Files

globals/

Shared, cross-deployment assets. Everything here is referenced by the launcher (../automations.sh), the helper library (../scripts/lib.sh), and the per-deployment cloud-init templates — so a value lives in exactly one place.

File Purpose
globals.env.example Template of shared defaults. Copy to globals.env (git-ignored) and edit. Sourced by the launcher and lib.sh.
age-pubkey.txt Age public key recipient(s) for encrypted backups. Used by any stack that backs up (e.g. simplex). Public key — safe to commit.
authorized_keys Static admin SSH public keys. The fallback source when SSH_KEYS_URL is unset.
motd.txt MOTD template (token-based) rendered to /etc/motd by ../scripts/setup-host.sh. You edit the content; the renderer draws the borders and computes all spacing.
Network Domain Name Schema.md Reference: the DNS naming convention (service/device acronyms, UN/LOCODE geo-coding) used for host and service names. setup-host.sh derives the FQDN and Node ID from it.

SSH key resolution (URL-preferred)

resolve_ssh_keys() in ../scripts/lib.sh decides where admin SSH keys come from:

  1. If SSH_KEYS_URL is set in globals.env, it is fetched live with curl -fsSL (always current — best when you rotate keys often). This can be a GitHub keys endpoint (https://github.com/<user>.keys) or any raw authorized_keys URL.
  2. Otherwise, globals/authorized_keys is read directly (self-contained, versioned — edit the repo to rotate).

Rules

  • Only public material lives here. Never commit private keys (SSH private keys, age identities). globals.env and common private-key filename patterns are git-ignored (see ../.gitignore).
  • Store the age private key(s) and SSH private keys somewhere safe, outside this repository.