wiki: add WSL OpenSSH default shell + Ansible world-writable mount articles

Two new troubleshooting articles from today's MajorRig/MajorMac Ansible setup:
- Windows OpenSSH WSL default shell breaks remote SSH commands
- Ansible silently ignores ansible.cfg on WSL2 world-writable mounts

Article count: 76

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

05-troubleshooting/ansible-wsl2-world-writable-mount-ignores-cfg.md

@@ -0,0 +1,89 @@
+---
+title: "Ansible Ignores ansible.cfg on WSL2 Windows Mounts"
+domain: troubleshooting
+category: ansible
+tags: [ansible, wsl, wsl2, windows, vault, configuration]
+status: published
+created: 2026-04-03
+updated: 2026-04-03
+---
+
+# Ansible Ignores ansible.cfg on WSL2 Windows Mounts
+
+## Problem
+
+Running Ansible from a repo on a Windows drive (`/mnt/c/`, `/mnt/d/`, etc.) in WSL2 silently ignores the local `ansible.cfg`. You'll see:
+
+```
+[WARNING]: Ansible is being run in a world writable directory
+(/mnt/d/MajorAnsible), ignoring it as an ansible.cfg source.
+```
+
+This causes vault decryption to fail (`Attempting to decrypt but no vault secrets found`), inventory to fall back to `/etc/ansible/hosts`, and `remote_user` to reset to defaults — even though `ansible.cfg` is right there in the project directory.
+
+## Cause
+
+WSL2 mounts Windows NTFS drives with broad permissions (typically `0777`). Ansible refuses to load `ansible.cfg` from any world-writable directory as a security measure — a malicious user on a shared system could inject a rogue config.
+
+This is hardcoded behavior in Ansible and cannot be overridden with a flag.
+
+## Solutions
+
+### Option 1: Environment Variables (Recommended)
+
+Export the settings that `ansible.cfg` would normally provide. Add to `~/.bashrc`:
+
+```bash
+export ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass
+```
+
+Other common settings you may need:
+
+```bash
+export ANSIBLE_REMOTE_USER=root
+export ANSIBLE_INVENTORY=/mnt/d/MajorAnsible/inventory/inventory.yml
+```
+
+### Option 2: Pass Flags Explicitly
+
+```bash
+ansible-playbook -i inventory/ playbook.yml --vault-password-file ~/.ansible/vault_pass
+```
+
+This works but is tedious for daily use.
+
+### Option 3: Clone to a Native Linux Path
+
+Clone the repo inside the WSL2 filesystem instead of on the Windows mount:
+
+```bash
+git clone https://git.example.com/repo.git ~/MajorAnsible
+```
+
+Native WSL2 paths (`/home/user/...`) have proper Linux permissions, so `ansible.cfg` loads normally. The tradeoff is that Windows tools can't easily access the repo.
+
+### Option 4: Fix Mount Permissions (Not Recommended)
+
+You can change WSL2 mount permissions via `/etc/wsl.conf`:
+
+```ini
+[automount]
+options = "metadata,umask=022"
+```
+
+This requires a `wsl --shutdown` and remount. It may break other Windows-Linux interop workflows and affects all mounted drives.
+
+## Diagnosis
+
+To confirm whether Ansible is loading your config:
+
+```bash
+ansible --version
+```
+
+Look for the `config file` line. If it shows `None` instead of your project's `ansible.cfg`, the config is being ignored.
+
+## Related
+
+- [Ansible: Vault Password File Not Found](ansible-vault-password-file-missing.md) — general vault password troubleshooting
+- [Ansible Docs: Avoiding Security Risks with ansible.cfg](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#cfg-in-world-writable-dir)

05-troubleshooting/index.md

@@ -10,12 +10,14 @@ Practical fixes for common Linux, networking, and application problems.
 - [Mail Client Stops Receiving: Fail2ban IMAP Self-Ban](networking/fail2ban-imap-self-ban-mail-client.md)
 - [firewalld: Mail Ports Wiped After Reload](networking/firewalld-mail-ports-reset.md)
 - [Tailscale SSH: Unexpected Re-Authentication Prompt](networking/tailscale-ssh-reauth-prompt.md)
+- [Windows OpenSSH: WSL Default Shell Breaks Remote Commands](networking/windows-openssh-wsl-default-shell-breaks-remote-commands.md)
 - [ISP SNI Filtering & Caddy](isp-sni-filtering-caddy.md)
 - [yt-dlp YouTube JS Challenge Fix](yt-dlp-fedora-js-challenge.md)
 
 ## ⚙️ Ansible & Fleet Management
 - [SSH Timeout During dnf upgrade on Fedora Hosts](ansible-ssh-timeout-dnf-upgrade.md)
 - [Vault Password File Missing](ansible-vault-password-file-missing.md)
+- [ansible.cfg Ignored on WSL2 Windows Mounts](ansible-wsl2-world-writable-mount-ignores-cfg.md)
 
 ## 📦 Docker & Systems
 - [Docker & Caddy Recovery After Reboot (Fedora + SELinux)](docker-caddy-selinux-post-reboot-recovery.md)

05-troubleshooting/majwiki-setup-and-pipeline.md

@@ -133,7 +133,7 @@ The Obsidian Git plugin was evaluated but dropped — too convoluted for a simpl
 
 ```bash
 cd ~/Documents/MajorVault
-git add 20-Projects/MajorTwin/08-Wiki/
+git add 30-Areas/MajorWiki/
 git commit -m "wiki: describe your changes"
 git push
 ```

05-troubleshooting/networking/windows-openssh-wsl-default-shell-breaks-remote-commands.md

@@ -0,0 +1,69 @@
+---
+title: "Windows OpenSSH: WSL as Default Shell Breaks Remote Commands"
+domain: troubleshooting
+category: networking
+tags: [windows, openssh, wsl, ssh, majorrig, powershell]
+status: published
+created: 2026-04-03
+updated: 2026-04-03
+---
+
+# Windows OpenSSH: WSL as Default Shell Breaks Remote Commands
+
+## Problem
+
+SSH remote commands fail with:
+
+```
+Invalid command line argument: -c
+Please use 'wsl.exe --help' to get a list of supported arguments.
+```
+
+This happens on **every** remote command — `ssh-copy-id`, `ssh user@host "command"`, `scp`, etc. Interactive SSH (no command) may still work if it drops into WSL.
+
+## Cause
+
+Windows OpenSSH's default shell is set to `C:\Windows\System32\wsl.exe`. When SSH executes a remote command, it invokes:
+
+```
+<default_shell> -c "<command>"
+```
+
+But `wsl.exe` does not accept the `-c` flag. It expects `-e` for command execution, or no flags for an interactive session. Since OpenSSH hardcodes `-c`, every remote command fails.
+
+## Fix
+
+Change the default shell to PowerShell. Run this in an **elevated PowerShell** on the Windows host:
+
+```powershell
+New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
+Restart-Service sshd
+```
+
+If you need to run this from within WSL (e.g., over an interactive SSH session):
+
+```bash
+powershell.exe -Command "Start-Process powershell -Verb RunAs -ArgumentList '-Command New-ItemProperty -Path HKLM:\\SOFTWARE\\OpenSSH -Name DefaultShell -Value C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -PropertyType String -Force; Restart-Service sshd'"
+```
+
+## After the Fix
+
+- Remote SSH commands now execute via PowerShell
+- To run Linux commands, prefix with `wsl`:
+  ```bash
+  ssh user@host "wsl bash -c 'cd /mnt/d/project && git pull'"
+  ```
+- Interactive SSH sessions land in PowerShell (use `wsl` to enter Linux)
+- `ssh-copy-id` still won't work for WSL's `authorized_keys` — Windows OpenSSH reads from `C:\Users\<user>\.ssh\authorized_keys`, not the WSL home directory
+
+## Key Notes
+
+- This registry key is the **only** supported way to change the OpenSSH default shell on Windows
+- The change persists across reboots and Windows Updates
+- If you previously set the default shell to `wsl.exe` to get a Linux-first SSH experience, be aware that it permanently breaks all remote command execution
+- Tools like Ansible, `scp`, `rsync`, and `ssh-copy-id` all depend on `-c` working
+
+## Related
+
+- [Windows OpenSSH Server (sshd) Stops After Reboot](windows-sshd-stops-after-reboot.md) — sshd service startup issues
+- [Microsoft Docs: OpenSSH DefaultShell](https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh-server-configuration#configuring-the-default-shell-for-openssh-in-windows)