3 週間前 · 8713f185f4
--- a/openspec/changes/archive/2026-04-22-fix-localhost-become/.openspec.yaml
+++ b/openspec/changes/archive/2026-04-22-fix-localhost-become/.openspec.yaml
@@ -0,0 +1,2 @@
 
				+schema: spec-driven
			
 
				+created: 2026-04-22
			
--- a/openspec/changes/archive/2026-04-22-fix-localhost-become/design.md
+++ b/openspec/changes/archive/2026-04-22-fix-localhost-become/design.md
@@ -0,0 +1,15 @@
 
				+## Context
			
 
				+
			
 
				+`ansible.cfg` has `become = True` in `[privilege_escalation]`, applying sudo to all plays globally. The localhost play only creates local directories and renders a template — it doesn't need root access.
			
 
				+
			
 
				+## Goals / Non-Goals
			
 
				+
			
 
				+**Goals:**
			
 
				+- Allow the localhost play to run without sudo
			
 
				+
			
 
				+**Non-Goals:**
			
 
				+- No changes to global become settings (server plays still need root)
			
 
				+
			
 
				+## Decisions
			
 
				+
			
 
				+Add `become: false` to the localhost play. This overrides the global setting for this specific play.
			
--- a/openspec/changes/archive/2026-04-22-fix-localhost-become/proposal.md
+++ b/openspec/changes/archive/2026-04-22-fix-localhost-become/proposal.md
@@ -0,0 +1,19 @@
 
				+## Why
			
 
				+
			
 
				+`ansible.cfg` sets `become = True` globally, which makes the localhost play try to use sudo for local file operations. This fails because the local user may not have passwordless sudo, causing "sudo: a password is required" errors when generating the Surge config.
			
 
				+
			
 
				+## What Changes
			
 
				+
			
 
				+- Add `become: false` to the "Generate Surge client configuration" play in `site.yml`
			
 
				+
			
 
				+## Capabilities
			
 
				+
			
 
				+### New Capabilities
			
 
				+<!-- none -->
			
 
				+
			
 
				+### Modified Capabilities
			
 
				+<!-- none -->
			
 
				+
			
 
				+## Impact
			
 
				+
			
 
				+- `site.yml`: add `become: false` to the localhost play
			
--- a/openspec/changes/archive/2026-04-22-fix-localhost-become/specs/NOTE.md
+++ b/openspec/changes/archive/2026-04-22-fix-localhost-become/specs/NOTE.md
@@ -0,0 +1,3 @@
 
				+## Note
			
 
				+
			
 
				+No capability changes. Internal play configuration fix.
			
--- a/openspec/changes/archive/2026-04-22-fix-localhost-become/tasks.md
+++ b/openspec/changes/archive/2026-04-22-fix-localhost-become/tasks.md
@@ -0,0 +1,3 @@
 
				+## 1. Disable become for localhost play
			
 
				+
			
 
				+- [x] 1.1 Add `become: false` to the "Generate Surge client configuration" play in `site.yml`
			
--- a/site.yml
+++ b/site.yml
@@ -27,6 +27,7 @@
 
				   hosts: localhost
			
 
				   connection: local
			
 
				   gather_facts: no
			
 
				+  become: false
			
 
				   tasks:
			
 
				     - name: Create output directory
			
 
				       ansible.builtin.file: