cbalders/homelab-ansible-lxc-meridian
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial scaffold: Meridian LXC (Node 22 + npm @rynfar/meridian + systemd)

Browse Source 
Deploys @rynfar/meridian on a Debian 12 LXC, bound to 0.0.0.0:3456.
OAuth credentials transferred manually after first deploy (claude login on
Mac, scp ~/.claude to /opt/meridian/.claude). systemd unit is enabled but
gated on credentials.json existence so the first deploy doesn't crash-loop.

LXC has no auth layer — security model is LAN-only reachability.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Your Name
2026-05-17 21:20:41 -04:00
parent 94fad75007
commit 5e16fee73b
12 changed files with 537 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy.sh
Executable
+40
View File
@@ -0,0 +1,40 @@
#!/usr/bin/env bash
# ==============================================================================
# deploy.sh — Deploy Meridian LXC
#
# Usage:
# ./deploy.sh # full deploy
# ./deploy.sh --tags meridian # meridian role only
# ./deploy.sh -v # verbose output
# ==============================================================================
set -euo pipefail
HOST_IP="$(grep -E '^[0-9]' inventory.ini | head -1 | awk '{print $1}')"
HOST_USER="$(grep -o 'ansible_user=[^ ]*' inventory.ini | head -1 | cut -d= -f2)"
echo "==> Checking connectivity to ${HOST_USER}@${HOST_IP} ..."
if ! ssh -o ConnectTimeout=5 -o BatchMode=yes "${HOST_USER}@${HOST_IP}" true 2>/dev/null; then
echo " Cannot SSH to ${HOST_IP} — refreshing host key ..."
ssh-keygen -R "$HOST_IP" 2>/dev/null || true
ssh-keyscan -H "$HOST_IP" >> ~/.ssh/known_hosts 2>/dev/null
fi
echo "==> Installing Ansible collections ..."
ansible-galaxy collection install -r requirements.yml --force 2>/dev/null
echo "==> Running deploy playbook ..."
ansible-playbook -i inventory.ini site.yml "$@"
echo "==> Verifying ..."
ssh "${HOST_USER}@${HOST_IP}" bash -s <<'VERIFY'
echo "Node: $(node --version 2>/dev/null || echo missing)"
echo "Meridian binary: $(which meridian 2>/dev/null || echo missing)"
echo "Service:"
systemctl is-enabled meridian 2>&1
systemctl is-active meridian 2>&1
if systemctl is-active --quiet meridian; then
curl -sf --max-time 3 http://127.0.0.1:3456/v1/messages -X POST -H 'Content-Type: application/json' -d '{}' >/dev/null 2>&1 && echo "API reachable on :3456" || echo "API on :3456 not responding (expected if OAuth creds missing)"
fi
VERIFY
echo "==> Done."