Add Ansible playbooks for MeshCore monitoring node deployment
Roles: base (apt, tailscale, motd), meshcore_cli (pipx), meshcore_capture (agessaman/meshcore-packet-capture + .env.local template), scripts (voltage, bandwidth). Host vars contain per-device serial ports; group vars hold shared MQTT broker config. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -1,2 +1,76 @@
|
||||
# dotmesh-monitor
|
||||
|
||||
Ansible playbooks for deploying MeshCore monitoring nodes (Raspberry Pi Zero W / Zero 2 W).
|
||||
|
||||
## Hosts
|
||||
|
||||
| Host | Hardware | Group |
|
||||
|---|---|---|
|
||||
| dm-baldock | Pi Zero W (armv6) | zero_w |
|
||||
| dm-ashwell | Pi Zero 2 W (armv7) | zero2_w |
|
||||
| dm-edworth | Pi Zero 2 W (armv7) | zero2_w |
|
||||
|
||||
## Prerequisites
|
||||
|
||||
**Local machine:**
|
||||
```bash
|
||||
pip install ansible
|
||||
# or: sudo apt install ansible
|
||||
```
|
||||
|
||||
**New Pi node checklist:**
|
||||
1. Flash Raspberry Pi OS Lite (Bookworm), connect to WiFi
|
||||
2. Install Tailscale and join the network
|
||||
3. Ensure `david` user exists with sudo access
|
||||
4. Connect the MeshCore device via USB, then find its serial ID:
|
||||
```bash
|
||||
ls /dev/serial/by-id/
|
||||
```
|
||||
5. Set `serial_port` in `ansible/host_vars/<hostname>.yml`
|
||||
|
||||
SSH key auth is required. From this machine:
|
||||
```bash
|
||||
ssh-copy-id david@<hostname>.tail740bb.ts.net
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
**Deploy to a single host (recommended for first run / testing):**
|
||||
```bash
|
||||
cd ansible
|
||||
ansible-playbook -i inventory.yml site.yml --limit dm-edworth
|
||||
```
|
||||
|
||||
**Deploy to all nodes:**
|
||||
```bash
|
||||
ansible-playbook -i inventory.yml site.yml
|
||||
```
|
||||
|
||||
**Dry run:**
|
||||
```bash
|
||||
ansible-playbook -i inventory.yml site.yml --limit dm-edworth --check
|
||||
```
|
||||
|
||||
If sudo requires a password, add `--ask-become-pass`.
|
||||
|
||||
You'll be prompted for a Tailscale auth key — leave blank if the node is already authenticated.
|
||||
|
||||
## What it does
|
||||
|
||||
1. **base** — apt upgrade, installs screen/pipx/vnstat/git, sets MOTD, installs and authenticates Tailscale
|
||||
2. **meshcore_cli** — installs `meshcore-cli` via pipx
|
||||
3. **meshcore_capture** — runs the agessaman/meshcore-packet-capture install script, writes `.env.local` config, enables `meshcore-capture.service`, deploys update/log helper scripts
|
||||
4. **scripts** — deploys `voltage.sh` and `bandwidth.sh`
|
||||
|
||||
## Config
|
||||
|
||||
Shared MQTT config lives in `group_vars/meshcore.yml`. Per-host serial port is in `host_vars/<hostname>.yml`.
|
||||
|
||||
Running the playbook again re-applies `.env.local` and restarts the service if it changed — safe to run on already-deployed nodes.
|
||||
|
||||
## Credentials note
|
||||
|
||||
`group_vars/meshcore.yml` contains MQTT credentials in plaintext. Consider encrypting with Ansible Vault if this repo is shared:
|
||||
```bash
|
||||
ansible-vault encrypt_string 'yourpassword' --name mqtt_ukmesh_password
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user