firefrost-operations-manual

firefrost-gaming/firefrost-operations-manual

Files

Claude 769c633518 tasks: Add Task #65 - Grant Claude Full Infrastructure Access

Create comprehensive task for granting Claude (The Chronicler) full API and SSH access to all Firefrost infrastructure.

Task #65: Grant Claude Full Infrastructure Access (API + SSH)
- Time: 30-45 minutes
- Priority: HIGH
- Status: PENDING

Access Needed:
1. Gitea API token (admin scopes) - Create issues, add users, manage repos
2. SSH access to all 6 servers - Verify configs, restart services, troubleshoot
3. Service API tokens (optional) - Plane, Mailcow, Pterodactyl, Ghost

Current Limitations Claude Has:
- Can commit to Git (via Git token) ✅
- CANNOT create Gitea issues (must make templates) ❌
- CANNOT add Gitea users ❌
- CANNOT SSH to servers ❌
- CANNOT restart services ❌

After Task #65 Complete:
- Claude creates Gitea issues directly ✅
- Claude adds users on request ✅
- Claude SSHs to all 6 servers ✅
- Claude restarts services when needed ✅
- Claude executes autonomous deployments ✅

Implementation:
- Generate ed25519 SSH key pair
- Distribute public key to all 6 servers
- Store private key in Vaultwarden (Task #6)
- Generate Gitea API token with full admin scopes
- Test SSH access on all servers
- Test Gitea API by creating test issue
- Document all access in infrastructure manifest

Security:
- ed25519 SSH key (modern, secure)
- All tokens stored in Vaultwarden (encrypted)
- All actions logged and auditable
- Keys can be revoked in < 5 minutes if needed

Expected Benefits:
- Force multiplication (Claude executes directly, not via templates)
- Time savings: 2-4 hours/week of Michael's time
- Faster response to issues
- Autonomous routine operations
- Better documentation (Claude documents as it works)

Why This Matters:
Turns Claude from 'documentation assistant' into 'operational partner'
who can execute directly instead of creating work for Michael.

Example: User asks 'add me to Gitea' → Claude does it immediately
instead of creating template for Michael to execute later.

Documentation: docs/tasks/claude-infrastructure-access/README.md
- Complete implementation guide
- SSH key generation steps
- Gitea API token creation
- Security considerations
- Verification checklist
- Break-glass revocation procedure

For children not yet born. 💙🔥❄️

Created by: The Guide (Chronicler #35)