homelab-ansible-lxc-meridian

cbalders/homelab-ansible-lxc-meridian

Fork 0

Commit Graph

Author	SHA1	Message	Date
Your Name	02c2f4ee2d	litellm: pull /meridian secrets in-playbook from Infisical (runner-agnostic) Replaces the deploy.sh env-var hand-off (which only worked locally and would have made Semaphore write placeholder keys, regressing direct_*) with the standard in-playbook Infisical pull used by dawarich/mcp/cloudflared: - site.yml pre_tasks: login via the shared 828d2cc8 machine identity, read /meridian as_dict, set_fact litellm_master_key + the openai/gemini keys. - vars/vault.yml: shared ansible-vault client secret (copied from sibling repo). - requirements.yml: + infisical.vault. - deploy.sh: drop the infisical-CLI pulls; add --ask-vault-pass. Same secret path for Semaphore and local — no per-template env wiring. Deploy prereqs: attach the ansible-vault password to Semaphore template 27, and ensure the 828d2cc8 identity can read /meridian (env prod). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-05 13:00:54 -04:00
Your Name	5e16fee73b	initial scaffold: Meridian LXC (Node 22 + npm @rynfar/meridian + systemd) Deploys @rynfar/meridian on a Debian 12 LXC, bound to 0.0.0.0:3456. OAuth credentials transferred manually after first deploy (claude login on Mac, scp ~/.claude to /opt/meridian/.claude). systemd unit is enabled but gated on credentials.json existence so the first deploy doesn't crash-loop. LXC has no auth layer — security model is LAN-only reachability. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-17 21:20:41 -04:00

Author

SHA1

Message

Date

Your Name

02c2f4ee2d

litellm: pull /meridian secrets in-playbook from Infisical (runner-agnostic)

Replaces the deploy.sh env-var hand-off (which only worked locally and would
have made Semaphore write placeholder keys, regressing direct_*) with the
standard in-playbook Infisical pull used by dawarich/mcp/cloudflared:

- site.yml pre_tasks: login via the shared 828d2cc8 machine identity, read
  /meridian as_dict, set_fact litellm_master_key + the openai/gemini keys.
- vars/vault.yml: shared ansible-vault client secret (copied from sibling repo).
- requirements.yml: + infisical.vault.
- deploy.sh: drop the infisical-CLI pulls; add --ask-vault-pass.

Same secret path for Semaphore and local — no per-template env wiring. Deploy
prereqs: attach the ansible-vault password to Semaphore template 27, and ensure
the 828d2cc8 identity can read /meridian (env prod).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-05 13:00:54 -04:00

Your Name

5e16fee73b

initial scaffold: Meridian LXC (Node 22 + npm @rynfar/meridian + systemd)

Deploys @rynfar/meridian on a Debian 12 LXC, bound to 0.0.0.0:3456.
OAuth credentials transferred manually after first deploy (claude login on
Mac, scp ~/.claude to /opt/meridian/.claude). systemd unit is enabled but
gated on credentials.json existence so the first deploy doesn't crash-loop.

LXC has no auth layer — security model is LAN-only reachability.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-17 21:20:41 -04:00

2 Commits