Fix storage_box SSH key installation and deploy ordering

- Always run install-ssh-key (drop unreliable sftp idempotency check that was bypassed by SSH agent forwarding) - Use sshpass -e (env var) instead of -p to avoid shell quoting issues with special characters in passwords - Add -o IdentitiesOnly=yes to prevent agent keys interfering - Add reachable_externally: true to access_settings (was being reset to false on every run) - Remove storage_box.yml from deploy.yml chain — Ansible loads group_vars at startup so storagebox.yml must exist before deploy.yml - Document storage_box.yml as a prerequisite step in README, CLAUDE.md, and setup.sh next steps Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-01 21:14:45 -07:00 · 2026-03-01 21:14:45 -07:00 · 16da843131
commit 16da843131
parent db70b4ba06
5 changed files with 20 additions and 22 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -51,9 +51,10 @@ Note: Inventory and vault password are set via `ANSIBLE_INVENTORY` and `ANSIBLE_
 **What `deploy.yml` runs internally:**
 1. `provision.yml` - create server, auto-writes IP to hosts.yml and config.yml
 2. `dns.yml` - create DNS records
-3. `storage_box.yml` - generate SSH key, configure storage box, writes storagebox.yml to stack config
-4. `bootstrap.yml` - users, SSH hardening, packages, Docker (connects as root)
-5. `site.yml` - deploy all services
+3. `bootstrap.yml` - users, SSH hardening, packages, Docker (connects as root)
+4. `site.yml` - deploy all services
+
+**Note:** `storage_box.yml` must be run before `deploy.yml` when `enable_restic: true` — Ansible loads group_vars at startup, so `storagebox.yml` must exist before the playbook begins.

 **Playbook Execution Order** (via `site.yml`):
 1. networks.yml - Pre-create all Docker networks (must run before any service)