feat: initial playbook, group_vars, README

README.md

@@ -0,0 +1,35 @@
+# Ansible Pull — Iron Legion Fleet
+
+Auto-applied Ansible playbooks for the Iron Legion AI agent fleet.
+
+## How It Works
+
+Each node runs `ansible-pull` every 5 minutes via cron. It clones this repo and applies `local.yml` to itself.
+
+## Repo Structure
+
+```
+.
+├── local.yml           # Main playbook — always runs
+├── group_vars/
+│   └── all.yml         # Fleet-wide variables
+├── host_vars/
+│   ├── artemis.yml     # Artemis (AI Foreman) specific
+│   ├── mark44.yml      # Mark44 (Hulkbuster) specific
+│   ├── mark5.yml       # Mark5 (Suitcase) specific
+│   └── bones.yml       # Bones (Mark XLI) specific
+└── roles/
+    └── common/
+        └── tasks/
+            └── main.yml
+```
+
+## Adding Node-Specific Tasks
+
+Edit the corresponding `host_vars/` file with node-specific vars (packages, configs). Edit `local.yml` for shared tasks that apply to all nodes.
+
+## Security
+
+- HTTPS auth via deploy token stored in `/etc/ansible/ansible.env`
+- Token is root-readable only (chmod 600)
+- Gitea provides TLS via NetBird mesh

group_vars/all.yml

@@ -0,0 +1,10 @@
+---
+# Fleet-wide defaults applied to ALL nodes
+
+# Schedule for ansible-pull cron job
+ansible_pull_cron_schedule: "*/5 * * * *"
+
+# Gitea repo configuration
+gitea_base_url: "gitea.nb.bobbysh.me"
+gitea_org: "Iron-Legion"
+gitea_repo: "ansible-pull-deploy"

local.yml

@@ -0,0 +1,71 @@
+---
+- hosts: localhost
+  connection: local
+  become: true
+  tasks:
+    - name: Print start message
+      debug:
+        msg: "Ansible Pull baseline running on {{ ansible_hostname }} ({{ inventory_hostname }})"
+
+    - name: Ensure apt packages are updated
+      apt:
+        update_cache: yes
+        cache_valid_time: 3600
+      when: ansible_os_family == "Debian"
+      tags: [baseline]
+
+    - name: Ensure common packages installed
+      apt:
+        name:
+          - curl
+          - git
+          - htop
+          - tmux
+          - jq
+          - vim
+        state: present
+      when: ansible_os_family == "Debian"
+      tags: [baseline]
+
+    # --- Artemis-specific placeholder ---
+    - name: Ensure Artemis monitoring packages
+      apt:
+        name:
+          - nethogs
+          - iotop
+        state: present
+      when: inventory_hostname == "Artemis"
+      tags: [artemis]
+
+    # --- Mark44 GPU node placeholder ---
+    - name: Ensure GPU node tools
+      package:
+        name:
+          - nvidia-smi
+        state: present
+      when: inventory_hostname == "mk44"
+      ignore_errors: true
+      tags: [gpu]
+
+    # --- Mark5 laptop node placeholder ---
+    - name: Ensure laptop power management (example)
+      package:
+        name:
+          - powertop
+        state: present
+      when: inventory_hostname == "mk5"
+      ignore_errors: true
+      tags: [laptop]
+
+    # --- Bones headless placeholder ---
+    - name: Ensure headless essentials
+      apt:
+        name:
+          - cpufrequtils
+        state: present
+      when: inventory_hostname == "bones"
+      tags: [bones]
+
+    - name: Print completion message
+      debug:
+        msg: "Baseline complete on {{ ansible_hostname }}"