commit 5583c6d67cd4d18f90c73938d8c11a0aba609044 Author: Artemis Date: Thu May 21 12:24:55 2026 -0400 feat: initial playbook, group_vars, README diff --git a/README.md b/README.md new file mode 100644 index 0000000..afe97be --- /dev/null +++ b/README.md @@ -0,0 +1,35 @@ +# Ansible Pull — Iron Legion Fleet + +Auto-applied Ansible playbooks for the Iron Legion AI agent fleet. + +## How It Works + +Each node runs `ansible-pull` every 5 minutes via cron. It clones this repo and applies `local.yml` to itself. + +## Repo Structure + +``` +. +├── local.yml # Main playbook — always runs +├── group_vars/ +│ └── all.yml # Fleet-wide variables +├── host_vars/ +│ ├── artemis.yml # Artemis (AI Foreman) specific +│ ├── mark44.yml # Mark44 (Hulkbuster) specific +│ ├── mark5.yml # Mark5 (Suitcase) specific +│ └── bones.yml # Bones (Mark XLI) specific +└── roles/ + └── common/ + └── tasks/ + └── main.yml +``` + +## Adding Node-Specific Tasks + +Edit the corresponding `host_vars/` file with node-specific vars (packages, configs). Edit `local.yml` for shared tasks that apply to all nodes. + +## Security + +- HTTPS auth via deploy token stored in `/etc/ansible/ansible.env` +- Token is root-readable only (chmod 600) +- Gitea provides TLS via NetBird mesh diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..bc2019f --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,10 @@ +--- +# Fleet-wide defaults applied to ALL nodes + +# Schedule for ansible-pull cron job +ansible_pull_cron_schedule: "*/5 * * * *" + +# Gitea repo configuration +gitea_base_url: "gitea.nb.bobbysh.me" +gitea_org: "Iron-Legion" +gitea_repo: "ansible-pull-deploy" diff --git a/local.yml b/local.yml new file mode 100644 index 0000000..8109894 --- /dev/null +++ b/local.yml @@ -0,0 +1,71 @@ +--- +- hosts: localhost + connection: local + become: true + tasks: + - name: Print start message + debug: + msg: "Ansible Pull baseline running on {{ ansible_hostname }} ({{ inventory_hostname }})" + + - name: Ensure apt packages are updated + apt: + update_cache: yes + cache_valid_time: 3600 + when: ansible_os_family == "Debian" + tags: [baseline] + + - name: Ensure common packages installed + apt: + name: + - curl + - git + - htop + - tmux + - jq + - vim + state: present + when: ansible_os_family == "Debian" + tags: [baseline] + + # --- Artemis-specific placeholder --- + - name: Ensure Artemis monitoring packages + apt: + name: + - nethogs + - iotop + state: present + when: inventory_hostname == "Artemis" + tags: [artemis] + + # --- Mark44 GPU node placeholder --- + - name: Ensure GPU node tools + package: + name: + - nvidia-smi + state: present + when: inventory_hostname == "mk44" + ignore_errors: true + tags: [gpu] + + # --- Mark5 laptop node placeholder --- + - name: Ensure laptop power management (example) + package: + name: + - powertop + state: present + when: inventory_hostname == "mk5" + ignore_errors: true + tags: [laptop] + + # --- Bones headless placeholder --- + - name: Ensure headless essentials + apt: + name: + - cpufrequtils + state: present + when: inventory_hostname == "bones" + tags: [bones] + + - name: Print completion message + debug: + msg: "Baseline complete on {{ ansible_hostname }}"