diff --git a/inventories/development/group_vars/all.yml b/inventories/development/group_vars/all.yml new file mode 100644 index 0000000..8681c2f --- /dev/null +++ b/inventories/development/group_vars/all.yml @@ -0,0 +1,86 @@ +--- +# ============================================================================= +# Global Variables for All Hosts +# ============================================================================= +# Applied to all hosts in the development inventory +# ============================================================================= + +# Ansible Connection Settings +# ----------------------------------------------------------------------------- +ansible_connection: ssh +ansible_python_interpreter: /usr/bin/python3 + +# SSH Connection Optimization +ansible_ssh_pipelining: true +ansible_ssh_retries: 3 + +# Privilege Escalation +ansible_become: true +ansible_become_method: sudo +ansible_become_user: root + +# Fact Gathering +gather_subset: + - '!all' + - '!min' + - network + - hardware + - virtual + +# Environment +# ----------------------------------------------------------------------------- +environment_name: development +deployment_timestamp: "{{ ansible_date_time.iso8601 }}" + +# Security Settings +# ----------------------------------------------------------------------------- +security_hardening_enabled: false # Less strict for dev environment +selinux_enabled: true +selinux_mode: permissive # Permissive for development +firewall_enabled: true + +# System Configuration +# ----------------------------------------------------------------------------- +timezone: "UTC" +ntp_servers: + - 0.pool.ntp.org + - 1.pool.ntp.org + - 2.pool.ntp.org + +# Package Management +# ----------------------------------------------------------------------------- +package_state: present +enable_automatic_updates: false # Manual control in dev + +# Monitoring & Logging +# ----------------------------------------------------------------------------- +log_rotation_enabled: true +log_retention_days: 30 +syslog_server: null # No central logging in dev + +# Essential Packages (from CLAUDE.md) +# ----------------------------------------------------------------------------- +essential_packages: + - vim + - htop + - tmux + - jq + - bc + - curl + - wget + - rsync + - git + - python3 + - python3-pip + +# Security Packages (from CLAUDE.md) +# ----------------------------------------------------------------------------- +security_packages: + - aide + - auditd + +# Development Flags +# ----------------------------------------------------------------------------- +dev_mode: true +debug_enabled: false +verbose_logging: false diff --git a/inventories/development/group_vars/hypervisors.yml b/inventories/development/group_vars/hypervisors.yml new file mode 100644 index 0000000..8c3ee4e --- /dev/null +++ b/inventories/development/group_vars/hypervisors.yml @@ -0,0 +1,84 @@ +--- +# ============================================================================= +# Hypervisors Group Variables +# ============================================================================= +# Configuration for KVM/QEMU hypervisor hosts +# ============================================================================= + +# Virtualization Platform +# ----------------------------------------------------------------------------- +virtualization_type: kvm +virtualization_role: host +hypervisor_vendor: qemu +libvirt_version: "11.3.0" +qemu_version: "8.0+" + +# Libvirt Configuration +# ----------------------------------------------------------------------------- +libvirt_uri: "qemu:///system" +libvirt_socket: "/var/run/libvirt/libvirt-sock" +libvirt_daemon_enabled: true +libvirt_autostart: true + +# Network Configuration +# ----------------------------------------------------------------------------- +libvirt_networks: + - name: default + bridge: virbr0 + subnet: "192.168.122.0/24" + dhcp_enabled: true + dhcp_range_start: "192.168.122.2" + dhcp_range_end: "192.168.122.254" + autostart: true + +# Storage Pools +# ----------------------------------------------------------------------------- +libvirt_storage_pools: + - name: default + type: dir + path: /var/lib/libvirt/images + autostart: true + +# VM Management +# ----------------------------------------------------------------------------- +vm_management_tool: virsh +vm_console_access: true +vm_serial_console_enabled: true + +# SSH Configuration +# ----------------------------------------------------------------------------- +ansible_ssh_extra_args: '-o ForwardAgent=yes' + +# Resource Allocation +# ----------------------------------------------------------------------------- +max_vms: 10 +cpu_overcommit_ratio: 2 +memory_overcommit_ratio: 1.5 + +# Monitoring +# ----------------------------------------------------------------------------- +monitor_vm_performance: true +monitor_host_resources: true +alert_on_high_load: true + +# Security +# ----------------------------------------------------------------------------- +selinux_enabled: true +selinux_mode: enforcing +firewalld_enabled: true +firewalld_default_zone: public + +# Required Hypervisor Packages +# ----------------------------------------------------------------------------- +hypervisor_packages: + - qemu-kvm + - libvirt-daemon + - libvirt-daemon-system + - libvirt-clients + - bridge-utils + - virt-manager + - virt-viewer + - guestfs-tools + - libguestfs-tools + - python3-libvirt + - virtinst diff --git a/inventories/development/group_vars/kvm_guests.yml b/inventories/development/group_vars/kvm_guests.yml new file mode 100644 index 0000000..b668e61 --- /dev/null +++ b/inventories/development/group_vars/kvm_guests.yml @@ -0,0 +1,99 @@ +--- +# ============================================================================= +# KVM Guest VMs Group Variables +# ============================================================================= +# Common configuration for all KVM guest virtual machines +# ============================================================================= + +# VM Platform Details +# ----------------------------------------------------------------------------- +virtualization_type: kvm +virtualization_role: guest +hypervisor_host: grokbox +management_interface: libvirt + +# Network Configuration +# ----------------------------------------------------------------------------- +vm_network_type: nat +vm_network_bridge: virbr0 +vm_network_subnet: "192.168.122.0/24" +vm_gateway: "192.168.122.1" + +# SSH & Connectivity +# ----------------------------------------------------------------------------- +ansible_user: ansible +ansible_become_password: null # Passwordless sudo configured + +# Connection via ProxyJump through hypervisor +ansible_ssh_common_args: >- + -o ProxyJump=grokbox + -o StrictHostKeyChecking=accept-new + -o ServerAliveInterval=45 + -o ServerAliveCountMax=3 + -o ControlMaster=auto + -o ControlPersist=600s + +# Storage Configuration (LVM - per CLAUDE.md) +# ----------------------------------------------------------------------------- +lvm_enabled: true +lvm_vg_name: vg_system +lvm_pvs: + - /dev/vda2 + +lvm_lvs: + - name: lv_root + size: 8G + mount_point: / + fstype: ext4 + - name: lv_boot + size: 2G + mount_point: /boot + fstype: ext4 + - name: lv_opt + size: 3G + mount_point: /opt + fstype: ext4 + - name: lv_tmp + size: 1G + mount_point: /tmp + fstype: ext4 + mount_options: noexec,nosuid,nodev + - name: lv_home + size: 2G + mount_point: /home + fstype: ext4 + - name: lv_var_log + size: 2G + mount_point: /var/log + fstype: ext4 + - name: lv_var_audit + size: 1G + mount_point: /var/log/audit + fstype: ext4 + - name: lv_swap + size: 1G + fstype: swap + +# Resource Monitoring Thresholds +# ----------------------------------------------------------------------------- +disk_usage_warning_threshold: 80 +disk_usage_critical_threshold: 90 +memory_warning_threshold: 85 +memory_critical_threshold: 95 +cpu_warning_threshold: 80 + +# Backup Configuration +# ----------------------------------------------------------------------------- +backup_enabled: false # Development environment +snapshot_enabled: true +snapshot_retention_days: 7 + +# VM Lifecycle +# ----------------------------------------------------------------------------- +vm_autostart: true +vm_shutdown_timeout: 300 # seconds + +# Cloud-init Configuration +# ----------------------------------------------------------------------------- +cloud_init_enabled: true +cloud_init_datasource: NoCloud diff --git a/inventories/development/hosts.yml b/inventories/development/hosts.yml new file mode 100644 index 0000000..9a943ac --- /dev/null +++ b/inventories/development/hosts.yml @@ -0,0 +1,107 @@ +--- +# ============================================================================= +# Ansible Development Inventory +# ============================================================================= +# Static/hybrid inventory for development environment +# Parsed from SSH config: ~/.ssh/config +# Generated: 2025-11-10 +# ============================================================================= + +all: + children: + # External hosts accessible from public internet + external_hosts: + hosts: + odin: + ansible_host: 65.108.217.156 + ansible_port: 22 + ansible_user: user + ansible_python_interpreter: /usr/bin/python3 + host_description: "External VPS Mail Server (Debian 13)" + host_role: mail_server + host_type: vps + os_family: Debian + os_version: "13" + + # KVM/QEMU Hypervisors + hypervisors: + hosts: + grokbox: + ansible_host: grok.home.serneels.xyz + ansible_user: grok + ansible_python_interpreter: /usr/bin/python3 + ansible_ssh_extra_args: '-o ForwardAgent=yes' + host_description: "Primary KVM hypervisor (libvirt 11.3.0)" + host_role: hypervisor + host_type: physical + hypervisor_type: kvm + libvirt_uri: "qemu:///system" + + # KVM Guest Virtual Machines + kvm_guests: + vars: + # Common variables for all KVM guests + ansible_user: ansible + ansible_python_interpreter: /usr/bin/python3 + ansible_ssh_common_args: '-o StrictHostKeyChecking=accept-new' + host_type: virtual_machine + hypervisor: grokbox + network: "virbr0 (192.168.122.0/24)" + + children: + # DNS/DHCP Servers + dns_servers: + hosts: + pihole: + ansible_host: 192.168.122.12 + ansible_ssh_common_args: '-o ProxyJump=grokbox -o StrictHostKeyChecking=accept-new' + host_description: "Pi-hole DNS/DHCP Server" + host_role: dns_server + vm_uuid: "6d714c93-16fb-41c8-8ef8-9001f9066b3a" + vm_vcpus: 2 + vm_memory_mb: 2048 + services: + - pihole + - dnsmasq + - lighttpd + autostart: true + + # Mail Servers + mail_servers: + hosts: + mymx: + ansible_host: 192.168.122.119 + ansible_ssh_common_args: '-o ProxyJump=grokbox -o StrictHostKeyChecking=accept-new' + host_description: "Local Mail Transfer Agent" + host_role: mail_server + vm_vcpus: 2 + vm_memory_mb: 2048 + services: + - postfix + - dovecot + autostart: true + + # Development/Testing Hosts + development: + hosts: + derp: + ansible_host: 192.168.122.99 + ansible_ssh_common_args: '-o ProxyJump=grokbox -o StrictHostKeyChecking=accept-new' + host_description: "General Purpose Development VM" + host_role: development + vm_uuid: "9ede717f-879b-48aa-add0-2dfd33e10765" + vm_vcpus: 2 + vm_memory_mb: 2048 + services: + - experimental + autostart: true + + # Uncategorized/Discovery Hosts + uncategorized: + hosts: + seed: + ansible_host: 192.168.129.1 + ansible_ssh_common_args: '-o StrictHostKeyChecking=accept-new' + host_description: "Host to be discovered" + host_role: unknown + discovery_status: pending diff --git a/inventories/development/libvirt_kvm.yml b/inventories/development/libvirt_kvm.yml new file mode 100644 index 0000000..c413b67 --- /dev/null +++ b/inventories/development/libvirt_kvm.yml @@ -0,0 +1,56 @@ +--- +# ============================================================================= +# Libvirt/KVM Dynamic Inventory Configuration +# ============================================================================= +# Configuration for libvirt_kvm dynamic inventory plugin +# ============================================================================= + +plugin: libvirt_kvm + +# Hypervisor Connections +# ----------------------------------------------------------------------------- +# List of libvirt hypervisors to query +hypervisors: + - name: grokbox + uri: "qemu+ssh://grok@grok.home.serneels.xyz/system" + proxy_jump: true + description: "Primary KVM hypervisor" + +# Grouping Configuration +# ----------------------------------------------------------------------------- +# Automatically create groups based on VM characteristics +compose: + # Set ansible_host from IP address if available + ansible_host: vm_ip_address | default(omit) + +groups: + # Group by VM state + running_vms: vm_state == 'running' + stopped_vms: vm_state != 'running' + + # Group by resource allocation + small_vms: vm_memory_mb <= 2048 + medium_vms: vm_memory_mb > 2048 and vm_memory_mb <= 8192 + large_vms: vm_memory_mb > 8192 + + # Group by hypervisor + grokbox_guests: hypervisor == 'grokbox' + +# Keyed Groups +# ----------------------------------------------------------------------------- +# Create dynamic groups based on host variables +keyed_groups: + - key: vm_state + prefix: state + separator: "_" + + - key: hypervisor + prefix: hypervisor + separator: "_" + +# Filters +# ----------------------------------------------------------------------------- +# Only include running VMs by default (can be overridden) +# strict: false +# include_vms: +# - running