Ansible Pull — Iron Legion Fleet

Auto-applied Ansible playbooks for the Iron Legion AI agent fleet.

How It Works

Each node runs ansible-pull every 5 minutes via cron. It clones this repo and applies local.yml to itself.

Repo Structure

.
├── local.yml           # Main playbook — always runs
├── group_vars/
│   └── all.yml         # Fleet-wide variables
├── host_vars/
│   ├── artemis.yml              # Artemis (AI Foreman)
│   ├── cinnamint--elitebook.yml # Cinnamint-EliteBook (WSL2 workstation)
│   ├── hulkbuster.yml           # Mark44 (GPU heavy)
│   ├── mark5.yml                # Mark5 (GPU light / Suitcase)
│   ├── mark-vii.yml             # Mark VII (Swarm manager + services)
│   ├── mission-control.yml      # Mission-Control (WSL2 workstation)
│   ├── mk-33.yml                # MK-33 Silver Centurion (Swarm worker)
│   ├── mk-34.yml                # MK-34 (Swarm worker)
│   ├── mk-39.yml                # MK-39 (Swarm worker)
│   ├── mk-42.yml                # MK-42 Extremis (Swarm worker)
│   └── nebuchadnezzar.yml       # Neo (Nextcloud + Vaultwarden)
├── new-build/
│   └── portainer/
│       └── docker-compose.yml   # Portainer CE stack for Swarm manager
├── ubuntu-autoinstall/
│   └── autoinstall.yaml         # Fleet-standard headless autoinstall
└── archive/
    └── maas/

Adding Node-Specific Tasks

Edit the corresponding host_vars/ file with node-specific vars (packages, configs). Edit local.yml for shared tasks that apply to all nodes.

Security

• HTTPS auth via deploy token stored in /etc/ansible/ansible.env
• Token is root-readable only (chmod 600)
• Gitea provides TLS via NetBird mesh