dotdavid d8f2abfcaa Add Ansible playbooks for MeshCore monitoring node deployment
Roles: base (apt, tailscale, motd), meshcore_cli (pipx), meshcore_capture
(agessaman/meshcore-packet-capture + .env.local template), scripts (voltage, bandwidth).

Host vars contain per-device serial ports; group vars hold shared MQTT broker config.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-08 20:33:17 +01:00

dotmesh-monitor

Ansible playbooks for deploying MeshCore monitoring nodes (Raspberry Pi Zero W / Zero 2 W).

Hosts

Host Hardware Group
dm-baldock Pi Zero W (armv6) zero_w
dm-ashwell Pi Zero 2 W (armv7) zero2_w
dm-edworth Pi Zero 2 W (armv7) zero2_w

Prerequisites

Local machine:

pip install ansible
# or: sudo apt install ansible

New Pi node checklist:

  1. Flash Raspberry Pi OS Lite (Bookworm), connect to WiFi
  2. Install Tailscale and join the network
  3. Ensure david user exists with sudo access
  4. Connect the MeshCore device via USB, then find its serial ID:
    ls /dev/serial/by-id/
    
  5. Set serial_port in ansible/host_vars/<hostname>.yml

SSH key auth is required. From this machine:

ssh-copy-id david@<hostname>.tail740bb.ts.net

Usage

Deploy to a single host (recommended for first run / testing):

cd ansible
ansible-playbook -i inventory.yml site.yml --limit dm-edworth

Deploy to all nodes:

ansible-playbook -i inventory.yml site.yml

Dry run:

ansible-playbook -i inventory.yml site.yml --limit dm-edworth --check

If sudo requires a password, add --ask-become-pass.

You'll be prompted for a Tailscale auth key — leave blank if the node is already authenticated.

What it does

  1. base — apt upgrade, installs screen/pipx/vnstat/git, sets MOTD, installs and authenticates Tailscale
  2. meshcore_cli — installs meshcore-cli via pipx
  3. meshcore_capture — runs the agessaman/meshcore-packet-capture install script, writes .env.local config, enables meshcore-capture.service, deploys update/log helper scripts
  4. scripts — deploys voltage.sh and bandwidth.sh

Config

Shared MQTT config lives in group_vars/meshcore.yml. Per-host serial port is in host_vars/<hostname>.yml.

Running the playbook again re-applies .env.local and restarts the service if it changed — safe to run on already-deployed nodes.

Credentials note

group_vars/meshcore.yml contains MQTT credentials in plaintext. Consider encrypting with Ansible Vault if this repo is shared:

ansible-vault encrypt_string 'yourpassword' --name mqtt_ukmesh_password
S
Description
No description provided
Readme 30 KiB
Languages
Jinja 78.4%
Shell 21.6%