to exclude from inventory - Update CLAUDE.md to reference ansible/README.md for details Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Ansible Configuration
This directory contains Ansible configuration for fleet management tasks.
Structure
ansible/
├── ansible.cfg # Ansible configuration
├── inventory/
│ ├── dynamic_flake.py # Dynamic inventory from NixOS flake
│ ├── static.yml # Non-flake hosts (Proxmox, etc.)
│ └── group_vars/
│ └── all.yml # Common variables
└── playbooks/
├── build-and-deploy-template.yml
├── provision-approle.yml
├── restart-service.yml
└── run-upgrade.yml
Usage
The devshell automatically configures ANSIBLE_CONFIG, so commands work without extra flags:
# List inventory groups
nix develop -c ansible-inventory --graph
# List hosts in a specific group
nix develop -c ansible-inventory --list | jq '.role_dns'
# Run a playbook
nix develop -c ansible-playbook ansible/playbooks/run-upgrade.yml -l tier_test
Inventory
The inventory combines dynamic and static sources automatically.
Dynamic Inventory (from flake)
The dynamic_flake.py script extracts hosts from the NixOS flake using homelab.host.* options:
Groups generated:
flake_hosts- All NixOS hosts from the flaketier_test,tier_prod- Byhomelab.host.tierrole_dns,role_vault,role_monitoring, etc. - Byhomelab.host.role
Host variables set:
tier- Deployment tier (test/prod)role- Host roleshort_hostname- Hostname without domain
Static Inventory
Non-flake hosts are defined in inventory/static.yml:
proxmox- Proxmox hypervisors
Playbooks
| Playbook | Description | Example |
|---|---|---|
run-upgrade.yml |
Trigger nixos-upgrade on hosts | -l tier_prod |
restart-service.yml |
Restart a systemd service | -l role_dns -e service=unbound |
provision-approle.yml |
Deploy Vault credentials (single host only) | -l testvm01 |
build-and-deploy-template.yml |
Build and deploy Proxmox template | (no limit needed) |
Examples
# Restart unbound on all DNS servers
nix develop -c ansible-playbook ansible/playbooks/restart-service.yml \
-l role_dns -e service=unbound
# Trigger upgrade on all test hosts
nix develop -c ansible-playbook ansible/playbooks/run-upgrade.yml -l tier_test
# Provision Vault credentials for a specific host
nix develop -c ansible-playbook ansible/playbooks/provision-approle.yml -l testvm01
# Build and deploy Proxmox template
nix develop -c ansible-playbook ansible/playbooks/build-and-deploy-template.yml
Excluding Flake Hosts
To exclude a flake host from the dynamic inventory, add the ansible = "false" label in the host's configuration:
homelab.host.labels.ansible = "false";
Hosts with homelab.dns.enable = false are also excluded automatically.
Adding Non-Flake Hosts
Edit inventory/static.yml to add hosts not managed by the NixOS flake:
all:
children:
my_group:
hosts:
host1.example.com:
ansible_user: admin
Common Variables
Variables in inventory/group_vars/all.yml apply to all hosts:
ansible_user- Default SSH user (root)domain- Domain name (home.2rjus.net)vault_addr- Vault server URL