ilia/POTE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
POTE/CUSTOMIZATION_CHECKLIST.md
ilia e9fd12d949
Some checks failed
CI / lint-and-test (push) Failing after 1m6s
Details
CI / security-scan (push) Failing after 1m4s
Details
CI / dependency-scan (push) Successful in 7m46s
Details
CI / docker-build-test (push) Failing after 1m18s
Details
CI / workflow-summary (push) Successful in 1m5s
Details
Add documentation for Ansible separation and customization 
NEW FILES:
==========
📄 CUSTOMIZATION_CHECKLIST.md
   - Complete list of everything that needs customization
   - Organized by priority: Critical, Important, Optional
   - Covers .env, Ansible, Gitea secrets, email, etc.
   - Quick action checklist for deployment

📄 ANSIBLE_HANDOFF.md
   - Guide for integrating POTE with existing Ansible system
   - Explains what Ansible needs to know
   - Variable reference and secrets management
   - Multi-environment deployment strategy
   - Example playbook and testing instructions

📄 MOVE_ANSIBLE_TO_SEPARATE_REPO.md
   - Explains why ansible/ should be in infrastructure repo
   - Step-by-step migration guide
   - Final directory structure for both repos
   - Benefits and workflow after migration

KEY INSIGHT:
============
The ansible/ directory doesn't belong in the POTE app repo because:
- Ansible runs BEFORE the app exists (creates container, deploys app)
- Creates circular dependency (Ansible clones repo that contains Ansible)
- Should live in centralized infrastructure repository

NEXT STEPS:
===========
1. Review CUSTOMIZATION_CHECKLIST.md for deployment config
2. Copy ansible/ to infrastructure repo
3. Remove ansible/ from POTE repo (keep handoff docs)
4. Deploy via centralized Ansible system
2025-12-24 22:26:27 -05:00

8.9 KiB
Raw Permalink Blame History

POTE Customization Checklist

Everything you need to change from generic defaults to your specific deployment.

🔴 CRITICAL - Must Change (Security & Functionality)

1. Email Configuration (.env file)

# Current generic values:
SMTP_HOST=mail.levkin.ca          # ✅ Already yours
SMTP_PORT=587                      # ✅ OK (standard)
SMTP_USER=test@levkin.ca          # ✅ Already yours
SMTP_PASSWORD=your_password_here   # 🔴 CHANGE THIS
FROM_EMAIL=test@levkin.ca         # ✅ Already yours
REPORT_RECIPIENTS=admin@localhost  # 🔴 CHANGE THIS to your email

Action: Update SMTP_PASSWORD and REPORT_RECIPIENTS in .env

2. Database Password (.env file)

# Current generic value:
DATABASE_URL=postgresql://poteuser:changeme123@localhost:5432/potedb

# 🔴 CHANGE "changeme123" to a strong password

Action: Choose a strong password and update in:

  • .env file
  • PostgreSQL (if already created): ALTER USER poteuser PASSWORD 'your_new_password';

3. Git Repository (Ansible: ansible/group_vars/all.yml)

# Current value:
pote_git_repo: "gitea@10.0.30.169:ilia/POTE.git"

# 🔴 This is YOUR Gitea repo, but verify:
# - IP address: 10.0.30.169 (is this correct?)
# - Username: ilia (is this correct?)
# - Repo name: POTE (is this correct?)

Action: Verify or update the Git repo URL

4. SSH Keys (Ansible: ansible/vault.example.yml)

# 🔴 MUST CREATE vault.yml with your actual keys:
vault_git_ssh_key: |
  -----BEGIN OPENSSH PRIVATE KEY-----
  your_ssh_private_key_here  # 🔴 ADD YOUR KEY
  -----END OPENSSH PRIVATE KEY-----

vault_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC..."  # 🔴 ADD YOUR KEY

Action:

  1. Copy ansible/vault.example.ymlansible/group_vars/all/vault.yml
  2. Add your SSH keys
  3. Encrypt: ansible-vault encrypt ansible/group_vars/all/vault.yml

5. Server IP Addresses (Ansible: ansible/inventory.example.yml)

# Current values:
development:
  hosts:
    pote-dev:
      ansible_host: 10.0.10.100  # 🔴 CHANGE to your dev server IP

staging:
  hosts:
    pote-qa:
      ansible_host: 10.0.10.101  # 🔴 CHANGE to your QA server IP

production:
  hosts:
    pote-prod:
      ansible_host: 10.0.10.95   # 🔴 CHANGE to your prod server IP (or keep if correct)

Action: Update all IP addresses to match your Proxmox LXC containers

🟡 IMPORTANT - Should Change (Gitea Secrets)

6. Gitea Secrets (for CI/CD pipelines)

Location: Gitea Web UI → Repository Settings → Secrets

# Required secrets:
DB_PASSWORD=changeme123              # 🟡 CHANGE to match your DB password
SMTP_PASSWORD=your_password_here     # 🟡 CHANGE to your email password
SMTP_HOST=mail.levkin.ca            # ✅ Already yours
SMTP_USER=test@levkin.ca            # ✅ Already yours
FROM_EMAIL=test@levkin.ca           # ✅ Already yours

# For deployment workflow (if using):
PROXMOX_SSH_KEY=<your_private_key>   # 🟡 ADD your SSH private key
PROXMOX_HOST=10.0.10.95             # 🟡 CHANGE to your server IP
PROXMOX_USER=poteapp                # 🟡 CHANGE if using different user

Action: Add/update secrets in Gitea:

  1. Go to https://git.levkin.ca/ilia/POTE/settings/secrets
  2. Add each secret listed above

🟢 OPTIONAL - Customize for Your Needs

7. Email Recipients (Multiple locations)

.env file:

REPORT_RECIPIENTS=admin@localhost  # 🟢 Change to your email(s), comma-separated

scripts/automated_daily_run.sh:

REPORT_RECIPIENTS="${REPORT_RECIPIENTS:-admin@localhost}"  # 🟢 Change default

scripts/setup_cron.sh:

  • Will prompt you interactively for email address

Action: Update to your preferred email(s) for reports

8. Market Monitoring Tickers (.env and Ansible)

.env file:

MARKET_MONITOR_TICKERS=NVDA,TSLA,AAPL,MSFT,GOOGL,META,AMZN,AMD,INTC,NFLX
# 🟢 Customize this list based on what Congress trades most

ansible/group_vars/all.yml:

market_tickers: "NVDA,TSLA,AAPL,MSFT,GOOGL,META,AMZN,AMD,INTC,NFLX"
# 🟢 Should match .env

Action: Research most-traded congressional stocks and update list

9. Alert Severity Threshold (.env and Ansible)

.env file:

ALERT_MIN_SEVERITY=5  # 🟢 1-10, lower = more sensitive

ansible/group_vars/all.yml:

alert_severity: 5  # 🟢 Should match .env

Action: Adjust based on how many alerts you want (5 is moderate)

10. Cron Schedule Times (Ansible)

ansible/group_vars/development.yml, staging.yml, production.yml:

pote_daily_report_time: "0 6"      # 🟢 6:00 AM - change to your preference
pote_weekly_report_time: "0 8"     # 🟢 8:00 AM Sunday - change to your preference
pote_health_check_time: "*/30 * * * *"  # 🟢 Every 30 min - change to your preference

Action: Adjust times based on your timezone and preferences

11. Log Level (.env and Ansible)

.env file:

LOG_LEVEL=INFO  # 🟢 DEBUG, INFO, WARNING, ERROR

ansible/group_vars/all.yml:

log_level: "INFO"  # 🟢 Should match .env

Action: Use DEBUG for development, INFO for production

12. Application User (Ansible)

ansible/group_vars/all.yml:

appuser_name: "poteapp"  # 🟢 Change if you want a different username

scripts/proxmox_setup.sh:

APP_USER="poteapp"  # 🟢 Should match Ansible

Action: Keep as poteapp unless you have a specific naming convention

13. Database Names (Ansible - per environment)

ansible/group_vars/development.yml:

db_name: "potedb_dev"  # 🟢 OK as-is

ansible/group_vars/staging.yml:

db_name: "potedb_qa"   # 🟢 OK as-is

ansible/group_vars/production.yml:

db_name: "potedb"      # 🟢 OK as-is

Action: Keep defaults unless you have a specific naming convention

14. Backup Retention (Ansible)

ansible/roles/pote/defaults/main.yml:

pote_backup_retention_days: 90  # 🟢 Adjust based on disk space

Action: Increase for production (180+ days), decrease for dev (30 days)

15. API Keys (.env - if you get paid APIs)

.env file:

QUIVERQUANT_API_KEY=              # 🟢 Optional paid service
FMP_API_KEY=                      # 🟢 Optional paid service

Action: Add keys if you subscribe to these services (not required)

📋 Summary: Quick Action List

Immediate (Before First Deployment)

  1. Update .env: SMTP_PASSWORD, REPORT_RECIPIENTS, DATABASE_URL password
  2. Create ansible/group_vars/all/vault.yml with your SSH keys
  3. Encrypt vault: ansible-vault encrypt ansible/group_vars/all/vault.yml
  4. Update ansible/inventory.yml with your server IPs
  5. Add Gitea secrets: DB_PASSWORD, SMTP_PASSWORD

Before Production Use

  1. Verify Git repo URL in ansible/group_vars/all.yml
  2. Customize MARKET_MONITOR_TICKERS based on research
  3. Adjust cron times for your timezone
  4. Set appropriate log levels per environment

Optional Enhancements

  1. Add paid API keys if you subscribe
  2. Adjust alert sensitivity based on testing
  3. Customize backup retention per environment

🔍 How to Find These Files

# Configuration files:
.env                                    # Main config (not in git)
src/pote/config.py                      # Python config loader

# Ansible files:
ansible/inventory.yml                   # Server IPs (copy from .example.yml)
ansible/group_vars/all.yml             # Common variables
ansible/group_vars/all/vault.yml       # Secrets (create from vault.example.yml)
ansible/group_vars/development.yml     # Dev environment
ansible/group_vars/staging.yml         # QA environment
ansible/group_vars/production.yml      # Prod environment
ansible/roles/pote/defaults/main.yml   # All default variables

# Scripts:
scripts/automated_daily_run.sh         # Daily automation
scripts/automated_weekly_run.sh        # Weekly automation
scripts/setup_cron.sh                  # Cron setup
scripts/proxmox_setup.sh               # Initial server setup

# CI/CD:
.github/workflows/ci.yml               # CI pipeline
.github/workflows/deploy.yml           # Deployment pipeline

🚨 Security Reminders

  1. NEVER commit .env to git - it's in .gitignore
  2. NEVER commit unencrypted vault.yml - always use ansible-vault encrypt
  3. NEVER put real passwords in example files - use placeholders
  4. ALWAYS use strong passwords - minimum 16 characters, mixed case, numbers, symbols
  5. ALWAYS use Gitea secrets for CI/CD - never hardcode in workflow files

📞 Need Help?

  • Ansible Vault: ansible-vault --help
  • Gitea Secrets: Repository Settings → Secrets → Actions
  • Environment Variables: See src/pote/config.py for all available settings
  • Testing Config: Run python scripts/health_check.py after changes

Last Updated: December 2025