ilia
0f34c51fc8
All checks were successful
CI / skip-ci-check (pull_request) Successful in 8s
CI / lint-and-test (pull_request) Successful in 17s
CI / secret-scanning (pull_request) Successful in 8s
CI / dependency-scan (pull_request) Successful in 18s
CI / ansible-validation (pull_request) Successful in 54s
CI / sast-scan (pull_request) Successful in 29s
CI / license-check (pull_request) Successful in 14s
CI / vault-check (pull_request) Successful in 13s
CI / container-scan (pull_request) Successful in 8s
CI / sonar-analysis (pull_request) Successful in 8s
CI / playbook-test (pull_request) Successful in 27s
CI / workflow-summary (pull_request) Successful in 6s
Consolidate sprint status into handoff docs, add Listmonk/Mattermost/Mailcow and Vikunja SSO guides, Beszel alerts script, mattermost inventory, and mark phases 0–1 complete with phase 2 backlog for edge Caddy and security. Co-authored-by: Cursor <cursoragent@cursor.com>
3.2 KiB
3.2 KiB
Cursor MCP servers for this homelab / Ansible repo
Global config: ~/.cursor/mcp.json (all projects)
Project config: .cursor/mcp.json (this repo only — optional override)
After editing, restart Cursor or use Settings → MCP → Refresh.
Installed (global)
| MCP | Purpose | When the agent uses it |
|---|---|---|
| playwright | Browser automation (login flows, SSO smoke tests, UI screenshots) | Verify auth.levkin.ca → app OIDC; Kuma/Beszel/Listmonk admin clicks |
| hermes | Telegram/Discord/Slack/WhatsApp/Signal/Matrix via Hermes VM 117 | Notify you on deploy finish, alert failures, ask approval from phone |
Playwright notes
- Official package:
@playwright/mcp@latestvianpx - Homelab origins restricted in
args(*.levkin.ca,10.0.10.*) - For saved login state: add
--storage-state=~/path/auth-state.jsonafter manual login once - Headless (no window): add
--headlesstoargs
If MCP shows “errored”: Settings → MCP → playwright → view log; restart Cursor.
Browsers for @playwright/mcp: the MCP package downloads Chromium on first run. You do not need npm install @playwright/test in this Ansible repo.
Optional local install (only if you run Playwright scripts in-repo):
npm install -D @playwright/test
npx playwright install chromium
Hermes notes
- Runs over SSH to
ladmin@10.0.10.36— requires VPN/LAN or Tailscale to Hermes VM - Complements Ansible (infra) with human notifications, not provisioning
Recommended additions (not installed yet)
| MCP | Why for Ansible / homelab | Install hint |
|---|---|---|
GitHub (gh / official) |
PRs, CI failures, issue links from chat | Cursor MCP directory → GitHub |
| Gitea (custom or HTTP) | Your git.levkin.ca — same as GitHub MCP pattern |
Community server or REST via script |
| Filesystem (built-in) | Already available in agent mode | — |
| Postgres | Query listmonk/cal DBs for debugging | @modelcontextprotocol/server-postgres + DSN in env |
| Docker | Inspect containers on monitoring/identity LXCs | SSH + docker often enough; MCP optional |
| Grafana/Prometheus | If you add observability later | Official or community MCP |
| UniFi | DHCP/client status without opening UI | Community UniFi MCP + UNIFI_API_KEY in env |
| Proxmox | VM/LXC state from chat | Community proxmox MCP or keep using make + SSH |
Lower priority: Notion, Linear, Sentry — only if you adopt those tools.
What MCP does not replace
| Task | Use instead |
|---|---|
| Provision LXCs/VMs | Ansible playbooks + make |
| Secrets | Ansible Vault (make edit-group-vault) |
| Authentik providers/apps | Authentik API token or blueprints (roles/cal_sso) |
| Repeatable SSO | API/blueprints > Playwright (Playwright = verify UI) |
Security
- Do not put vault passwords or API tokens in
mcp.jsonunless the server supports env vars and you use OS keychain - Rotate tokens if pasted in chat
- Hermes SSH key: same trust as any admin SSH to homelab