eef01d87d0
- Add roles/pote: Python/venv deployment role with PostgreSQL, cron jobs - Add playbooks/app/: Proxmox app stack provisioning and configuration - Add roles/app_setup: Generic app deployment role (Node.js/systemd) - Add roles/base_os: Base OS hardening role - Enhance roles/proxmox_vm: Split LXC/KVM tasks, improve error handling - Add IP uniqueness validation: Preflight check for duplicate IPs within projects - Add Proxmox-side IP conflict detection: Check existing LXC net0 configs - Update inventories/production/group_vars/all/main.yml: Add pote project config - Add vault.example.yml: Template for POTE secrets (git key, DB, SMTP) - Update .gitignore: Exclude deploy keys, backup files, and other secrets - Update documentation: README, role docs, execution flow guides Security: - All secrets stored in encrypted vault.yml (never committed in plaintext) - Deploy keys excluded via .gitignore - IP conflict guardrails prevent accidental duplicate IP assignments
app_setup
Creates the standard app filesystem layout and runtime services:
/srv/app/backendand/srv/app/frontend/srv/app/.env.<dev|qa|prod>/usr/local/bin/deploy_app.sh(git pull, install deps, build, migrate, restart services)- systemd units:
app-backend.serviceapp-frontend.service
All behavior is driven by variables so you can reuse this role for multiple projects.
Variables
See defaults/main.yml. Common inputs in the app stack:
app_project,app_env(used for naming and.env.<env>selection)app_repo_url,app_repo_dest,app_repo_branchapp_env_vars(map written into/srv/app/.env.<env>)components.backend,components.frontend(enable/disable backend/frontend setup)app_backend_dir,app_frontend_dir, ports and Node.js commands