d60bc96f1d
Verifies 16 DockerHub images, assigns target nodes per locked policy, defines 3-phase deployment order (Infra → Media → Polish), and captures open questions for Bobby. Services: Traefik, Technitium DNS, AdGuard Home, Prometheus, Grafana, Beszel, Dozzle, Portainer, Homepage, Authelia, Vaultwarden, Jellyfin, Sonarr, Radarr, Prowlarr, Nextcloud Domain: *.ai.home No public internet exposure.
Ansible Pull — Iron Legion Fleet
Auto-applied Ansible playbooks for the Iron Legion AI agent fleet.
How It Works
Each node runs ansible-pull every 5 minutes via cron. It clones this repo and applies local.yml to itself.
Repo Structure
.
├── local.yml # Main playbook — always runs
├── group_vars/
│ └── all.yml # Fleet-wide variables
├── host_vars/
│ ├── artemis.yml # Artemis (AI Foreman) specific
│ ├── mark44.yml # Mark44 (Hulkbuster) specific
│ ├── mark5.yml # Mark5 (Suitcase) specific
│ └── bones.yml # Bones (Mark XLI) specific
└── roles/
└── common/
└── tasks/
└── main.yml
Adding Node-Specific Tasks
Edit the corresponding host_vars/ file with node-specific vars (packages, configs). Edit local.yml for shared tasks that apply to all nodes.
Security
- HTTPS auth via deploy token stored in
/etc/ansible/ansible.env - Token is root-readable only (chmod 600)
- Gitea provides TLS via NetBird mesh