Add phase-1 Ansible foundation and validation scaffolding

2026-04-21 12:07:29 +10:00
parent 862ddd42f8
commit e11dc22999
15 changed files with 277 additions and 9 deletions
@@ -0,0 +1,46 @@
+# Ansible Foundation (Phase 1)
+
+This directory provides a minimal Ansible bootstrap for this repository.
+
+## Purpose
+
+- Establish a maintainable inventory/configuration foundation for hosts and devices.
+- Support gradual host onboarding and validation workflows.
+- Keep boundaries clear with existing Compose and Terraform authorities.
+
+This is intentionally a **foundation stage**, not full production automation.
+
+## Boundaries
+
+- Docker runtime authority remains in Compose files and `services-up.sh`.
+- Terraform remains the primary structured infrastructure inventory/reconciliation layer.
+- Ansible here is a complementary configuration/inventory layer.
+- NixOS and network gear management are not authoritative through Ansible yet.
+
+## Structure
+
+- `ansible.cfg` - local defaults for inventory, collections, and output behavior.
+- `inventory/hosts.yml` - YAML inventory scaffold with starter groups.
+- `inventory/group_vars/` - shared/group variables.
+- `inventory/host_vars/` - per-host variables.
+- `playbooks/ping.yml` - minimal syntax/connection test playbook.
+- `collections/requirements.yml` - lightweight baseline collections.
+- `roles/` - reserved for future incremental role adoption.
+
+## Basic commands
+
+Run from repository root:
+
+```bash
+ansible --version
+ansible-lint --version
+ansible-galaxy collection install -r infrastructure/ansible/collections/requirements.yml -p infrastructure/ansible/collections
+ansible-inventory -i infrastructure/ansible/inventory/hosts.yml --list
+ansible-playbook -i infrastructure/ansible/inventory/hosts.yml infrastructure/ansible/playbooks/ping.yml --syntax-check
+```
+
+## Secrets and safety
+
+- Do not commit real credentials or private keys.
+- Put sensitive per-host variables in local, untracked files or a future vault approach.
+- Keep host and device entries factual; avoid speculative production entries.
@@ -0,0 +1,9 @@
+[defaults]
+inventory = ./inventory/hosts.yml
+collections_path = ./collections
+retry_files_enabled = False
+stdout_callback = yaml
+host_key_checking = True
+
+[inventory]
+enable_plugins = yaml
@@ -0,0 +1,4 @@
+---
+collections:
+  - name: ansible.posix
+  - name: community.general
@@ -0,0 +1,14 @@
+---
+# Bootstrap defaults for the Ansible foundation in this repository.
+# Keep secrets and environment-specific auth details out of version control.
+
+# Common interpreter hint for modern Linux hosts. Override per-host if needed.
+ansible_python_interpreter: /usr/bin/python3
+
+# Placeholders for future connection/auth settings:
+# ansible_user: ""
+# ansible_port: 22
+# ansible_ssh_private_key_file: ""
+
+# Add group-specific settings under inventory/group_vars/<group>.yml
+# and host-specific settings under inventory/host_vars/<host>.yml.
@@ -0,0 +1,17 @@
+---
+all:
+  children:
+    linux:
+      hosts: {}
+    network:
+      hosts: {}
+    virtualization:
+      hosts: {}
+    nixos:
+      hosts: {}
+    examples:
+      hosts:
+        example-managed-host:
+          ansible_host: example-host.local
+          ansible_connection: ssh
+          # Example only: replace/remove before real operations.
@@ -0,0 +1,7 @@
+---
+- name: Basic inventory and connectivity check
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Ping managed hosts
+      ansible.builtin.ping: