# Ansible group vars — applied to all managed hosts.
#
# custodian_agent_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/V9fe5MGKdhTBz9KwEvC1NE+HjdoCtQocpGxP6Pko9 custodian-agent"
#
# HOW TO SET THIS:
#   1. Generate the keypair on the workstation (one-time):
#        cd ~/the-custodian && make custodian-keygen
#      This creates ~/.ssh/id_custodian_agent (private, never committed)
#      and writes the public key to:
#        ~/railiance-infra/ansible/inventory/group_vars/all.yaml  ← this file
#
#   2. Commit the updated all.yaml (public key only — safe to commit).
#
#   3. Deploy to all managed hosts:
#        cd ~/railiance-infra && make provision-custodian-agent
#
# The key below is a placeholder — replace by running `make custodian-keygen`.

custodian_agent_user: tegwick
custodian_agent_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/V9fe5MGKdhTBz9KwEvC1NE+HjdoCtQocpGxP6Pko9 custodian-agent"

# ops-bridge tunnel key — injected by the base role so ops-bridge connectivity
# is available as early as SSH infrastructure is up.
# Private key lives at ~/.ssh/id_ops on the workstation. Never commit the private key.
ops_bridge_user: tegwick
ops_bridge_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQmXbAVlEa8dzGx8Hk2S7AITpz6sMWdCN0MeMOzL82u ops-bridge@custodian"