Ansible

Ansible works when you run it. Ad-hoc runs drift. Schedule the patch playbook weekly and forget about it.

Scheduled Ansible runs fail silently. A host is unreachable, a variable is wrong, or SSH keys expired. You find out when the host drifts. Uptime Kuma’s push monitor fixes that.

The automated Proxmox install gets you a configured host from a USB stick. But what happens in month two? Package updates, SSH hardening drift, backup schedule changes. Manual changes on a single host become tribal knowledge. Add a second node and you’re copy-pasting configs. Ansible picks up where first-boot leaves off. “The spice must flow.” - Dune. So must your config. Automate it.

API keys, backup passwords, Proxmox tokens. You need them in Ansible. You don’t want them in plaintext in Git. Ansible Vault encrypts files so you can commit them safely.

Every PR that touches Ansible playbooks should pass ansible-lint and ansible-playbook --check. GitHub Actions runs them automatically - no “I’ll lint before merge” discipline required.