Establishes a dedicated SSH keypair for the Custodian automation agent: - ansible/roles/custodian_agent/: authorized_key task (tagged custodian_agent) - ansible/inventory/group_vars/all.yaml: custodian_agent_user/pubkey vars - ansible/playbooks/bootstrap.yaml: custodian_agent role added - Makefile: provision-custodian-agent / provision-custodian-agent-host targets Keypair generation: cd ~/the-custodian && make custodian-keygen Then deploy: cd ~/railiance-infra && make provision-custodian-agent The private key lives at ~/.ssh/id_custodian_agent — never committed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
11 lines
341 B
YAML
11 lines
341 B
YAML
- hosts: all
|
|
become: true
|
|
vars_files:
|
|
- ../inventory/group_vars/all.yaml
|
|
- ../inventory/group_vars/secrets.sops.yaml
|
|
roles:
|
|
- role: base
|
|
- role: sops_agent
|
|
- role: custodian_agent # injects ~/.ssh/id_custodian_agent.pub into authorized_keys
|
|
# - role: wireguard # enable if you configure WireGuard variables
|