clewsy_ansible

Just the ansible logo.

Ansible is software for secure, push-style, agentless, system configuration management. I guess it's more than that, but I'm new. It had a moderate learning curve and then required a reasonable amount of configuration, but now I have some basic playbooks and roles written that will save me a lot of time in the future. This project is purely about using ansible to configure machines on my personal home network.

My biggest problem has been completely forgetting why or how I configured a system, shortly after initially getting it up and running. Ansible playbooks are self-documenting, so even if I want to do something manually in the future, the instructions are all there, built-in to my ansible playbooks stored in my gitlab repo.

The repo includes a host-spcific playbook and variables file for each managed host machine/device on my home network.

Some minimal configuration is required on a host to prepare it for being automatically configured by the ansible playbook:

  1. Install the operating system.
  2. Create the user - must match the username defined in the host variables file (host_vars/hostname.yml).
  3. Give the user sudo access. The sudo password must be as defined (encrypted) by the host-specific setup-password variable (also in host_vars/hostname.yml).
  4. Ensure a static IP has been assigned to the MAC address of the machine's network interface. I use a hosts file on my dhcp server, so all machines are identified by hostname, not ip address.

The flexo.yml playbook is a special case. Flexo is the hostname assigned to my smartphone, so to configure it with ansible (using the droid role) the pre-requisites differ:

  1. Termux must be installed.
  2. Within termux, a couple of packages need to be manually installed:
  3. Termux ssh sessions don't really have a "user" in the traditional sense, but a password must be configured (i.e. run passwd).
  4. The ssh daemon must be running (i.e run sshd). By default, the ssh daemon will serve on port 8022.

The following tables detail the machines I have on my network and the roles I created for them.


Hosts

Hostname Base OS Description Roles
b4t-cam Raspbian

An old raspberry pi 2 with a wifi dongle and an old usb webcam.

Configured as an ip cam.

  • common
  • motion
b4t.site Ubuntu

Off-site box (VPS) used for backup storage.

Also doubles as a wireguard endpoint.

  • common
  • docker
  • secure
  • wireguard_server
  • vpn
calculon Ubuntu

Home automation stuff.

A raspberry pi 4 with "supervised" home assistant.

This pi runs on top of of an ubuntu server base.

  • common
  • homeassistant
farnsworth Ubuntu

My main desktop machine.

  • clews.pro
  • common
  • desktop
  • docker
  • mpd
  • node
  • secure
  • vpn
flexo LineageOS

My smortphone.

  • droid
hypnotoad OSMC

Media server installed on a raspberry pi 3 connected to a tv.

Serves media stored on zapp using nfs shares.

Refer to the media_center project page.

  • common
nibbler Pop!_OS

My laptop.

  • common
  • desktop
  • mpd
  • node
  • secure
  • vpn
  • wireguard
p0wer Raspbian

A raspberry pi zero W with an RF remote connected to the gpio.

Refer to the p0wer project page or gitlab repo.

  • common
  • p0wer
pazuzu Raspbian

Raspberry pi zero W connected to a raspberry pi cam.

Configured as an ip cam.

  • common
  • motion
rad10 Raspbian

A raspberry pi 3 with an encoder connected to the gpio.

Refer to the rad10 project page or gitlab repo.

  • common
  • mpd
  • rad10
seymour Debian

Beaglebone Black connected to the LAN via ethernet.

Always-on box that serves as a network admin node

Also runs some custom cron job admin/maintenance scripts.

  • common
  • docker
  • node
  • polly
  • secure
zapp openmediavault

File-server and backup storage.

Shares bulk media over nfs and acts as my on-site backup storage.

Also runs a torrent client (qbittorrent).

  • common
  • docker
  • qbittorrent
  • vpn
zoidberg Ubuntu

Web server machine.

Serves various web sites and web apps.

Refer to the clews.pro project page or gitlab repo.

  • clews.pro
  • common
  • docker
  • polly
  • secure



Roles

Role Description/Tasks
clews.pro Will configure a box as a containerised web server, clone the clews.pro repo, and spin up the containers defined in the docker-compose.yml file.
common Configurations common to all hosts - hostname, timezone, ssh keys/configs, apt upgrades, common packages, vim, git, host-specific packages, motd, .bashrc, aliases, cron jobs, mounts/fstab, common scripts (bu, stuff, wami).
desktop Configurations for systems with a desktop - fonts, conky, terbling, terminator, guake, gnome settings.
docker Install docker and docker-compose. Start the docker service and create a standard docker-compose staging directory. Also create alias dc='docker-compose'.
droid A special role created to configure an android smartphone running Termux. This role has tasks similar to common that had to be implemented dfferently (configure ssh, install packages, install scripts). It also installs some termux "shortcuts" which are basically scripts that can be run from a widget.
homeassistant First configure docker role as a pre-requisite. Then install/remove certain packages as required by the home assistant supervised installer script. Finally download and run the installer script that will install home assistant supervised.
motion Turn a raspberry pi into a web-cam. Install, configure and enable motion for streaming over the lan.
mpd Use on boxes that will be used for streaming audio or playing mp3s. Install the required and useful packages (mpd, mpc, ncmpc) then configure and run the mpd daemon.
node Set up some common packages and scripts on key boxes that are used for maintaining other boxes. Install networking packages (netdiscover, nmap), install ansible, clone the clewsy_ansible gitlab repository and install some custom scripts (apt_all, ball, pong, whodis).
p0wer Configure a raspberry pi with gpio connected to an RF remote control used to switch on/off mains-connected devices via scripts or a webui. Clone p0wer repo, compile executable, install webserver packages (Apache) and copy html/php files.
polly Configue a box to control a thingm blink1 device, then install polly script which polls clews.pro, logs the result and uses the blink1 to indicate the site status.
qbittorrent Install and configure qbittorrent client. This is installed as a docker container, so first the docker role is run, then a docker-compose.yml file is copied and used to pull and run the qbittorrent container.
rad10 Configure a raspberry pi as an internet radio/music streamer with hardware control and a webui. First run the mpd role, then clone the rad10d repo, compile the daemon and configure a unit-file for systemd auto-starting. Will also install web server packages (Apache) and copy the html/php files for the rad10 webui.
secure Configure some basic settings for ssh security and enable/configure a firewall (using ufw).
vpn Install openvpn and copy some custom vpn configuration files. Also copy and configure a custom vpn initialisation script.
wireguard Install wireguard and create custom "client" connection configurations. Also create some aliases for quickly bringing wireguard up/down from the command line.
wireguard_server Configure a box as a wireguard "server" endpoint.

I don't know what I'm doing.