Add Ansible playbooks for MeshCore monitoring node deployment

Roles: base (apt, tailscale, motd), meshcore_cli (pipx), meshcore_capture
(agessaman/meshcore-packet-capture + .env.local template), scripts (voltage, bandwidth).

Host vars contain per-device serial ports; group vars hold shared MQTT broker config.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
dotdavid
2026-06-08 20:33:17 +01:00
parent d567d79656
commit d8f2abfcaa
17 changed files with 366 additions and 0 deletions
+74
View File
@@ -1,2 +1,76 @@
# dotmesh-monitor
Ansible playbooks for deploying MeshCore monitoring nodes (Raspberry Pi Zero W / Zero 2 W).
## Hosts
| Host | Hardware | Group |
|---|---|---|
| dm-baldock | Pi Zero W (armv6) | zero_w |
| dm-ashwell | Pi Zero 2 W (armv7) | zero2_w |
| dm-edworth | Pi Zero 2 W (armv7) | zero2_w |
## Prerequisites
**Local machine:**
```bash
pip install ansible
# or: sudo apt install ansible
```
**New Pi node checklist:**
1. Flash Raspberry Pi OS Lite (Bookworm), connect to WiFi
2. Install Tailscale and join the network
3. Ensure `david` user exists with sudo access
4. Connect the MeshCore device via USB, then find its serial ID:
```bash
ls /dev/serial/by-id/
```
5. Set `serial_port` in `ansible/host_vars/<hostname>.yml`
SSH key auth is required. From this machine:
```bash
ssh-copy-id david@<hostname>.tail740bb.ts.net
```
## Usage
**Deploy to a single host (recommended for first run / testing):**
```bash
cd ansible
ansible-playbook -i inventory.yml site.yml --limit dm-edworth
```
**Deploy to all nodes:**
```bash
ansible-playbook -i inventory.yml site.yml
```
**Dry run:**
```bash
ansible-playbook -i inventory.yml site.yml --limit dm-edworth --check
```
If sudo requires a password, add `--ask-become-pass`.
You'll be prompted for a Tailscale auth key — leave blank if the node is already authenticated.
## What it does
1. **base** — apt upgrade, installs screen/pipx/vnstat/git, sets MOTD, installs and authenticates Tailscale
2. **meshcore_cli** — installs `meshcore-cli` via pipx
3. **meshcore_capture** — runs the agessaman/meshcore-packet-capture install script, writes `.env.local` config, enables `meshcore-capture.service`, deploys update/log helper scripts
4. **scripts** — deploys `voltage.sh` and `bandwidth.sh`
## Config
Shared MQTT config lives in `group_vars/meshcore.yml`. Per-host serial port is in `host_vars/<hostname>.yml`.
Running the playbook again re-applies `.env.local` and restarts the service if it changed — safe to run on already-deployed nodes.
## Credentials note
`group_vars/meshcore.yml` contains MQTT credentials in plaintext. Consider encrypting with Ansible Vault if this repo is shared:
```bash
ansible-vault encrypt_string 'yourpassword' --name mqtt_ukmesh_password
```