36 lines
1.1 KiB
Markdown
36 lines
1.1 KiB
Markdown
# Ansible Pull — Iron Legion Fleet
|
|
|
|
Auto-applied Ansible playbooks for the Iron Legion AI agent fleet.
|
|
|
|
## How It Works
|
|
|
|
Each node runs `ansible-pull` every 5 minutes via cron. It clones this repo and applies `local.yml` to itself.
|
|
|
|
## Repo Structure
|
|
|
|
```
|
|
.
|
|
├── local.yml # Main playbook — always runs
|
|
├── group_vars/
|
|
│ └── all.yml # Fleet-wide variables
|
|
├── host_vars/
|
|
│ ├── artemis.yml # Artemis (AI Foreman) specific
|
|
│ ├── mark44.yml # Mark44 (Hulkbuster) specific
|
|
│ ├── mark5.yml # Mark5 (Suitcase) specific
|
|
│ └── bones.yml # Bones (Mark XLI) specific
|
|
└── roles/
|
|
└── common/
|
|
└── tasks/
|
|
└── main.yml
|
|
```
|
|
|
|
## Adding Node-Specific Tasks
|
|
|
|
Edit the corresponding `host_vars/` file with node-specific vars (packages, configs). Edit `local.yml` for shared tasks that apply to all nodes.
|
|
|
|
## Security
|
|
|
|
- HTTPS auth via deploy token stored in `/etc/ansible/ansible.env`
|
|
- Token is root-readable only (chmod 600)
|
|
- Gitea provides TLS via NetBird mesh
|