Onboard client: Sundance Jim (SD-002) — basic inventory scaffold

inventories/clients/sundance-jim-home/group_vars/all.yml

@@ -0,0 +1,7 @@
+---
+# Client-specific overrides go here
+# client_id: "ACME-001"
+# client_name: "ACME Corp"
+# billing_model: "hybrid"
+# change_freeze: false
+# human_estimate_seconds: 2700

inventories/clients/sundance-jim-home/group_vars/pfsense_nodes.yml

@@ -0,0 +1,30 @@
+---
+# inventory/group_vars/pfsense_nodes.yml
+# Applied to all hosts in the [pfsense] group.
+
+# pfSense runs FreeBSD — Python may not be installed.
+# Using 'raw' module throughout the role avoids this entirely,
+# but set the interpreter discovery to auto for safety.
+ansible_python_interpreter: auto_silent
+
+# SSH connection settings tuned for pfSense/FreeBSD
+ansible_connection: ssh
+ansible_ssh_common_args: >-
+  -o StrictHostKeyChecking=no
+  -o UserKnownHostsFile=/dev/null
+  -o ConnectTimeout=15
+  -o ServerAliveInterval=10
+  -o ServerAliveCountMax=3
+
+# pfSense's shell is tcsh by default; force sh for compatibility
+ansible_shell_type: sh
+ansible_shell_executable: /bin/sh
+
+# Set to your SSH key or use ansible_password
+# ansible_ssh_private_key_file: ~/.ssh/pfsense_rsa
+
+# Default upgrade settings (can be overridden per host in host_vars/)
+perform_upgrade: false
+allow_major_upgrade: false
+auto_reboot: true
+pkg_repo_update: true

inventories/clients/sundance-jim-home/hosts.yml

@@ -0,0 +1,59 @@
+---
+all:
+  vars:
+    client_id: "CLIENT_ID"
+    client_name: "Client Name"
+    billing_model: "hybrid"
+    maintenance_window_start: "02:00"
+    maintenance_window_end: "05:00"
+    maintenance_window_tz: "UTC"
+    n8n_webhook_url: "{{ lookup('env', 'N8N_WEBHOOK_URL') }}"
+    human_estimate_seconds: 2700
+    change_freeze: false
+    ansible_ssh_extra_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
+
+  children:
+    # --- NETWORK LAYER ---
+    firewalls:
+      children:
+        opnsense:
+          hosts:
+            client-fw-01:
+              ansible_host: "{{ FW_HOST }}"
+
+        pfsense_nodes:
+          hosts:
+            client-fw-01:
+              ansible_host: "{{ FW_HOST }}"
+              ansible_port: 22222
+              ha_role: "primary"        # Use: primary | backup
+              #ha_peer: "client-fw-02"  # Uncomment if this node is part an HA pair
+
+    # --- INFRASTRUCTURE ---
+    hypervisors:
+      children:
+        proxmox:
+          hosts:
+            client-pv-01:
+              ansible_host: "{{ PV_HOST }}"
+        xcp:
+          hosts:
+            client-xcp-01:
+              ansible_host: "{{ XCP_HOST }}"
+
+    # --- WORKSTATIONS/SERVERS ---
+    linux_hosts:
+      hosts: {}
+      vars:
+        ansible_user: root
+        ansible_ssh_private_key_file: "~/.ssh/client_key"
+        os_family: "debian"
+
+    windows_hosts:
+      hosts: {}
+      vars:
+        ansible_user: Administrator
+        ansible_connection: winrm
+        ansible_winrm_transport: ntlm
+        ansible_winrm_server_cert_validation: validate
+        ansible_port: 5986

inventories/clients/sundance-jim-home/hypervisor_hosts.yml

@@ -0,0 +1,117 @@
+---
+# =============================================================================
+# hypervisor_hosts.yml — Physical Hypervisor Node Inventory
+# =============================================================================
+# This file defines the physical hypervisor nodes for a client.
+# Used by the hypervisor upgrade playbook (proxmox_upgrade.yml, xcpng_upgrade.yml)
+# NOT used by guest playbooks (linux_patch, windows_patch, snapshot, etc.)
+#
+# Supported hypervisor_type values:
+#   proxmox   — Proxmox VE cluster or standalone node
+#   xcpng     — XCP-NG pool
+#
+# Copy this file to inventories/client_<slug>/hypervisor_hosts.yml
+# and fill in the values for the client.
+# =============================================================================
+
+all:
+  vars:
+    client_id: "CLIENT-ID"
+    client_name: "Client Name"
+  children:
+
+    # ── Proxmox Cluster / Standalone ─────────────────────────────────────────
+    # Remove this section if client does not use Proxmox
+    proxmox_cluster:
+      vars:
+        hypervisor_type: proxmox
+
+        # Proxmox API connection — used for migration and cluster queries
+        # Points to any node in the cluster (usually node-01)
+        api_host: 192.168.X.X
+        api_port: 8006
+        api_token_id: "ansible@pve!ansible-token"
+        api_token_secret: "REPLACE_ME"
+
+        # Is this a single node or a cluster?
+        # single — no migration, just upgrade in place
+        # cluster — rolling upgrade with VM migration
+        cluster_mode: cluster   # cluster | single
+
+        # CEPH — if true, playbook will set noout flag before upgrading each
+        # node and clear it after the node rejoins the cluster
+        ceph_enabled: false
+
+        # Shared storage — if false, VMs with local disks cannot be live
+        # migrated. Playbook will cold-migrate (shutdown) or skip based on
+        # local_disk_action below.
+        shared_storage: true
+
+        # What to do with VMs that have local disks when shared_storage: false
+        # skip       — leave them on the node, warn and proceed (risky)
+        # cold       — shut down, migrate, start on new node
+        # abort      — stop the upgrade if any local-disk VMs are found
+        local_disk_action: cold   # skip | cold | abort
+
+        # Rolling upgrade order — list nodes in the order you want them upgraded
+        # First node in list is drained first. If empty, playbook will sort
+        # alphabetically.
+        upgrade_order:
+          - pm-node-01
+          - pm-node-02
+          - pm-node-03
+
+        # SSH user for running apt upgrade on nodes directly
+        ansible_user: root
+        ansible_become: false
+
+        # Tags to exclude from migration (e.g. VMs you never want moved)
+        # migrate_exclude_tags:
+        #   - nomigrate
+        #   - pinned
+
+      hosts:
+        pm-node-01:
+          ansible_host: 192.168.X.X
+          # proxmox_node_name: pm-node-01  # only needed if hostname differs
+        pm-node-02:
+          ansible_host: 192.168.X.X
+        pm-node-03:
+          ansible_host: 192.168.X.X
+
+    # ── XCP-NG Pool ──────────────────────────────────────────────────────────
+    # Remove this section if client does not use XCP-NG
+    xcpng_pool:
+      vars:
+        hypervisor_type: xcpng
+
+        # XO (Xen Orchestra) API — used for migration
+        xo_url: "https://xoa.example.com"
+        xo_token: "REPLACE_ME"
+
+        # Pool UUID — find with: xe pool-list
+        pool_uuid: "REPLACE_ME"
+
+        # CEPH not applicable to XCP-NG
+        ceph_enabled: false
+
+        # Shared storage — XCP-NG SR type
+        # true if using NFS/iSCSI/Ceph SR, false if local SR only
+        shared_storage: true
+        local_disk_action: cold   # skip | cold | abort
+
+        upgrade_order:
+          - xcp-node-01
+          - xcp-node-02
+          - xcp-node-03
+
+        ansible_user: root
+        ansible_become: false
+
+      hosts:
+        xcp-node-01:
+          ansible_host: 192.168.X.X
+        xcp-node-02:
+          ansible_host: 192.168.X.X
+        xcp-node-03:
+          ansible_host: 192.168.X.X