Playbooks

Organised by where they're allowed to run. See Conventions for the full split.

`local/` — dev-machine only

Touch $HOME paths, macOS-specific helpers, or local services. Never invoked from CI.

`local/obsidian-vault.yml`

Renders the breez-team Obsidian vault: PARA folder layout, templates, Bases, per-person + per-project daily templates.

ansible-playbook playbooks/local/obsidian-vault.yml
ansible-playbook playbooks/local/obsidian-vault.yml --check  # dry-run

Inputs come from inventories/release/host_vars/breez-team.yml. Re-run is idempotent; hand-edits to Project.md are preserved (force: false).

`ci/` — cloud-only

Stateless wrt local FS. Safe to run from a throwaway runner.

`ci/cloudflare.yml`

Manage Cloudflare zone configuration via API. Workflow currently disabled — re-enable once CLOUDFLARE_API_TOKEN / ZONE_ID / ACCOUNT_ID are added to the release GitHub environment.

# Local invocation (sources creds from .envrc → breez-cf Key Vault)
ansible-playbook playbooks/ci/cloudflare.yml

Shared (top-level)

Generic / cross-cutting; works in either context.

`codedoc.yml`

Parse a code repository and generate per-app reference docs into the breez-team vault under 80-Docs/<slug>/. Inputs in inventories/release/host_vars/breez-team.yml under codedoc_* keys.

ansible-playbook playbooks/codedoc.yml
ansible-playbook playbooks/codedoc.yml -e codedoc_repo_path=$PWD -e codedoc_vault_path=/tmp/out

`ping.yml`

Connectivity sanity check.

ansible-playbook playbooks/ping.yml

`site.yml`

Top-level apply (currently a placeholder).

Playbooks

local/ — dev-machine only

local/obsidian-vault.yml

ci/ — cloud-only

ci/cloudflare.yml