Skip to content

Inventory

Inventory file: inventory/hosts.yml

Host groups

all
├── proxmox
│   └── proxfold (192.168.1.250)
├── virtual_machines
│   ├── arrstack (192.168.1.252)
│   └── n8n (192.168.1.248)
└── lxc_containers
    ├── plex (192.168.1.230)
    ├── pbs (192.168.1.246)
    ├── beszel (192.168.1.247)
    ├── edge (192.168.1.244)
    ├── vintage (192.168.1.235)
    └── control (192.168.1.245, ansible_connection: local)

Hosts

Host IP Group User Auth
proxfold 192.168.1.250 proxmox root SSH key (direct root)
arrstack 192.168.1.252 virtual_machines darcyn SSH key + sudo
n8n 192.168.1.248 virtual_machines darcyn SSH key + sudo (cloud-init disables root SSH)
plex 192.168.1.230 lxc_containers root SSH key (direct root)
pbs 192.168.1.246 lxc_containers root SSH key (direct root)
beszel 192.168.1.247 lxc_containers root SSH key (direct root)
edge 192.168.1.244 lxc_containers root SSH key (direct root)
vintage 192.168.1.235 lxc_containers root SSH key (direct root)
control 192.168.1.245 lxc_containers ansible_connection: local (no SSH)

Control is in the inventory

The control node (CT 104, control, 192.168.1.245) is in the inventory under lxc_containers with ansible_connection: local. This lets site.yml apply common, security, auto_updates, and beszel_agent to it without trying to SSH from CT104 to itself. ansible_host is kept as documentation of the real IP but is unused under the local connection.

Connection notes

  • proxfold and all lxc_containers (except control) use direct root SSH — no become needed
  • arrstack and n8n use the darcyn user with ansible_become: true for privilege escalation
  • control uses ansible_connection: local — playbooks run on the same host, no SSH involved
  • SSH password authentication is disabled on all hosts (key-only, enforced by the security role)
  • host_key_checking = False in ansible.cfg for the homelab — convenience over rigour given short-lived/rebuildable LXCs

Global inventory vars

ansible_python_interpreter: /usr/bin/python3
timezone: Australia/Adelaide

Testing connectivity

# Ping all hosts
ansible all -m ping

# Ping a specific group
ansible virtual_machines -m ping

# Ad-hoc command
ansible proxfold -m command -a "zpool status stash"