60 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
ilia	64f7273ddd	CI: fix Jinja2 recursion and license check ... - Fix recursive loop in configure_app.yml by using hardcoded defaults instead of self-referential variables (app_backend_port, etc.) - Whitelist BlueOak-1.0.0 license (for sax dependency) - All make test checks pass locally	2026-01-01 21:48:27 -05:00
ilia	a8c83d6efd	CI: fix vault/markdown/license errors ... - Remove ANSIBLE_VAULT_PASSWORD_FILE env (invalid /dev/null) - Fix markdown table spacing in docs/reference/*.md - Whitelist Python-2.0 license (argparse dependency)	2026-01-01 16:33:06 -05:00
ilia	84ad3fb56a	inventory: drop become password for root devGPU	2026-01-01 13:16:13 -05:00
ilia	c5f01d27de	CI: fix vault file detection; remove plaintext vault	2026-01-01 13:12:31 -05:00
ilia	5ad985d9f8	Update dependencies in package.json and package-lock.json ... - Upgrade markdownlint-cli2 to version 0.20.0 - Update various dependencies to their latest versions, ensuring compatibility with Node.js 20.x - Add new dependencies such as string-width and strip-ansi for improved functionality This change enhances the development environment by keeping dependencies up to date and ensuring compliance with the latest Node.js version requirements.	2026-01-01 13:11:34 -05:00
ilia	0322279ab0	CI: avoid vault requirement in lint/tests	2026-01-01 13:09:29 -05:00
ilia	e0996642bc	CI: fix triggers/conditions; make Sonar non-blocking	2026-01-01 13:03:47 -05:00
ilia	b69284f1c4	CI: enforce license check and ignore private root package	2026-01-01 12:59:18 -05:00
ilia	66d9f416c4	CI: improve Trivy dependency scan output	2026-01-01 12:48:56 -05:00
ilia	ffd4165d24	CI: validate playbooks with CI inventory; install collections	2026-01-01 12:39:36 -05:00
ilia	a176dd2365	Makefile: avoid vault errors when detecting current host	2026-01-01 12:19:07 -05:00
ilia	98e0fc0bed	Fix lint regressions after rebase	2026-01-01 12:10:45 -05:00
ilia	baf3e3de09	Refactor playbooks: servers/workstations, split monitoring, improve shell	2026-01-01 11:35:24 -05:00
ilia	69a39e5e5b	Add POTE app project support and improve IP conflict detection (#3) ... ## Summary This PR adds comprehensive support for deploying the **POTE** application project via Ansible, along with improvements to IP conflict detection and a new app stack provisioning system for Proxmox-managed LXC containers. ## Key Features ### 🆕 New Roles - **`roles/pote`**: Python/venv deployment role for POTE (PostgreSQL, cron jobs, Alembic migrations) - **`roles/app_setup`**: Generic app deployment role (Node.js/systemd) - **`roles/base_os`**: Base OS hardening role ### 🛡️ Safety Improvements - IP uniqueness validation within projects - Proxmox-side IP conflict detection - Enhanced error messages for IP conflicts ### 📦 New Playbooks - `playbooks/app/site.yml`: End-to-end app stack deployment - `playbooks/app/provision_vms.yml`: Proxmox guest provisioning - `playbooks/app/configure_app.yml`: OS + application configuration ## Security - ✅ All secrets stored in encrypted vault.yml - ✅ Deploy keys excluded via .gitignore - ✅ No plaintext secrets committed ## Testing - ✅ POTE successfully deployed to dev/qa/prod environments - ✅ All components validated (Git, PostgreSQL, cron, migrations) Co-authored-by: ilia <ilia@levkin.ca> Reviewed-on: #3	2026-01-01 11:19:54 -05:00
ilia	e897b1a027	Fix: Resolve linting errors and improve firewall configuration (#2) ... - Fix UFW firewall to allow outbound traffic (was blocking all outbound) - Add HOST parameter support to shell Makefile target - Fix all ansible-lint errors (trailing spaces, missing newlines, document starts) - Add changed_when: false to check commands - Fix variable naming (vault_devGPU -> vault_devgpu) - Update .ansible-lint config to exclude .gitea/ and allow strategy: free - Fix NodeSource repository GPG key handling in shell playbook - Add missing document starts to host_vars files - Clean up empty lines in datascience role files Reviewed-on: #2	2025-12-25 16:47:26 -05:00
ilia	95a301ae3f	Merge pull request 'Fix: Update CI workflow to use Alpine-based images, install Node.js and Trivy with improved methods, and enhance dependency scanning steps' (#1) from update-ci into master ... Reviewed-on: #1	2025-12-17 22:45:00 -05:00
ilia	c017ec6941	Fix: Update CI workflow to install a fixed version of Trivy for improved reliability and error handling during installation	2025-12-15 15:50:04 -05:00
ilia	9e7ef8159b	Fix: Update CI workflow to disable SCM in SonarScanner configuration for improved analysis accuracy	2025-12-15 15:36:15 -05:00
ilia	3828e04b13	Fix: Update CI workflow to install Git alongside Node.js and enhance SonarScanner installation process with improved error handling	2025-12-15 15:11:36 -05:00
ilia	d6655babd9	Refactor: Simplify connectivity analysis logic by breaking down into smaller helper functions for improved readability and maintainability	2025-12-15 14:55:10 -05:00
ilia	dc94395bbc	Fix: Enhance SonarScanner error handling in CI workflow with detailed failure messages and troubleshooting guidance	2025-12-14 21:35:52 -05:00
ilia	699aaefac3	Fix: Update CI workflow to improve SonarScanner installation process with enhanced error handling and version management	2025-12-14 21:21:26 -05:00
ilia	277a22d962	Fix: Clean up duplicate repository entries in application and development roles	2025-12-14 21:21:19 -05:00
ilia	83a5d988af	Fix: Update ansible-lint configuration to exclude specific paths and skip certain rules for improved linting flexibility	2025-12-14 21:04:45 -05:00
ilia	a45ee496e4	Fix: Update CI workflow to use Ubuntu 22.04 container, install Node.js and SonarScanner with improved methods, and enhance SonarQube connectivity verification	2025-12-14 20:51:36 -05:00
ilia	e54ecfefc1	Fix: Update CI workflow to enhance playbook syntax checking and improve SonarQube connectivity verification	2025-12-14 20:43:28 -05:00
ilia	f20b671e76	Fix: Update CI workflow to use Alpine-based images, install Node.js and Trivy with improved methods, and enhance dependency scanning steps	2025-12-14 20:28:06 -05:00
ilia	d0699d0b7a	Fix: Add SonarQube analysis to CI workflow and update host inventory for production environment	2025-12-14 20:10:38 -05:00
ilia	d4ce0a247d	Fix: Remove artifact upload, update Trivy flags, add workflow summary, and add git to shell role	2025-12-14 14:57:22 -05:00
ilia	0076155ef1	Fix: Improve Trivy installation with multiple fallback methods and better error handling	2025-12-14 09:06:53 -05:00
ilia	67a9b3ca2b	Fix: Check vault encryption header instead of decrypting files	2025-12-13 23:42:06 -05:00
ilia	6d14cf9253	Fix: Install git for Gitleaks and use direct Trivy binary download	2025-12-13 23:37:38 -05:00
ilia	a9ed19c9d2	Fix: Install Node.js in all Ubuntu containers for checkout action	2025-12-13 23:30:42 -05:00
ilia	1a565cc30e	Fix: Change all jobs to use ubuntu-latest label to match runner	2025-12-13 23:24:02 -05:00
ilia	8818de005f	Add comprehensive security scanning: SAST, license check, vault validation, playbook testing, and artifact uploads	2025-12-13 23:19:10 -05:00
ilia	990f886f02	Fix CI workflow: configure markdownlint, fix Node version, add Ansible validation	2025-12-13 23:13:40 -05:00
ilia	f3b34f3c95	Fix CI workflow: configure markdownlint and make link checking non-blocking	2025-12-13 23:06:26 -05:00
ilia	ba7d4eb5b3	Add CI workflow with markdown linting and self-hosted runner job	2025-12-13 23:00:58 -05:00
ilia	097fb33abc	Update inventory file to include new desktop host configuration ... - Add desktop-beast with ansible_host and ansible_user settings for improved access management. - Ensure consistent formatting and organization within the inventory file for better clarity. These changes enhance the inventory setup, facilitating smoother operations and management of desktop hosts within the infrastructure.	2025-10-15 15:52:30 -04:00
ilia	1fe27468a1	Update inventory file to standardize ansible_user settings for Gitea and other services ... - Adjust ansible_user for Gitea to 'root' for improved access control. - Ensure consistent ansible_user settings across all services, including Portainer, Jellyfin, and Listmonk, to streamline user management. These changes enhance the clarity and usability of the inventory setup, facilitating smoother operations across the infrastructure.	2025-10-10 09:23:40 -04:00
ilia	96f7c8a82a	Update inventory and shell configuration for improved host management ... - Adjust inventory file to standardize ansible_user settings for listmonk and jellyfin hosts, ensuring consistent user access across services. - Update .zshrc file to include SSH aliases for new hosts, enhancing accessibility for remote management. These changes streamline host management and improve the usability of SSH connections for infrastructure operations.	2025-10-09 21:43:29 -04:00
ilia	579f0709ce	Update Makefile and inventory configurations for improved task execution and organization ... - Refactor Makefile to enhance command structure, including clearer descriptions and usage examples for targets related to development, inventory, and monitoring tasks. - Update inventory files to ensure correct host configurations and user settings, including adjustments to ansible_user for specific hosts. - Modify group_vars to streamline Tailscale configuration and ensure proper handling of authentication keys. These changes improve the clarity and usability of the Makefile and inventory setup, facilitating smoother operations across the infrastructure.	2025-10-09 21:24:45 -04:00
ilia	e05b3aa0d5	Update ansible.cfg and auto-fallback script for improved connectivity handling ... - Modify ansible.cfg to increase SSH connection retries from 2 to 3 and add a connection timeout setting for better reliability. - Enhance auto-fallback.sh script to provide detailed feedback during IP connectivity tests, including clearer status messages for primary and fallback IP checks. - Update documentation to reflect changes in connectivity testing and fallback procedures. These updates improve the robustness of the connectivity testing process and ensure smoother operations during IP failover scenarios.	2025-09-16 23:00:32 -04:00
ilia	b424e9b55b	Add checks and conditional tasks for package management across roles ... - Introduce checks for existing GPG keys and repositories for Docker, NodeSource, and Tailscale to ensure correct configurations before installation. - Implement conditional removal of incorrect keys and repositories to maintain a clean setup. - Update Makefile to include a command for editing group vault variables. These changes enhance package management reliability and streamline the installation process across different roles.	2025-09-11 21:05:31 -04:00
ilia	c5ae3af9ac	Add tasks to manage repository files and ensure directory permissions ... - Clean up duplicate Brave repository files in applications role. - Ensure Ansible remote_tmp directory exists with correct permissions in base role. - Remove existing NodeSource repository files and create keyrings directory in development role. These changes improve package management and maintain a clean repository setup across roles.	2025-09-09 22:46:31 -04:00
ilia	cd12b02147	Add initial project structure with configuration files and playbooks for infrastructure management. Introduce .ansible-lint-ignore to manage linting exceptions for vault files. Create README.md and documentation for setup guides, including Tailscale and monitoring roles. Establish Makefile commands for streamlined execution of playbooks and tasks. Update inventory structure for better organization of hosts and variables.	2025-09-09 21:12:08 -04:00
ilia	4621ea4674	Add monitoring and backup roles, enhancing infrastructure management capabilities. Introduce Proxmox VM creation playbook for automated VM provisioning. Update Makefile with new commands for monitoring and backup tasks. Enhance README.md with detailed usage instructions for new features, including automated backups and system monitoring tools. Refactor existing roles for improved organization and clarity, ensuring compatibility across various systems.	2025-09-07 22:17:22 -04:00
ilia	00d660201a	Add Tailscale role and playbook for VPN setup across all machines. Update inventory to include Tailscale hosts and enhance Makefile with Tailscale-specific commands. Introduce documentation for Tailscale setup and Ansible Vault usage to securely manage authentication keys. Ensure compatibility with Debian, Ubuntu, and Alpine systems through role-specific tasks.	2025-09-03 20:37:28 -04:00
ilia	f85945c8f7	Update inventory and playbook configurations to reflect new host addresses and user settings. Modify the Makefile for improved maintenance task execution, including unified command options for maintenance operations. Enhance README.md with updated usage instructions for the maintenance system and clarify host group definitions. Adjust group_vars for maintenance settings, ensuring proper handling of reboot conditions and cache management.	2025-09-02 11:32:16 -04:00
ilia	5e4428447c	Enhance Ansible setup by introducing a Makefile for streamlined workflows, updating ansible.cfg for improved configuration, and adding .ansible/facts/ to .gitignore. Update README.md to include quick start instructions and usage examples for the Makefile. Refactor roles for SSH hardening, including comprehensive configuration options and security settings, while ensuring modern CLI tools are installed. Improve package management in the base role with additional utilities and symlink creation for compatibility.	2025-08-29 21:54:50 -04:00