tegwick
3f4f03e838
Add ops_bridge_pubkey to group_vars/all.yaml (public key only, safe to commit) and inject it via ansible.posix.authorized_key in the base role, immediately after SSH hardening. This ensures ops-bridge tunnel connectivity is available as soon as SSH infrastructure is up on any managed host — no manual key provisioning required for new nodes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>