claude-home/ansible/playbooks/mask-avahi.yml

---
# Mask avahi-daemon on all Ubuntu hosts
#
# Avahi (mDNS/Bonjour) is not needed in a static-IP homelab with Pi-hole DNS.
# A kernel busy-loop bug in avahi-daemon was found consuming ~1.7 CPU cores
# across 5 VMs. Masking prevents it from ever starting again, surviving reboots.
#
# Targets: vms + physical (all Ubuntu QEMU VMs and ubuntu-manticore)
# Controller: ansible-controller (LXC 304 at 10.10.0.232)
#
# Usage:
#   # Dry run
#   ansible-playbook /opt/ansible/playbooks/mask-avahi.yml --check
#
#   # Test on a single host first
#   ansible-playbook /opt/ansible/playbooks/mask-avahi.yml --limit discord-bots
#
#   # Roll out to all Ubuntu hosts
#   ansible-playbook /opt/ansible/playbooks/mask-avahi.yml
#
# To undo: systemctl unmask avahi-daemon

- name: Mask avahi-daemon on all Ubuntu hosts
  hosts: vms:physical
  become: true

  tasks:
    - name: Stop avahi-daemon
      ansible.builtin.systemd:
        name: avahi-daemon
        state: stopped
      ignore_errors: true

    - name: Mask avahi-daemon
      ansible.builtin.systemd:
        name: avahi-daemon
        masked: true

    - name: Verify avahi is masked
      ansible.builtin.command: systemctl is-enabled avahi-daemon
      register: avahi_status
      changed_when: false
      failed_when: avahi_status.stdout | trim != 'masked'