Claude Code Plugins

Community-maintained marketplace

Feedback

ansible-host-limiter

@ndelucca/environment
0
0

Ensures ansible and ansible-playbook commands always include the -l (limit) flag to target only ndelucca-server and prevent accidental execution on raspberry-printer or other hosts. Activate this skill whenever running any ansible or ansible-playbook commands.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name ansible-host-limiter
description Ensures ansible and ansible-playbook commands always include the -l (limit) flag to target only ndelucca-server and prevent accidental execution on raspberry-printer or other hosts. Activate this skill whenever running any ansible or ansible-playbook commands.
allowed-tools Bash, Grep, Read

Ansible Host Limiter Skill

Purpose

This skill enforces a critical safety practice for the home-server infrastructure: always limit ansible commands to specific hosts to prevent accidental execution on unintended targets like the raspberry-printer.

Target Hosts

Primary Target (Default)

  • ndelucca-server: The main home server running Fedora 43

Hosts to Avoid (Unless Explicitly Requested)

  • ndelucca-raspberry-printer: Raspberry Pi running Debian (not Fedora)
  • Any other hosts in the inventory

Mandatory Rules

Rule 1: Always Use -l Flag

Every ansible-playbook and ansible command MUST include the -l (limit) flag.

Correct:

ansible-playbook playbooks/jellyfin.yml -l ndelucca-server
ansible-playbook playbooks/site.yml -l ndelucca-server
ansible ndelucca-server -m ping

Incorrect (NEVER DO THIS):

ansible-playbook playbooks/jellyfin.yml
ansible-playbook playbooks/site.yml
ansible all -m ping

Rule 2: Default to ndelucca-server

Unless the user explicitly requests a different target, always default to -l ndelucca-server.

Rule 3: Confirm Before Multi-Host Execution

If the user asks to run commands on multiple hosts or "all" hosts, ask for explicit confirmation before proceeding.

Implementation Guidelines

When Running Playbooks

  1. User says: "Run the jellyfin playbook" You execute:

    ansible-playbook playbooks/jellyfin.yml -l ndelucca-server

  2. User says: "Deploy nginx" You execute:

    ansible-playbook playbooks/site.yml --tags nginx -l ndelucca-server

  3. User says: "Run the site playbook" You execute:

    ansible-playbook playbooks/site.yml -l ndelucca-server

When Running Ad-Hoc Commands

  1. User says: "Restart nginx" You execute:

    ansible ndelucca-server -m ansible.builtin.systemd -a "name=nginx state=restarted" --become

  2. User says: "Check disk space" You execute:

    ansible ndelucca-server -m shell -a "df -h"

When User Requests Multi-Host Execution

User says: "Run this on all servers"

You respond: "This command would affect multiple hosts including ndelucca-raspberry-printer. Are you sure you want to run it on all hosts, or should I limit it to ndelucca-server only?"

Wait for user confirmation before proceeding.

Safety Checklist

Before executing any ansible command, verify:

  • The -l flag is present
  • The target is ndelucca-server (or user explicitly requested otherwise)
  • The command is appropriate for the targeted host
  • The playbook/role supports the target OS (ndelucca-server runs Fedora 43)

Common Commands with Correct Syntax

# Run site playbook (all roles)
ansible-playbook playbooks/site.yml -l ndelucca-server

# Run specific playbook
ansible-playbook playbooks/jellyfin.yml -l ndelucca-server
ansible-playbook playbooks/nginx.yml -l ndelucca-server

# Run with tags
ansible-playbook playbooks/site.yml --tags nginx -l ndelucca-server

# Ad-hoc command to restart service
ansible ndelucca-server -m ansible.builtin.systemd -a "name=jellyfin state=restarted" --become

# Ad-hoc command to check service status
ansible ndelucca-server -m ansible.builtin.systemd -a "name=nginx" --become

# Syntax check
ansible-playbook playbooks/site.yml --syntax-check -l ndelucca-server

Error Prevention

Common Mistakes to Avoid

  1. Running without -l flag: This will execute on ALL hosts in inventory
  2. Using all as host pattern: Affects all hosts including raspberry-printer
  3. Forgetting --become: Some tasks require sudo privileges

What to Do If User Asks to Run Without Limiting

Never run ansible commands without the -l flag unless the user:

  1. Explicitly says "run on all hosts" or "run on raspberry-printer"
  2. Confirms they understand it will affect multiple hosts
  3. You've warned them about the consequences

Examples of Correct Behavior

Example 1: Implicit Target

User: "run the playbook first, make sure nothing brakes"
You: Execute: ansible-playbook playbooks/site.yml -l ndelucca-server

Example 2: Service Management

User: "restart jellyfin"
You: Execute: ansible ndelucca-server -m ansible.builtin.systemd -a "name=jellyfin state=restarted" --become

Example 3: Configuration Update

User: "deploy the nginx changes"
You: Execute: ansible-playbook playbooks/site.yml --tags nginx -l ndelucca-server

Notes

  • The raspberry-printer runs Debian, not Fedora, so Fedora-specific playbooks will fail on it
  • Always working directory: /home/ndelucca/environment/home-server
  • Inventory files are in: inventory/hosts.yml and playbooks/hosts.yml
  • Most playbooks are in: playbooks/ directory

Summary

Golden Rule: Every ansible-playbook and ansible command MUST include -l ndelucca-server unless explicitly instructed otherwise by the user.