globals/
Shared, cross-deployment assets. Everything here is referenced by the launcher
(../automations.sh), the helper library
(../scripts/lib.sh), and the per-deployment cloud-init
templates — so a value lives in exactly one place.
| File | Purpose |
|---|---|
globals.env.example |
Template of shared defaults. Copy to globals.env (git-ignored) and edit. Sourced by the launcher and lib.sh. |
age-pubkey.txt |
Age public key recipient(s) for encrypted backups. Used by any stack that backs up (e.g. simplex). Public key — safe to commit. |
authorized_keys |
Static admin SSH public keys. The fallback source when SSH_KEYS_URL is unset. |
motd.txt |
MOTD template (token-based) rendered to /etc/motd by ../scripts/setup-host.sh. You edit the content; the renderer draws the borders and computes all spacing. |
Network Domain Name Schema.md |
Reference: the DNS naming convention (service/device acronyms, UN/LOCODE geo-coding) used for host and service names. setup-host.sh derives the FQDN and Node ID from it. |
SSH key resolution (URL-preferred)
resolve_ssh_keys() in ../scripts/lib.sh decides where admin SSH keys come
from:
- If
SSH_KEYS_URLis set inglobals.env, it is fetched live withcurl -fsSL(always current — best when you rotate keys often). This can be a GitHub keys endpoint (https://github.com/<user>.keys) or any rawauthorized_keysURL. - Otherwise,
globals/authorized_keysis read directly (self-contained, versioned — edit the repo to rotate).
Rules
- Only public material lives here. Never commit private keys (SSH private
keys, age identities).
globals.envand common private-key filename patterns are git-ignored (see../.gitignore). - Store the age private key(s) and SSH private keys somewhere safe, outside this repository.