Add ansible playbook for indri with prometheus and grafana roles

- Inventory with tailnet hosts (indri, gilbert, sifaka)
- Prometheus role: installs via homebrew, templates config from current indri setup
- Grafana role: installs via homebrew, starts service
- ansible.cfg and requirements.yml for community.general collection
- Updated CLAUDE.md with ansible dry-run instructions

Tested: ansible-playbook playbooks/indri.yml --check --diff (all ok)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

CLAUDE.md

@@ -21,3 +21,20 @@ You are encouraged to explore the zk, follow links, and propose updates to it as
 
 - **Homebrew services**: `brew services start|stop|restart <service>`
 - **Non-homebrew services**: use `mcquack` (LaunchAgent manager for macOS)
+
+## Ansible
+
+Run playbooks from the `ansible/` directory.
+
+```bash
+# Install collection dependencies
+ansible-galaxy collection install -r requirements.yml
+
+# Dry-run before committing changes
+ansible-playbook playbooks/indri.yml --check --diff
+
+# Apply changes
+ansible-playbook playbooks/indri.yml
+```
+
+**Always dry-run (`--check --diff`) ansible changes before committing.**

ansible/ansible.cfg

@@ -0,0 +1,7 @@
+[defaults]
+inventory = inventory/hosts.yml
+roles_path = roles
+host_key_checking = False
+
+[privilege_escalation]
+become = False

ansible/inventory/hosts.yml

@@ -0,0 +1,14 @@
+all:
+  children:
+    servers:
+      hosts:
+        indri:
+          ansible_host: indri
+    workstations:
+      hosts:
+        gilbert:
+          ansible_host: gilbert
+    nas:
+      hosts:
+        sifaka:
+          ansible_host: sifaka

ansible/playbooks/indri.yml

@@ -0,0 +1,6 @@
+---
+- name: Configure indri
+  hosts: indri
+  roles:
+    - prometheus
+    - grafana

ansible/requirements.yml

@@ -0,0 +1,3 @@
+---
+collections:
+  - name: community.general

ansible/roles/grafana/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart grafana
+  ansible.builtin.command: brew services restart grafana

ansible/roles/grafana/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+- name: Install grafana via homebrew
+  community.general.homebrew:
+    name: grafana
+    state: present
+
+- name: Ensure grafana service is started
+  ansible.builtin.command: brew services start grafana
+  register: brew_start
+  changed_when: "'Successfully started' in brew_start.stdout"
+  failed_when: false

ansible/roles/prometheus/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart prometheus
+  ansible.builtin.command: brew services restart prometheus

ansible/roles/prometheus/tasks/main.yml

@@ -0,0 +1,25 @@
+---
+- name: Install prometheus via homebrew
+  community.general.homebrew:
+    name: prometheus
+    state: present
+
+- name: Configure prometheus.yml
+  ansible.builtin.template:
+    src: prometheus.yml.j2
+    dest: /opt/homebrew/etc/prometheus.yml
+    mode: '0644'
+  notify: restart prometheus
+
+- name: Configure prometheus.args
+  ansible.builtin.template:
+    src: prometheus.args.j2
+    dest: /opt/homebrew/etc/prometheus.args
+    mode: '0644'
+  notify: restart prometheus
+
+- name: Ensure prometheus service is started
+  ansible.builtin.command: brew services start prometheus
+  register: brew_start
+  changed_when: "'Successfully started' in brew_start.stdout"
+  failed_when: false

ansible/roles/prometheus/templates/prometheus.args.j2

@@ -0,0 +1,3 @@
+--config.file /opt/homebrew/etc/prometheus.yml
+--web.listen-address=0.0.0.0:9090
+--storage.tsdb.path /opt/homebrew/var/prometheus

ansible/roles/prometheus/templates/prometheus.yml.j2

@@ -0,0 +1,14 @@
+global:
+  scrape_interval: 15s
+
+scrape_configs:
+  - job_name: "node-exporter-indri"
+    static_configs:
+    - targets: ["localhost:9090"]
+    - targets: ["localhost:9100"]
+    relabel_configs:
+    - target_label: instance
+      replacement: indri
+  - job_name: "node-exporter-sifaka"
+    static_configs:
+    - targets: ["sifaka:9100"]