ansible

Author	SHA1	Message	Date
ilia	85e475b36d	CI: fix remaining errors All checks were successful CI / skip-ci-check (pull_request) Successful in 1m18s Details CI / lint-and-test (pull_request) Successful in 1m23s Details CI / ansible-validation (pull_request) Successful in 3m2s Details CI / secret-scanning (pull_request) Successful in 1m20s Details CI / dependency-scan (pull_request) Successful in 1m24s Details CI / sast-scan (pull_request) Successful in 2m39s Details CI / license-check (pull_request) Successful in 1m24s Details CI / vault-check (pull_request) Successful in 2m19s Details CI / playbook-test (pull_request) Successful in 2m25s Details CI / container-scan (pull_request) Successful in 1m50s Details CI / sonar-analysis (pull_request) Successful in 2m33s Details CI / workflow-summary (pull_request) Successful in 1m17s Details - Whitelist 0BSD license (for tslib dependency) - Fix roles_path to use absolute path: /workspace/ilia/ansible/roles (relative 'roles' was searching in wrong directories) - Add Node.js install step before checkout in sonar-analysis job (actions/checkout@v4 requires node runtime) All make test and npm test checks pass locally	2026-01-01 22:01:40 -05:00
ilia	64f7273ddd	CI: fix Jinja2 recursion and license check Some checks failed CI / skip-ci-check (pull_request) Successful in 1m19s Details CI / lint-and-test (pull_request) Successful in 1m22s Details CI / ansible-validation (pull_request) Successful in 3m3s Details CI / secret-scanning (pull_request) Successful in 1m19s Details CI / dependency-scan (pull_request) Successful in 1m25s Details CI / sast-scan (pull_request) Successful in 2m35s Details CI / license-check (pull_request) Failing after 1m23s Details CI / vault-check (pull_request) Successful in 2m25s Details CI / playbook-test (pull_request) Failing after 2m20s Details CI / container-scan (pull_request) Successful in 1m50s Details CI / sonar-analysis (pull_request) Failing after 1m16s Details CI / workflow-summary (pull_request) Successful in 1m17s Details - Fix recursive loop in configure_app.yml by using hardcoded defaults instead of self-referential variables (app_backend_port, etc.) - Whitelist BlueOak-1.0.0 license (for sax dependency) - All make test checks pass locally	2026-01-01 21:48:27 -05:00
ilia	a8c83d6efd	CI: fix vault/markdown/license errors Some checks failed CI / skip-ci-check (pull_request) Successful in 1m18s Details CI / lint-and-test (pull_request) Successful in 1m28s Details CI / ansible-validation (pull_request) Failing after 3m4s Details CI / secret-scanning (pull_request) Successful in 1m20s Details CI / dependency-scan (pull_request) Successful in 1m24s Details CI / sast-scan (pull_request) Successful in 2m27s Details CI / license-check (pull_request) Failing after 1m22s Details CI / vault-check (pull_request) Successful in 2m14s Details CI / playbook-test (pull_request) Failing after 2m24s Details CI / container-scan (pull_request) Successful in 1m51s Details CI / sonar-analysis (pull_request) Failing after 1m17s Details CI / workflow-summary (pull_request) Successful in 1m17s Details - Remove ANSIBLE_VAULT_PASSWORD_FILE env (invalid /dev/null) - Fix markdown table spacing in docs/reference/*.md - Whitelist Python-2.0 license (argparse dependency)	2026-01-01 16:33:06 -05:00
ilia	c5f01d27de	CI: fix vault file detection; remove plaintext vault Some checks failed CI / skip-ci-check (pull_request) Successful in 1m18s Details CI / lint-and-test (pull_request) Failing after 1m19s Details CI / ansible-validation (pull_request) Failing after 2m51s Details CI / secret-scanning (pull_request) Successful in 1m19s Details CI / dependency-scan (pull_request) Successful in 1m24s Details CI / sast-scan (pull_request) Successful in 2m32s Details CI / license-check (pull_request) Failing after 1m23s Details CI / vault-check (pull_request) Successful in 2m14s Details CI / playbook-test (pull_request) Failing after 2m27s Details CI / container-scan (pull_request) Successful in 1m49s Details CI / sonar-analysis (pull_request) Failing after 1m16s Details CI / workflow-summary (pull_request) Successful in 1m17s Details	2026-01-01 13:12:31 -05:00
ilia	0322279ab0	CI: avoid vault requirement in lint/tests Some checks failed CI / skip-ci-check (pull_request) Successful in 1m17s Details CI / lint-and-test (pull_request) Successful in 1m22s Details CI / ansible-validation (pull_request) Failing after 2m48s Details CI / secret-scanning (pull_request) Successful in 1m19s Details CI / dependency-scan (pull_request) Successful in 1m24s Details CI / sast-scan (pull_request) Successful in 2m34s Details CI / license-check (pull_request) Failing after 1m22s Details CI / vault-check (pull_request) Failing after 2m20s Details CI / playbook-test (pull_request) Failing after 2m19s Details CI / container-scan (pull_request) Successful in 1m50s Details CI / sonar-analysis (pull_request) Failing after 1m16s Details CI / workflow-summary (pull_request) Successful in 1m16s Details	2026-01-01 13:09:29 -05:00
ilia	e0996642bc	CI: fix triggers/conditions; make Sonar non-blocking Some checks failed CI / skip-ci-check (pull_request) Successful in 1m17s Details CI / lint-and-test (pull_request) Successful in 1m22s Details CI / ansible-validation (pull_request) Failing after 2m51s Details CI / secret-scanning (pull_request) Successful in 1m19s Details CI / dependency-scan (pull_request) Successful in 1m24s Details CI / sast-scan (pull_request) Successful in 2m42s Details CI / license-check (pull_request) Failing after 1m23s Details CI / vault-check (pull_request) Failing after 2m17s Details CI / playbook-test (pull_request) Failing after 2m23s Details CI / container-scan (pull_request) Successful in 1m52s Details CI / sonar-analysis (pull_request) Failing after 1m16s Details CI / workflow-summary (pull_request) Successful in 1m17s Details	2026-01-01 13:03:47 -05:00
ilia	b69284f1c4	CI: enforce license check and ignore private root package	2026-01-01 12:59:18 -05:00
ilia	66d9f416c4	CI: improve Trivy dependency scan output	2026-01-01 12:48:56 -05:00
ilia	ffd4165d24	CI: validate playbooks with CI inventory; install collections	2026-01-01 12:39:36 -05:00
ilia	baf3e3de09	Refactor playbooks: servers/workstations, split monitoring, improve shell	2026-01-01 11:35:24 -05:00
ilia	69a39e5e5b	Add POTE app project support and improve IP conflict detection (#3 ) ## Summary This PR adds comprehensive support for deploying the POTE application project via Ansible, along with improvements to IP conflict detection and a new app stack provisioning system for Proxmox-managed LXC containers. ## Key Features ### 🆕 New Roles - `roles/pote`: Python/venv deployment role for POTE (PostgreSQL, cron jobs, Alembic migrations) - `roles/app_setup`: Generic app deployment role (Node.js/systemd) - `roles/base_os`: Base OS hardening role ### 🛡️ Safety Improvements - IP uniqueness validation within projects - Proxmox-side IP conflict detection - Enhanced error messages for IP conflicts ### 📦 New Playbooks - `playbooks/app/site.yml`: End-to-end app stack deployment - `playbooks/app/provision_vms.yml`: Proxmox guest provisioning - `playbooks/app/configure_app.yml`: OS + application configuration ## Security - ✅ All secrets stored in encrypted vault.yml - ✅ Deploy keys excluded via .gitignore - ✅ No plaintext secrets committed ## Testing - ✅ POTE successfully deployed to dev/qa/prod environments - ✅ All components validated (Git, PostgreSQL, cron, migrations) Co-authored-by: ilia <ilia@levkin.ca> Reviewed-on: #3	2026-01-01 11:19:54 -05:00
ilia	e897b1a027	Fix: Resolve linting errors and improve firewall configuration (#2 ) Some checks failed CI / lint-and-test (push) Successful in 1m16s Details CI / ansible-validation (push) Successful in 5m49s Details CI / secret-scanning (push) Successful in 1m33s Details CI / dependency-scan (push) Successful in 2m48s Details CI / sast-scan (push) Successful in 5m46s Details CI / license-check (push) Successful in 1m11s Details CI / vault-check (push) Failing after 5m25s Details CI / playbook-test (push) Successful in 5m32s Details CI / container-scan (push) Successful in 4m32s Details CI / sonar-analysis (push) Successful in 6m53s Details CI / workflow-summary (push) Successful in 1m6s Details - Fix UFW firewall to allow outbound traffic (was blocking all outbound) - Add HOST parameter support to shell Makefile target - Fix all ansible-lint errors (trailing spaces, missing newlines, document starts) - Add changed_when: false to check commands - Fix variable naming (vault_devGPU -> vault_devgpu) - Update .ansible-lint config to exclude .gitea/ and allow strategy: free - Fix NodeSource repository GPG key handling in shell playbook - Add missing document starts to host_vars files - Clean up empty lines in datascience role files Reviewed-on: #2	2025-12-25 16:47:26 -05:00
ilia	c017ec6941	Fix: Update CI workflow to install a fixed version of Trivy for improved reliability and error handling during installation All checks were successful CI / lint-and-test (pull_request) Successful in 1m2s Details CI / ansible-validation (pull_request) Successful in 3m6s Details CI / secret-scanning (pull_request) Successful in 56s Details CI / dependency-scan (pull_request) Successful in 1m0s Details CI / sast-scan (pull_request) Successful in 2m13s Details CI / license-check (pull_request) Successful in 57s Details CI / vault-check (pull_request) Successful in 2m8s Details CI / playbook-test (pull_request) Successful in 2m2s Details CI / container-scan (pull_request) Successful in 1m26s Details CI / sonar-analysis (pull_request) Successful in 2m3s Details CI / workflow-summary (pull_request) Successful in 52s Details	2025-12-15 15:50:04 -05:00
ilia	9e7ef8159b	Fix: Update CI workflow to disable SCM in SonarScanner configuration for improved analysis accuracy Some checks failed CI / lint-and-test (pull_request) Successful in 57s Details CI / ansible-validation (pull_request) Successful in 2m20s Details CI / secret-scanning (pull_request) Successful in 54s Details CI / dependency-scan (pull_request) Successful in 59s Details CI / sast-scan (pull_request) Successful in 2m26s Details CI / license-check (pull_request) Successful in 57s Details CI / vault-check (pull_request) Successful in 2m34s Details CI / playbook-test (pull_request) Successful in 2m37s Details CI / container-scan (pull_request) Failing after 1m42s Details CI / sonar-analysis (pull_request) Successful in 2m18s Details CI / workflow-summary (pull_request) Successful in 52s Details	2025-12-15 15:36:15 -05:00
ilia	3828e04b13	Fix: Update CI workflow to install Git alongside Node.js and enhance SonarScanner installation process with improved error handling All checks were successful CI / lint-and-test (pull_request) Successful in 59s Details CI / ansible-validation (pull_request) Successful in 3m32s Details CI / secret-scanning (pull_request) Successful in 56s Details CI / dependency-scan (pull_request) Successful in 1m3s Details CI / sast-scan (pull_request) Successful in 2m54s Details CI / license-check (pull_request) Successful in 59s Details CI / vault-check (pull_request) Successful in 2m43s Details CI / playbook-test (pull_request) Successful in 3m7s Details CI / container-scan (pull_request) Successful in 1m54s Details CI / sonar-analysis (pull_request) Successful in 2m5s Details CI / workflow-summary (pull_request) Successful in 52s Details	2025-12-15 15:11:36 -05:00
ilia	d6655babd9	Refactor: Simplify connectivity analysis logic by breaking down into smaller helper functions for improved readability and maintainability All checks were successful CI / lint-and-test (pull_request) Successful in 1m0s Details CI / ansible-validation (pull_request) Successful in 2m12s Details CI / secret-scanning (pull_request) Successful in 54s Details CI / dependency-scan (pull_request) Successful in 58s Details CI / sast-scan (pull_request) Successful in 2m58s Details CI / license-check (pull_request) Successful in 59s Details CI / vault-check (pull_request) Successful in 2m50s Details CI / playbook-test (pull_request) Successful in 2m42s Details CI / container-scan (pull_request) Successful in 1m44s Details CI / sonar-analysis (pull_request) Successful in 2m12s Details CI / workflow-summary (pull_request) Successful in 51s Details	2025-12-15 14:55:10 -05:00
ilia	dc94395bbc	Fix: Enhance SonarScanner error handling in CI workflow with detailed failure messages and troubleshooting guidance All checks were successful CI / lint-and-test (pull_request) Successful in 57s Details CI / ansible-validation (pull_request) Successful in 2m20s Details CI / secret-scanning (pull_request) Successful in 53s Details CI / dependency-scan (pull_request) Successful in 58s Details CI / sast-scan (pull_request) Successful in 2m14s Details CI / license-check (pull_request) Successful in 55s Details CI / vault-check (pull_request) Successful in 2m9s Details CI / playbook-test (pull_request) Successful in 2m4s Details CI / container-scan (pull_request) Successful in 1m27s Details CI / sonar-analysis (pull_request) Successful in 2m5s Details CI / workflow-summary (pull_request) Successful in 51s Details	2025-12-14 21:35:52 -05:00
ilia	699aaefac3	Fix: Update CI workflow to improve SonarScanner installation process with enhanced error handling and version management All checks were successful CI / lint-and-test (pull_request) Successful in 57s Details CI / ansible-validation (pull_request) Successful in 2m16s Details CI / secret-scanning (pull_request) Successful in 53s Details CI / dependency-scan (pull_request) Successful in 57s Details CI / sast-scan (pull_request) Successful in 2m5s Details CI / license-check (pull_request) Successful in 54s Details CI / vault-check (pull_request) Successful in 1m53s Details CI / playbook-test (pull_request) Successful in 2m20s Details CI / container-scan (pull_request) Successful in 1m35s Details CI / sonar-analysis (pull_request) Successful in 2m16s Details CI / workflow-summary (pull_request) Successful in 51s Details	2025-12-14 21:21:26 -05:00
ilia	83a5d988af	Fix: Update ansible-lint configuration to exclude specific paths and skip certain rules for improved linting flexibility Some checks failed CI / lint-and-test (pull_request) Successful in 58s Details CI / ansible-validation (pull_request) Successful in 2m17s Details CI / secret-scanning (pull_request) Successful in 53s Details CI / dependency-scan (pull_request) Successful in 57s Details CI / sast-scan (pull_request) Successful in 2m17s Details CI / license-check (pull_request) Successful in 55s Details CI / vault-check (pull_request) Successful in 2m20s Details CI / playbook-test (pull_request) Successful in 2m16s Details CI / container-scan (pull_request) Successful in 1m25s Details CI / sonar-analysis (pull_request) Failing after 1m56s Details CI / workflow-summary (pull_request) Successful in 50s Details	2025-12-14 21:04:45 -05:00
ilia	a45ee496e4	Fix: Update CI workflow to use Ubuntu 22.04 container, install Node.js and SonarScanner with improved methods, and enhance SonarQube connectivity verification Some checks failed CI / lint-and-test (pull_request) Successful in 57s Details CI / ansible-validation (pull_request) Successful in 2m6s Details CI / secret-scanning (pull_request) Successful in 53s Details CI / dependency-scan (pull_request) Successful in 57s Details CI / sast-scan (pull_request) Successful in 1m55s Details CI / license-check (pull_request) Successful in 54s Details CI / vault-check (pull_request) Successful in 1m58s Details CI / playbook-test (pull_request) Successful in 1m58s Details CI / container-scan (pull_request) Successful in 1m31s Details CI / sonar-analysis (pull_request) Failing after 2m36s Details CI / workflow-summary (pull_request) Successful in 50s Details	2025-12-14 20:51:36 -05:00
ilia	e54ecfefc1	Fix: Update CI workflow to enhance playbook syntax checking and improve SonarQube connectivity verification Some checks failed CI / lint-and-test (pull_request) Successful in 58s Details CI / ansible-validation (pull_request) Successful in 2m15s Details CI / secret-scanning (pull_request) Successful in 54s Details CI / dependency-scan (pull_request) Successful in 58s Details CI / sast-scan (pull_request) Successful in 2m11s Details CI / license-check (pull_request) Successful in 54s Details CI / vault-check (pull_request) Successful in 1m54s Details CI / playbook-test (pull_request) Successful in 1m52s Details CI / container-scan (pull_request) Successful in 1m27s Details CI / sonar-analysis (pull_request) Failing after 50s Details CI / workflow-summary (pull_request) Successful in 50s Details	2025-12-14 20:43:28 -05:00
ilia	f20b671e76	Fix: Update CI workflow to use Alpine-based images, install Node.js and Trivy with improved methods, and enhance dependency scanning steps Some checks failed CI / lint-and-test (pull_request) Successful in 56s Details CI / ansible-validation (pull_request) Successful in 2m19s Details CI / secret-scanning (pull_request) Successful in 55s Details CI / dependency-scan (pull_request) Successful in 1m0s Details CI / sast-scan (pull_request) Successful in 2m7s Details CI / license-check (pull_request) Successful in 54s Details CI / vault-check (pull_request) Successful in 2m0s Details CI / playbook-test (pull_request) Successful in 1m58s Details CI / container-scan (pull_request) Successful in 1m32s Details CI / sonar-analysis (pull_request) Failing after 50s Details CI / workflow-summary (pull_request) Successful in 50s Details	2025-12-14 20:28:06 -05:00
ilia	d0699d0b7a	Fix: Add SonarQube analysis to CI workflow and update host inventory for production environment Some checks failed CI / lint-and-test (push) Successful in 57s Details CI / ansible-validation (push) Successful in 2m26s Details CI / secret-scanning (push) Successful in 1m27s Details CI / dependency-scan (push) Successful in 1m32s Details CI / sast-scan (push) Successful in 2m6s Details CI / license-check (push) Successful in 54s Details CI / vault-check (push) Successful in 2m27s Details CI / playbook-test (push) Successful in 2m23s Details CI / container-scan (push) Successful in 1m33s Details CI / sonar-analysis (push) Failing after 1m6s Details CI / workflow-summary (push) Successful in 51s Details	2025-12-14 20:10:38 -05:00
ilia	d4ce0a247d	Fix: Remove artifact upload, update Trivy flags, add workflow summary, and add git to shell role All checks were successful CI / lint-and-test (push) Successful in 57s Details CI / ansible-validation (push) Successful in 2m12s Details CI / secret-scanning (push) Successful in 1m24s Details CI / dependency-scan (push) Successful in 1m29s Details CI / sast-scan (push) Successful in 1m53s Details CI / license-check (push) Successful in 52s Details CI / vault-check (push) Successful in 1m50s Details CI / playbook-test (push) Successful in 1m53s Details CI / container-scan (push) Successful in 1m23s Details CI / workflow-summary (push) Successful in 1m14s Details	2025-12-14 14:57:22 -05:00
ilia	0076155ef1	Fix: Improve Trivy installation with multiple fallback methods and better error handling Some checks failed CI / lint-and-test (push) Successful in 56s Details CI / ansible-validation (push) Successful in 2m19s Details CI / secret-scanning (push) Successful in 1m28s Details CI / dependency-scan (push) Failing after 1m30s Details CI / sast-scan (push) Successful in 2m28s Details CI / license-check (push) Successful in 53s Details CI / vault-check (push) Successful in 1m53s Details CI / playbook-test (push) Successful in 1m57s Details CI / container-scan (push) Successful in 1m24s Details	2025-12-14 09:06:53 -05:00
ilia	67a9b3ca2b	Fix: Check vault encryption header instead of decrypting files Some checks failed CI / lint-and-test (push) Successful in 54s Details CI / ansible-validation (push) Successful in 2m20s Details CI / secret-scanning (push) Successful in 1m26s Details CI / dependency-scan (push) Failing after 1m21s Details CI / sast-scan (push) Successful in 2m4s Details CI / license-check (push) Successful in 53s Details CI / vault-check (push) Successful in 2m0s Details CI / playbook-test (push) Successful in 1m56s Details CI / container-scan (push) Failing after 1m13s Details	2025-12-13 23:42:06 -05:00
ilia	6d14cf9253	Fix: Install git for Gitleaks and use direct Trivy binary download Some checks failed CI / lint-and-test (push) Successful in 55s Details CI / secret-scanning (push) Has been cancelled Details CI / dependency-scan (push) Has been cancelled Details CI / sast-scan (push) Has been cancelled Details CI / license-check (push) Has been cancelled Details CI / vault-check (push) Has been cancelled Details CI / playbook-test (push) Has been cancelled Details CI / container-scan (push) Has been cancelled Details CI / ansible-validation (push) Has been cancelled Details	2025-12-13 23:37:38 -05:00
ilia	a9ed19c9d2	Fix: Install Node.js in all Ubuntu containers for checkout action Some checks failed CI / lint-and-test (push) Successful in 58s Details CI / ansible-validation (push) Successful in 3m13s Details CI / secret-scanning (push) Failing after 1m21s Details CI / dependency-scan (push) Failing after 1m20s Details CI / sast-scan (push) Successful in 2m25s Details CI / license-check (push) Successful in 55s Details CI / vault-check (push) Failing after 2m44s Details CI / playbook-test (push) Successful in 2m28s Details CI / container-scan (push) Failing after 1m24s Details	2025-12-13 23:30:42 -05:00
ilia	1a565cc30e	Fix: Change all jobs to use ubuntu-latest label to match runner Some checks failed CI / lint-and-test (push) Successful in 58s Details CI / ansible-validation (push) Failing after 54s Details CI / secret-scanning (push) Failing after 47s Details CI / dependency-scan (push) Failing after 1m5s Details CI / sast-scan (push) Failing after 1m11s Details CI / license-check (push) Successful in 56s Details CI / vault-check (push) Failing after 49s Details CI / playbook-test (push) Failing after 49s Details CI / container-scan (push) Failing after 50s Details	2025-12-13 23:24:02 -05:00
ilia	8818de005f	Add comprehensive security scanning: SAST, license check, vault validation, playbook testing, and artifact uploads Some checks failed CI / lint-and-test (push) Successful in 1m0s Details CI / ansible-validation (push) Has been cancelled Details CI / secret-scanning (push) Has been cancelled Details CI / dependency-scan (push) Has been cancelled Details CI / sast-scan (push) Has been cancelled Details CI / license-check (push) Has been cancelled Details CI / vault-check (push) Has been cancelled Details CI / playbook-test (push) Has been cancelled Details CI / container-scan (push) Has been cancelled Details	2025-12-13 23:19:10 -05:00
ilia	990f886f02	Fix CI workflow: configure markdownlint, fix Node version, add Ansible validation Some checks failed CI / lint-and-test (push) Successful in 59s Details CI / ansible-validation (push) Has been cancelled Details	2025-12-13 23:13:40 -05:00
ilia	f3b34f3c95	Fix CI workflow: configure markdownlint and make link checking non-blocking Some checks failed CI / lint-and-test (push) Successful in 59s Details CI / build-and-test (push) Has been cancelled Details	2025-12-13 23:06:26 -05:00
ilia	ba7d4eb5b3	Add CI workflow with markdown linting and self-hosted runner job Some checks failed CI / lint-and-test (push) Failing after 1m17s Details CI / build-and-test (push) Has been cancelled Details	2025-12-13 23:00:58 -05:00

33 Commits