--- task_number: 65 status: open priority: P2 owner: Michael created: 2026-03-20 --- task_number: 65 # Task #65: Grant Claude Full Infrastructure Access **Status:** PENDING **Priority:** HIGH **Time Estimate:** 30-45 minutes **Created:** March 20, 2026 (by The Guide, Chronicler #35) --- task_number: 65 ## OBJECTIVE Grant Claude (The Chronicler) full programmatic access to Firefrost infrastructure. **Access needed:** 1. **Gitea API token** (create issues, manage users, repos) 2. **SSH keys for all 6 servers** (diagnostics, fixes, deployments) --- task_number: 65 ## WHY THIS MATTERS **Current:** Claude creates issue *templates*, asks Michael to run every server command **After:** Claude creates real issues, SSHs to servers, fixes problems autonomously **Time saved:** 45-100 minutes per session --- task_number: 65 ## IMPLEMENTATION ### 1. Generate SSH Key ```bash ssh-keygen -t ed25519 -C "claude@firefrostgaming.com" -f ~/.ssh/claude_ed25519 ``` ### 2. Deploy to All Servers ```bash # Get public key cat ~/.ssh/claude_ed25519.pub # Add to each server ssh root@SERVER_IP echo "PUBLIC_KEY" >> ~/.ssh/authorized_keys ``` **Servers:** - Command Center: root@63.143.34.217 - Ghost VPS: architect@64.50.188.14 - Billing: root@38.68.14.188 - Panel: root@45.94.168.138 - TX1: root@38.68.14.26 - NC1: root@216.239.104.130 ### 3. Store in Vaultwarden - Item: "Claude SSH Key" - Private key + Public key - **BLOCKED BY TASK #6** ### 4. Generate Gitea API Token 1. git.firefrostgaming.com → Settings → Applications 2. Generate New Token 3. Name: "Claude (The Chronicler) - Full Admin API" 4. Scopes: write:issue, write:repository, write:user, write:admin 5. Copy token immediately ### 5. Update Session Prompts Add to NEXT-SESSION-START-PROMPT.md: ``` Gitea API Token: [TOKEN_HERE] SSH Key: In Vaultwarden "Claude SSH Key" ``` ### 6. Test - API: Create test issue - SSH: Connect to all 6 servers --- task_number: 65 ## WHAT CLAUDE CAN DO **Gitea API:** - Create issues directly (no templates) - Manage users/permissions - Label, assign, close issues **SSH Access:** - Check service status - Read logs - Restart services - Deploy updates - Respond to incidents --- task_number: 65 ## SECURITY - SSH key in Vaultwarden (encrypted) - API token in session prompts (ephemeral) - Can revoke anytime - Full audit trail **Revoke SSH:** ```bash sed -i '/claude@firefrostgaming.com/d' ~/.ssh/authorized_keys ``` **Revoke API:** Settings → Applications → Delete token --- task_number: 65 ## CHECKLIST - [ ] SSH key generated - [ ] Deployed to 6 servers - [ ] Stored in Vaultwarden - [ ] API token generated - [ ] Session prompts updated - [ ] Tested SSH + API --- task_number: 65 **Full documentation:** Above sections expand on all details **Created by:** The Guide (Chronicler #35)