ansible-host-limiter
Ensures ansible and ansible-playbook commands always include the -l (limit) flag to target only ndelucca-server and prevent accidental execution on raspberry-printer or other hosts. Activate this skill whenever running any ansible or ansible-playbook commands.
Best use case
ansible-host-limiter is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Ensures ansible and ansible-playbook commands always include the -l (limit) flag to target only ndelucca-server and prevent accidental execution on raspberry-printer or other hosts. Activate this skill whenever running any ansible or ansible-playbook commands.
Teams using ansible-host-limiter should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/ansible-host-limiter/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How ansible-host-limiter Compares
| Feature / Agent | ansible-host-limiter | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Ensures ansible and ansible-playbook commands always include the -l (limit) flag to target only ndelucca-server and prevent accidental execution on raspberry-printer or other hosts. Activate this skill whenever running any ansible or ansible-playbook commands.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Ansible Host Limiter Skill ## Purpose This skill enforces a critical safety practice for the home-server infrastructure: **always limit ansible commands to specific hosts** to prevent accidental execution on unintended targets like the raspberry-printer. ## Target Hosts ### Primary Target (Default) - **ndelucca-server**: The main home server running Fedora 43 ### Hosts to Avoid (Unless Explicitly Requested) - **ndelucca-raspberry-printer**: Raspberry Pi running Debian (not Fedora) - Any other hosts in the inventory ## Mandatory Rules ### Rule 1: Always Use -l Flag Every `ansible-playbook` and `ansible` command **MUST** include the `-l` (limit) flag. **Correct:** ```bash ansible-playbook playbooks/jellyfin.yml -l ndelucca-server ansible-playbook playbooks/site.yml -l ndelucca-server ansible ndelucca-server -m ping ``` **Incorrect (NEVER DO THIS):** ```bash ansible-playbook playbooks/jellyfin.yml ansible-playbook playbooks/site.yml ansible all -m ping ``` ### Rule 2: Default to ndelucca-server Unless the user explicitly requests a different target, **always default to `-l ndelucca-server`**. ### Rule 3: Confirm Before Multi-Host Execution If the user asks to run commands on multiple hosts or "all" hosts, **ask for explicit confirmation** before proceeding. ## Implementation Guidelines ### When Running Playbooks 1. **User says**: "Run the jellyfin playbook" **You execute**: ```bash ansible-playbook playbooks/jellyfin.yml -l ndelucca-server ``` 2. **User says**: "Deploy nginx" **You execute**: ```bash ansible-playbook playbooks/site.yml --tags nginx -l ndelucca-server ``` 3. **User says**: "Run the site playbook" **You execute**: ```bash ansible-playbook playbooks/site.yml -l ndelucca-server ``` ### When Running Ad-Hoc Commands 1. **User says**: "Restart nginx" **You execute**: ```bash ansible ndelucca-server -m ansible.builtin.systemd -a "name=nginx state=restarted" --become ``` 2. **User says**: "Check disk space" **You execute**: ```bash ansible ndelucca-server -m shell -a "df -h" ``` ### When User Requests Multi-Host Execution **User says**: "Run this on all servers" **You respond**: "This command would affect multiple hosts including ndelucca-raspberry-printer. Are you sure you want to run it on all hosts, or should I limit it to ndelucca-server only?" Wait for user confirmation before proceeding. ## Safety Checklist Before executing any ansible command, verify: - [ ] The `-l` flag is present - [ ] The target is `ndelucca-server` (or user explicitly requested otherwise) - [ ] The command is appropriate for the targeted host - [ ] The playbook/role supports the target OS (ndelucca-server runs Fedora 43) ## Common Commands with Correct Syntax ```bash # Run site playbook (all roles) ansible-playbook playbooks/site.yml -l ndelucca-server # Run specific playbook ansible-playbook playbooks/jellyfin.yml -l ndelucca-server ansible-playbook playbooks/nginx.yml -l ndelucca-server # Run with tags ansible-playbook playbooks/site.yml --tags nginx -l ndelucca-server # Ad-hoc command to restart service ansible ndelucca-server -m ansible.builtin.systemd -a "name=jellyfin state=restarted" --become # Ad-hoc command to check service status ansible ndelucca-server -m ansible.builtin.systemd -a "name=nginx" --become # Syntax check ansible-playbook playbooks/site.yml --syntax-check -l ndelucca-server ``` ## Error Prevention ### Common Mistakes to Avoid 1. **Running without -l flag**: This will execute on ALL hosts in inventory 2. **Using `all` as host pattern**: Affects all hosts including raspberry-printer 3. **Forgetting --become**: Some tasks require sudo privileges ### What to Do If User Asks to Run Without Limiting **Never** run ansible commands without the `-l` flag unless the user: 1. Explicitly says "run on all hosts" or "run on raspberry-printer" 2. Confirms they understand it will affect multiple hosts 3. You've warned them about the consequences ## Examples of Correct Behavior ### Example 1: Implicit Target ``` User: "run the playbook first, make sure nothing brakes" You: Execute: ansible-playbook playbooks/site.yml -l ndelucca-server ``` ### Example 2: Service Management ``` User: "restart jellyfin" You: Execute: ansible ndelucca-server -m ansible.builtin.systemd -a "name=jellyfin state=restarted" --become ``` ### Example 3: Configuration Update ``` User: "deploy the nginx changes" You: Execute: ansible-playbook playbooks/site.yml --tags nginx -l ndelucca-server ``` ## Notes - The raspberry-printer runs Debian, not Fedora, so Fedora-specific playbooks will fail on it - Always working directory: `/home/ndelucca/environment/home-server` - Inventory files are in: `inventory/hosts.yml` and `playbooks/hosts.yml` - Most playbooks are in: `playbooks/` directory ## Summary **Golden Rule**: Every ansible-playbook and ansible command MUST include `-l ndelucca-server` unless explicitly instructed otherwise by the user.
Related Skills
ansible
Provides comprehensive guidance for Ansible automation including playbooks, roles, inventory, and module usage. Use when the user asks about Ansible, needs to automate IT tasks, create Ansible playbooks, or manage infrastructure with Ansible.
ansible-workflow
Ansible automation workflow guidelines. Activate when working with Ansible playbooks, ansible-playbook, inventory files (.yml, .ini), or Ansible-specific patterns.
ansible-validator
Comprehensive toolkit for validating, linting, testing, and automating Ansible playbooks, roles, and collections. Use this skill when working with Ansible files (.yml, .yaml playbooks, roles, inventories), validating automation code, debugging playbook execution, performing dry-run testing with check mode, or working with custom modules and collections.
ansible-testinfra
Bootstrap minimal testinfra pytest suite for an Ansible role and remind to run via uv
ansible-roles
Use when structuring and reusing code with Ansible roles for modular, maintainable automation and configuration management.
ansible-role-init
Scaffold a new Ansible role via ansible-galaxy init
ansible-playbooks
Use when writing and organizing Ansible playbooks for automated configuration management and infrastructure orchestration.
ansible-playbook
Write and review Ansible playbooks following best practices. Use when the user says "write ansible", "ansible playbook", "review playbook", "automate with ansible", or asks to configure servers with Ansible.
ansible-inventory
Use when managing hosts and groups in Ansible inventory for organizing infrastructure and applying configurations across environments.
ansible-fix
ALWAYS use this skill immediately after running 'ansible-galaxy init' to create a new Ansible role. Also use when the user asks to fix ansible-lint errors or when ansible-lint output shows fixable issues like yaml[comments], schema[meta], meta-incorrect, name[play], or role-name[path] violations.
ansible-expert
Expert-level Ansible for configuration management, automation, and infrastructure as code
ansible-dev-setup
Generate and manage cross-platform Ansible playbooks for development environment setup across macOS, Linux, and Termux. Use when working with development environment automation, package installation configuration, or Ansible playbook generation.