Further splitting into the correct parts

2026-01-23 09:43:39 +01:00 · 2026-01-23 09:43:39 +01:00 · 58696d94b1
commit 58696d94b1
parent e68507ccac
4 changed files with 33 additions and 27 deletions
--- a/ansible/phiax.nl/testicle/inventory/main.yaml
+++ b/ansible/phiax.nl/testicle/inventory/main.yaml
@ -1,5 +1,13 @@
 raspberries:
  hosts:
    app-octoprint.phiax.nl:
+      ansible_user: pi
    sensor-adsb.phiax.nl:
-    
+      ansible_user: pi
+      ansible_ssh_private_key_file: /ssh/id_rsa
+    yoshimo.phiax.nl:
+      ansible_user: phiax
+      ansible_ssh_private_key_file: /ssh/id_rsa
+    app-sonosbridge.phiax.nl:
+      ansible_user: phiax
+      ansible_ssh_private_key_file: /ssh/id_rsa
--- a/ansible/phiax.nl/testicle/playbooks/install_raspberry.yaml
+++ b/ansible/phiax.nl/testicle/playbooks/install_raspberry.yaml
@ -1,29 +1,24 @@
 ---
-# Notice that "# noqa: package-latest" is included in this file. This disabled a specific check for the Ansible linter,
-# see: https://ansible.readthedocs.io/projects/lint/usage/#muting-warnings-to-avoid-false-positives.
-# For a purely reproducible build this would be a good suggestion but I'm willing to take the risk with the Pi.
 - name: Install raspberry pi
  hosts: all
-  # vars_files:
-  #   - vault.yml
-  #   - versions.yml
  roles:
-    # These roles are disabled after they have being applied once for performance reasons, it should be safe to enable them again.
-    # Notice that this role changes some settings on reruns (on the "Change various sysctl-settings" task), doesn't seem problematic though.
    - role: devsec.hardening.ssh_hardening
      become: true
-    - role: packages
+    - role: roles/system/ohmyzsh
      become: true
+      vars:
+        target_user: "phiax"
+        ohmyzsh_theme: "agnoster"
+        ohmyzsh_plugins:
+          - git
+          - zsh-autosuggestions
+        http_fetcher: "curl"
+    - role: roles/system/multitail
+      become: true
+      
  vars:
    # devsec.hardening.ssh_hardening vars:
-    ssh_client_port: 22 # Default, but duplicated here for documentation purpose. Not changed because its only accessible via LAN.
-    ssh_client_password_login: false # Default, but duplicated here for documentation purpose.
+    ssh_client_port: 22
+    ssh_client_password_login: false
    ssh_allow_tcp_forwarding: true
-  tasks:
-    # This task can be handy for debugging gathered facts, uncomment it if necessary:
-    # - name: Store gathered facts in local file
-    #   delegate_to: localhost
-    #   ansible.builtin.copy:
-    #     dest: './.ansible_facts.json'
-    #     content: "{{ ansible_facts }}"
-    #     mode: "0600"
+  tasks:
--- a/esphome/device_packages/sonoff-tx-series.yaml
+++ b/esphome/device_packages/sonoff-tx-series.yaml
@ -1,6 +1,14 @@
 esp8266:
  board: esp01_1m

+api:
+   on_client_connected:
+    then:
+      - light.turn_on: blue_led_light
+  on_client_disconnected:
+    then:
+      - light.turn_off: blue_led_light
+
 binary_sensor:
  - platform: gpio
    pin:
@ -24,6 +32,7 @@ light:
  - platform: monochromatic
    name: "${friendly_devicename} WiFi LED"
    output: blue_led
+    internal: True
    id: blue_led_light
  - platform: binary
    name: "${friendly_devicename} Licht"
--- a/esphome/esphome-base.yaml
+++ b/esphome/esphome-base.yaml
@ -8,7 +8,7 @@ wifi:
  domain: .phiax.nl
  min_auth_mode: WPA2
  ap:
-    ssid: "${friendly_devicename} Hotspot"
+    ssid: "${friendly_devicename}"
    password: ${hotspotpass} 

 captive_portal:
@ -16,12 +16,6 @@ captive_portal:
 api:
  encryption:
    key: ${apikey}
-  on_client_connected:
-    then:
-      - light.turn_on: blue_led_light
-  on_client_disconnected:
-    then:
-      - light.turn_off: blue_led_light

 ota:
  - platform: esphome