Ansible and Host Configuration

Relevant source files

This section details the Ansible-based automation used to configure the underlying Proxmox hypervisor and its storage subsystems. While the Kubernetes cluster is managed via Talos Linux and Flux CD, the physical host configuration—including ZFS pool management, file sharing (NFS/SMB), and host-level observability—is handled through Ansible playbooks.

Storage and Fileserver Configuration

The primary storage engine for the infrastructure is a ZFS pool named /tank. Ansible is used to ensure the directory structure, permissions, and network sharing protocols (NFS and SMB) are consistently applied across the Proxmox host.

User and Permission Model

The configuration standardizes on a specific service user and group for all network-attached storage (NAS) operations:

User/Group Name: nasinfrastructure/ansible/playbooks/fileserver.yaml6-7
UID/GID: 2000infrastructure/ansible/playbooks/fileserver.yaml8-9
Shell: /bin/bashinfrastructure/ansible/playbooks/fileserver.yaml101

The playbook ensures this user exists with a password hashed via sha512 for local access (e.g., via Cockpit) infrastructure/ansible/playbooks/fileserver.yaml96-103

NFS and SMB Implementation

The host serves files to the Kubernetes cluster (via NFS) and local network devices (via SMB).

NFS Exports: Configured via the exports.j2 template infrastructure/ansible/playbooks/fileserver.yaml177 It defines access for specific subnets, such as the Kubernetes node network (10.10.30.0/24), using all_squash to map all requests to the nas user (UID 2000) infrastructure/ansible/playbooks/fileserver.yaml13-23
SMB Shares: Managed via Samba, providing access to shares like Workstation, Apps, and Storageinfrastructure/ansible/playbooks/fileserver.yaml36-85 The Workstation share is specifically optimized for macOS Time Machine using vfs_objects: fruit and fruit:time_machine: "yes"infrastructure/ansible/playbooks/fileserver.yaml42-43

Directory Hierarchy

The playbook idempotently creates the entire directory structure required by various cluster applications under /tank/Apps and /tank/Storageinfrastructure/ansible/playbooks/fileserver.yaml130-174

Fileserver Configuration Flow

[Flowchart Diagram]

Sources:infrastructure/ansible/playbooks/fileserver.yaml1-216

Host Observability

To monitor the health of the Proxmox host and its ZFS pools, Ansible deploys node_exporter and other monitoring agents directly to the host.

Node Exporter Deployment

The monitoring.yaml playbook handles the installation and lifecycle of the Prometheus node_exporter. This allows the central kube-prometheus-stack within the Kubernetes cluster to scrape host-level metrics (CPU, Memory, Disk I/O) by targeting the Proxmox host IP.

ZFS and SMART Monitoring

Specific exporters are configured to provide visibility into the storage layer:

ZFS Health: Metrics regarding pool status, scrub completion, and dataset usage.
SMART Metrics: Deployed to monitor physical drive longevity and hardware errors.

These metrics are integrated into the cluster-wide Prometheus instance via ScrapeConfig resources kubernetes/apps/observability/kube-prometheus-stack/app/scrapeconfig.yaml

Observability Data Flow

[Flowchart Diagram]

Sources:infrastructure/ansible/playbooks/monitoring.yaml kubernetes/apps/observability/kube-prometheus-stack/app/scrapeconfig.yaml

Technical Implementation Details

Secrets Management in Ansible

Ansible leverages the community.sops collection to decrypt secrets at runtime infrastructure/ansible/requirements.yaml9-10

Samba Passwords: Retrieved from samba_user.sops.yaml using the community.sops.sops lookup plugin infrastructure/ansible/playbooks/fileserver.yaml34-35
Dependency: Requires bcrypt and passlib for password hashing operations infrastructure/ansible/requirements.txt4-8

Ansible Environment

The Ansible environment is managed with specific versions of collections and Python dependencies to ensure reproducibility:

Dependency	Version	Purpose
`ansible`	`13.6.0`	Core engine infrastructure/ansible/requirements.txt1
`ansible.posix`	`2.1.0`	ACL and Mount management infrastructure/ansible/requirements.yaml3-4
`community.general`	`12.6.0`	Proxmox and storage modules infrastructure/ansible/requirements.yaml7-8
`netaddr`	`1.3.0`	IP address manipulation infrastructure/ansible/requirements.txt6

Sources:infrastructure/ansible/requirements.txt1-9 infrastructure/ansible/requirements.yaml1-19 infrastructure/ansible/playbooks/fileserver.yaml34-35

Fileserver Directory Structure

The following table describes the primary ZFS datasets managed by Ansible:

Path	Purpose	NFS Clients	SMB Access
`/tank/Apps`	Application data (Configs, DBs)	K8s Nodes (RW)	Read-Only infrastructure/ansible/playbooks/fileserver.yaml12-70
`/tank/Storage`	Bulk media and documents	K8s Nodes (RW)	Read-Write infrastructure/ansible/playbooks/fileserver.yaml16-75
`/tank/Backup`	Backups and Time Machine	K8s Nodes (RW)	Read-Only (except TM) infrastructure/ansible/playbooks/fileserver.yaml20-80
`/tank/Shared`	Temporary file exchange	Public (RW)	Guest Access (RW) infrastructure/ansible/playbooks/fileserver.yaml25-85

Sources:infrastructure/ansible/playbooks/fileserver.yaml10-85

Cloudjur

Explorer

Ansible-and-Host-Configuration