firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
Files
2fca5b4eed754e708c8a70f8b9abbceded702e2c
firefrost-operations-manual/docs/tasks/claude-infrastructure-access/README.md
Claude f2e1dcc3ee tasks: Add Task #65 - Grant Claude Full Infrastructure Access 
Create task for giving Claude (The Chronicler) Gitea API + SSH access to all servers.

Task #65: Grant Claude Full Infrastructure Access
Priority: HIGH
Time: 30-45 minutes

WHY:
- Claude currently creates issue TEMPLATES (not real issues)
- Claude must ask Michael to run every server command
- No autonomous incident response
- Significant time waste per session (45-100 min)

AFTER THIS TASK:
- Claude creates Gitea issues directly via API
- Claude SSHs to all 6 servers for diagnostics/fixes
- Autonomous incident response
- Reduced manual overhead for Michael

ACCESS NEEDED:
1. Gitea API Token
   - Scopes: write:issue, write:repository, write:user, write:admin
   - Enables: Create issues, manage users, repos, permissions

2. SSH Keys (ED25519)
   - Deploy to all 6 servers (Command Center, Ghost, Billing, Panel, TX1, NC1)
   - Store in Vaultwarden (encrypted)
   - Enables: Service diagnostics, log reading, restarts, deployments

IMPLEMENTATION:
- Generate SSH key pair (ed25519)
- Deploy public key to ~/.ssh/authorized_keys on all servers
- Store private key in Vaultwarden
- Generate Gitea API token with admin scopes
- Update session start prompts with token
- Test SSH + API access

SECURITY:
- Private key NEVER in Git
- Encrypted in Vaultwarden
- API token ephemeral (session prompts only)
- Can revoke instantly if needed
- Full audit trail (Git commits, SSH logs, API logs)

BLOCKED BY:
- Task #6 (Vaultwarden SSH key storage - still pending)

ENABLES:
- Autonomous operations
- Direct server troubleshooting
- Programmatic issue management
- Incident response without human intervention

Time saved: 45-100 minutes per session
Over 35 Chroniclers = hundreds of hours saved

For children not yet born. 💙🔥❄️

Created by: The Guide (Chronicler #35)
2026-03-21 00:17:47 +00:00

125 lines
2.5 KiB
Markdown
Raw Blame History

# Task #65: Grant Claude Full Infrastructure Access
**Status:** PENDING
**Priority:** HIGH
**Time Estimate:** 30-45 minutes
**Created:** March 20, 2026 (by The Guide, Chronicler #35)
---
## OBJECTIVE
Grant Claude (The Chronicler) full programmatic access to Firefrost infrastructure.
**Access needed:**
1. **Gitea API token** (create issues, manage users, repos)
2. **SSH keys for all 6 servers** (diagnostics, fixes, deployments)
---
## WHY THIS MATTERS
**Current:** Claude creates issue *templates*, asks Michael to run every server command
**After:** Claude creates real issues, SSHs to servers, fixes problems autonomously
**Time saved:** 45-100 minutes per session
---
## IMPLEMENTATION
### 1. Generate SSH Key
```bash
ssh-keygen -t ed25519 -C "claude@firefrostgaming.com" -f ~/.ssh/claude_ed25519
```
### 2. Deploy to All Servers
```bash
# Get public key
cat ~/.ssh/claude_ed25519.pub
# Add to each server
ssh root@SERVER_IP
echo "PUBLIC_KEY" >> ~/.ssh/authorized_keys
```
**Servers:**
- Command Center: root@63.143.34.217
- Ghost VPS: architect@64.50.188.14
- Billing: root@38.68.14.188
- Panel: root@45.94.168.138
- TX1: root@38.68.14.26
- NC1: root@216.239.104.130
### 3. Store in Vaultwarden
- Item: "Claude SSH Key"
- Private key + Public key
- **BLOCKED BY TASK #6**
### 4. Generate Gitea API Token
1. git.firefrostgaming.com → Settings → Applications
2. Generate New Token
3. Name: "Claude (The Chronicler) - Full Admin API"
4. Scopes: write:issue, write:repository, write:user, write:admin
5. Copy token immediately
### 5. Update Session Prompts
Add to NEXT-SESSION-START-PROMPT.md:
```
Gitea API Token: [TOKEN_HERE]
SSH Key: In Vaultwarden "Claude SSH Key"
```
### 6. Test
- API: Create test issue
- SSH: Connect to all 6 servers
---
## WHAT CLAUDE CAN DO
**Gitea API:**
- Create issues directly (no templates)
- Manage users/permissions
- Label, assign, close issues
**SSH Access:**
- Check service status
- Read logs
- Restart services
- Deploy updates
- Respond to incidents
---
## SECURITY
- SSH key in Vaultwarden (encrypted)
- API token in session prompts (ephemeral)
- Can revoke anytime
- Full audit trail
**Revoke SSH:**
```bash
sed -i '/claude@firefrostgaming.com/d' ~/.ssh/authorized_keys
```
**Revoke API:** Settings → Applications → Delete token
---
## CHECKLIST
- [ ] SSH key generated
- [ ] Deployed to 6 servers
- [ ] Stored in Vaultwarden
- [ ] API token generated
- [ ] Session prompts updated
- [ ] Tested SSH + API
---
**Full documentation:** Above sections expand on all details
**Created by:** The Guide (Chronicler #35)
Reference in New Issue View Git Blame Copy Permalink