server_automation

This repo is destined for my server automations and setup.

9.9 KB•YML

homeassistant.yml

9.9 KB • 251 lines • yaml

1---
2# ============================================================================
3# Home Assistant Supervised Complete Installation Playbook
4# ============================================================================
5#
6#
7# PREREQUISITES:
8# - Fresh Debian 11 or 12 installation
9# - SSH access with sudo privileges for ansible_user
10# - Internet connectivity for package downloads
11# - Static IP address recommended
12#
13# ============================================================================
14
15- name: "Complete Home Assistant Supervised Setup"
16  hosts: homeassistant_servers
17  become: true
18  gather_facts: true
19  
20  pre_tasks:
21    - name: Verify homeassistant server requirements
22      assert:
23        that:
24          - ansible_distribution == "Debian"
25          - ansible_distribution_major_version | int >= 11
26          - ansible_memtotal_mb >= 1500  # Minimum 1.5GB RAM
27          - ansible_processor_vcpus >= 2  # Minimum 2 CPU cores
28        fail_msg: |
29          Home Assistant system requirements not met:
30          - Requires Debian 11 or 12
31          - Minimum 1.5GB RAM (found {{ ansible_memtotal_mb }}MB)  
32          - Minimum 2 CPU cores (found {{ ansible_processor_vcpus }})
33        success_msg: "Home Assistant system requirements validated successfully"
34      tags: always
35
36    - name: Verify server is in homeassistant_servers group
37      fail:
38        msg: "This server must be in the [homeassistant_servers] inventory group. Check your inventory/hosts file."
39      when: "'homeassistant_servers' not in group_names"
40      tags: always
41
42    - name: Display homeassistant deployment information
43      debug:
44        msg: |
45          ============================================================================
46          Home Assistant Supervised Installation Starting
47          ============================================================================
48          Target Host: {{ inventory_hostname }}
49          Target IP: {{ ansible_default_ipv4.address }}
50          OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
51          Architecture: {{ ansible_architecture }}
52          User: {{ my_user_username }}
53          Machine Type: {{ homeassistant_machine_type }}
54          ============================================================================
55      tags: always
56
57  # ============================================================================
58  # ROLE EXECUTION ORDER (CRITICAL FOR PROPER INSTALLATION)
59  # ============================================================================
60  
61  roles:
62    # 1. USER MANAGEMENT - Create homeassistant user with proper groups
63    - role: user
64      tags: [user, setup]
65
66    # 2. SYSTEM SETUP - Basic system configuration and packages  
67    - role: system
68      tags: [system, setup]
69
70    # 3. DOCKER INSTALLATION - Install Docker using geerlingguy.docker
71    - role: geerlingguy.docker
72      tags: [docker, setup]
73
74    # 4. DOCKER FRAMEWORK - Setup Docker directory structure
75    - role: docker-framework
76      tags: [docker, framework]
77
78    # 5. SECURITY HARDENING - Apply security settings
79    - role: geerlingguy.security  
80      tags: [security, hardening]
81
82    # 5. HOME ASSISTANT SUPERVISED - Complete installation (Docker required)
83    - role: homeassistant
84      tags: [homeassistant, ha]
85
86    # 6. MONITORING - System monitoring
87    - role: monitoring
88      tags: [monitoring, glances]
89
90  # ============================================================================
91  # POST-INSTALLATION TASKS
92  # ============================================================================
93
94  post_tasks:
95    - name: Check if network transition is pending
96      stat:
97        path: /etc/systemd/system/ha-network-transition.service
98      register: network_transition_pending
99
100    - name: Display network transition requirement
101      debug:
102        msg: |
103          â ï¸  NETWORK TRANSITION PENDING â ï¸
104          
105          A reboot is required to complete the NetworkManager transition.
106          The transition script is ready at: /usr/local/bin/ha-network-transition.sh
107          
108          After Home Assistant installation completes:
109          1. Reboot the server: sudo reboot
110          2. Check transition log: cat /var/log/ha-network-transition.log
111          3. Verify NetworkManager: systemctl status NetworkManager
112      when: network_transition_pending.stat.exists
113
114    - name: Verify core services are running
115      systemd:
116        name: "{{ item }}"
117        state: started
118        enabled: yes
119      loop:
120        - docker
121        - NetworkManager
122      tags: ['verification']
123
124    - name: Verify OS-Agent is installed and running
125      systemd:
126        name: os-agent
127        state: started
128        enabled: yes
129      register: os_agent_status
130      tags: ['verification', 'ha-validation']
131
132    - name: Verify Home Assistant Supervisor is installed
133      stat:
134        path: /usr/sbin/hassio-supervisor
135      register: supervisor_installed
136      tags: ['verification', 'ha-validation']
137
138    - name: Wait for Home Assistant to become available
139      uri:
140        url: "http://{{ ansible_default_ipv4.address }}:8123"
141        method: GET
142        status_code: 200
143        timeout: 10
144      register: ha_check
145      until: ha_check.status == 200
146      retries: 30
147      delay: 10
148      ignore_errors: yes
149      tags: [homeassistant, validation]
150
151    - name: Display installation summary
152      debug:
153        msg: |
154          ============================================================================
155          Home Assistant Supervised Installation Complete!
156          ============================================================================
157          
158          ð  Home Assistant Access:
159             Web Interface: http://{{ ansible_default_ipv4.address }}:8123
160             SSH Access: ssh {{ my_user_username }}@{{ ansible_default_ipv4.address }}
161          
162          ð System Information:
163             Host: {{ inventory_hostname }}
164             IP Address: {{ ansible_default_ipv4.address }}
165             OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
166             Architecture: {{ ansible_architecture }}
167             Machine Type: {{ homeassistant_machine_type }}
168             User: {{ my_user_username }}
169             Docker Version: {{ docker_version.stdout | default('Unknown') }}
170          
171          ð§ Services Status:
172             - Home Assistant Supervisor: {{ 'Running' if ha_check.status == 200 else 'Starting (may take 5-10 minutes)' }}
173             - Docker: Running
174             - OS Agent: {{ 'Running' if os_agent_status is defined and os_agent_status.state == 'started' else 'Installed' }}
175             - NetworkManager: Configured
176             - Supervisor Installed: {{ 'Yes' if supervisor_installed.stat.exists else 'No' }}
177          
178          ð Next Steps:
179             1. Open http://{{ ansible_default_ipv4.address }}:8123 in your browser
180             2. Complete Home Assistant onboarding process
181             3. Install HACS (Home Assistant Community Store)  
182             4. Configure integrations and add-ons
183             5. Set up backups and monitoring
184          
185          ð¡ Useful Commands:
186             - Check supervisor status: sudo systemctl status hassio-supervisor
187             - View supervisor logs: sudo journalctl -fu hassio-supervisor  
188             - Restart supervisor: sudo systemctl restart hassio-supervisor
189             - Docker containers: docker ps
190             - OS Agent status: systemctl status os-agent
191          
192          â ï¸  Important Notes:
193             - Initial startup may take 5-10 minutes
194             - Create backups before major updates
195             - Monitor system resources (RAM usage can grow over time)
196             - Use SSH access for system maintenance
197             {% if network_transition_pending.stat.exists %}
198             - Network transition pending - reboot required
199             {% endif %}
200          
201          ============================================================================
202      tags: always
203
204    - name: Save installation details to file
205      copy:
206        content: |
207          Home Assistant Supervised Installation Details
208          =============================================
209          
210          Installation Date: {{ ansible_date_time.iso8601 }}
211          Host: {{ inventory_hostname }}
212          IP Address: {{ ansible_default_ipv4.address }}
213          OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
214          Architecture: {{ ansible_architecture }}
215          Machine Type: {{ homeassistant_machine_type }}
216          
217          User Configuration:
218          - Username: {{ my_user_username }}
219          - Groups: {{ my_user_groups | join(', ') }}
220          - Sudo Access: Passwordless
221          
222          Home Assistant:
223          - Web Interface: http://{{ ansible_default_ipv4.address }}:8123
224          - Data Directory: {{ homeassistant_data_share | default('/usr/share/hassio') }}
225          - Supervisor Status: {{ 'Running' if ha_check.status == 200 else 'Starting' }}
226          - OS Agent Status: {{ 'Running' if os_agent_status is defined and os_agent_status.state == 'started' else 'Installed' }}
227          
228          Docker Configuration:
229          - Compose Installed: {{ docker_install_compose }}
230          - Users with Access: {{ docker_users | join(', ') }}
231          - Log Rotation: 50MB max, 3 files
232          
233          Security:
234          - SSH Port: {{ security_ssh_port }}
235          - Root Login: Disabled  
236          - Password Authentication: Disabled
237          - Fail2ban: {{ security_fail2ban_enabled | default('Enabled') }}
238          - Auto Updates: {{ security_autoupdate_enabled }}
239          
240          Useful Commands:
241          - Check HA status: sudo systemctl status hassio-supervisor
242          - View HA logs: sudo journalctl -fu hassio-supervisor
243          - Docker containers: docker ps
244          - System resources: htop
245          
246        dest: "/home/{{ my_user_username }}/homeassistant-installation-details.txt"
247        owner: "{{ my_user_username }}"
248        group: "{{ my_user_username }}"
249        mode: "0644"
250      tags: [homeassistant, documentation]
251

1--- 2# ============================================================================ 3# Home Assistant Supervised Complete Installation Playbook 4# ============================================================================ 5# 6# 7# PREREQUISITES: 8# - Fresh Debian 11 or 12 installation 9# - SSH access with sudo privileges for ansible_user 10# - Internet connectivity for package downloads 11# - Static IP address recommended 12# 13# ============================================================================ 14 15- name: "Complete Home Assistant Supervised Setup" 16 hosts: homeassistant_servers 17 become: true 18 gather_facts: true 19 20 pre_tasks: 21 - name: Verify homeassistant server requirements 22 assert: 23 that: 24 - ansible_distribution == "Debian" 25 - ansible_distribution_major_version | int >= 11 26 - ansible_memtotal_mb >= 1500 # Minimum 1.5GB RAM 27 - ansible_processor_vcpus >= 2 # Minimum 2 CPU cores 28 fail_msg: | 29 Home Assistant system requirements not met: 30 - Requires Debian 11 or 12 31 - Minimum 1.5GB RAM (found {{ ansible_memtotal_mb }}MB) 32 - Minimum 2 CPU cores (found {{ ansible_processor_vcpus }}) 33 success_msg: "Home Assistant system requirements validated successfully" 34 tags: always 35 36 - name: Verify server is in homeassistant_servers group 37 fail: 38 msg: "This server must be in the [homeassistant_servers] inventory group. Check your inventory/hosts file." 39 when: "'homeassistant_servers' not in group_names" 40 tags: always 41 42 - name: Display homeassistant deployment information 43 debug: 44 msg: | 45 ============================================================================ 46 Home Assistant Supervised Installation Starting 47 ============================================================================ 48 Target Host: {{ inventory_hostname }} 49 Target IP: {{ ansible_default_ipv4.address }} 50 OS: {{ ansible_distribution }} {{ ansible_distribution_version }} 51 Architecture: {{ ansible_architecture }} 52 User: {{ my_user_username }} 53 Machine Type: {{ homeassistant_machine_type }} 54 ============================================================================ 55 tags: always 56 57 # ============================================================================ 58 # ROLE EXECUTION ORDER (CRITICAL FOR PROPER INSTALLATION) 59 # ============================================================================ 60 61 roles: 62 # 1. USER MANAGEMENT - Create homeassistant user with proper groups 63 - role: user 64 tags: [user, setup] 65 66 # 2. SYSTEM SETUP - Basic system configuration and packages 67 - role: system 68 tags: [system, setup] 69 70 # 3. DOCKER INSTALLATION - Install Docker using geerlingguy.docker 71 - role: geerlingguy.docker 72 tags: [docker, setup] 73 74 # 4. DOCKER FRAMEWORK - Setup Docker directory structure 75 - role: docker-framework 76 tags: [docker, framework] 77 78 # 5. SECURITY HARDENING - Apply security settings 79 - role: geerlingguy.security 80 tags: [security, hardening] 81 82 # 5. HOME ASSISTANT SUPERVISED - Complete installation (Docker required) 83 - role: homeassistant 84 tags: [homeassistant, ha] 85 86 # 6. MONITORING - System monitoring 87 - role: monitoring 88 tags: [monitoring, glances] 89 90 # ============================================================================ 91 # POST-INSTALLATION TASKS 92 # ============================================================================ 93 94 post_tasks: 95 - name: Check if network transition is pending 96 stat: 97 path: /etc/systemd/system/ha-network-transition.service 98 register: network_transition_pending 99 100 - name: Display network transition requirement 101 debug: 102 msg: | 103 â ï¸ NETWORK TRANSITION PENDING â ï¸ 104 105 A reboot is required to complete the NetworkManager transition. 106 The transition script is ready at: /usr/local/bin/ha-network-transition.sh 107 108 After Home Assistant installation completes: 109 1. Reboot the server: sudo reboot 110 2. Check transition log: cat /var/log/ha-network-transition.log 111 3. Verify NetworkManager: systemctl status NetworkManager 112 when: network_transition_pending.stat.exists 113 114 - name: Verify core services are running 115 systemd: 116 name: "{{ item }}" 117 state: started 118 enabled: yes 119 loop: 120 - docker 121 - NetworkManager 122 tags: ['verification'] 123 124 - name: Verify OS-Agent is installed and running 125 systemd: 126 name: os-agent 127 state: started 128 enabled: yes 129 register: os_agent_status 130 tags: ['verification', 'ha-validation'] 131 132 - name: Verify Home Assistant Supervisor is installed 133 stat: 134 path: /usr/sbin/hassio-supervisor 135 register: supervisor_installed 136 tags: ['verification', 'ha-validation'] 137 138 - name: Wait for Home Assistant to become available 139 uri: 140 url: "http://{{ ansible_default_ipv4.address }}:8123" 141 method: GET 142 status_code: 200 143 timeout: 10 144 register: ha_check 145 until: ha_check.status == 200 146 retries: 30 147 delay: 10 148 ignore_errors: yes 149 tags: [homeassistant, validation] 150 151 - name: Display installation summary 152 debug: 153 msg: | 154 ============================================================================ 155 Home Assistant Supervised Installation Complete! 156 ============================================================================ 157 158 ð Home Assistant Access: 159 Web Interface: http://{{ ansible_default_ipv4.address }}:8123 160 SSH Access: ssh {{ my_user_username }}@{{ ansible_default_ipv4.address }} 161 162 ð System Information: 163 Host: {{ inventory_hostname }} 164 IP Address: {{ ansible_default_ipv4.address }} 165 OS: {{ ansible_distribution }} {{ ansible_distribution_version }} 166 Architecture: {{ ansible_architecture }} 167 Machine Type: {{ homeassistant_machine_type }} 168 User: {{ my_user_username }} 169 Docker Version: {{ docker_version.stdout | default('Unknown') }} 170 171 ð§ Services Status: 172 - Home Assistant Supervisor: {{ 'Running' if ha_check.status == 200 else 'Starting (may take 5-10 minutes)' }} 173 - Docker: Running 174 - OS Agent: {{ 'Running' if os_agent_status is defined and os_agent_status.state == 'started' else 'Installed' }} 175 - NetworkManager: Configured 176 - Supervisor Installed: {{ 'Yes' if supervisor_installed.stat.exists else 'No' }} 177 178 ð Next Steps: 179 1. Open http://{{ ansible_default_ipv4.address }}:8123 in your browser 180 2. Complete Home Assistant onboarding process 181 3. Install HACS (Home Assistant Community Store) 182 4. Configure integrations and add-ons 183 5. Set up backups and monitoring 184 185 ð¡ Useful Commands: 186 - Check supervisor status: sudo systemctl status hassio-supervisor 187 - View supervisor logs: sudo journalctl -fu hassio-supervisor 188 - Restart supervisor: sudo systemctl restart hassio-supervisor 189 - Docker containers: docker ps 190 - OS Agent status: systemctl status os-agent 191 192 â ï¸ Important Notes: 193 - Initial startup may take 5-10 minutes 194 - Create backups before major updates 195 - Monitor system resources (RAM usage can grow over time) 196 - Use SSH access for system maintenance 197 {% if network_transition_pending.stat.exists %} 198 - Network transition pending - reboot required 199 {% endif %} 200 201 ============================================================================ 202 tags: always 203 204 - name: Save installation details to file 205 copy: 206 content: | 207 Home Assistant Supervised Installation Details 208 ============================================= 209 210 Installation Date: {{ ansible_date_time.iso8601 }} 211 Host: {{ inventory_hostname }} 212 IP Address: {{ ansible_default_ipv4.address }} 213 OS: {{ ansible_distribution }} {{ ansible_distribution_version }} 214 Architecture: {{ ansible_architecture }} 215 Machine Type: {{ homeassistant_machine_type }} 216 217 User Configuration: 218 - Username: {{ my_user_username }} 219 - Groups: {{ my_user_groups | join(', ') }} 220 - Sudo Access: Passwordless 221 222 Home Assistant: 223 - Web Interface: http://{{ ansible_default_ipv4.address }}:8123 224 - Data Directory: {{ homeassistant_data_share | default('/usr/share/hassio') }} 225 - Supervisor Status: {{ 'Running' if ha_check.status == 200 else 'Starting' }} 226 - OS Agent Status: {{ 'Running' if os_agent_status is defined and os_agent_status.state == 'started' else 'Installed' }} 227 228 Docker Configuration: 229 - Compose Installed: {{ docker_install_compose }} 230 - Users with Access: {{ docker_users | join(', ') }} 231 - Log Rotation: 50MB max, 3 files 232 233 Security: 234 - SSH Port: {{ security_ssh_port }} 235 - Root Login: Disabled 236 - Password Authentication: Disabled 237 - Fail2ban: {{ security_fail2ban_enabled | default('Enabled') }} 238 - Auto Updates: {{ security_autoupdate_enabled }} 239 240 Useful Commands: 241 - Check HA status: sudo systemctl status hassio-supervisor 242 - View HA logs: sudo journalctl -fu hassio-supervisor 243 - Docker containers: docker ps 244 - System resources: htop 245 246 dest: "/home/{{ my_user_username }}/homeassistant-installation-details.txt" 247 owner: "{{ my_user_username }}" 248 group: "{{ my_user_username }}" 249 mode: "0644" 250 tags: [homeassistant, documentation] 251