WSL control node bootstrap¶
The WSL box is the primary cold-start control node for DR. CT104 is the scheduled-automation control node; both pull from the same GitHub remote and run the same playbooks. See Proxfold rebuild runbook for the rebuild flow.
One-time setup¶
# Packages
sudo apt update
sudo apt install -y pipx git openssh-client
pipx ensurepath
# Ansible (pin to match CT104)
pipx install --include-deps ansible
pipx inject ansible passlib # needed for mkpasswd-style hashing
# Clone the repo
git clone git@github.com:rampantlemming/homelab-ansible.git ~/homelab-ansible
cd ~/homelab-ansible
# Install Galaxy dependencies
ansible-galaxy collection install -r requirements.yml
# Vault password file
echo 'YOUR_VAULT_PASSWORD' > ~/.vault_pass
chmod 600 ~/.vault_pass
# Verify connectivity
ansible all -i inventory/hosts.yml -m ping --vault-password-file ~/.vault_pass
SSH key¶
Ensure the WSL SSH key (~/.ssh/id_ed25519.pub) is in vault_proxfold_root_ssh_keys
so post-rebuild proxfold accepts it without manual intervention. See
rebuild/README.md in the homelab-ansible repo.
Dual-control discipline¶
Both WSL and CT104 pull from origin/main. To avoid drift:
- Commit before apply. Never run
ansible-playbookagainst real hosts with uncommitted changes. Either push to a feature branch or commit + push to main. - Pull before apply.
git pull --ff-onlyon whichever node you're on. - Keep
ansible-coreversions in sync. Bump both nodes together when upgrading Ansible. - Keep
~/.vault_passin sync. If you rotate the vault password, update both nodes.
Split of duties¶
| Concern | Node |
|---|---|
| Interactive development | WSL |
| DR cold-start | WSL |
| Ad-hoc drift checks | WSL |
| Scheduled drift detection (3D) | CT104 |
| Scheduled playbook runs | CT104 |