Your Name
5e16fee73b
Deploys @rynfar/meridian on a Debian 12 LXC, bound to 0.0.0.0:3456. OAuth credentials transferred manually after first deploy (claude login on Mac, scp ~/.claude to /opt/meridian/.claude). systemd unit is enabled but gated on credentials.json existence so the first deploy doesn't crash-loop. LXC has no auth layer — security model is LAN-only reachability. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
34 lines
1.2 KiB
YAML
34 lines
1.2 KiB
YAML
---
|
|
# ==============================================================================
|
|
# Meridian LXC — Site Playbook
|
|
# ==============================================================================
|
|
# Local Anthropic API powered by Chuck's Claude Max OAuth subscription.
|
|
# Bridges the Claude Code SDK to /v1/messages so HAOS's anthropic conversation
|
|
# integration (and any Anthropic-compatible client) can use the Max subscription
|
|
# instead of paid API tokens.
|
|
#
|
|
# Security: Meridian has no auth layer of its own. LAN-only reachability is
|
|
# the entire security model — no Caddy public vhost, no Cloudflare tunnel.
|
|
# OAuth bootstrap is manual: `claude login` on Chuck's Mac, scp ~/.claude/ to
|
|
# /opt/meridian/.claude/ on the LXC, then `systemctl restart meridian`.
|
|
#
|
|
# Usage:
|
|
# ./deploy.sh # full deploy
|
|
# ./deploy.sh --tags meridian # meridian role only
|
|
# ==============================================================================
|
|
|
|
- name: Deploy Meridian LXC
|
|
hosts: all
|
|
become: true
|
|
vars_files:
|
|
- vars/main.yml
|
|
|
|
pre_tasks:
|
|
- name: Deploy banner
|
|
debug:
|
|
msg: "===== {{ ansible_play_name }} → {{ inventory_hostname }} ({{ ansible_host | default(inventory_hostname) }}) ====="
|
|
|
|
roles:
|
|
- meridian
|
|
- node_exporter
|