Oskar Kapala
9012a36827
00-access.sh implements a 3-stage idempotent access bootstrap: 1. ensure_ssh_key — ssh-copy-id to first_contact (pi@pimirror2.local), skips if BatchMode key-auth already passes 2. ensure_tailscale — install via install.sh if missing, then tailscale up --hostname=lustro; prints interactive auth URL to operator, blocks until authenticated; skips if BackendState already Running 3. verify — SSH over Tailscale to pi@lustro, asserts 'ok' + arch=aarch64 Reads first_contact and tailscale.hostname from node.yaml. Respects --dry-run. No NOPASSWD or /opt/homelab mutations. hosts/lustro/node.yaml: fill known hardware facts (arm64, 4096 MB RAM, zram swap, docker_present, mm_runtime=systemd:magicmirror.service), add ssh_user=pi, first_contact=pi@pimirror2.local, services.node-agent.runtime engine=docker mem_limit=256m. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
32 lines
810 B
YAML
32 lines
810 B
YAML
# hosts/lustro/node.yaml — LUSTRO edge node manifest
|
|
# First-contact bootstrap: scripts/onboard/onboard.sh --node lustro --step 00-access
|
|
# Full onboarding: scripts/onboard/onboard.sh --node lustro
|
|
|
|
name: LUSTRO
|
|
role: edge
|
|
location: KEN
|
|
|
|
ssh_user: pi
|
|
first_contact: pi@pimirror2.local # LAN/mDNS target before Tailscale is set up
|
|
|
|
tailscale:
|
|
hostname: lustro
|
|
# ip: TODO — fill after tailscale join (step 30-install-tailscale)
|
|
|
|
deploy_autonomy: true # onboard.sh may run mutating steps autonomously
|
|
git_control: false # node does NOT pull from Forgejo; push-based via SATURN
|
|
|
|
hardware:
|
|
arch: arm64
|
|
ram_mb: 4096
|
|
swap:
|
|
kind: zram
|
|
docker_present: true
|
|
mm_runtime: systemd:magicmirror.service
|
|
|
|
services:
|
|
node-agent:
|
|
runtime:
|
|
engine: docker
|
|
mem_limit: 256m
|