Add dynamic inventory configuration

- Add development environment inventory structure
- Configure libvirt/KVM inventory plugin for VM management
- Add grokbox hypervisor host configuration
- Include existing VM hosts (pihole, mymx, derp)
- Set up SSH ProxyJump through grokbox for all VMs

inventories/development/group_vars/all.yml

@@ -0,0 +1,86 @@
+---
+# =============================================================================
+# Global Variables for All Hosts
+# =============================================================================
+# Applied to all hosts in the development inventory
+# =============================================================================
+
+# Ansible Connection Settings
+# -----------------------------------------------------------------------------
+ansible_connection: ssh
+ansible_python_interpreter: /usr/bin/python3
+
+# SSH Connection Optimization
+ansible_ssh_pipelining: true
+ansible_ssh_retries: 3
+
+# Privilege Escalation
+ansible_become: true
+ansible_become_method: sudo
+ansible_become_user: root
+
+# Fact Gathering
+gather_subset:
+  - '!all'
+  - '!min'
+  - network
+  - hardware
+  - virtual
+
+# Environment
+# -----------------------------------------------------------------------------
+environment_name: development
+deployment_timestamp: "{{ ansible_date_time.iso8601 }}"
+
+# Security Settings
+# -----------------------------------------------------------------------------
+security_hardening_enabled: false  # Less strict for dev environment
+selinux_enabled: true
+selinux_mode: permissive  # Permissive for development
+firewall_enabled: true
+
+# System Configuration
+# -----------------------------------------------------------------------------
+timezone: "UTC"
+ntp_servers:
+  - 0.pool.ntp.org
+  - 1.pool.ntp.org
+  - 2.pool.ntp.org
+
+# Package Management
+# -----------------------------------------------------------------------------
+package_state: present
+enable_automatic_updates: false  # Manual control in dev
+
+# Monitoring & Logging
+# -----------------------------------------------------------------------------
+log_rotation_enabled: true
+log_retention_days: 30
+syslog_server: null  # No central logging in dev
+
+# Essential Packages (from CLAUDE.md)
+# -----------------------------------------------------------------------------
+essential_packages:
+  - vim
+  - htop
+  - tmux
+  - jq
+  - bc
+  - curl
+  - wget
+  - rsync
+  - git
+  - python3
+  - python3-pip
+
+# Security Packages (from CLAUDE.md)
+# -----------------------------------------------------------------------------
+security_packages:
+  - aide
+  - auditd
+
+# Development Flags
+# -----------------------------------------------------------------------------
+dev_mode: true
+debug_enabled: false
+verbose_logging: false

inventories/development/group_vars/hypervisors.yml

@@ -0,0 +1,84 @@
+---
+# =============================================================================
+# Hypervisors Group Variables
+# =============================================================================
+# Configuration for KVM/QEMU hypervisor hosts
+# =============================================================================
+
+# Virtualization Platform
+# -----------------------------------------------------------------------------
+virtualization_type: kvm
+virtualization_role: host
+hypervisor_vendor: qemu
+libvirt_version: "11.3.0"
+qemu_version: "8.0+"
+
+# Libvirt Configuration
+# -----------------------------------------------------------------------------
+libvirt_uri: "qemu:///system"
+libvirt_socket: "/var/run/libvirt/libvirt-sock"
+libvirt_daemon_enabled: true
+libvirt_autostart: true
+
+# Network Configuration
+# -----------------------------------------------------------------------------
+libvirt_networks:
+  - name: default
+    bridge: virbr0
+    subnet: "192.168.122.0/24"
+    dhcp_enabled: true
+    dhcp_range_start: "192.168.122.2"
+    dhcp_range_end: "192.168.122.254"
+    autostart: true
+
+# Storage Pools
+# -----------------------------------------------------------------------------
+libvirt_storage_pools:
+  - name: default
+    type: dir
+    path: /var/lib/libvirt/images
+    autostart: true
+
+# VM Management
+# -----------------------------------------------------------------------------
+vm_management_tool: virsh
+vm_console_access: true
+vm_serial_console_enabled: true
+
+# SSH Configuration
+# -----------------------------------------------------------------------------
+ansible_ssh_extra_args: '-o ForwardAgent=yes'
+
+# Resource Allocation
+# -----------------------------------------------------------------------------
+max_vms: 10
+cpu_overcommit_ratio: 2
+memory_overcommit_ratio: 1.5
+
+# Monitoring
+# -----------------------------------------------------------------------------
+monitor_vm_performance: true
+monitor_host_resources: true
+alert_on_high_load: true
+
+# Security
+# -----------------------------------------------------------------------------
+selinux_enabled: true
+selinux_mode: enforcing
+firewalld_enabled: true
+firewalld_default_zone: public
+
+# Required Hypervisor Packages
+# -----------------------------------------------------------------------------
+hypervisor_packages:
+  - qemu-kvm
+  - libvirt-daemon
+  - libvirt-daemon-system
+  - libvirt-clients
+  - bridge-utils
+  - virt-manager
+  - virt-viewer
+  - guestfs-tools
+  - libguestfs-tools
+  - python3-libvirt
+  - virtinst

inventories/development/group_vars/kvm_guests.yml

@@ -0,0 +1,99 @@
+---
+# =============================================================================
+# KVM Guest VMs Group Variables
+# =============================================================================
+# Common configuration for all KVM guest virtual machines
+# =============================================================================
+
+# VM Platform Details
+# -----------------------------------------------------------------------------
+virtualization_type: kvm
+virtualization_role: guest
+hypervisor_host: grokbox
+management_interface: libvirt
+
+# Network Configuration
+# -----------------------------------------------------------------------------
+vm_network_type: nat
+vm_network_bridge: virbr0
+vm_network_subnet: "192.168.122.0/24"
+vm_gateway: "192.168.122.1"
+
+# SSH & Connectivity
+# -----------------------------------------------------------------------------
+ansible_user: ansible
+ansible_become_password: null  # Passwordless sudo configured
+
+# Connection via ProxyJump through hypervisor
+ansible_ssh_common_args: >-
+  -o ProxyJump=grokbox
+  -o StrictHostKeyChecking=accept-new
+  -o ServerAliveInterval=45
+  -o ServerAliveCountMax=3
+  -o ControlMaster=auto
+  -o ControlPersist=600s
+
+# Storage Configuration (LVM - per CLAUDE.md)
+# -----------------------------------------------------------------------------
+lvm_enabled: true
+lvm_vg_name: vg_system
+lvm_pvs:
+  - /dev/vda2
+
+lvm_lvs:
+  - name: lv_root
+    size: 8G
+    mount_point: /
+    fstype: ext4
+  - name: lv_boot
+    size: 2G
+    mount_point: /boot
+    fstype: ext4
+  - name: lv_opt
+    size: 3G
+    mount_point: /opt
+    fstype: ext4
+  - name: lv_tmp
+    size: 1G
+    mount_point: /tmp
+    fstype: ext4
+    mount_options: noexec,nosuid,nodev
+  - name: lv_home
+    size: 2G
+    mount_point: /home
+    fstype: ext4
+  - name: lv_var_log
+    size: 2G
+    mount_point: /var/log
+    fstype: ext4
+  - name: lv_var_audit
+    size: 1G
+    mount_point: /var/log/audit
+    fstype: ext4
+  - name: lv_swap
+    size: 1G
+    fstype: swap
+
+# Resource Monitoring Thresholds
+# -----------------------------------------------------------------------------
+disk_usage_warning_threshold: 80
+disk_usage_critical_threshold: 90
+memory_warning_threshold: 85
+memory_critical_threshold: 95
+cpu_warning_threshold: 80
+
+# Backup Configuration
+# -----------------------------------------------------------------------------
+backup_enabled: false  # Development environment
+snapshot_enabled: true
+snapshot_retention_days: 7
+
+# VM Lifecycle
+# -----------------------------------------------------------------------------
+vm_autostart: true
+vm_shutdown_timeout: 300  # seconds
+
+# Cloud-init Configuration
+# -----------------------------------------------------------------------------
+cloud_init_enabled: true
+cloud_init_datasource: NoCloud

inventories/development/hosts.yml

@@ -0,0 +1,107 @@
+---
+# =============================================================================
+# Ansible Development Inventory
+# =============================================================================
+# Static/hybrid inventory for development environment
+# Parsed from SSH config: ~/.ssh/config
+# Generated: 2025-11-10
+# =============================================================================
+
+all:
+  children:
+    # External hosts accessible from public internet
+    external_hosts:
+      hosts:
+        odin:
+          ansible_host: 65.108.217.156
+          ansible_port: 22
+          ansible_user: user
+          ansible_python_interpreter: /usr/bin/python3
+          host_description: "External VPS Mail Server (Debian 13)"
+          host_role: mail_server
+          host_type: vps
+          os_family: Debian
+          os_version: "13"
+
+    # KVM/QEMU Hypervisors
+    hypervisors:
+      hosts:
+        grokbox:
+          ansible_host: grok.home.serneels.xyz
+          ansible_user: grok
+          ansible_python_interpreter: /usr/bin/python3
+          ansible_ssh_extra_args: '-o ForwardAgent=yes'
+          host_description: "Primary KVM hypervisor (libvirt 11.3.0)"
+          host_role: hypervisor
+          host_type: physical
+          hypervisor_type: kvm
+          libvirt_uri: "qemu:///system"
+
+    # KVM Guest Virtual Machines
+    kvm_guests:
+      vars:
+        # Common variables for all KVM guests
+        ansible_user: ansible
+        ansible_python_interpreter: /usr/bin/python3
+        ansible_ssh_common_args: '-o StrictHostKeyChecking=accept-new'
+        host_type: virtual_machine
+        hypervisor: grokbox
+        network: "virbr0 (192.168.122.0/24)"
+
+      children:
+        # DNS/DHCP Servers
+        dns_servers:
+          hosts:
+            pihole:
+              ansible_host: 192.168.122.12
+              ansible_ssh_common_args: '-o ProxyJump=grokbox -o StrictHostKeyChecking=accept-new'
+              host_description: "Pi-hole DNS/DHCP Server"
+              host_role: dns_server
+              vm_uuid: "6d714c93-16fb-41c8-8ef8-9001f9066b3a"
+              vm_vcpus: 2
+              vm_memory_mb: 2048
+              services:
+                - pihole
+                - dnsmasq
+                - lighttpd
+              autostart: true
+
+        # Mail Servers
+        mail_servers:
+          hosts:
+            mymx:
+              ansible_host: 192.168.122.119
+              ansible_ssh_common_args: '-o ProxyJump=grokbox -o StrictHostKeyChecking=accept-new'
+              host_description: "Local Mail Transfer Agent"
+              host_role: mail_server
+              vm_vcpus: 2
+              vm_memory_mb: 2048
+              services:
+                - postfix
+                - dovecot
+              autostart: true
+
+        # Development/Testing Hosts
+        development:
+          hosts:
+            derp:
+              ansible_host: 192.168.122.99
+              ansible_ssh_common_args: '-o ProxyJump=grokbox -o StrictHostKeyChecking=accept-new'
+              host_description: "General Purpose Development VM"
+              host_role: development
+              vm_uuid: "9ede717f-879b-48aa-add0-2dfd33e10765"
+              vm_vcpus: 2
+              vm_memory_mb: 2048
+              services:
+                - experimental
+              autostart: true
+
+        # Uncategorized/Discovery Hosts
+        uncategorized:
+          hosts:
+            seed:
+              ansible_host: 192.168.129.1
+              ansible_ssh_common_args: '-o StrictHostKeyChecking=accept-new'
+              host_description: "Host to be discovered"
+              host_role: unknown
+              discovery_status: pending

inventories/development/libvirt_kvm.yml

@@ -0,0 +1,56 @@
+---
+# =============================================================================
+# Libvirt/KVM Dynamic Inventory Configuration
+# =============================================================================
+# Configuration for libvirt_kvm dynamic inventory plugin
+# =============================================================================
+
+plugin: libvirt_kvm
+
+# Hypervisor Connections
+# -----------------------------------------------------------------------------
+# List of libvirt hypervisors to query
+hypervisors:
+  - name: grokbox
+    uri: "qemu+ssh://grok@grok.home.serneels.xyz/system"
+    proxy_jump: true
+    description: "Primary KVM hypervisor"
+
+# Grouping Configuration
+# -----------------------------------------------------------------------------
+# Automatically create groups based on VM characteristics
+compose:
+  # Set ansible_host from IP address if available
+  ansible_host: vm_ip_address | default(omit)
+
+groups:
+  # Group by VM state
+  running_vms: vm_state == 'running'
+  stopped_vms: vm_state != 'running'
+
+  # Group by resource allocation
+  small_vms: vm_memory_mb <= 2048
+  medium_vms: vm_memory_mb > 2048 and vm_memory_mb <= 8192
+  large_vms: vm_memory_mb > 8192
+
+  # Group by hypervisor
+  grokbox_guests: hypervisor == 'grokbox'
+
+# Keyed Groups
+# -----------------------------------------------------------------------------
+# Create dynamic groups based on host variables
+keyed_groups:
+  - key: vm_state
+    prefix: state
+    separator: "_"
+
+  - key: hypervisor
+    prefix: hypervisor
+    separator: "_"
+
+# Filters
+# -----------------------------------------------------------------------------
+# Only include running VMs by default (can be overridden)
+# strict: false
+# include_vms:
+#   - running