ilia/ansible

Fork 0

ilia cb18204f3a

CI / skip-ci-check (pull_request) Successful in 35s

Details

CI / lint-and-test (pull_request) Failing after 31s

Details

CI / secret-scanning (pull_request) Successful in 9s

Details

CI / dependency-scan (pull_request) Successful in 17s

Details

CI / sast-scan (pull_request) Successful in 30s

Details

CI / ansible-validation (pull_request) Successful in 1m15s

Details

CI / license-check (pull_request) Successful in 15s

Details

CI / vault-check (pull_request) Successful in 13s

Details

CI / container-scan (pull_request) Successful in 8s

Details

CI / sonar-analysis (pull_request) Successful in 8s

Details

CI / playbook-test (pull_request) Successful in 27s

Details

CI / workflow-summary (pull_request) Successful in 5s

Details

Homelab sprint: monitoring stack, Caddy public URLs, vault secrets.

Deploy Kuma/Beszel monitoring docs and scripts, UniFi API key in vault,
listmonk migration inventory, status.levkin.ca + stats on Caddy, and
handoff doc for next agent.

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-05-24 08:08:39 -04:00

2.2 KiB

Raw Blame History

CI runners and Ansible control hosts

LAN: 10.0.10.0/24 · Inventory group: [qa] and [ansible]

These hosts are not Proxmox guests on pve10; they live on pve201 or as standalone VMs. Use this doc with host-list.md and unifi-static-dhcp.md.

Summary

Inventory	IP	User	Role	Proxmox	Notes
git-ci-01	`10.0.10.223`	`ladmin`	Gitea Actions (`act_runner`)	pve201 VM 115	2 cores, 4 GB RAM, 64 GB disk
sonarqube-01	`10.0.10.54`	`ladmin`	SonarQube analysis	pve201 (verify VMID)	QA static analysis
ansibleVM	`10.0.10.157`	`master`	Ansible control / automation	pve201 (verify VMID)	`become` via sudo; vault secrets in group_vars

git-ci-01 — Gitea Actions runner

Host vars: inventories/production/host_vars/git-ci-01.yml
Runner config: /etc/act_runner/config.yaml on the guest
Capacity: 2 concurrent jobs (git_ci_runner_capacity: 2)
Maintenance: weekly docker prune via maintenance_cron role

When pve201 is tight: consider a second runner LXC on pve10 after Nextcloud/Portainer retire (see plan-2 capacity table).

make ping HOST=git-ci-01
ssh ladmin@10.0.10.223

sonarqube-01 — code quality

Inventory: [qa] group
Login: ssh ladmin@10.0.10.54 (key only after hardening)

make ping HOST=sonarqube-01

Pin MAC → 10.0.10.54 in UniFi if DHCP drift is observed (unifi-static-dhcp.md).

ansibleVM — control node

Host vars: inventories/production/host_vars/ansibleVM.yml
Secrets: vault_ansiblevm_become_password in vault
Purpose: run playbooks from the LAN when not using your Mac

make ping HOST=ansibleVM
ssh master@10.0.10.157

On your Mac, the repo at ~/Documents/code/ansible with ~/.ansible-vault-pass remains the primary control path (make apply, etc.).

host-list.md — Proxmox guest IPs/MACs
security-remediation-plan.md — SSH keys on QA hosts
levkin-selfhost-plan-2.md — dev-apps / runner migration backlog

2.2 KiB Raw Blame History

CI runners and Ansible control hosts

Summary

git-ci-01 — Gitea Actions runner

sonarqube-01 — code quality

ansibleVM — control node

Related

2.2 KiB

Raw Blame History