Roles: base (apt, tailscale, motd), meshcore_cli (pipx), meshcore_capture (agessaman/meshcore-packet-capture + .env.local template), scripts (voltage, bandwidth). Host vars contain per-device serial ports; group vars hold shared MQTT broker config. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2.2 KiB
dotmesh-monitor
Ansible playbooks for deploying MeshCore monitoring nodes (Raspberry Pi Zero W / Zero 2 W).
Hosts
| Host | Hardware | Group |
|---|---|---|
| dm-baldock | Pi Zero W (armv6) | zero_w |
| dm-ashwell | Pi Zero 2 W (armv7) | zero2_w |
| dm-edworth | Pi Zero 2 W (armv7) | zero2_w |
Prerequisites
Local machine:
pip install ansible
# or: sudo apt install ansible
New Pi node checklist:
- Flash Raspberry Pi OS Lite (Bookworm), connect to WiFi
- Install Tailscale and join the network
- Ensure
daviduser exists with sudo access - Connect the MeshCore device via USB, then find its serial ID:
ls /dev/serial/by-id/ - Set
serial_portinansible/host_vars/<hostname>.yml
SSH key auth is required. From this machine:
ssh-copy-id david@<hostname>.tail740bb.ts.net
Usage
Deploy to a single host (recommended for first run / testing):
cd ansible
ansible-playbook -i inventory.yml site.yml --limit dm-edworth
Deploy to all nodes:
ansible-playbook -i inventory.yml site.yml
Dry run:
ansible-playbook -i inventory.yml site.yml --limit dm-edworth --check
If sudo requires a password, add --ask-become-pass.
You'll be prompted for a Tailscale auth key — leave blank if the node is already authenticated.
What it does
- base — apt upgrade, installs screen/pipx/vnstat/git, sets MOTD, installs and authenticates Tailscale
- meshcore_cli — installs
meshcore-clivia pipx - meshcore_capture — runs the agessaman/meshcore-packet-capture install script, writes
.env.localconfig, enablesmeshcore-capture.service, deploys update/log helper scripts - scripts — deploys
voltage.shandbandwidth.sh
Config
Shared MQTT config lives in group_vars/meshcore.yml. Per-host serial port is in host_vars/<hostname>.yml.
Running the playbook again re-applies .env.local and restarts the service if it changed — safe to run on already-deployed nodes.
Credentials note
group_vars/meshcore.yml contains MQTT credentials in plaintext. Consider encrypting with Ansible Vault if this repo is shared:
ansible-vault encrypt_string 'yourpassword' --name mqtt_ukmesh_password