Ansible ins Repo migrieren und zentrale SSH-Keys in shared/ssh.

Playbooks liegen unter pve1/ansible und pve2/ansible; authorized_keys
als Fragmente mit Deploy-Skript und Ziel-Matrix für Proxmox, VM 101 und CTs.

Co-authored-by: Cursor <cursoragent@cursor.com>

shared/ssh/rebuild-assembled.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+# Regeneriert assembled/*.pub aus fragments/ (Dedupe nach Key-Material, Feld 2)
+set -euo pipefail
+ROOT="$(cd "$(dirname "$0")" && pwd)"
+FRAG="$ROOT/fragments"
+ASM="$ROOT/assembled"
+
+dedupe() { awk '!seen[$2]++'; }
+
+mkdir -p "$ASM"
+
+build() {
+  local out="$1"; shift
+  { for f in "$@"; do cat "$f"; done; } | grep -v '^#' | grep -v '^$' | dedupe > "$ASM/$out"
+}
+
+build proxmox-root.pub \
+  "$FRAG/admin-workstations.pub" \
+  "$FRAG/host-pve1.pub" \
+  "$FRAG/host-pve2.pub" \
+  "$FRAG/legacy-pve1-rsa.pub"
+
+build vm101-jean.pub \
+  "$FRAG/admin-workstations.pub" \
+  "$FRAG/admin-laptops-extra.pub" \
+  "$FRAG/admin-mobile.pub" \
+  "$FRAG/host-pve1.pub"
+
+build pve2-lxc-root.pub \
+  "$FRAG/admin-workstations.pub" \
+  "$FRAG/host-pve2.pub" \
+  "$FRAG/admin-laptops-extra.pub" \
+  "$FRAG/admin-mobile.pub"
+
+build authorized_keys.all.pub \
+  "$FRAG"/*.pub
+
+echo "OK: $(wc -l "$ASM"/*.pub | tail -1)"