clewsy_ansible

Just the ansible logo.

Ansible is software for secure, push-style, agentless, system configuration management. I guess it's more than that, but I'm new. It had a moderate learning curve and then required a reasonable amount of configuration, but now I have some basic playbooks and roles written that will save me a lot of time in the future. This project is purely about using ansible to configure machines on my personal home network.

My biggest problem has been completely forgetting why or how I configured a system, shortly after initially getting it up and running. Ansible playbooks are self-documenting, so even if I want to do something manually in the future, the instructions are all there, built-in to the ansible playbooks stored in my gitlab repo.

The repo includes a host-spcific playbook and variables file for each managed host machine/device on my home network.

Some minimal configuration is required on a host to prepare it for being automatically configured by the ansible playbook:

  1. Install the operating system.
  2. Create the user - must match the username defined in the host variables file (host_vars/hostname.yml).
  3. Give the user sudo access. The sudo password must be as defined (encrypted) by the host-specific setup-password variable (also in host_vars/hostname.yml).
  4. Ensure a static IP has been assigned to the MAC address of the machine's network interface. I use a hosts file on my dhcp server, so in my hosts.yml file all machines are identified by hostname, not ip address.

Android Phone Automation

The flexo.yml playbook is a special case. Flexo is the hostname assigned to my smartphone, so to configure it with ansible (using the droid role) the pre-requisites differ:

  1. Termux must be installed.
  2. Within termux, a couple of packages need to be manually installed:
  3. Termux ssh sessions don't really have a "user" in the traditional sense, but a password must be configured (i.e. run passwd).
  4. The ssh daemon must be running (i.e run sshd). By default, the ssh daemon will serve on port 8022.

The following tables detail the machines I have on my network and the roles I created for them.


File Server / Backup Automation box

For a few years I used openmediavault (omv) on a headless system. Omv has many features, of which I really used only two:

  1. Network Accessible Storage / File Server: It is in this box that I keep bulk file storage including media. I create a few network shares so that video/music/image files can be accessed elswhere through the local network.
  2. Backups: With rsync and a few cron jobs, this machine would create daily backups of important files. It pulled files from various machines to create on-site backups, and it also pushed these backups to an off-site box.

Omv has a nice web-based graphical interface with which I had no issues, but it obfuscated some of the workings of the tasks I used it for. Additionally, deployment via ansible would require learning omv-specific commands. I expect automation would be possible this way, but it occurred to me I could easily automate file-sharing and rsync cron jobs with a minimal Ubuntu system. The only loss would be the webUI, but I only ever needed that when initially setting up omv.

So I replaced omv with Ubuntu Server and created a couple of roles that serve my minimal needs:

  1. file_server: This role mounts disks/partitions and creates nfs shares to access them across the LAN.
  2. rsync_server: This role creates cron jobs for rsync pull and push backups.

Hosts

Hostname Base OS Description Roles
b4t-cam Raspbian

An old raspberry pi 2 with a wifi dongle and an old usb webcam.

Configured as an ip cam.

  • common
  • motion
b4t.site Ubuntu

Off-site box (VPS) used for backup storage.

Also doubles as a wireguard endpoint.

  • common
  • docker
  • headless
  • secure
  • wireguard_server
  • vpn
calculon Ubuntu

Home automation stuff.

A raspberry pi 4 with "supervised" home assistant.

This pi runs home assistant on top of of an ubuntu server base.

  • common
  • homeassistant
farnsworth Ubuntu

My main desktop machine.

  • clews.pro
  • common
  • desktop
  • develop
  • docker
  • headless
  • mpd
  • node
  • secure
  • vpn
flexo LineageOS

My smortphone.

  • droid
hypnotoad OSMC

Media server installed on a raspberry pi 3 connected to a tv.

Serves media stored on zapp using nfs shares.

Refer to the media_center project page.

  • common
nibbler Pop!_OS

My laptop.

  • common
  • desktop
  • develop
  • mpd
  • node
  • secure
  • vpn
  • wireguard
p0wer Raspbian

A raspberry pi zero W with an RF remote connected to the gpio.

Refer to the p0wer project page or gitlab repo.

  • common
  • p0wer
pazuzu Raspbian

Raspberry pi zero W connected to a raspberry pi cam.

Configured as an ip cam.

  • common
  • motion
rad10 Raspbian

A raspberry pi 3 with an encoder connected to the gpio.

Refer to the rad10 project page or gitlab repo.

  • common
  • mpd
  • rad10
seymour Debian

Beaglebone Black connected to the LAN via ethernet.

Always-on box that serves as a network admin node

Also runs some custom cron job admin/maintenance scripts.

  • common
  • headless
  • node
  • polly
  • secure
zapp Ubuntu

File-server, backup storage and torrent client.

Shares media using nfs and acts as my on-site backup storage.

Includes some specific rsync cron jobs to facillitate on-site and off-site backups.

For a few years I used openmediavault (omv) as the operating system for backups and file serving, but I switched to a minimal Ubuntu server install which allowed me to fully automate deployment/redeployment without needing to use the omv gui or learn the omv command-line options.

  • common
  • docker
  • file_server
  • headless
  • qbittorrent
  • rsync_server
  • vpn
zoidberg Ubuntu

Web server machine.

Serves various web sites and web apps.

Refer to the clews.pro project page or gitlab repo.

  • clews.pro
  • common
  • docker
  • headless
  • polly
  • secure



Roles

Role Description/Tasks
clews.pro Will configure a box as a containerised web server, clone the clews.pro repo, and spin up the containers defined in the docker-compose.yml file.
common Configurations common to all hosts - hostname, timezone, ssh keys/configs, apt upgrades, common packages, vim, git, host-specific packages, motd, .bashrc, aliases, cron jobs, mounts/fstab, common scripts (bu, stuff, wami).
desktop Configurations for systems with a desktop - fonts, conky, terbling, terminator, guake, gnome settings.
develop Install VSCode, the AVR toolchain (including avr-libc, avrdude and dependencies) and other miscellaneous development packages.
docker Install docker and docker-compose. Start the docker service and create a standard docker-compose staging directory. Also create alias dc='docker-compose'.
droid A special role created to configure an android smartphone running Termux. This role has tasks similar to common that had to be implemented dfferently (configure ssh, install packages, install scripts). It also installs some termux "shortcuts" which are basically scripts that can be run from a widget.
file_server Mounts a number of disks and configures specified disks or directories as nfs shares for access over the local network.
headless Install and configure some ncurses apps useful for headless systems and systems that are often accessed remotely. Includes htop, iftop, ncdu, tmux and Midnight Commander.
homeassistant First configure docker role as a pre-requisite. Then install/remove certain packages as required by the home assistant supervised installer script. Finally download and run the installer script that will install home assistant supervised.
motion Turn a raspberry pi into a web-cam. Install, configure and enable motion for streaming over the lan.
mpd Use on boxes that will be used for streaming audio or playing mp3s. Install the required and useful packages (mpd, mpc, ncmpc) then configure and run the mpd daemon.
node Set up some common packages and scripts on key boxes that are used for maintaining other boxes. Install networking packages (netdiscover, nmap), install ansible, clone the clewsy_ansible gitlab repository and install some custom scripts (apt_all, ball, pong, whodis).
p0wer Configure a raspberry pi with gpio connected to an RF remote control used to switch on/off mains-connected devices via scripts or a webui. Clone p0wer repo, compile executable, install webserver packages (Apache) and copy html/php files.
polly Configue a box to control a thingm blink1 device, then install polly script which polls clews.pro, logs the result and uses the blink1 to indicate the site status.
qbittorrent Install and configure qbittorrent client. This is installed as a docker container, so first the docker role is run, then a docker-compose.yml file is copied and used to pull and run the qbittorrent container.
rad10 Configure a raspberry pi as an internet radio/music streamer with hardware control and a webui. First run the mpd role, then clone the rad10d repo, compile the daemon and configure a unit-file for systemd auto-starting. Will also install web server packages (Apache) and copy the html/php files for the rad10 webui.
rsync_server Creates a series of cron jobs that use rsync to create specified local and remote backups to/from various machines..
secure Configure some basic settings for ssh security and enable/configure a firewall (using ufw).
vpn Install openvpn and copy some custom vpn configuration files. Also copy and configure a custom vpn initialisation script.
wireguard Install wireguard and create custom "client" connection configurations. Also create some aliases for quickly bringing wireguard up/down from the command line.
wireguard_server Configure a box as a wireguard "server" endpoint.

I don't know what I'm doing.