Further splitting into the correct parts

ansible/phiax.nl/testicle/inventory/main.yaml

@@ -1,5 +1,13 @@
 raspberries:
   hosts:
     app-octoprint.phiax.nl:
+      ansible_user: pi
     sensor-adsb.phiax.nl:
-    
+      ansible_user: pi
+      ansible_ssh_private_key_file: /ssh/id_rsa
+    yoshimo.phiax.nl:
+      ansible_user: phiax
+      ansible_ssh_private_key_file: /ssh/id_rsa
+    app-sonosbridge.phiax.nl:
+      ansible_user: phiax
+      ansible_ssh_private_key_file: /ssh/id_rsa

ansible/phiax.nl/testicle/playbooks/install_raspberry.yaml

@@ -1,29 +1,24 @@
 ---
-# Notice that "# noqa: package-latest" is included in this file. This disabled a specific check for the Ansible linter,
-# see: https://ansible.readthedocs.io/projects/lint/usage/#muting-warnings-to-avoid-false-positives.
-# For a purely reproducible build this would be a good suggestion but I'm willing to take the risk with the Pi.
 - name: Install raspberry pi
   hosts: all
-  # vars_files:
-  #   - vault.yml
-  #   - versions.yml
   roles:
-    # These roles are disabled after they have being applied once for performance reasons, it should be safe to enable them again.
-    # Notice that this role changes some settings on reruns (on the "Change various sysctl-settings" task), doesn't seem problematic though.
     - role: devsec.hardening.ssh_hardening
       become: true
-    - role: packages
+    - role: roles/system/ohmyzsh
       become: true
+      vars:
+        target_user: "phiax"
+        ohmyzsh_theme: "agnoster"
+        ohmyzsh_plugins:
+          - git
+          - zsh-autosuggestions
+        http_fetcher: "curl"
+    - role: roles/system/multitail
+      become: true
+      
   vars:
     # devsec.hardening.ssh_hardening vars:
-    ssh_client_port: 22 # Default, but duplicated here for documentation purpose. Not changed because its only accessible via LAN.
+    ssh_client_port: 22
-    ssh_client_password_login: false # Default, but duplicated here for documentation purpose.
+    ssh_client_password_login: false
     ssh_allow_tcp_forwarding: true
   tasks:
-    # This task can be handy for debugging gathered facts, uncomment it if necessary:
-    # - name: Store gathered facts in local file
-    #   delegate_to: localhost
-    #   ansible.builtin.copy:
-    #     dest: './.ansible_facts.json'
-    #     content: "{{ ansible_facts }}"
-    #     mode: "0600"

esphome/device_packages/sonoff-tx-series.yaml

@@ -1,6 +1,14 @@
 esp8266:
   board: esp01_1m
 
+api:
+   on_client_connected:
+    then:
+      - light.turn_on: blue_led_light
+  on_client_disconnected:
+    then:
+      - light.turn_off: blue_led_light
+
 binary_sensor:
   - platform: gpio
     pin:
@@ -24,6 +32,7 @@ light:
   - platform: monochromatic
     name: "${friendly_devicename} WiFi LED"
     output: blue_led
+    internal: True
     id: blue_led_light
   - platform: binary
     name: "${friendly_devicename} Licht"

esphome/esphome-base.yaml

@@ -8,7 +8,7 @@ wifi:
   domain: .phiax.nl
   min_auth_mode: WPA2
   ap:
-    ssid: "${friendly_devicename} Hotspot"
+    ssid: "${friendly_devicename}"
     password: ${hotspotpass} 
 
 captive_portal:
@@ -16,12 +16,6 @@ captive_portal:
 api:
   encryption:
     key: ${apikey}
-  on_client_connected:
-    then:
-      - light.turn_on: blue_led_light
-  on_client_disconnected:
-    then:
-      - light.turn_off: blue_led_light
 
 ota:
   - platform: esphome