46 lines
1.8 KiB
Markdown
46 lines
1.8 KiB
Markdown
# Ansible Pull — Iron Legion Fleet
|
|
|
|
Auto-applied Ansible playbooks for the Iron Legion AI agent fleet.
|
|
|
|
## How It Works
|
|
|
|
Each node runs `ansible-pull` every 5 minutes via cron. It clones this repo and applies `local.yml` to itself.
|
|
|
|
## Repo Structure
|
|
|
|
```
|
|
.
|
|
├── local.yml # Main playbook — always runs
|
|
├── group_vars/
|
|
│ └── all.yml # Fleet-wide variables
|
|
├── host_vars/
|
|
│ ├── artemis.yml # Artemis (AI Foreman)
|
|
│ ├── cinnamint--elitebook.yml # Cinnamint-EliteBook (WSL2 workstation)
|
|
│ ├── hulkbuster.yml # Mark44 (GPU heavy)
|
|
│ ├── mark5.yml # Mark5 (GPU light / Suitcase)
|
|
│ ├── mark-vii.yml # Mark VII (Swarm manager + services)
|
|
│ ├── mission-control.yml # Mission-Control (WSL2 workstation)
|
|
│ ├── mk-33.yml # MK-33 Silver Centurion (Swarm worker)
|
|
│ ├── mk-34.yml # MK-34 (Swarm worker)
|
|
│ ├── mk-39.yml # MK-39 (Swarm worker)
|
|
│ ├── mk-42.yml # MK-42 Extremis (Swarm worker)
|
|
│ └── nebuchadnezzar.yml # Neo (Nextcloud + Vaultwarden)
|
|
├── new-build/
|
|
│ └── portainer/
|
|
│ └── docker-compose.yml # Portainer CE stack for Swarm manager
|
|
├── ubuntu-autoinstall/
|
|
│ └── autoinstall.yaml # Fleet-standard headless autoinstall
|
|
└── archive/
|
|
└── maas/
|
|
```
|
|
|
|
## Adding Node-Specific Tasks
|
|
|
|
Edit the corresponding `host_vars/` file with node-specific vars (packages, configs). Edit `local.yml` for shared tasks that apply to all nodes.
|
|
|
|
## Security
|
|
|
|
- HTTPS auth via deploy token stored in `/etc/ansible/ansible.env`
|
|
- Token is root-readable only (chmod 600)
|
|
- Gitea provides TLS via NetBird mesh
|