9ea1090d02
Update CI workflow to exclude example vault files from validation and add host variables for dev02
...
CI / lint-and-test (pull_request) Successful in 1m21s
CI / ansible-validation (pull_request) Successful in 8m50s
CI / secret-scanning (pull_request) Successful in 2m49s
CI / dependency-scan (pull_request) Successful in 6m8s
CI / sast-scan (pull_request) Successful in 6m31s
CI / license-check (pull_request) Successful in 1m16s
CI / vault-check (pull_request) Successful in 5m34s
CI / playbook-test (pull_request) Successful in 5m33s
CI / container-scan (pull_request) Failing after 2m51s
CI / sonar-analysis (pull_request) Failing after 1m10s
CI / workflow-summary (pull_request) Successful in 1m11s
- Modify CI workflow to filter out example vault files during encryption validation
- Add new host variables for dev02, including sudo configuration and shell user settings
- Disable installation of data science stack components for dev02
2025-12-28 21:31:02 -05:00
ilia
c7a300b922
Add POTE app project support and improve IP conflict detection
...
CI / lint-and-test (pull_request) Successful in 1m21s
CI / ansible-validation (pull_request) Successful in 9m3s
CI / secret-scanning (pull_request) Successful in 3m19s
CI / dependency-scan (pull_request) Successful in 7m13s
CI / sast-scan (pull_request) Successful in 6m38s
CI / license-check (pull_request) Successful in 1m16s
CI / vault-check (pull_request) Failing after 6m40s
CI / playbook-test (pull_request) Successful in 9m28s
CI / container-scan (pull_request) Successful in 7m59s
CI / sonar-analysis (pull_request) Failing after 1m11s
CI / workflow-summary (pull_request) Successful in 1m11s
- Add roles/pote: Python/venv deployment role with PostgreSQL, cron jobs
- Add playbooks/app/: Proxmox app stack provisioning and configuration
- Add roles/app_setup: Generic app deployment role (Node.js/systemd)
- Add roles/base_os: Base OS hardening role
- Enhance roles/proxmox_vm: Split LXC/KVM tasks, improve error handling
- Add IP uniqueness validation: Preflight check for duplicate IPs within projects
- Add Proxmox-side IP conflict detection: Check existing LXC net0 configs
- Update inventories/production/group_vars/all/main.yml: Add pote project config
- Add vault.example.yml: Template for POTE secrets (git key, DB, SMTP)
- Update .gitignore: Exclude deploy keys, backup files, and other secrets
- Update documentation: README, role docs, execution flow guides
Security:
- All secrets stored in encrypted vault.yml (never committed in plaintext)
- Deploy keys excluded via .gitignore
- IP conflict guardrails prevent accidental duplicate IP assignments
2025-12-28 20:54:50 -05:00
ilia
f20b671e76
Fix: Update CI workflow to use Alpine-based images, install Node.js and Trivy with improved methods, and enhance dependency scanning steps
CI / lint-and-test (pull_request) Successful in 56s
CI / ansible-validation (pull_request) Successful in 2m19s
CI / secret-scanning (pull_request) Successful in 55s
CI / dependency-scan (pull_request) Successful in 1m0s
CI / sast-scan (pull_request) Successful in 2m7s
CI / license-check (pull_request) Successful in 54s
CI / vault-check (pull_request) Successful in 2m0s
CI / playbook-test (pull_request) Successful in 1m58s
CI / container-scan (pull_request) Successful in 1m32s
CI / sonar-analysis (pull_request) Failing after 50s
CI / workflow-summary (pull_request) Successful in 50s
2025-12-14 20:28:06 -05:00
ilia
d0699d0b7a
Fix: Add SonarQube analysis to CI workflow and update host inventory for production environment
CI / lint-and-test (push) Successful in 57s
CI / ansible-validation (push) Successful in 2m26s
CI / secret-scanning (push) Successful in 1m27s
CI / dependency-scan (push) Successful in 1m32s
CI / sast-scan (push) Successful in 2m6s
CI / license-check (push) Successful in 54s
CI / vault-check (push) Successful in 2m27s
CI / playbook-test (push) Successful in 2m23s
CI / container-scan (push) Successful in 1m33s
CI / sonar-analysis (push) Failing after 1m6s
CI / workflow-summary (push) Successful in 51s
2025-12-14 20:10:38 -05:00
ilia
d4ce0a247d
Fix: Remove artifact upload, update Trivy flags, add workflow summary, and add git to shell role
CI / lint-and-test (push) Successful in 57s
CI / ansible-validation (push) Successful in 2m12s
CI / secret-scanning (push) Successful in 1m24s
CI / dependency-scan (push) Successful in 1m29s
CI / sast-scan (push) Successful in 1m53s
CI / license-check (push) Successful in 52s
CI / vault-check (push) Successful in 1m50s
CI / playbook-test (push) Successful in 1m53s
CI / container-scan (push) Successful in 1m23s
CI / workflow-summary (push) Successful in 1m14s
2025-12-14 14:57:22 -05:00
ilia
0076155ef1
Fix: Improve Trivy installation with multiple fallback methods and better error handling
CI / lint-and-test (push) Successful in 56s
CI / ansible-validation (push) Successful in 2m19s
CI / secret-scanning (push) Successful in 1m28s
CI / dependency-scan (push) Failing after 1m30s
CI / sast-scan (push) Successful in 2m28s
CI / license-check (push) Successful in 53s
CI / vault-check (push) Successful in 1m53s
CI / playbook-test (push) Successful in 1m57s
CI / container-scan (push) Successful in 1m24s
2025-12-14 09:06:53 -05:00
ilia
67a9b3ca2b
Fix: Check vault encryption header instead of decrypting files
CI / lint-and-test (push) Successful in 54s
CI / ansible-validation (push) Successful in 2m20s
CI / secret-scanning (push) Successful in 1m26s
CI / dependency-scan (push) Failing after 1m21s
CI / sast-scan (push) Successful in 2m4s
CI / license-check (push) Successful in 53s
CI / vault-check (push) Successful in 2m0s
CI / playbook-test (push) Successful in 1m56s
CI / container-scan (push) Failing after 1m13s
2025-12-13 23:42:06 -05:00
ilia
6d14cf9253
Fix: Install git for Gitleaks and use direct Trivy binary download
CI / lint-and-test (push) Successful in 55s
CI / secret-scanning (push) Has been cancelled
CI / dependency-scan (push) Has been cancelled
CI / sast-scan (push) Has been cancelled
CI / license-check (push) Has been cancelled
CI / vault-check (push) Has been cancelled
CI / playbook-test (push) Has been cancelled
CI / container-scan (push) Has been cancelled
CI / ansible-validation (push) Has been cancelled
2025-12-13 23:37:38 -05:00
ilia
a9ed19c9d2
Fix: Install Node.js in all Ubuntu containers for checkout action
CI / lint-and-test (push) Successful in 58s
CI / ansible-validation (push) Successful in 3m13s
CI / secret-scanning (push) Failing after 1m21s
CI / dependency-scan (push) Failing after 1m20s
CI / sast-scan (push) Successful in 2m25s
CI / license-check (push) Successful in 55s
CI / vault-check (push) Failing after 2m44s
CI / playbook-test (push) Successful in 2m28s
CI / container-scan (push) Failing after 1m24s
2025-12-13 23:30:42 -05:00
ilia
1a565cc30e
Fix: Change all jobs to use ubuntu-latest label to match runner
CI / lint-and-test (push) Successful in 58s
CI / ansible-validation (push) Failing after 54s
CI / secret-scanning (push) Failing after 47s
CI / dependency-scan (push) Failing after 1m5s
CI / sast-scan (push) Failing after 1m11s
CI / license-check (push) Successful in 56s
CI / vault-check (push) Failing after 49s
CI / playbook-test (push) Failing after 49s
CI / container-scan (push) Failing after 50s
2025-12-13 23:24:02 -05:00
ilia
8818de005f
Add comprehensive security scanning: SAST, license check, vault validation, playbook testing, and artifact uploads
CI / lint-and-test (push) Successful in 1m0s
CI / ansible-validation (push) Has been cancelled
CI / secret-scanning (push) Has been cancelled
CI / dependency-scan (push) Has been cancelled
CI / sast-scan (push) Has been cancelled
CI / license-check (push) Has been cancelled
CI / vault-check (push) Has been cancelled
CI / playbook-test (push) Has been cancelled
CI / container-scan (push) Has been cancelled
2025-12-13 23:19:10 -05:00
ilia
990f886f02
Fix CI workflow: configure markdownlint, fix Node version, add Ansible validation
CI / lint-and-test (push) Successful in 59s
CI / ansible-validation (push) Has been cancelled
2025-12-13 23:13:40 -05:00
ilia
f3b34f3c95
Fix CI workflow: configure markdownlint and make link checking non-blocking
CI / lint-and-test (push) Successful in 59s
CI / build-and-test (push) Has been cancelled
2025-12-13 23:06:26 -05:00
ilia
ba7d4eb5b3
Add CI workflow with markdown linting and self-hosted runner job
CI / lint-and-test (push) Failing after 1m17s
CI / build-and-test (push) Has been cancelled
2025-12-13 23:00:58 -05:00
ilia
097fb33abc
Update inventory file to include new desktop host configuration
...
- Add desktop-beast with ansible_host and ansible_user settings for improved access management.
- Ensure consistent formatting and organization within the inventory file for better clarity.
These changes enhance the inventory setup, facilitating smoother operations and management of desktop hosts within the infrastructure.
2025-10-15 15:52:30 -04:00
ilia
1fe27468a1
Update inventory file to standardize ansible_user settings for Gitea and other services
...
- Adjust ansible_user for Gitea to 'root' for improved access control.
- Ensure consistent ansible_user settings across all services, including Portainer, Jellyfin, and Listmonk, to streamline user management.
These changes enhance the clarity and usability of the inventory setup, facilitating smoother operations across the infrastructure.
2025-10-10 09:23:40 -04:00
ilia
96f7c8a82a
Update inventory and shell configuration for improved host management
...
- Adjust inventory file to standardize ansible_user settings for listmonk and jellyfin hosts, ensuring consistent user access across services.
- Update .zshrc file to include SSH aliases for new hosts, enhancing accessibility for remote management.
These changes streamline host management and improve the usability of SSH connections for infrastructure operations.
2025-10-09 21:43:29 -04:00
ilia
579f0709ce
Update Makefile and inventory configurations for improved task execution and organization
...
- Refactor Makefile to enhance command structure, including clearer descriptions and usage examples for targets related to development, inventory, and monitoring tasks.
- Update inventory files to ensure correct host configurations and user settings, including adjustments to ansible_user for specific hosts.
- Modify group_vars to streamline Tailscale configuration and ensure proper handling of authentication keys.
These changes improve the clarity and usability of the Makefile and inventory setup, facilitating smoother operations across the infrastructure.
2025-10-09 21:24:45 -04:00
ilia
e05b3aa0d5
Update ansible.cfg and auto-fallback script for improved connectivity handling
...
- Modify ansible.cfg to increase SSH connection retries from 2 to 3 and add a connection timeout setting for better reliability.
- Enhance auto-fallback.sh script to provide detailed feedback during IP connectivity tests, including clearer status messages for primary and fallback IP checks.
- Update documentation to reflect changes in connectivity testing and fallback procedures.
These updates improve the robustness of the connectivity testing process and ensure smoother operations during IP failover scenarios.
2025-09-16 23:00:32 -04:00
b424e9b55b
Add checks and conditional tasks for package management across roles
...
- Introduce checks for existing GPG keys and repositories for Docker, NodeSource, and Tailscale to ensure correct configurations before installation.
- Implement conditional removal of incorrect keys and repositories to maintain a clean setup.
- Update Makefile to include a command for editing group vault variables.
These changes enhance package management reliability and streamline the installation process across different roles.
2025-09-11 21:05:31 -04:00
c5ae3af9ac
Add tasks to manage repository files and ensure directory permissions
...
- Clean up duplicate Brave repository files in applications role.
- Ensure Ansible remote_tmp directory exists with correct permissions in base role.
- Remove existing NodeSource repository files and create keyrings directory in development role.
These changes improve package management and maintain a clean repository setup across roles.
2025-09-09 22:46:31 -04:00
cd12b02147
Add initial project structure with configuration files and playbooks for infrastructure management. Introduce .ansible-lint-ignore to manage linting exceptions for vault files. Create README.md and documentation for setup guides, including Tailscale and monitoring roles. Establish Makefile commands for streamlined execution of playbooks and tasks. Update inventory structure for better organization of hosts and variables.
2025-09-09 21:12:08 -04:00
4621ea4674
Add monitoring and backup roles, enhancing infrastructure management capabilities. Introduce Proxmox VM creation playbook for automated VM provisioning. Update Makefile with new commands for monitoring and backup tasks. Enhance README.md with detailed usage instructions for new features, including automated backups and system monitoring tools. Refactor existing roles for improved organization and clarity, ensuring compatibility across various systems.
2025-09-07 22:17:22 -04:00
00d660201a
Add Tailscale role and playbook for VPN setup across all machines. Update inventory to include Tailscale hosts and enhance Makefile with Tailscale-specific commands. Introduce documentation for Tailscale setup and Ansible Vault usage to securely manage authentication keys. Ensure compatibility with Debian, Ubuntu, and Alpine systems through role-specific tasks.
2025-09-03 20:37:28 -04:00
ilia
f85945c8f7
Update inventory and playbook configurations to reflect new host addresses and user settings. Modify the Makefile for improved maintenance task execution, including unified command options for maintenance operations. Enhance README.md with updated usage instructions for the maintenance system and clarify host group definitions. Adjust group_vars for maintenance settings, ensuring proper handling of reboot conditions and cache management.
2025-09-02 11:32:16 -04:00
ilia
5e4428447c
Enhance Ansible setup by introducing a Makefile for streamlined workflows, updating ansible.cfg for improved configuration, and adding .ansible/facts/ to .gitignore. Update README.md to include quick start instructions and usage examples for the Makefile. Refactor roles for SSH hardening, including comprehensive configuration options and security settings, while ensuring modern CLI tools are installed. Improve package management in the base role with additional utilities and symlink creation for compatibility.
2025-08-29 21:54:50 -04:00
ilia
67a5caef36
Refactor playbooks and roles to enhance task organization and improve package management. Update development and local playbooks to include descriptive names, streamline APT tasks, and ensure consistent use of Ansible modules. Modify group variables for timezone and update role metadata for clarity. Improve error handling and user feedback in various roles, including applications, base, and snap, by utilizing built-in Ansible modules and adding necessary checks.
2025-08-29 15:42:09 -04:00
ilia
0ad062b911
Enhance snap role tasks for Debian systems by adding checks for snap readiness and installation status. Introduce a wait command for snapd, validate snap functionality before installing applications, and provide debug output for installation status. This improves error handling and user feedback during setup.
2025-08-29 14:30:15 +00:00
ilia
8a1b8609b7
Add .gitignore file to exclude sensitive and temporary files. Update ansible.cfg to set default stdout callback and disable deprecation warnings. Modify hosts file to include a local group for localhost. Create local-playbook.yml for local development setup with pre-tasks and role execution. Enhance README.md with vault password setup instructions and debug output configuration. Update group_vars to include ansible_debug_output variable. Refactor roles to improve package installation checks and streamline Docker setup with GPG key management.
2025-08-29 13:58:06 +00:00
ilia
e3d93ca4c8
Refactor dev-playbook.yml to use role tags for improved task organization. Update README.md to include prerequisites and examples for selective execution with tags. Enhance applications role to check for existing installations and manage Brave browser setup. Modify base role to streamline UFW handling and add mailutils. Update docker role to include checks for existing installations and improve repository management. Add reboot check in maintenance tasks to ensure system changes are applied correctly.
2025-08-28 14:06:22 -04:00
ilia
8b403e3aa5
Add Ansible configuration and roles for development environment setup. Introduced ansible.cfg for default settings, created README.md for documentation, and established roles for applications, base, and development tasks. Enhanced dev-playbook.yml with pre-tasks and streamlined application installations.
2025-08-28 11:53:59 -04:00
ilia
fe5c39f487
Refactor dev-playbook.yml to enhance package management for Ubuntu and Mint. Added tasks to enable the 'universe' repository, remove Mint's nosnap.pref, and streamline Brave browser installation with updated APT key handling. Included snapd installation and ensured compatibility across Debian family systems.
2025-08-27 11:34:09 -04:00
ilia
bafd03fbbc
Remove debug task for skip_reboot value from maintenance tasks
2025-08-27 11:28:54 -04:00
ilia
f67906d113
Add debug task to display skip_reboot value and fix condition check for reboot
2025-08-27 11:26:27 -04:00
ilia
50503b1435
Update hosts file to include skip_reboot flag for debianDesktopVM and modify reboot condition in maintenance tasks to respect skip_reboot variable.
2025-08-26 22:59:22 -04:00
ilia
4354c8fa64
first commit
2025-08-27 02:28:58 +00:00
