Add POTE app project support and improve IP conflict detection #3

Merged

ilia merged 6 commits from add-pote-support into master 2026-01-01 11:19:54 -05:00

Conversation 0 Commits 6 Files Changed 50 +2561 -356

ilia commented 2025-12-28 20:52:47 -05:00

Owner

Copy Link

Summary

This PR adds comprehensive support for deploying the POTE application project via Ansible, along with improvements to IP conflict detection and a new app stack provisioning system for Proxmox-managed LXC containers.

Key Features

🆕 New Roles

• roles/pote: Python/venv deployment role for POTE (PostgreSQL, cron jobs, Alembic migrations)
• roles/app_setup: Generic app deployment role (Node.js/systemd)
• roles/base_os: Base OS hardening role

🛡️ Safety Improvements

• IP uniqueness validation within projects
• Proxmox-side IP conflict detection
• Enhanced error messages for IP conflicts

📦 New Playbooks

• playbooks/app/site.yml: End-to-end app stack deployment
• playbooks/app/provision_vms.yml: Proxmox guest provisioning
• playbooks/app/configure_app.yml: OS + application configuration

Security

• ✅ All secrets stored in encrypted vault.yml
• ✅ Deploy keys excluded via .gitignore
• ✅ No plaintext secrets committed

Testing

• ✅ POTE successfully deployed to dev/qa/prod environments
• ✅ All components validated (Git, PostgreSQL, cron, migrations)

## Summary This PR adds comprehensive support for deploying the **POTE** application project via Ansible, along with improvements to IP conflict detection and a new app stack provisioning system for Proxmox-managed LXC containers. ## Key Features ### 🆕 New Roles - **`roles/pote`**: Python/venv deployment role for POTE (PostgreSQL, cron jobs, Alembic migrations) - **`roles/app_setup`**: Generic app deployment role (Node.js/systemd) - **`roles/base_os`**: Base OS hardening role ### 🛡️ Safety Improvements - IP uniqueness validation within projects - Proxmox-side IP conflict detection - Enhanced error messages for IP conflicts ### 📦 New Playbooks - `playbooks/app/site.yml`: End-to-end app stack deployment - `playbooks/app/provision_vms.yml`: Proxmox guest provisioning - `playbooks/app/configure_app.yml`: OS + application configuration ## Security - ✅ All secrets stored in encrypted vault.yml - ✅ Deploy keys excluded via .gitignore - ✅ No plaintext secrets committed ## Testing - ✅ POTE successfully deployed to dev/qa/prod environments - ✅ All components validated (Git, PostgreSQL, cron, migrations)

ilia added 1 commit 2025-12-28 20:52:48 -05:00

Add POTE app project support and improve IP conflict detection ... f5e32afd81

- Add roles/pote: Python/venv deployment role with PostgreSQL, cron jobs
- Add playbooks/app/: Proxmox app stack provisioning and configuration
- Add roles/app_setup: Generic app deployment role (Node.js/systemd)
- Add roles/base_os: Base OS hardening role
- Enhance roles/proxmox_vm: Split LXC/KVM tasks, improve error handling
- Add IP uniqueness validation: Preflight check for duplicate IPs within projects
- Add Proxmox-side IP conflict detection: Check existing LXC net0 configs
- Update inventories/production/group_vars/all/main.yml: Add pote project config
- Add vault.example.yml: Template for POTE secrets (git key, DB, SMTP)
- Update .gitignore: Exclude deploy keys, backup files, and other secrets
- Update documentation: README, role docs, execution flow guides

Security:
- All secrets stored in encrypted vault.yml (never committed in plaintext)
- Deploy keys excluded via .gitignore
- IP conflict guardrails prevent accidental duplicate IP assignments

ilia force-pushed add-pote-support from f5e32afd81 to c7a300b922 2025-12-28 20:53:49 -05:00 Compare

ilia added 1 commit 2025-12-28 21:30:01 -05:00

Update CI workflow to exclude example vault files from validation and add host variables for dev02 ... 9ea1090d02

- Modify CI workflow to filter out example vault files during encryption validation
- Add new host variables for dev02, including sudo configuration and shell user settings
- Disable installation of data science stack components for dev02

ilia added 1 commit 2025-12-28 21:41:19 -05:00

Remove Node.js installation step from CI workflow ... c84b0b8260

- Eliminate the installation of Node.js for the checkout action in the CI workflow to streamline the process and reduce unnecessary dependencies.

ilia added 1 commit 2025-12-28 23:04:44 -05:00

Add CI skip check for branch name and commit message ... 32479d03f8

- Introduce a new job in the CI workflow to determine if CI should be skipped based on specific patterns in the branch name or commit message.
- Update existing jobs to depend on the skip check, ensuring that CI processes are only executed when necessary.
- Enhance the overall efficiency of the CI pipeline by preventing unnecessary runs for certain commits.

ilia added 1 commit 2025-12-28 23:53:00 -05:00

Refactor CI skip check to use a single pattern ... 1b9b801713

- Simplify the CI workflow by consolidating the skip check for both branch names and commit messages to a single case-insensitive pattern: @skipci.
- Remove the previous multiple pattern checks to streamline the logic and improve readability.
- Ensure that the CI process can be effectively skipped based on the new pattern, enhancing overall efficiency.

ilia added 1 commit 2025-12-29 00:01:23 -05:00

Add comment to CI skip check job 572af82852

ilia force-pushed add-pote-support from 572af82852 to e1eb2d137a 2026-01-01 11:16:27 -05:00 Compare

ilia merged commit 69a39e5e5b into master 2026-01-01 11:19:54 -05:00

ilia deleted branch add-pote-support 2026-01-01 11:19:54 -05:00

ilia referenced this issue from a commit 2026-01-01 11:19:56 -05:00

Add POTE app project support and improve IP conflict detection (#3)

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

ira ilia

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: ilia/ansible#3

No description provided.