blumeops/docs/reference/tools/ansible.md

---
title: Ansible
modified: 2026-02-12
tags:
  - ansible
  - reference
---

# Ansible

Configuration management for native services on [[indri]]. The primary playbook is `ansible/playbooks/indri.yml`.

## CLI Patterns

```bash
# Full provisioning
mise run provision-indri

# Specific role only
mise run provision-indri -- --tags caddy

# Dry run (preview changes)
mise run provision-indri -- --check --diff
```

## Available Roles

| Role | Purpose | Service |
|------|---------|---------|
| **alloy** | Observability collector | [[alloy]] |
| **borgmatic** | Backup automation | [[borgmatic]] |
| **borgmatic_metrics** | Backup metrics exporter | [[borgmatic]] |
| **caddy** | Reverse proxy & TLS | [[routing]] |
| **forgejo** | Git forge | [[forgejo]] |
| **jellyfin** | Media server | [[jellyfin]] |
| **jellyfin_metrics** | Media metrics exporter | [[jellyfin]] |
| **minikube** | Kubernetes cluster | [[cluster]] |
| **minikube_metrics** | Cluster metrics | [[cluster]] |
| **zot** | Container registry | [[zot]] |
| **zot_metrics** | Registry metrics | [[zot]] |

## Role Structure

Each role follows Ansible conventions:
```
ansible/roles/<role>/
├── defaults/main.yml    # Default variables
├── tasks/main.yml       # Task definitions
├── handlers/main.yml    # Handlers (restarts, etc.)
├── templates/           # Jinja2 templates
└── files/               # Static files
```

## Secrets

Roles that need secrets use 1Password via the playbook's `pre_tasks`. Secrets are gathered at playbook start and passed to roles as variables.

## Related

- [[indri]] — Target host
- [[observability]] — Metrics collection