# POTE Customization Checklist **Everything you need to change from generic defaults to your specific deployment.** --- ## 🔴 CRITICAL - Must Change (Security & Functionality) ### 1. Email Configuration (`.env` file) ```bash # Current generic values: SMTP_HOST=mail.levkin.ca # ✅ Already yours SMTP_PORT=587 # ✅ OK (standard) SMTP_USER=test@levkin.ca # ✅ Already yours SMTP_PASSWORD=your_password_here # 🔴 CHANGE THIS FROM_EMAIL=test@levkin.ca # ✅ Already yours REPORT_RECIPIENTS=admin@localhost # 🔴 CHANGE THIS to your email ``` **Action:** Update `SMTP_PASSWORD` and `REPORT_RECIPIENTS` in `.env` ### 2. Database Password (`.env` file) ```bash # Current generic value: DATABASE_URL=postgresql://poteuser:changeme123@localhost:5432/potedb # 🔴 CHANGE "changeme123" to a strong password ``` **Action:** Choose a strong password and update in: - `.env` file - PostgreSQL (if already created): `ALTER USER poteuser PASSWORD 'your_new_password';` ### 3. Git Repository (Ansible: `ansible/group_vars/all.yml`) ```yaml # Current value: pote_git_repo: "gitea@10.0.30.169:ilia/POTE.git" # 🔴 This is YOUR Gitea repo, but verify: # - IP address: 10.0.30.169 (is this correct?) # - Username: ilia (is this correct?) # - Repo name: POTE (is this correct?) ``` **Action:** Verify or update the Git repo URL ### 4. SSH Keys (Ansible: `ansible/vault.example.yml`) ```yaml # 🔴 MUST CREATE vault.yml with your actual keys: vault_git_ssh_key: | -----BEGIN OPENSSH PRIVATE KEY----- your_ssh_private_key_here # 🔴 ADD YOUR KEY -----END OPENSSH PRIVATE KEY----- vault_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC..." # 🔴 ADD YOUR KEY ``` **Action:** 1. Copy `ansible/vault.example.yml` → `ansible/group_vars/all/vault.yml` 2. Add your SSH keys 3. Encrypt: `ansible-vault encrypt ansible/group_vars/all/vault.yml` ### 5. Server IP Addresses (Ansible: `ansible/inventory.example.yml`) ```yaml # Current values: development: hosts: pote-dev: ansible_host: 10.0.10.100 # 🔴 CHANGE to your dev server IP staging: hosts: pote-qa: ansible_host: 10.0.10.101 # 🔴 CHANGE to your QA server IP production: hosts: pote-prod: ansible_host: 10.0.10.95 # 🔴 CHANGE to your prod server IP (or keep if correct) ``` **Action:** Update all IP addresses to match your Proxmox LXC containers --- ## 🟡 IMPORTANT - Should Change (Gitea Secrets) ### 6. Gitea Secrets (for CI/CD pipelines) **Location:** Gitea Web UI → Repository Settings → Secrets ```bash # Required secrets: DB_PASSWORD=changeme123 # 🟡 CHANGE to match your DB password SMTP_PASSWORD=your_password_here # 🟡 CHANGE to your email password SMTP_HOST=mail.levkin.ca # ✅ Already yours SMTP_USER=test@levkin.ca # ✅ Already yours FROM_EMAIL=test@levkin.ca # ✅ Already yours # For deployment workflow (if using): PROXMOX_SSH_KEY= # 🟡 ADD your SSH private key PROXMOX_HOST=10.0.10.95 # 🟡 CHANGE to your server IP PROXMOX_USER=poteapp # 🟡 CHANGE if using different user ``` **Action:** Add/update secrets in Gitea: 1. Go to `https://git.levkin.ca/ilia/POTE/settings/secrets` 2. Add each secret listed above --- ## 🟢 OPTIONAL - Customize for Your Needs ### 7. Email Recipients (Multiple locations) **`.env` file:** ```bash REPORT_RECIPIENTS=admin@localhost # 🟢 Change to your email(s), comma-separated ``` **`scripts/automated_daily_run.sh`:** ```bash REPORT_RECIPIENTS="${REPORT_RECIPIENTS:-admin@localhost}" # 🟢 Change default ``` **`scripts/setup_cron.sh`:** - Will prompt you interactively for email address **Action:** Update to your preferred email(s) for reports ### 8. Market Monitoring Tickers (`.env` and Ansible) **`.env` file:** ```bash MARKET_MONITOR_TICKERS=NVDA,TSLA,AAPL,MSFT,GOOGL,META,AMZN,AMD,INTC,NFLX # 🟢 Customize this list based on what Congress trades most ``` **`ansible/group_vars/all.yml`:** ```yaml market_tickers: "NVDA,TSLA,AAPL,MSFT,GOOGL,META,AMZN,AMD,INTC,NFLX" # 🟢 Should match .env ``` **Action:** Research most-traded congressional stocks and update list ### 9. Alert Severity Threshold (`.env` and Ansible) **`.env` file:** ```bash ALERT_MIN_SEVERITY=5 # 🟢 1-10, lower = more sensitive ``` **`ansible/group_vars/all.yml`:** ```yaml alert_severity: 5 # 🟢 Should match .env ``` **Action:** Adjust based on how many alerts you want (5 is moderate) ### 10. Cron Schedule Times (Ansible) **`ansible/group_vars/development.yml`, `staging.yml`, `production.yml`:** ```yaml pote_daily_report_time: "0 6" # 🟢 6:00 AM - change to your preference pote_weekly_report_time: "0 8" # 🟢 8:00 AM Sunday - change to your preference pote_health_check_time: "*/30 * * * *" # 🟢 Every 30 min - change to your preference ``` **Action:** Adjust times based on your timezone and preferences ### 11. Log Level (`.env` and Ansible) **`.env` file:** ```bash LOG_LEVEL=INFO # 🟢 DEBUG, INFO, WARNING, ERROR ``` **`ansible/group_vars/all.yml`:** ```yaml log_level: "INFO" # 🟢 Should match .env ``` **Action:** Use `DEBUG` for development, `INFO` for production ### 12. Application User (Ansible) **`ansible/group_vars/all.yml`:** ```yaml appuser_name: "poteapp" # 🟢 Change if you want a different username ``` **`scripts/proxmox_setup.sh`:** ```bash APP_USER="poteapp" # 🟢 Should match Ansible ``` **Action:** Keep as `poteapp` unless you have a specific naming convention ### 13. Database Names (Ansible - per environment) **`ansible/group_vars/development.yml`:** ```yaml db_name: "potedb_dev" # 🟢 OK as-is ``` **`ansible/group_vars/staging.yml`:** ```yaml db_name: "potedb_qa" # 🟢 OK as-is ``` **`ansible/group_vars/production.yml`:** ```yaml db_name: "potedb" # 🟢 OK as-is ``` **Action:** Keep defaults unless you have a specific naming convention ### 14. Backup Retention (Ansible) **`ansible/roles/pote/defaults/main.yml`:** ```yaml pote_backup_retention_days: 90 # 🟢 Adjust based on disk space ``` **Action:** Increase for production (180+ days), decrease for dev (30 days) ### 15. API Keys (`.env` - if you get paid APIs) **`.env` file:** ```bash QUIVERQUANT_API_KEY= # 🟢 Optional paid service FMP_API_KEY= # 🟢 Optional paid service ``` **Action:** Add keys if you subscribe to these services (not required) --- ## 📋 Summary: Quick Action List ### Immediate (Before First Deployment) 1. ✅ Update `.env`: `SMTP_PASSWORD`, `REPORT_RECIPIENTS`, `DATABASE_URL` password 2. ✅ Create `ansible/group_vars/all/vault.yml` with your SSH keys 3. ✅ Encrypt vault: `ansible-vault encrypt ansible/group_vars/all/vault.yml` 4. ✅ Update `ansible/inventory.yml` with your server IPs 5. ✅ Add Gitea secrets: `DB_PASSWORD`, `SMTP_PASSWORD` ### Before Production Use 6. ✅ Verify Git repo URL in `ansible/group_vars/all.yml` 7. ✅ Customize `MARKET_MONITOR_TICKERS` based on research 8. ✅ Adjust cron times for your timezone 9. ✅ Set appropriate log levels per environment ### Optional Enhancements 10. ⭐ Add paid API keys if you subscribe 11. ⭐ Adjust alert sensitivity based on testing 12. ⭐ Customize backup retention per environment --- ## 🔍 How to Find These Files ```bash # Configuration files: .env # Main config (not in git) src/pote/config.py # Python config loader # Ansible files: ansible/inventory.yml # Server IPs (copy from .example.yml) ansible/group_vars/all.yml # Common variables ansible/group_vars/all/vault.yml # Secrets (create from vault.example.yml) ansible/group_vars/development.yml # Dev environment ansible/group_vars/staging.yml # QA environment ansible/group_vars/production.yml # Prod environment ansible/roles/pote/defaults/main.yml # All default variables # Scripts: scripts/automated_daily_run.sh # Daily automation scripts/automated_weekly_run.sh # Weekly automation scripts/setup_cron.sh # Cron setup scripts/proxmox_setup.sh # Initial server setup # CI/CD: .github/workflows/ci.yml # CI pipeline .github/workflows/deploy.yml # Deployment pipeline ``` --- ## 🚨 Security Reminders 1. **NEVER commit `.env` to git** - it's in `.gitignore` 2. **NEVER commit unencrypted `vault.yml`** - always use `ansible-vault encrypt` 3. **NEVER put real passwords in example files** - use placeholders 4. **ALWAYS use strong passwords** - minimum 16 characters, mixed case, numbers, symbols 5. **ALWAYS use Gitea secrets** for CI/CD - never hardcode in workflow files --- ## 📞 Need Help? - **Ansible Vault:** `ansible-vault --help` - **Gitea Secrets:** Repository Settings → Secrets → Actions - **Environment Variables:** See `src/pote/config.py` for all available settings - **Testing Config:** Run `python scripts/health_check.py` after changes --- **Last Updated:** December 2025