Task #65: Grant Claude Full Infrastructure Access (API + SSH) #153

New Issue

mkrause612 · 2026-03-21T02:32:28-05:00

mkrause612 commented

2026-03-21 02:32:28 -05:00

Task #65: Grant Claude Full Infrastructure Access (API + SSH)

Time Estimate: 30-45 minutes

Documentation: docs/tasks/ (see operations manual)

Time: 30-45 minutes
Status: PENDING
Priority: HIGH
Documentation: docs/tasks/claude-infrastructure-access/

Grant Claude (The Chronicler) full programmatic access to Firefrost infrastructure for autonomous operations.

Why This Matters:

Claude can create Gitea issues directly (not just templates)
Claude can SSH to servers for diagnostics/fixes
Claude can manage users, permissions, deployments
Claude can respond to incidents autonomously
Reduces Michael's manual work for routine tasks

Access Needed:

1. Gitea API Token (Full Admin)

Scope: Create issues, manage repos, create users, modify permissions
How: Gitea → Settings → Applications → Generate New Token
Scopes: write:issue, write:repository, write:user, write:admin
Store in: Session start prompt (like current Git token)

2. SSH Keys for All Servers

Command Center (63.143.34.217)
Ghost VPS (64.50.188.14)
Billing VPS (38.68.14.188)
Panel VPS (45.94.168.138)
TX1 Dallas (38.68.14.26)
NC1 Charlotte (216.239.104.130)

Implementation:

Step 1: Generate SSH Key for Claude

ssh-keygen -t ed25519 -C "claude@firefrostgaming.com" -f ~/.ssh/claude_ed25519

Step 2: Add Public Key to All Servers

# Copy public key
cat ~/.ssh/claude_ed25519.pub

# On each server:
ssh root@SERVER_IP
echo "PUBLIC_KEY_HERE" >> ~/.ssh/authorized_keys

Step 3: Store Private Key in Vaultwarden

Item name: "Claude SSH Key"
Private key: Contents of ~/.ssh/claude_ed25519
Public key: Contents of ~/.ssh/claude_ed25519.pub
Notes: "SSH access for Claude (The Chronicler) to all Firefrost servers"

Step 4: Generate Gitea API Token

Log into git.firefrostgaming.com
Settings → Applications → Generate New Token
Name: "Claude (The Chronicler) - Full Admin API"
Scopes: All admin scopes
Copy token immediately (only shown once)

Step 5: Update Session Start Prompts
Add to NEXT-SESSION-START-PROMPT.md and PROJECT-INSTRUCTIONS.md:

Gitea API Token: [TOKEN_HERE]
SSH Private Key available in Vaultwarden: "Claude SSH Key"

Step 6: Test Access

Test Gitea API: Create test issue via API
Test SSH: Connect to each server
Verify permissions work
Document any issues

What Claude Can Do After This:

With Gitea API:

Create issues directly (Tasks #62-64 could be auto-created)
Manage repositories
Create/modify users
Set permissions
Close/label/assign issues programmatically

With SSH Access:

Diagnose server issues remotely
Deploy updates autonomously
Check service status
Read logs for troubleshooting
Execute fixes without asking Michael for commands
Respond to alerts/incidents

Security Considerations:

SSH key stored in Vaultwarden (encrypted)
Gitea token in session prompts (ephemeral, cleared between sessions)
Claude only gets access when session is active
Keys can be revoked anytime if needed
Audit trail via Git commits and command history

Dependencies:

Vaultwarden operational (Task #6 - still pending)
Michael's approval for full infrastructure access

Blocked By:

Task #6 (Vaultwarden SSH key storage)

Blocks:

Autonomous incident response
Programmatic issue management
Direct server operations

Success Criteria:

Claude can create Gitea issues via API
Claude can SSH to all 6 servers
Keys stored securely in Vaultwarden
Session start prompts updated
Access tested and verified

Time Estimate:

SSH key generation: 5 minutes
Deploy to 6 servers: 15 minutes
Gitea API token: 5 minutes
Vaultwarden storage: 5 minutes
Documentation updates: 10 minutes
Testing: 5 minutes

Priority: HIGH - Enables autonomous operations, reduces Michael's manual work

Source: docs/core/tasks.md (Task #65)

### Task #65: Grant Claude Full Infrastructure Access (API + SSH) **Time Estimate:** 30-45 minutes **Documentation:** `docs/tasks/` (see operations manual) --- **Time:** 30-45 minutes **Status:** PENDING **Priority:** HIGH **Documentation:** `docs/tasks/claude-infrastructure-access/` Grant Claude (The Chronicler) full programmatic access to Firefrost infrastructure for autonomous operations. **Why This Matters:** - Claude can create Gitea issues directly (not just templates) - Claude can SSH to servers for diagnostics/fixes - Claude can manage users, permissions, deployments - Claude can respond to incidents autonomously - Reduces Michael's manual work for routine tasks **Access Needed:** **1. Gitea API Token (Full Admin)** - Scope: Create issues, manage repos, create users, modify permissions - How: Gitea → Settings → Applications → Generate New Token - Scopes: `write:issue`, `write:repository`, `write:user`, `write:admin` - Store in: Session start prompt (like current Git token) **2. SSH Keys for All Servers** - Command Center (63.143.34.217) - Ghost VPS (64.50.188.14) - Billing VPS (38.68.14.188) - Panel VPS (45.94.168.138) - TX1 Dallas (38.68.14.26) - NC1 Charlotte (216.239.104.130) **Implementation:** **Step 1: Generate SSH Key for Claude** ```bash ssh-keygen -t ed25519 -C "claude@firefrostgaming.com" -f ~/.ssh/claude_ed25519 ``` **Step 2: Add Public Key to All Servers** ```bash # Copy public key cat ~/.ssh/claude_ed25519.pub # On each server: ssh root@SERVER_IP echo "PUBLIC_KEY_HERE" >> ~/.ssh/authorized_keys ``` **Step 3: Store Private Key in Vaultwarden** - Item name: "Claude SSH Key" - Private key: Contents of `~/.ssh/claude_ed25519` - Public key: Contents of `~/.ssh/claude_ed25519.pub` - Notes: "SSH access for Claude (The Chronicler) to all Firefrost servers" **Step 4: Generate Gitea API Token** - Log into git.firefrostgaming.com - Settings → Applications → Generate New Token - Name: "Claude (The Chronicler) - Full Admin API" - Scopes: All admin scopes - Copy token immediately (only shown once) **Step 5: Update Session Start Prompts** Add to NEXT-SESSION-START-PROMPT.md and PROJECT-INSTRUCTIONS.md: ``` Gitea API Token: [TOKEN_HERE] SSH Private Key available in Vaultwarden: "Claude SSH Key" ``` **Step 6: Test Access** - Test Gitea API: Create test issue via API - Test SSH: Connect to each server - Verify permissions work - Document any issues **What Claude Can Do After This:** **With Gitea API:** - Create issues directly (Tasks #62-64 could be auto-created) - Manage repositories - Create/modify users - Set permissions - Close/label/assign issues programmatically **With SSH Access:** - Diagnose server issues remotely - Deploy updates autonomously - Check service status - Read logs for troubleshooting - Execute fixes without asking Michael for commands - Respond to alerts/incidents **Security Considerations:** - SSH key stored in Vaultwarden (encrypted) - Gitea token in session prompts (ephemeral, cleared between sessions) - Claude only gets access when session is active - Keys can be revoked anytime if needed - Audit trail via Git commits and command history **Dependencies:** - Vaultwarden operational (Task #6 - still pending) - Michael's approval for full infrastructure access **Blocked By:** - Task #6 (Vaultwarden SSH key storage) **Blocks:** - Autonomous incident response - Programmatic issue management - Direct server operations **Success Criteria:** - Claude can create Gitea issues via API - Claude can SSH to all 6 servers - Keys stored securely in Vaultwarden - Session start prompts updated - Access tested and verified **Time Estimate:** - SSH key generation: 5 minutes - Deploy to 6 servers: 15 minutes - Gitea API token: 5 minutes - Vaultwarden storage: 5 minutes - Documentation updates: 10 minutes - Testing: 5 minutes **Priority:** HIGH - Enables autonomous operations, reduces Michael's manual work --- --- **Source:** `docs/core/tasks.md` (Task #65)

mkrause612 added the

area/panel area/billing area/website for/michael labels 2026-03-21 02:32:28 -05:00

Sign in to join this conversation.