ansible

ilia/ansible

Fork 0

Commit Graph

Author	SHA1	Message	Date
ilia	0a937fd1b4	feat(app_setup): Improves deployment reliability for app projects and adds support for mirrormatch deployment with Prisma/Next.js requirements. (#5 ) All checks were successful CI / skip-ci-check (push) Successful in 1m23s Details CI / lint-and-test (push) Successful in 1m27s Details CI / ansible-validation (push) Successful in 2m59s Details CI / secret-scanning (push) Successful in 1m24s Details CI / dependency-scan (push) Successful in 1m29s Details CI / sast-scan (push) Successful in 2m41s Details CI / license-check (push) Successful in 1m27s Details CI / vault-check (push) Successful in 2m29s Details CI / playbook-test (push) Successful in 2m38s Details CI / container-scan (push) Successful in 1m56s Details CI / sonar-analysis (push) Successful in 2m33s Details CI / workflow-summary (push) Successful in 1m21s Details ## Summary Improves deployment reliability for app projects and adds support for mirrormatch deployment with Prisma/Next.js requirements. ## Changes ### Core Improvements (affects all app projects) 1. Deploy Script (`deploy_app.sh.j2`) - Fixed clone logic to handle non-git directories gracefully - Preserves `.env.` files during repository clone - Uses temporary directory for initial clone to avoid permission issues - Added `sudo` to systemctl restart commands (appuser needs sudo for service management) 2. Environment Template (`env.j2`)* - Removed comment lines to prevent `xargs` errors when sourcing env files - Cleaner, more reliable env file format 3. App Setup Role (`app_setup/tasks/main.yml`) - Added initial deploy task to run deploy script during first configure - Ensures app is fully deployed before systemd service starts 4. Configure Playbook (`configure_app.yml`) - Fixed migrate command precedence: checks `env_def.backend_migrate_cmd` first - Allows per-environment override of migrate commands (e.g., `db:push` for dev/qa) ### Mirrormatch-Specific Configuration - Added `mirrormatch` project definition with dev/qa/prod environments - Configured `backend_migrate_cmd: "npm run db:push"` for dev/qa (no shadow DB needed) - Added `backend_seed_cmd` support for dev/qa environments - Configured NextAuth v5 environment variables (`AUTH_TRUST_HOST`) ### Documentation - Updated `docs/guides/app_stack_proxmox.md` with: - Project-specific configuration examples - Environment file naming notes - Command precedence documentation ## Impact Analysis ### ✅ Backward Compatible - pote: No impact (uses separate `pote` role) - punimTagFE/BE: Will benefit from improved deploy script, no breaking changes - mirrormatch: Uses new features, fully supported ### Project-Specific Configs (isolated) All mirrormatch-specific settings are in `app_projects.mirrormatch` and don't affect other projects: - `backend_migrate_cmd: "npm run db:push"` (per-environment) - `backend_seed_cmd: "npm run db:seed"` (per-environment) - `AUTH_TRUST_HOST: "true"` (in env_vars) ## Testing - ✅ Mirrormatch dev environment successfully deployed - ✅ Service starts correctly after deployment - ✅ Environment variables loaded properly - ✅ Database schema pushed and seeded ## Related Fixes deployment issues encountered during mirrormatch setup: - Non-git directory handling - Env file preservation during clone - Service restart permissions - Prisma migrate vs db:push workflow Reviewed-on: #5	2026-01-04 16:59:48 -05:00
ilia	69a39e5e5b	Add POTE app project support and improve IP conflict detection (#3 ) ## Summary This PR adds comprehensive support for deploying the POTE application project via Ansible, along with improvements to IP conflict detection and a new app stack provisioning system for Proxmox-managed LXC containers. ## Key Features ### 🆕 New Roles - `roles/pote`: Python/venv deployment role for POTE (PostgreSQL, cron jobs, Alembic migrations) - `roles/app_setup`: Generic app deployment role (Node.js/systemd) - `roles/base_os`: Base OS hardening role ### 🛡️ Safety Improvements - IP uniqueness validation within projects - Proxmox-side IP conflict detection - Enhanced error messages for IP conflicts ### 📦 New Playbooks - `playbooks/app/site.yml`: End-to-end app stack deployment - `playbooks/app/provision_vms.yml`: Proxmox guest provisioning - `playbooks/app/configure_app.yml`: OS + application configuration ## Security - ✅ All secrets stored in encrypted vault.yml - ✅ Deploy keys excluded via .gitignore - ✅ No plaintext secrets committed ## Testing - ✅ POTE successfully deployed to dev/qa/prod environments - ✅ All components validated (Git, PostgreSQL, cron, migrations) Co-authored-by: ilia <ilia@levkin.ca> Reviewed-on: #3	2026-01-01 11:19:54 -05:00

Author

SHA1

Message

Date

ilia

0a937fd1b4

feat(app_setup): Improves deployment reliability for app projects and adds support for mirrormatch deployment with Prisma/Next.js requirements. (#5 )

CI / skip-ci-check (push) Successful in 1m23s

Details

CI / lint-and-test (push) Successful in 1m27s

Details

CI / ansible-validation (push) Successful in 2m59s

Details

CI / secret-scanning (push) Successful in 1m24s

Details

CI / dependency-scan (push) Successful in 1m29s

Details

CI / sast-scan (push) Successful in 2m41s

Details

CI / license-check (push) Successful in 1m27s

Details

CI / vault-check (push) Successful in 2m29s

Details

CI / playbook-test (push) Successful in 2m38s

Details

CI / container-scan (push) Successful in 1m56s

Details

CI / sonar-analysis (push) Successful in 2m33s

Details

CI / workflow-summary (push) Successful in 1m21s

Details

## Summary

Improves deployment reliability for app projects and adds support for mirrormatch deployment with Prisma/Next.js requirements.

## Changes

### Core Improvements (affects all app projects)

1. **Deploy Script (`deploy_app.sh.j2`)**
   - Fixed clone logic to handle non-git directories gracefully
   - Preserves `.env.*` files during repository clone
   - Uses temporary directory for initial clone to avoid permission issues
   - Added `sudo` to systemctl restart commands (appuser needs sudo for service management)

2. **Environment Template (`env.j2`)**
   - Removed comment lines to prevent `xargs` errors when sourcing env files
   - Cleaner, more reliable env file format

3. **App Setup Role (`app_setup/tasks/main.yml`)**
   - Added initial deploy task to run deploy script during first configure
   - Ensures app is fully deployed before systemd service starts

4. **Configure Playbook (`configure_app.yml`)**
   - Fixed migrate command precedence: checks `env_def.backend_migrate_cmd` first
   - Allows per-environment override of migrate commands (e.g., `db:push` for dev/qa)

### Mirrormatch-Specific Configuration

- Added `mirrormatch` project definition with dev/qa/prod environments
- Configured `backend_migrate_cmd: "npm run db:push"` for dev/qa (no shadow DB needed)
- Added `backend_seed_cmd` support for dev/qa environments
- Configured NextAuth v5 environment variables (`AUTH_TRUST_HOST`)

### Documentation

- Updated `docs/guides/app_stack_proxmox.md` with:
  - Project-specific configuration examples
  - Environment file naming notes
  - Command precedence documentation

## Impact Analysis

### ✅ Backward Compatible

- **pote**: No impact (uses separate `pote` role)
- **punimTagFE/BE**: Will benefit from improved deploy script, no breaking changes
- **mirrormatch**: Uses new features, fully supported

### Project-Specific Configs (isolated)

All mirrormatch-specific settings are in `app_projects.mirrormatch` and don't affect other projects:
- `backend_migrate_cmd: "npm run db:push"` (per-environment)
- `backend_seed_cmd: "npm run db:seed"` (per-environment)
- `AUTH_TRUST_HOST: "true"` (in env_vars)

## Testing

- ✅ Mirrormatch dev environment successfully deployed
- ✅ Service starts correctly after deployment
- ✅ Environment variables loaded properly
- ✅ Database schema pushed and seeded

## Related

Fixes deployment issues encountered during mirrormatch setup:
- Non-git directory handling
- Env file preservation during clone
- Service restart permissions
- Prisma migrate vs db:push workflow

Reviewed-on: #5

2026-01-04 16:59:48 -05:00

ilia

69a39e5e5b

Add POTE app project support and improve IP conflict detection (#3 )

## Summary

This PR adds comprehensive support for deploying the **POTE** application project via Ansible, along with improvements to IP conflict detection and a new app stack provisioning system for Proxmox-managed LXC containers.

## Key Features

### 🆕 New Roles
- **`roles/pote`**: Python/venv deployment role for POTE (PostgreSQL, cron jobs, Alembic migrations)
- **`roles/app_setup`**: Generic app deployment role (Node.js/systemd)
- **`roles/base_os`**: Base OS hardening role

### 🛡️ Safety Improvements
- IP uniqueness validation within projects
- Proxmox-side IP conflict detection
- Enhanced error messages for IP conflicts

### 📦 New Playbooks
- `playbooks/app/site.yml`: End-to-end app stack deployment
- `playbooks/app/provision_vms.yml`: Proxmox guest provisioning
- `playbooks/app/configure_app.yml`: OS + application configuration

## Security
- ✅ All secrets stored in encrypted vault.yml
- ✅ Deploy keys excluded via .gitignore
- ✅ No plaintext secrets committed

## Testing
- ✅ POTE successfully deployed to dev/qa/prod environments
- ✅ All components validated (Git, PostgreSQL, cron, migrations)

Co-authored-by: ilia <ilia@levkin.ca>
Reviewed-on: #3

2026-01-01 11:19:54 -05:00

2 Commits