- Add MySQL host_vars with firewall rules for port 3306
- Enable IP forwarding on Docker hosts (hiveops, smartjournal)
- Fix container-to-external-network connectivity issue
The IP forwarding setting was previously disabled by the common role's
security defaults, preventing Docker containers from reaching external
databases. This change overrides that setting for hosts running Docker.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Pi-hole v6 uses pihole.toml hosts array instead of custom.list.
Updated playbook to modify toml config directly via Python script.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Proxmox uses its own firewall (pve-firewall) and doesn't need UFW.
This prevents accidental lockout of web UI (port 8006).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- playbooks/pihole-dns.yml: Configure local DNS records
- templates/pihole-custom-list.j2: DNS records template
Domain: lab.directlx.dev
Records for all infrastructure hosts with short and FQDN names.
Usage: ansible-playbook playbooks/pihole-dns.yml
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- ansible.cfg: Set remote_user to dlxadmin
- inventory: Add infrastructure, application hosts with IPs
- group_vars/all.yml: Set ansible_user to dlxadmin
- playbooks/site.yml: Enable common role
- roles/common: Baseline configuration role
- Package installation (Debian/RedHat/Arch)
- Timezone and locale setup
- User management with SSH keys
- SSH hardening
- UFW firewall and security settings
- scripts/create-user.sh: Create ansible user on servers
- USAGE.md: Project usage documentation
- HOSTS.md: Infrastructure host inventory
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Tests SSH connectivity and displays basic host info (OS, version).
Usage: ansible-playbook playbooks/ping.yml
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Script handles:
- Generating ed25519 SSH key if not present
- Setting up SSH for existing users
- Creating new users via admin account with:
- Home directory and .ssh setup
- sudo/wheel group membership
- Passwordless sudo configuration
- Connection verification
Usage: ./scripts/setup-ssh.sh <ip> <user> [admin_user]
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Set up standard directory layout with:
- ansible.cfg with sensible defaults
- YAML inventory with example groups
- Main site playbook template
- Directories for roles, group_vars, host_vars, files, templates
- .gitignore for secrets, vault files, and SSH keys
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
directlx
directlx