ansible

Author	SHA1	Message	Date
ilia	de49b34cdc	Add homelab monitoring, portfolio site, and vault tooling. Some checks failed CI / skip-ci-check (pull_request) Successful in 6s Details CI / lint-and-test (pull_request) Failing after 9s Details CI / ansible-validation (pull_request) Failing after 6s Details CI / secret-scanning (pull_request) Successful in 5s Details CI / dependency-scan (pull_request) Successful in 8s Details CI / sast-scan (pull_request) Failing after 5s Details CI / license-check (pull_request) Successful in 11s Details CI / vault-check (pull_request) Failing after 6s Details CI / playbook-test (pull_request) Failing after 6s Details CI / container-scan (pull_request) Failing after 6s Details CI / sonar-analysis (pull_request) Failing after 2s Details CI / workflow-summary (pull_request) Successful in 4s Details Document pve10 static IPs, monitoring stack, and site LXCs; add portfolio to inventory; Mailcow mailbox automation; vault import/export scripts; security audit guides and UniFi DHCP reference. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-22 16:25:07 -04:00
ilia	69a39e5e5b	Add POTE app project support and improve IP conflict detection (#3 ) ## Summary This PR adds comprehensive support for deploying the POTE application project via Ansible, along with improvements to IP conflict detection and a new app stack provisioning system for Proxmox-managed LXC containers. ## Key Features ### 🆕 New Roles - `roles/pote`: Python/venv deployment role for POTE (PostgreSQL, cron jobs, Alembic migrations) - `roles/app_setup`: Generic app deployment role (Node.js/systemd) - `roles/base_os`: Base OS hardening role ### 🛡️ Safety Improvements - IP uniqueness validation within projects - Proxmox-side IP conflict detection - Enhanced error messages for IP conflicts ### 📦 New Playbooks - `playbooks/app/site.yml`: End-to-end app stack deployment - `playbooks/app/provision_vms.yml`: Proxmox guest provisioning - `playbooks/app/configure_app.yml`: OS + application configuration ## Security - ✅ All secrets stored in encrypted vault.yml - ✅ Deploy keys excluded via .gitignore - ✅ No plaintext secrets committed ## Testing - ✅ POTE successfully deployed to dev/qa/prod environments - ✅ All components validated (Git, PostgreSQL, cron, migrations) Co-authored-by: ilia <ilia@levkin.ca> Reviewed-on: #3	2026-01-01 11:19:54 -05:00
ilia	cd12b02147	Add initial project structure with configuration files and playbooks for infrastructure management. Introduce .ansible-lint-ignore to manage linting exceptions for vault files. Create README.md and documentation for setup guides, including Tailscale and monitoring roles. Establish Makefile commands for streamlined execution of playbooks and tasks. Update inventory structure for better organization of hosts and variables.	2025-09-09 21:12:08 -04:00
ilia	5e4428447c	Enhance Ansible setup by introducing a Makefile for streamlined workflows, updating ansible.cfg for improved configuration, and adding .ansible/facts/ to .gitignore. Update README.md to include quick start instructions and usage examples for the Makefile. Refactor roles for SSH hardening, including comprehensive configuration options and security settings, while ensuring modern CLI tools are installed. Improve package management in the base role with additional utilities and symlink creation for compatibility.	2025-08-29 21:54:50 -04:00
ilia	8a1b8609b7	Add .gitignore file to exclude sensitive and temporary files. Update ansible.cfg to set default stdout callback and disable deprecation warnings. Modify hosts file to include a local group for localhost. Create local-playbook.yml for local development setup with pre-tasks and role execution. Enhance README.md with vault password setup instructions and debug output configuration. Update group_vars to include ansible_debug_output variable. Refactor roles to improve package installation checks and streamline Docker setup with GPG key management.	2025-08-29 13:58:06 +00:00

5 Commits