sjat
4ee1b66e23
Master vault password is fetched from Vaultwarden via the rbw agent (scripts/vault-pass-client.sh, wired as vault_password_file) instead of a plaintext .vault_pass. Vault secrets use a nested vault.<service>.<key> map. Encrypted vault.yml files are excluded from lint. Includes the host rename in Makefile and STATUS.md. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
13 lines
456 B
INI
13 lines
456 B
INI
[defaults]
|
|
inventory = inventories/production/hosts.yml
|
|
roles_path = roles
|
|
collections_path = .collections
|
|
vault_password_file = scripts/vault-pass-client.sh
|
|
interpreter_python = auto_silent
|
|
stdout_callback = yaml
|
|
callbacks_enabled = timer, profile_tasks
|
|
|
|
# Avoid slow DNS lookups
|
|
[ssh_connection]
|
|
pipelining = True
|
|
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=accept-new
|