--- # ============================================================================= # POTE (Public Officials Trading Explorer) - Ansible Role Defaults # ============================================================================= # Purpose: Complete configuration for automated POTE deployment # Compatible with: base_os role and multi-environment deployments # ============================================================================= # ----------------------------------------------------------------------------- # PROJECT BASICS # ----------------------------------------------------------------------------- pote_project_name: "pote" pote_app_description: "Public Officials Trading Explorer - Congressional stock trading tracker" pote_version: "1.0.0" # ----------------------------------------------------------------------------- # GIT REPOSITORY # ----------------------------------------------------------------------------- pote_git_repo: "gitea@10.0.30.169:ilia/POTE.git" pote_git_branch: "{{ git_branch | default('main') }}" # Override per environment pote_git_version: "{{ git_branch | default('main') }}" # SSH key for git clone (if using SSH) pote_git_ssh_key: "{{ git_ssh_key | default('') }}" # Alternative: HTTPS with credentials pote_git_https_url: "https://git.levkin.ca/ilia/POTE.git" pote_git_username: "{{ git_username | default('') }}" pote_git_password: "{{ git_password | default('') }}" # ----------------------------------------------------------------------------- # APPLICATION USER & PATHS # ----------------------------------------------------------------------------- pote_user: "{{ appuser_name | default('poteapp') }}" pote_group: "{{ appuser_name | default('poteapp') }}" pote_user_home: "/home/{{ pote_user }}" pote_app_dir: "{{ pote_user_home }}/pote" pote_venv_dir: "{{ pote_app_dir }}/venv" pote_logs_dir: "{{ pote_user_home }}/logs" # User configuration (if not using base_os role) pote_create_user: true pote_user_shell: "/bin/bash" pote_user_groups: [] pote_user_ssh_public_key: "{{ appuser_ssh_public_key | default('') }}" # ----------------------------------------------------------------------------- # PYTHON & DEPENDENCIES # ----------------------------------------------------------------------------- pote_python_version: "3.11" pote_python_packages: - python3 - python3-pip - python3-venv - python3-dev - build-essential # System dependencies pote_system_packages: - git - curl - ca-certificates - postgresql-client - libpq-dev - gcc - make # ----------------------------------------------------------------------------- # DATABASE CONFIGURATION # ----------------------------------------------------------------------------- # PostgreSQL settings pote_db_type: "postgresql" pote_db_host: "{{ db_host | default('localhost') }}" pote_db_port: "{{ db_port | default(5432) }}" pote_db_name: "{{ db_name | default('potedb') }}" pote_db_user: "{{ db_user | default('poteuser') }}" pote_db_password: "{{ db_password | default('changeme123') }}" # Database URL (constructed) pote_database_url: "postgresql://{{ pote_db_user }}:{{ pote_db_password }}@{{ pote_db_host }}:{{ pote_db_port }}/{{ pote_db_name }}" # Alternative: SQLite for dev pote_use_sqlite: false pote_sqlite_path: "{{ pote_app_dir }}/pote.db" # Database creation (if PostgreSQL is local) pote_create_database: true pote_run_migrations: true # ----------------------------------------------------------------------------- # EMAIL / SMTP CONFIGURATION # ----------------------------------------------------------------------------- pote_smtp_host: "{{ smtp_host | default('mail.levkin.ca') }}" pote_smtp_port: "{{ smtp_port | default(587) }}" pote_smtp_user: "{{ smtp_user | default('test@levkin.ca') }}" pote_smtp_password: "{{ smtp_password | default('') }}" pote_from_email: "{{ from_email | default('test@levkin.ca') }}" pote_report_recipients: "{{ report_recipients | default('test@levkin.ca') }}" # ----------------------------------------------------------------------------- # MONITORING CONFIGURATION # ----------------------------------------------------------------------------- # Tickers to monitor (comma-separated) pote_market_monitor_tickers: "{{ market_tickers | default('NVDA,TSLA,AAPL,MSFT,GOOGL,META,AMZN,AMD,INTC,NFLX') }}" pote_alert_min_severity: "{{ alert_severity | default(5) }}" # ----------------------------------------------------------------------------- # LOGGING # ----------------------------------------------------------------------------- pote_log_level: "{{ log_level | default('INFO') }}" pote_log_file: "{{ pote_logs_dir }}/pote.log" # ----------------------------------------------------------------------------- # CRON / AUTOMATION # ----------------------------------------------------------------------------- # Enable automated daily/weekly reports pote_enable_cron: true # Daily report time (cron format: minute hour) pote_daily_report_time: "0 6" # 6:00 AM pote_daily_report_enabled: true # Weekly report time (cron format: minute hour day_of_week) pote_weekly_report_time: "0 8 0" # Sunday 8:00 AM pote_weekly_report_enabled: true # Health check frequency (every 6 hours) pote_health_check_enabled: true pote_health_check_time: "0 */6" # ----------------------------------------------------------------------------- # FIREWALL / PORTS # ----------------------------------------------------------------------------- # POTE doesn't expose HTTP ports by default (CLI/cron only) # But if you add FastAPI later: pote_backend_port: "{{ app_backend_port | default(8000) }}" pote_enable_backend: false # No web backend yet pote_enable_frontend: false # No frontend yet # Allow SSH for deployment pote_allow_ssh_port: 22 # ----------------------------------------------------------------------------- # ENVIRONMENT-SPECIFIC OVERRIDES # ----------------------------------------------------------------------------- # These are typically set in group_vars/development.yml, staging.yml, production.yml pote_environment: "{{ environment | default('production') }}" # Environment-specific database names pote_env_db_suffix: development: "_dev" staging: "_qa" production: "" # ----------------------------------------------------------------------------- # DEPLOYMENT OPTIONS # ----------------------------------------------------------------------------- # Deployment strategy pote_deployment_strategy: "git_pull" # or "docker", "package" # Backup before deployment pote_backup_before_deploy: true pote_backup_dir: "{{ pote_user_home }}/backups" pote_backup_retention_days: 30 # Rollback on failure pote_rollback_on_failure: true # Health check after deployment pote_health_check_after_deploy: true pote_health_check_timeout: 300 # seconds # ----------------------------------------------------------------------------- # DOCKER OPTIONS (if using Docker deployment) # ----------------------------------------------------------------------------- pote_use_docker: false pote_docker_image: "pote:latest" pote_docker_registry: "" pote_docker_compose_file: "{{ pote_app_dir }}/docker-compose.yml" # ----------------------------------------------------------------------------- # SECURITY # ----------------------------------------------------------------------------- # File permissions pote_env_file_mode: "0600" pote_app_dir_mode: "0755" pote_logs_dir_mode: "0755" # SSL/TLS (for future FastAPI backend) pote_enable_ssl: false pote_ssl_cert_path: "" pote_ssl_key_path: "" # Secrets management pote_use_vault: false pote_vault_path: "secret/pote/{{ pote_environment }}" # ----------------------------------------------------------------------------- # TESTING & VALIDATION # ----------------------------------------------------------------------------- # Run tests after deployment pote_run_tests: false pote_test_command: "pytest tests/ -v" # Smoke tests pote_run_smoke_tests: true pote_smoke_test_commands: - "python scripts/health_check.py" - "python -c 'import pote; print(\"Import successful\")'" # ----------------------------------------------------------------------------- # NOTIFICATIONS # ----------------------------------------------------------------------------- # Deployment notifications pote_notify_on_deploy: false pote_notification_webhook: "" pote_notification_email: "{{ pote_report_recipients }}" # ----------------------------------------------------------------------------- # PERFORMANCE TUNING # ----------------------------------------------------------------------------- # Python workers (for future FastAPI) pote_workers: "{{ ansible_processor_vcpus | default(2) }}" pote_worker_class: "uvicorn.workers.UvicornWorker" # Database connection pool pote_db_pool_size: 5 pote_db_max_overflow: 10 # ----------------------------------------------------------------------------- # DATA SOURCES (API Keys - typically in vault/secrets) # ----------------------------------------------------------------------------- # Optional API keys for additional data sources pote_quiverquant_api_key: "{{ quiverquant_key | default('') }}" pote_fmp_api_key: "{{ fmp_key | default('') }}" # ----------------------------------------------------------------------------- # FEATURE FLAGS # ----------------------------------------------------------------------------- # Enable/disable features per environment pote_feature_email_reports: true pote_feature_market_monitoring: true pote_feature_disclosure_correlation: true pote_feature_pattern_detection: true # ----------------------------------------------------------------------------- # MAINTENANCE # ----------------------------------------------------------------------------- # Maintenance mode pote_maintenance_mode: false pote_maintenance_message: "POTE is currently under maintenance" # Log rotation pote_logrotate_enabled: true pote_logrotate_days: 30 pote_logrotate_size: "100M" # Database vacuum/maintenance pote_db_maintenance_enabled: true pote_db_maintenance_schedule: "0 2 * * 0" # Weekly, Sunday 2 AM # ----------------------------------------------------------------------------- # MONITORING & OBSERVABILITY # ----------------------------------------------------------------------------- # Metrics collection (for future) pote_enable_metrics: false pote_metrics_port: 9090 # Healthcheck endpoint (for future FastAPI) pote_healthcheck_path: "/health" # ----------------------------------------------------------------------------- # BACKWARDS COMPATIBILITY # ----------------------------------------------------------------------------- # Support for base_os role variables base_os_user: "{{ pote_user }}" base_os_backend_port: "{{ pote_backend_port }}" base_os_enable_backend: "{{ pote_enable_backend }}" base_os_enable_frontend: "{{ pote_enable_frontend }}" # ----------------------------------------------------------------------------- # COMPUTED VARIABLES (DO NOT OVERRIDE) # ----------------------------------------------------------------------------- # These are computed from above variables pote_db_name_full: "{{ pote_db_name }}{{ pote_env_db_suffix[pote_environment] }}" pote_env_file: "{{ pote_app_dir }}/.env" pote_requirements_file: "{{ pote_app_dir }}/requirements.txt" pote_alembic_ini: "{{ pote_app_dir }}/alembic.ini"