sjat
4ee1b66e23
Master vault password is fetched from Vaultwarden via the rbw agent (scripts/vault-pass-client.sh, wired as vault_password_file) instead of a plaintext .vault_pass. Vault secrets use a nested vault.<service>.<key> map. Encrypted vault.yml files are excluded from lint. Includes the host rename in Makefile and STATUS.md. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
20 lines
456 B
Text
20 lines
456 B
Text
---
|
|
profile: production
|
|
|
|
# Exclude paths Ansible-lint should not check
|
|
exclude_paths:
|
|
- .venv/
|
|
- .collections/
|
|
- .scaffold/
|
|
- "**/vault.yml" # ansible-vault encrypted — not lintable YAML
|
|
|
|
# Warn only (don't fail) on these rules during initial setup
|
|
# Remove entries as the codebase matures
|
|
warn_list:
|
|
- experimental
|
|
|
|
# Skip rules that conflict with our conventions
|
|
skip_list: []
|
|
|
|
# Enforce FQCN for all builtin modules
|
|
use_default_rules: true
|