clewsy
A work-in-progress
Ansible is software for secure, push-style, agentless, system configuration management. I guess it's more than that, but I'm new. It had a moderate learning curve and then required a reasonable amount of configuration, but now I have some basic playbooks and roles written that will save me a lot of time in the future. This project is purely about using ansible to configure machines on my personal home network.
My biggest problem has been completely forgetting why or how I configured a system, shortly after initially getting it up and running. Ansible playbooks are self-documenting, so even if I want to do something manually in the future, the instructions are all there, built-in to the ansible playbooks stored in my gitlab repo.
The repo includes a host-spcific playbook and variables file for each managed host machine/device on my home network.
Some minimal configuration is required on a host to prepare it for being automatically configured by the ansible playbook:
The flexo.yml playbook is a special case. Flexo is the hostname assigned to my smartphone, so to configure it with ansible (using the droid role) the pre-requisites differ:
For a few years I used openmediavault (omv) on a headless system. Omv has many features, of which I really used only two:
Omv has a nice web-based graphical interface with which I had no issues, but it obfuscated some of the workings of the tasks I used it for. Additionally, deployment via ansible would require learning omv-specific commands. I expect automation would be possible this way, but it occurred to me I could easily automate file-sharing and rsync cron jobs with a minimal Ubuntu system. The only loss would be the webUI, but I only ever needed that when initially setting up omv.
So I replaced omv with Ubuntu Server and created a couple of roles that serve my minimal needs:
The following table lists the machines I have on my network and the roles I assigned them.
| Hostname | Base OS | Description | Roles |
|---|---|---|---|
| b4t-cam | Raspberry Pi OS |
An old raspberry pi 2 with a wifi dongle and an old usb webcam. Configured as an ip cam. |
common motion |
| b4t.site | Ubuntu |
Off-site box (VPS) used for backup storage. Also doubles as a wireguard endpoint. |
common docker headless secure vpn wireguard |
| calculon | Ubuntu (for Pi) |
(Currently not in service). Home automation stuff. A raspberry pi 4 with "supervised" home assistant. This pi runs home assistant on top of of an ubuntu server base. |
common homeassistant |
| clews.pro | Ubuntu |
Remote VPS web server machine. Serves various web sites and web apps. Also acts as a Wireguard endpoint. Refer to the clews.pro project page or gitlab repo. |
clews.pro common docker headless secure wireguard |
| farnsworth | Ubuntu |
My main desktop machine. |
clews.pro common desktop develop docker headless mpd node secure vpn wireguard |
| flexo | LineageOS |
My smortphone. |
droid |
| hermes | Raspberry Pi OS |
Minimal Raspberry Pi OS image on an old Raspberry Pi 2 with CUPS installed. Configured to serve a connected laser printer on the local network. |
common cups |
| hypnotoad | OSMC |
Media server installed on a raspberry pi 3 connected to a tv. Serves media stored on zapp using nfs shares. Refer to the media_center project page. |
common |
| nibbler | Pop!_OS |
My laptop. |
common desktop develop mpd node secure vpn wireguard |
| p0wer | Raspberry Pi OS |
A raspberry pi zero W with an RF remote connected to the gpio. Refer to the p0wer project page or gitlab repo. |
common p0wer |
| pazuzu | Raspberry Pi OS |
Raspberry pi zero W connected to a raspberry pi cam. Configured as an ip cam. |
common motion |
| rad10 | Ubuntu (for Pi) |
A raspberry pi 3 with an encoder connected to the gpio. Refer to the rad10 project page or gitlab repo. |
common mpd rad10 |
| scruffy | Ubuntu (for Pi) |
A raspberry pi 4 configured to serve the motioneye frontend. Pulls various camera streams together into a single point of access. |
common secure docker motioneye |
| seymour | Debian |
Beaglebone Black connected to the LAN via ethernet. Always-on box that serves as a network admin node Also runs some custom cron job admin/maintenance scripts. |
common headless node polly secure |
| zapp | Ubuntu |
File-server, backup storage and torrent client. Shares media using nfs and acts as my on-site backup storage. Includes some specific rsync cron jobs to facillitate on-site and off-site backups. For a few years I used openmediavault (omv) as the operating system for backups and file serving, but I switched to a minimal Ubuntu server install which allowed me to fully automate deployment/redeployment without needing to use the omv gui or learn the omv command-line options. |
common docker file_server headless qbittorrent rsync_server vpn wireguard |
| zoidberg | Ubuntu |
Web server machine. Serves various web sites and web apps. Refer to the clews.pro project page or gitlab repo. |
clews.pro common docker headless polly secure |
The following table describes the various roles I created and use.
| Role | Description/Tasks |
|---|---|
| clews.pro | Will configure a box as a containerised web server, clone the clews.pro repo, and spin up the containers defined in the docker-compose.yml file. |
| common | Configurations common to all hosts - hostname, timezone, ssh keys/configs, apt upgrades, common packages, vim, git, host-specific packages, motd, .bashrc, aliases, cron jobs, mounts/fstab, common scripts (bu, stuff, wami). |
| cups | Will allow configuration of a printer that is connected directly (USB) or on the network. Can effectively convert a direct connected printer into a network printer. |
| desktop | Configurations for systems with a desktop - conky, terbling, terminator, guake, gnome settings and others. |
| develop | Install VSCode, the AVR toolchain (including avr-libc, avrdude and dependencies) and other miscellaneous development packages. |
| docker | Install docker and docker-compose. Start the docker service and create a standard docker-compose staging directory. Also create alias dc='docker-compose'. |
| droid | A special role created to configure an android smartphone running Termux. This role has tasks similar to common that had to be implemented dfferently (configure ssh, install packages, install scripts). Installs some termux "shortcuts" which are basically scripts that can be run from a widget. Also copies specified files onto the device (e.g. ringtones, wallpapers). |
| file_server | Mounts a number of disks and configures specified disks or directories as nfs shares for access over the local network. |
| headless | Install and configure some ncurses apps useful for headless systems and systems that are often accessed remotely. Includes htop, iftop, ncdu, tmux and Midnight Commander. |
| homeassistant | First configure docker role as a pre-requisite. Then install/remove certain packages as required by the home assistant supervised installer script. Finally download and run the installer script that will install home assistant supervised. |
| monster | Using docker-compose, will configure a box as a containerised web server. Will serve the clews.monster web-site and a handful of web-apps. Some additional information can be seen here. |
| motion | Turn a raspberry pi into a web-cam. Install, configure and enable motion for streaming over the lan. |
| motioneye | Install and configure motioneye - a web-based frontend for pulling together multiple camera streams. This is installed as a docker container, so first the docker role is run, then a docker-compose.yml file is copied and used to pull and run the motioneye container. |
| mpd | Use on boxes that will be used for streaming audio or playing mp3s. Install the required and useful packages (mpd, mpc, ncmpc) then configure and run the mpd daemon. |
| node | Set up some common packages and scripts on key boxes that are used for maintaining other boxes. Install networking packages (netdiscover, nmap), install ansible, clone the clewsy_ansible gitlab repository and install some custom scripts (apt_all, ball, pong, whodis). |
| p0wer | Configure a raspberry pi with gpio connected to an RF remote control used to switch on/off mains-connected devices via scripts or a webui. Clone p0wer repo, compile executable, install webserver packages (Apache) and copy html/php files. |
| polly | Configue a box to control a thingm blink1 device, then install polly script which polls clews.pro, logs the result and uses the blink1 to indicate the site status. |
| qbittorrent | Install and configure qbittorrent client. This is installed as a docker container, so first the docker role is run, then a docker-compose.yml file is copied and used to pull and run the qbittorrent container. |
| rad10 | Configure a raspberry pi as an internet radio/music streamer with hardware control and a webui. First run the mpd role, then clone the rad10d repo, compile the daemon and configure a unit-file for systemd auto-starting. Will also install web server packages (Apache) and copy the html/php files for the rad10 webui. |
| rsync_server | Creates a series of cron jobs that use rsync to create specified local and remote backups to/from various machines.. |
| secure | Configure some basic settings for ssh security and enable/configure a firewall (using ufw). |
| vpn | Install openvpn and copy some custom vpn configuration files. Also copy and configure a custom vpn initialisation script. |
| wireguard | Install wireguard and configure a host as a wireguard vpn "server" (endpoint) and/or "client". Also create some client aliases for quickly bringing wireguard connections up/down from the command line. |
