diff --git a/README.md b/README.md index afe97be..810442f 100644 --- a/README.md +++ b/README.md @@ -14,14 +14,24 @@ Each node runs `ansible-pull` every 5 minutes via cron. It clones this repo and ├── group_vars/ │ └── all.yml # Fleet-wide variables ├── host_vars/ -│ ├── artemis.yml # Artemis (AI Foreman) specific -│ ├── mark44.yml # Mark44 (Hulkbuster) specific -│ ├── mark5.yml # Mark5 (Suitcase) specific -│ └── bones.yml # Bones (Mark XLI) specific -└── roles/ - └── common/ - └── tasks/ - └── main.yml +│ ├── artemis.yml # Artemis (AI Foreman) +│ ├── cinnamint--elitebook.yml # Cinnamint-EliteBook (WSL2 workstation) +│ ├── hulkbuster.yml # Mark44 (GPU heavy) +│ ├── mark5.yml # Mark5 (GPU light / Suitcase) +│ ├── mark-vii.yml # Mark VII (Swarm manager + services) +│ ├── mission-control.yml # Mission-Control (WSL2 workstation) +│ ├── mk-33.yml # MK-33 Silver Centurion (Swarm worker) +│ ├── mk-34.yml # MK-34 (Swarm worker) +│ ├── mk-39.yml # MK-39 (Swarm worker) +│ ├── mk-42.yml # MK-42 Extremis (Swarm worker) +│ └── nebuchadnezzar.yml # Neo (Nextcloud + Vaultwarden) +├── new-build/ +│ └── portainer/ +│ └── docker-compose.yml # Portainer CE stack for Swarm manager +├── ubuntu-autoinstall/ +│ └── autoinstall.yaml # Fleet-standard headless autoinstall +└── archive/ + └── maas/ ``` ## Adding Node-Specific Tasks diff --git a/ansible-pull-fixed.service b/ansible-pull-fixed.service new file mode 100644 index 0000000..722f78e --- /dev/null +++ b/ansible-pull-fixed.service @@ -0,0 +1,12 @@ +[Unit] +Description=Ansible Pull — Iron Legion fleet baseline +After=network-online.target +Wants=network-online.target + +[Service] +Type=oneshot +WorkingDirectory=/var/lib/ansible/local +ExecStartPre=/bin/bash -c 'if [ ! -d /var/lib/ansible/local/.git ]; then git clone -b main https://gitea.nb.bobbysh.me/Iron-Legion/ansible-pull-deploy.git /var/lib/ansible/local; else git -C /var/lib/ansible/local pull origin main; fi' +ExecStart=/usr/bin/ansible-playbook /var/lib/ansible/local/local.yml +StandardOutput=journal +StandardError=journal diff --git a/ansible-pull.service b/ansible-pull.service new file mode 100644 index 0000000..722f78e --- /dev/null +++ b/ansible-pull.service @@ -0,0 +1,12 @@ +[Unit] +Description=Ansible Pull — Iron Legion fleet baseline +After=network-online.target +Wants=network-online.target + +[Service] +Type=oneshot +WorkingDirectory=/var/lib/ansible/local +ExecStartPre=/bin/bash -c 'if [ ! -d /var/lib/ansible/local/.git ]; then git clone -b main https://gitea.nb.bobbysh.me/Iron-Legion/ansible-pull-deploy.git /var/lib/ansible/local; else git -C /var/lib/ansible/local pull origin main; fi' +ExecStart=/usr/bin/ansible-playbook /var/lib/ansible/local/local.yml +StandardOutput=journal +StandardError=journal diff --git a/ansible-pull.timer b/ansible-pull.timer new file mode 100644 index 0000000..340a4b9 --- /dev/null +++ b/ansible-pull.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Run ansible-pull every 15 minutes + +[Timer] +OnBootSec=2min +OnUnitActiveSec=15min +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/host_vars/bones.yml b/host_vars/bones.yml deleted file mode 100644 index d7eefbd..0000000 --- a/host_vars/bones.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Bones (Mark XLI) — Headless CPU-only node -node_type: headless -has_gpu: false - -# Headless essentials -extra_packages: - - cpufrequtils # CPU frequency management - - lm-sensors # Temperature monitoring - - smartmontools # Disk health monitoring - - hdparm # Disk performance tuning - - netdata # lightweight monitoring (optional) - -# Services managed on Bones -managed_services: - - name: jarvis # Paperclip + Ollama + PostgreSQL stack - enabled: true - - name: ollama # CPU inference only - enabled: true - -# Ollama config (CPU mode, very small models) -ollama_models: - - gemma3:1b # Ultra-tiny for CPU - -# Node-specific vars -bones_storage: "256GB SSD" -jvm_heap: "512m" diff --git a/iventoy.service b/iventoy.service new file mode 100644 index 0000000..46332fc --- /dev/null +++ b/iventoy.service @@ -0,0 +1,17 @@ +[Unit] +Description=iVentoy PXE Server +After=network-online.target +Wants=network-online.target + +[Service] +Type=simple +WorkingDirectory=/opt/iventoy +Environment=LD_LIBRARY_PATH=/opt/iventoy/lib/lin64 +ExecStart=/opt/iventoy/lib/iventoy +Restart=on-failure +RestartSec=5 +StandardOutput=journal +StandardError=journal + +[Install] +WantedBy=multi-user.target diff --git a/shield-restart-iventoy.sh b/shield-restart-iventoy.sh new file mode 100644 index 0000000..e88947b --- /dev/null +++ b/shield-restart-iventoy.sh @@ -0,0 +1,9 @@ +#!/bin/bash +export SUDO_ASKPASS=/tmp/askpass/askpass.sh +sudo -A pkill -f "iventoy" || true +sleep 2 +cd /opt/iventoy +export LD_LIBRARY_PATH=/opt/iventoy/lib/lin64 +nohup ./lib/iventoy > /dev/null 2>&1 & +sleep 3 +pgrep -f iventoy diff --git a/ssh-config b/ssh-config new file mode 100644 index 0000000..e6c2f5b --- /dev/null +++ b/ssh-config @@ -0,0 +1,160 @@ +# Read more about SSH config files: https://linux.die.net/man/5/ssh_config + +# Core Services +# Reverse Proxy +#***********# +# Local Net # +#***********# +Host artemis + HostName 192.168.15.182 + User jarvis + IdentityFile ~/.ssh/artemis_key +Host mark5 + HostName 192.168.6.5 + User jarvis + IdentityFile ~/.ssh/artemis_key +Host mark44 + HostName 192.168.5.214 + User jarvis + IdentityFile ~/.ssh/artemis_key + +#========================# +# Tailscale alternatives # +#========================# +Host ts-artemis + HostName 100.100.97.18 + User jarvis + IdentityFile ~/.ssh/artemis_key +Host ts-mark44 + HostName 100.75.26.83 + User jarvis + IdentityFile ~/.ssh/artemis_key +Host ts-mark5 + HostName 100.118.67.105 + User jarvis + IdentityFile ~/.ssh/artemis_key +#======================# +# Netbird alternatives # +#======================# +Host nb-artemis + HostName 100.100.97.18 + User jarvis + IdentityFile ~/.ssh/artemis_key + + + +Host nebuchadnezzar + HostName 100.99.123.16 + User jarvis + IdentityFile ~/.ssh/id_nebuchadnezzar + IdentitiesOnly yes + +Host gitea.nb.bobbysh.me + HostName gitea.nb.bobbysh.me + User git + IdentityFile ~/.ssh/gitea_api_key + StrictHostKeyChecking no + IdentitiesOnly yes + +Host cinnamint + HostName 100.99.65.75 + User jarvis + IdentityFile ~/.ssh/artemis_key + IdentitiesOnly yes + +Host shield + HostName 192.168.27.205 + User jarvis + IdentityFile ~/.ssh/artemis_key + IdentitiesOnly yes + +Host mk7 + HostName 192.168.7.7 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +Host ts-mk7 + HostName 100.66.70.51 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +# mk-33 Silver Centurion +Host mk33 + HostName 192.168.0.190 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +Host ts-mk33 + HostName 100.125.155.41 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +# mk-34 Southpaw +Host mk34 + HostName 192.168.0.123 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +Host ts-mk34 + HostName 100.94.190.43 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +# mk-39 Gemini +Host mk39 + HostName 192.168.0.106 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +Host ts-mk39 + HostName 100.125.155.41 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +# mk-42 Extremis +Host mk42 + HostName 192.168.0.196 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +Host ts-mk42 + HostName 100.94.190.43 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +# Shield (iVentoy PXE Server, formerly Bones) +Host ts-shield + HostName 100.109.254.36 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +# Igor (ZimaOS NAS, Mark XXXVIII) +Host igor + HostName 192.168.10.211 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +# TrueNAS (beelink-tns) +Host truenas + HostName 192.168.16.254 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +Host mission-control + HostName 100.96.128.121 + User jarvis + IdentityFile ~/.ssh/id_ed25519_windows + IdentitiesOnly yes diff --git a/ssh-config-artemis b/ssh-config-artemis new file mode 100644 index 0000000..fe3e614 --- /dev/null +++ b/ssh-config-artemis @@ -0,0 +1,160 @@ +# Read more about SSH config files: https://linux.die.net/man/5/ssh_config + +# Core Services +# Reverse Proxy +#***********# +# Local Net # +#***********# +Host artemis + HostName 192.168.15.182 + User jarvis + IdentityFile ~/.ssh/artemis_key +Host mark5 + HostName 192.168.6.5 + User jarvis + IdentityFile ~/.ssh/artemis_key +Host mark44 + HostName 192.168.5.214 + User jarvis + IdentityFile ~/.ssh/artemis_key + +#========================# +# Tailscale alternatives # +#========================# +Host ts-artemis + HostName 100.100.97.18 + User jarvis + IdentityFile ~/.ssh/artemis_key +Host ts-mark44 + HostName 100.75.26.83 + User jarvis + IdentityFile ~/.ssh/artemis_key +Host ts-mark5 + HostName 100.118.67.105 + User jarvis + IdentityFile ~/.ssh/artemis_key +#======================# +# Netbird alternatives # +#======================# +Host nb-artemis + HostName 100.100.97.18 + User jarvis + IdentityFile ~/.ssh/artemis_key + + + +Host nebuchadnezzar + HostName 100.99.123.16 + User jarvis + IdentityFile ~/.ssh/id_nebuchadnezzar + IdentitiesOnly yes + +Host gitea.nb.bobbysh.me + HostName gitea.nb.bobbysh.me + User git + IdentityFile ~/.ssh/gitea_api_key + StrictHostKeyChecking no + IdentitiesOnly yes + +Host cinnamint + HostName 100.99.65.75 + User jarvis + IdentityFile ~/.ssh/artemis_key + IdentitiesOnly yes + +Host shield + HostName 192.168.27.205 + User jarvis + IdentityFile ~/.ssh/artemis_key + IdentitiesOnly yes + +# Shield iVentoy PXE Server (Tailscale) +Host ts-shield + HostName 100.109.254.36 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +Host mk7 + HostName 192.168.7.7 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +Host ts-mk7 + HostName 100.66.70.51 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +# mk-33 Silver Centurion +Host mk33 + HostName 192.168.0.190 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +Host ts-mk33 + HostName 100.125.155.41 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +# mk-34 Southpaw +Host mk34 + HostName 192.168.0.123 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +Host ts-mk34 + HostName 100.94.190.43 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +# mk-39 Gemini +Host mk39 + HostName 192.168.0.106 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +Host ts-mk39 + HostName 100.125.155.41 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +# mk-42 Extremis +Host mk42 + HostName 192.168.0.196 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +Host ts-mk42 + HostName 100.94.190.43 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +# Igor (ZimaOS NAS, Mark XXXVIII) +Host igor + HostName 192.168.10.211 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +# TrueNAS (beelink-tns) +Host truenas + HostName 192.168.16.254 + User jarvis + IdentityFile ~/.ssh/artemis_key + StrictHostKeyChecking accept-new + +Host mission-control + HostName 100.96.128.121 + User jarvis + IdentityFile ~/.ssh/id_ed25519_windows + IdentitiesOnly yes