Ansible configuration for IDEOS workstations.
human_workstations: full interactive workstation setup for machines used directly by humans.agent_workstations: non-GUI developer/tooling subset for machines used by AI agents and automation.
Both groups are children of ideos in etc/hosts.
Install command line developer tools:
xcode-select --install
Create an Ansible Vault password file:
echo p455w0rd >> ~/.ansible_password
For a local human workstation, run:
bin/bootstrap --limit localhost
SAM is an agent_workstations host reached over Tailscale.
Bootstrap SAM manually first:
xcode-select --install
Then install Homebrew and the Tailscale macOS app, sign in to Tailscale, and
enable SSH for the sam account. Put the Tailscale IPv4 address in
etc/hosts as SAM's ansible_host.
Verify Ansible can reach it:
ansible SAM -i etc/hosts -m ping
Preview changes:
ansible-playbook -i etc/hosts site.yml --limit SAM --check --diff --ask-become-pass
Apply changes:
ansible-playbook -i etc/hosts site.yml --limit SAM --diff --ask-become-pass
The playbook installs Codex.app on SAM. The remaining Codex host setup is
interactive because it requires the Codex GUI and the intended ChatGPT/Codex
workspace identity:
- Open
Codex.app - Sign in with the intended ChatGPT/Codex workspace identity
- Enable Codex remote access in the app
- Pair phones from the ChatGPT mobile app using the QR-code flow shown by
Codex on
SAM - Confirm
SAMremains awake, online, and signed in to Tailscale
Other Macs can still connect to SAM over Tailscale for shell access:
ssh sam@SAM
List the inventory:
ansible-inventory -i etc/hosts --list
Run only human workstations:
ansible-playbook -i etc/hosts site.yml --limit human_workstations --diff
Run only agent workstations:
ansible-playbook -i etc/hosts site.yml --limit agent_workstations --diff --ask-become-pass