5 Commits

Author	SHA1	Message	Date
ilia	62a22812a3	refactor(inventory): Update punimTag project configurations and environment variables ... - Renamed punimTagFE to punimTag for consistency in project naming. - Updated environment variable configurations for punimTag, including backend and frontend settings. - Added backend support for punimTag with appropriate commands for deployment and migration. - Adjusted environment variables for dev, qa, and prod environments to reflect new project structure. - Ensured all changes maintain backward compatibility with existing configurations. This refactor aims to streamline the project setup and improve clarity in the inventory structure.	2026-01-10 15:19:07 -05:00
ilia	0a937fd1b4	feat(app_setup): Improves deployment reliability for app projects and adds support for mirrormatch deployment with Prisma/Next.js requirements. (#5) ... ## Summary Improves deployment reliability for app projects and adds support for mirrormatch deployment with Prisma/Next.js requirements. ## Changes ### Core Improvements (affects all app projects) 1. **Deploy Script (`deploy_app.sh.j2`)** - Fixed clone logic to handle non-git directories gracefully - Preserves `.env.*` files during repository clone - Uses temporary directory for initial clone to avoid permission issues - Added `sudo` to systemctl restart commands (appuser needs sudo for service management) 2. **Environment Template (`env.j2`)** - Removed comment lines to prevent `xargs` errors when sourcing env files - Cleaner, more reliable env file format 3. **App Setup Role (`app_setup/tasks/main.yml`)** - Added initial deploy task to run deploy script during first configure - Ensures app is fully deployed before systemd service starts 4. **Configure Playbook (`configure_app.yml`)** - Fixed migrate command precedence: checks `env_def.backend_migrate_cmd` first - Allows per-environment override of migrate commands (e.g., `db:push` for dev/qa) ### Mirrormatch-Specific Configuration - Added `mirrormatch` project definition with dev/qa/prod environments - Configured `backend_migrate_cmd: "npm run db:push"` for dev/qa (no shadow DB needed) - Added `backend_seed_cmd` support for dev/qa environments - Configured NextAuth v5 environment variables (`AUTH_TRUST_HOST`) ### Documentation - Updated `docs/guides/app_stack_proxmox.md` with: - Project-specific configuration examples - Environment file naming notes - Command precedence documentation ## Impact Analysis ### ✅ Backward Compatible - **pote**: No impact (uses separate `pote` role) - **punimTagFE/BE**: Will benefit from improved deploy script, no breaking changes - **mirrormatch**: Uses new features, fully supported ### Project-Specific Configs (isolated) All mirrormatch-specific settings are in `app_projects.mirrormatch` and don't affect other projects: - `backend_migrate_cmd: "npm run db:push"` (per-environment) - `backend_seed_cmd: "npm run db:seed"` (per-environment) - `AUTH_TRUST_HOST: "true"` (in env_vars) ## Testing - ✅ Mirrormatch dev environment successfully deployed - ✅ Service starts correctly after deployment - ✅ Environment variables loaded properly - ✅ Database schema pushed and seeded ## Related Fixes deployment issues encountered during mirrormatch setup: - Non-git directory handling - Env file preservation during clone - Service restart permissions - Prisma migrate vs db:push workflow Reviewed-on: #5	2026-01-04 16:59:48 -05:00
ilia	69a39e5e5b	Add POTE app project support and improve IP conflict detection (#3) ... ## Summary This PR adds comprehensive support for deploying the **POTE** application project via Ansible, along with improvements to IP conflict detection and a new app stack provisioning system for Proxmox-managed LXC containers. ## Key Features ### 🆕 New Roles - **`roles/pote`**: Python/venv deployment role for POTE (PostgreSQL, cron jobs, Alembic migrations) - **`roles/app_setup`**: Generic app deployment role (Node.js/systemd) - **`roles/base_os`**: Base OS hardening role ### 🛡️ Safety Improvements - IP uniqueness validation within projects - Proxmox-side IP conflict detection - Enhanced error messages for IP conflicts ### 📦 New Playbooks - `playbooks/app/site.yml`: End-to-end app stack deployment - `playbooks/app/provision_vms.yml`: Proxmox guest provisioning - `playbooks/app/configure_app.yml`: OS + application configuration ## Security - ✅ All secrets stored in encrypted vault.yml - ✅ Deploy keys excluded via .gitignore - ✅ No plaintext secrets committed ## Testing - ✅ POTE successfully deployed to dev/qa/prod environments - ✅ All components validated (Git, PostgreSQL, cron, migrations) Co-authored-by: ilia <ilia@levkin.ca> Reviewed-on: #3	2026-01-01 11:19:54 -05:00
ilia	579f0709ce	Update Makefile and inventory configurations for improved task execution and organization ... - Refactor Makefile to enhance command structure, including clearer descriptions and usage examples for targets related to development, inventory, and monitoring tasks. - Update inventory files to ensure correct host configurations and user settings, including adjustments to ansible_user for specific hosts. - Modify group_vars to streamline Tailscale configuration and ensure proper handling of authentication keys. These changes improve the clarity and usability of the Makefile and inventory setup, facilitating smoother operations across the infrastructure.	2025-10-09 21:24:45 -04:00
ilia	cd12b02147	Add initial project structure with configuration files and playbooks for infrastructure management. Introduce .ansible-lint-ignore to manage linting exceptions for vault files. Create README.md and documentation for setup guides, including Tailscale and monitoring roles. Establish Makefile commands for streamlined execution of playbooks and tasks. Update inventory structure for better organization of hosts and variables.	2025-09-09 21:12:08 -04:00