ilia/POTE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
POTE/CUSTOMIZATION_CHECKLIST.md
ilia e9fd12d949
Some checks failed
CI / lint-and-test (push) Failing after 1m6s
Details
CI / security-scan (push) Failing after 1m4s
Details
CI / dependency-scan (push) Successful in 7m46s
Details
CI / docker-build-test (push) Failing after 1m18s
Details
CI / workflow-summary (push) Successful in 1m5s
Details
Add documentation for Ansible separation and customization 
NEW FILES:
==========
📄 CUSTOMIZATION_CHECKLIST.md
   - Complete list of everything that needs customization
   - Organized by priority: Critical, Important, Optional
   - Covers .env, Ansible, Gitea secrets, email, etc.
   - Quick action checklist for deployment

📄 ANSIBLE_HANDOFF.md
   - Guide for integrating POTE with existing Ansible system
   - Explains what Ansible needs to know
   - Variable reference and secrets management
   - Multi-environment deployment strategy
   - Example playbook and testing instructions

📄 MOVE_ANSIBLE_TO_SEPARATE_REPO.md
   - Explains why ansible/ should be in infrastructure repo
   - Step-by-step migration guide
   - Final directory structure for both repos
   - Benefits and workflow after migration

KEY INSIGHT:
============
The ansible/ directory doesn't belong in the POTE app repo because:
- Ansible runs BEFORE the app exists (creates container, deploys app)
- Creates circular dependency (Ansible clones repo that contains Ansible)
- Should live in centralized infrastructure repository

NEXT STEPS:
===========
1. Review CUSTOMIZATION_CHECKLIST.md for deployment config
2. Copy ansible/ to infrastructure repo
3. Remove ansible/ from POTE repo (keep handoff docs)
4. Deploy via centralized Ansible system
2025-12-24 22:26:27 -05:00

312 lines
8.9 KiB
Markdown
Raw Blame History

# POTE Customization Checklist
**Everything you need to change from generic defaults to your specific deployment.**
---
## 🔴 CRITICAL - Must Change (Security & Functionality)
### 1. Email Configuration (`.env` file)
```bash
# Current generic values:
SMTP_HOST=mail.levkin.ca # ✅ Already yours
SMTP_PORT=587 # ✅ OK (standard)
SMTP_USER=test@levkin.ca # ✅ Already yours
SMTP_PASSWORD=your_password_here # 🔴 CHANGE THIS
FROM_EMAIL=test@levkin.ca # ✅ Already yours
REPORT_RECIPIENTS=admin@localhost # 🔴 CHANGE THIS to your email
```
**Action:** Update `SMTP_PASSWORD` and `REPORT_RECIPIENTS` in `.env`
### 2. Database Password (`.env` file)
```bash
# Current generic value:
DATABASE_URL=postgresql://poteuser:changeme123@localhost:5432/potedb
# 🔴 CHANGE "changeme123" to a strong password
```
**Action:** Choose a strong password and update in:
- `.env` file
- PostgreSQL (if already created): `ALTER USER poteuser PASSWORD 'your_new_password';`
### 3. Git Repository (Ansible: `ansible/group_vars/all.yml`)
```yaml
# Current value:
pote_git_repo: "gitea@10.0.30.169:ilia/POTE.git"
# 🔴 This is YOUR Gitea repo, but verify:
# - IP address: 10.0.30.169 (is this correct?)
# - Username: ilia (is this correct?)
# - Repo name: POTE (is this correct?)
```
**Action:** Verify or update the Git repo URL
### 4. SSH Keys (Ansible: `ansible/vault.example.yml`)
```yaml
# 🔴 MUST CREATE vault.yml with your actual keys:
vault_git_ssh_key: |
-----BEGIN OPENSSH PRIVATE KEY-----
your_ssh_private_key_here # 🔴 ADD YOUR KEY
-----END OPENSSH PRIVATE KEY-----
vault_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC..." # 🔴 ADD YOUR KEY
```
**Action:**
1. Copy `ansible/vault.example.yml``ansible/group_vars/all/vault.yml`
2. Add your SSH keys
3. Encrypt: `ansible-vault encrypt ansible/group_vars/all/vault.yml`
### 5. Server IP Addresses (Ansible: `ansible/inventory.example.yml`)
```yaml
# Current values:
development:
hosts:
pote-dev:
ansible_host: 10.0.10.100 # 🔴 CHANGE to your dev server IP
staging:
hosts:
pote-qa:
ansible_host: 10.0.10.101 # 🔴 CHANGE to your QA server IP
production:
hosts:
pote-prod:
ansible_host: 10.0.10.95 # 🔴 CHANGE to your prod server IP (or keep if correct)
```
**Action:** Update all IP addresses to match your Proxmox LXC containers
---
## 🟡 IMPORTANT - Should Change (Gitea Secrets)
### 6. Gitea Secrets (for CI/CD pipelines)
**Location:** Gitea Web UI → Repository Settings → Secrets
```bash
# Required secrets:
DB_PASSWORD=changeme123 # 🟡 CHANGE to match your DB password
SMTP_PASSWORD=your_password_here # 🟡 CHANGE to your email password
SMTP_HOST=mail.levkin.ca # ✅ Already yours
SMTP_USER=test@levkin.ca # ✅ Already yours
FROM_EMAIL=test@levkin.ca # ✅ Already yours
# For deployment workflow (if using):
PROXMOX_SSH_KEY=<your_private_key> # 🟡 ADD your SSH private key
PROXMOX_HOST=10.0.10.95 # 🟡 CHANGE to your server IP
PROXMOX_USER=poteapp # 🟡 CHANGE if using different user
```
**Action:** Add/update secrets in Gitea:
1. Go to `https://git.levkin.ca/ilia/POTE/settings/secrets`
2. Add each secret listed above
---
## 🟢 OPTIONAL - Customize for Your Needs
### 7. Email Recipients (Multiple locations)
**`.env` file:**
```bash
REPORT_RECIPIENTS=admin@localhost # 🟢 Change to your email(s), comma-separated
```
**`scripts/automated_daily_run.sh`:**
```bash
REPORT_RECIPIENTS="${REPORT_RECIPIENTS:-admin@localhost}" # 🟢 Change default
```
**`scripts/setup_cron.sh`:**
- Will prompt you interactively for email address
**Action:** Update to your preferred email(s) for reports
### 8. Market Monitoring Tickers (`.env` and Ansible)
**`.env` file:**
```bash
MARKET_MONITOR_TICKERS=NVDA,TSLA,AAPL,MSFT,GOOGL,META,AMZN,AMD,INTC,NFLX
# 🟢 Customize this list based on what Congress trades most
```
**`ansible/group_vars/all.yml`:**
```yaml
market_tickers: "NVDA,TSLA,AAPL,MSFT,GOOGL,META,AMZN,AMD,INTC,NFLX"
# 🟢 Should match .env
```
**Action:** Research most-traded congressional stocks and update list
### 9. Alert Severity Threshold (`.env` and Ansible)
**`.env` file:**
```bash
ALERT_MIN_SEVERITY=5 # 🟢 1-10, lower = more sensitive
```
**`ansible/group_vars/all.yml`:**
```yaml
alert_severity: 5 # 🟢 Should match .env
```
**Action:** Adjust based on how many alerts you want (5 is moderate)
### 10. Cron Schedule Times (Ansible)
**`ansible/group_vars/development.yml`, `staging.yml`, `production.yml`:**
```yaml
pote_daily_report_time: "0 6" # 🟢 6:00 AM - change to your preference
pote_weekly_report_time: "0 8" # 🟢 8:00 AM Sunday - change to your preference
pote_health_check_time: "*/30 * * * *" # 🟢 Every 30 min - change to your preference
```
**Action:** Adjust times based on your timezone and preferences
### 11. Log Level (`.env` and Ansible)
**`.env` file:**
```bash
LOG_LEVEL=INFO # 🟢 DEBUG, INFO, WARNING, ERROR
```
**`ansible/group_vars/all.yml`:**
```yaml
log_level: "INFO" # 🟢 Should match .env
```
**Action:** Use `DEBUG` for development, `INFO` for production
### 12. Application User (Ansible)
**`ansible/group_vars/all.yml`:**
```yaml
appuser_name: "poteapp" # 🟢 Change if you want a different username
```
**`scripts/proxmox_setup.sh`:**
```bash
APP_USER="poteapp" # 🟢 Should match Ansible
```
**Action:** Keep as `poteapp` unless you have a specific naming convention
### 13. Database Names (Ansible - per environment)
**`ansible/group_vars/development.yml`:**
```yaml
db_name: "potedb_dev" # 🟢 OK as-is
```
**`ansible/group_vars/staging.yml`:**
```yaml
db_name: "potedb_qa" # 🟢 OK as-is
```
**`ansible/group_vars/production.yml`:**
```yaml
db_name: "potedb" # 🟢 OK as-is
```
**Action:** Keep defaults unless you have a specific naming convention
### 14. Backup Retention (Ansible)
**`ansible/roles/pote/defaults/main.yml`:**
```yaml
pote_backup_retention_days: 90 # 🟢 Adjust based on disk space
```
**Action:** Increase for production (180+ days), decrease for dev (30 days)
### 15. API Keys (`.env` - if you get paid APIs)
**`.env` file:**
```bash
QUIVERQUANT_API_KEY= # 🟢 Optional paid service
FMP_API_KEY= # 🟢 Optional paid service
```
**Action:** Add keys if you subscribe to these services (not required)
---
## 📋 Summary: Quick Action List
### Immediate (Before First Deployment)
1. ✅ Update `.env`: `SMTP_PASSWORD`, `REPORT_RECIPIENTS`, `DATABASE_URL` password
2. ✅ Create `ansible/group_vars/all/vault.yml` with your SSH keys
3. ✅ Encrypt vault: `ansible-vault encrypt ansible/group_vars/all/vault.yml`
4. ✅ Update `ansible/inventory.yml` with your server IPs
5. ✅ Add Gitea secrets: `DB_PASSWORD`, `SMTP_PASSWORD`
### Before Production Use
6. ✅ Verify Git repo URL in `ansible/group_vars/all.yml`
7. ✅ Customize `MARKET_MONITOR_TICKERS` based on research
8. ✅ Adjust cron times for your timezone
9. ✅ Set appropriate log levels per environment
### Optional Enhancements
10. ⭐ Add paid API keys if you subscribe
11. ⭐ Adjust alert sensitivity based on testing
12. ⭐ Customize backup retention per environment
---
## 🔍 How to Find These Files
```bash
# Configuration files:
.env # Main config (not in git)
src/pote/config.py # Python config loader
# Ansible files:
ansible/inventory.yml # Server IPs (copy from .example.yml)
ansible/group_vars/all.yml # Common variables
ansible/group_vars/all/vault.yml # Secrets (create from vault.example.yml)
ansible/group_vars/development.yml # Dev environment
ansible/group_vars/staging.yml # QA environment
ansible/group_vars/production.yml # Prod environment
ansible/roles/pote/defaults/main.yml # All default variables
# Scripts:
scripts/automated_daily_run.sh # Daily automation
scripts/automated_weekly_run.sh # Weekly automation
scripts/setup_cron.sh # Cron setup
scripts/proxmox_setup.sh # Initial server setup
# CI/CD:
.github/workflows/ci.yml # CI pipeline
.github/workflows/deploy.yml # Deployment pipeline
```
---
## 🚨 Security Reminders
1. **NEVER commit `.env` to git** - it's in `.gitignore`
2. **NEVER commit unencrypted `vault.yml`** - always use `ansible-vault encrypt`
3. **NEVER put real passwords in example files** - use placeholders
4. **ALWAYS use strong passwords** - minimum 16 characters, mixed case, numbers, symbols
5. **ALWAYS use Gitea secrets** for CI/CD - never hardcode in workflow files
---
## 📞 Need Help?
- **Ansible Vault:** `ansible-vault --help`
- **Gitea Secrets:** Repository Settings → Secrets → Actions
- **Environment Variables:** See `src/pote/config.py` for all available settings
- **Testing Config:** Run `python scripts/health_check.py` after changes
---
**Last Updated:** December 2025
Reference in New Issue View Git Blame Copy Permalink