2026-06-11 13:50:11 +02:00
|
|
|
---
|
|
|
|
|
# Workstation-class control node (ubongo, ADR-015) — developer-environment users.
|
|
|
|
|
# The operator and the dedicated AI-worker user both get the dev_env role (dotfiles,
|
|
|
|
|
# zsh/tmux/nvim), so `sudo -iu claude` lands in the same clean shell.
|
|
|
|
|
dev_env__users:
|
|
|
|
|
- sjat
|
|
|
|
|
- claude
|
2026-06-11 14:09:15 +02:00
|
|
|
|
|
|
|
|
# Connection: ubongo is the manually-provisioned control node (ADR-009/ADR-015 exception),
|
|
|
|
|
# not a Terraform VM bootstrapped with the `ansible` service user that group_vars/all
|
|
|
|
|
# assumes. Manage it as the operator account. Overrides the all-group default for this
|
|
|
|
|
# group only.
|
|
|
|
|
ansible_user: sjat
|
2026-06-17 16:12:28 +02:00
|
|
|
|
|
|
|
|
# ubongo is a NetBird mesh peer (ADR-016, M5) — enrol the agent via base's `mesh` concern.
|
|
|
|
|
# Enrollment only; the host firewall default-deny stays deferred (the mesh-hardening
|
|
|
|
|
# follow-on), so this brings up wt0 without changing SSH exposure.
|
|
|
|
|
base__mesh_enabled: true
|