feat: initial playbook, group_vars, README

2026-05-21 12:24:55 -04:00
commit 5583c6d67c
3 changed files with 116 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,35 @@
+# Ansible Pull — Iron Legion Fleet
+
+Auto-applied Ansible playbooks for the Iron Legion AI agent fleet.
+
+## How It Works
+
+Each node runs `ansible-pull` every 5 minutes via cron. It clones this repo and applies `local.yml` to itself.
+
+## Repo Structure
+
+```
+.
+├── local.yml           # Main playbook — always runs
+├── group_vars/
+│   └── all.yml         # Fleet-wide variables
+├── host_vars/
+│   ├── artemis.yml     # Artemis (AI Foreman) specific
+│   ├── mark44.yml      # Mark44 (Hulkbuster) specific
+│   ├── mark5.yml       # Mark5 (Suitcase) specific
+│   └── bones.yml       # Bones (Mark XLI) specific
+└── roles/
+    └── common/
+        └── tasks/
+            └── main.yml
+```
+
+## Adding Node-Specific Tasks
+
+Edit the corresponding `host_vars/` file with node-specific vars (packages, configs). Edit `local.yml` for shared tasks that apply to all nodes.
+
+## Security
+
+- HTTPS auth via deploy token stored in `/etc/ansible/ansible.env`
+- Token is root-readable only (chmod 600)
+- Gitea provides TLS via NetBird mesh