← All projects

PROJECT — IN PROGRESS

Network Automation Toolkit

In Progress April 30, 2026 · 4 min read

Migrating platform service provisioning from shell scripts to Ansible — LXC bootstrap, nginx vhost templating, Pi-hole DNS records, and TLS cert distribution.

Ansible automation pipeline
1
ansible run target
4
roles in scope
0
manual steps remaining

Goal

A single Ansible run that takes a service name, upstream IP/port, and protocol, then produces:

LXC container with the right base image and resources
nginx vhost on the reverse proxy with wildcard cert wired in
Pi-hole DNS record pointing the service hostname at the proxy
Cloudflare DNS record if the service is public-facing
Test confirming the service responds with a 200 over HTTPS

Current status

Working through the Pi-hole role. Pi-hole v6 replaces the entire hosts list on each call — the playbook needs to read existing state, merge the new record, and push the full list back. The naive append approach silently destroys other records.

# pi-hole v6 — safe merge pattern
GET /api/hosts        # read existing
merge(existing, new)  # safe combine
PUT /api/hosts        # push full list
# append alone → silently destroys other records

Reproducibility

The platform is large enough that any change risks breaking something else. A playbook run either succeeds cleanly or fails loudly — not silently.

Skill progression

Everyone past mid-level is expected to read and write Ansible / Terraform / similar. This is the natural place to build that fluency on real infrastructure.

A writeup will follow once the first end-to-end run works.

Stack

AnsiblePythonBashCloudflare APIJinja2
← Previous
SecureBytes NOC Stack
Next →
BGP Mesh with Private ASNs