--- # Forge — Prepare racknerd3 # Run from any host with SSH access to racknerd3: # ansible-playbook -i "racknerd3," playbooks/prepare-racknerd3.yml # # Prerequisites: SSH access to racknerd3 as root - name: Prepare racknerd3 for Forge agents hosts: all become: true vars: forge_user: root forge_home: /root/forge forgejo_url: "http://192.168.122.102:3000" forgejo_token: "4ba6ae006be3c1555f7ad63d64d5ecf4703fd6a3" aws_region: us-east-1 ssh_key_path: /root/.ssh/id_ed25519 tasks: # ─── Stop and disable OpenClaw ─── - name: Stop OpenClaw service systemd: name: openclaw state: stopped enabled: false ignore_errors: true - name: Verify OpenClaw is stopped command: systemctl is-active openclaw register: claw_status failed_when: false changed_when: false - name: Report OpenClaw status debug: msg: "OpenClaw is {{ claw_status.stdout }}" # ─── Install dependencies ─── - name: Install AWS CLI and base tools apt: name: - awscli - jq - curl - git - cron state: present update_cache: true - name: Verify AWS CLI installed command: aws --version register: aws_ver changed_when: false - name: Report AWS CLI version debug: msg: "{{ aws_ver.stdout }}" # ─── Configure Forgejo SSH access ─── - name: Add Forgejo host key to known_hosts known_hosts: name: 192.168.122.102 key: "{{ lookup('pipe', 'ssh-keyscan -t ed25519 192.168.122.102 2>/dev/null') }}" path: /root/.ssh/known_hosts state: present - name: Register SSH key with Forgejo uri: url: "{{ forgejo_url }}/api/v1/user/keys" method: POST headers: Authorization: "token {{ forgejo_token }}" Content-Type: "application/json" body_format: json body: title: "racknerd3-forge" key: "{{ lookup('file', ssh_key_path + '.pub') }}" status_code: [201, 422] # 422 = key already exists # ─── Clone Forge repo ─── - name: Create forge directory file: path: "{{ forge_home }}" state: directory mode: "0750" - name: Clone forge repo git: repo: "http://192.168.122.102:3000/sam/forge.git" dest: "{{ forge_home }}" version: main force: false environment: GIT_TERMINAL_PROMPT: "0" # ─── AWS credentials placeholder ─── - name: Create AWS credentials directory file: path: /root/.aws state: directory mode: "0700" - name: Create AWS config copy: dest: /root/.aws/config mode: "0600" content: | [default] region = {{ aws_region }} output = json - name: Check if AWS credentials exist stat: path: /root/.aws/credentials register: aws_creds - name: Remind about AWS credentials debug: msg: > AWS credentials file does not exist. Create an IAM user with Bedrock-only access and add credentials: aws configure --profile default when: not aws_creds.stat.exists # ─── Firewall cleanup ─── - name: Ensure UFW allows SSH ufw: rule: allow name: OpenSSH - name: Ensure UFW allows Telegram bot (port 18789 kept for transition) ufw: rule: allow port: "18789" proto: tcp # ─── Create agent log directories ─── - name: Create log directories for each agent file: path: "{{ forge_home }}/agents/{{ item }}/logs" state: directory mode: "0750" loop: - scribe - june - nightwatch # ─── Summary ─── - name: Preparation complete debug: msg: | ✅ racknerd3 prepared for Forge: - OpenClaw: disabled - AWS CLI: installed (credentials needed) - Forgejo SSH: configured - Forge repo: cloned to {{ forge_home }} - Agent log dirs: created NEXT: Add AWS credentials (aws configure) and test Bedrock access