ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
ansible/roles/pote/README.md
ilia c7a300b922
Some checks failed
CI / lint-and-test (pull_request) Successful in 1m21s
Details
CI / ansible-validation (pull_request) Successful in 9m3s
Details
CI / secret-scanning (pull_request) Successful in 3m19s
Details
CI / dependency-scan (pull_request) Successful in 7m13s
Details
CI / sast-scan (pull_request) Successful in 6m38s
Details
CI / license-check (pull_request) Successful in 1m16s
Details
CI / vault-check (pull_request) Failing after 6m40s
Details
CI / playbook-test (pull_request) Successful in 9m28s
Details
CI / container-scan (pull_request) Successful in 7m59s
Details
CI / sonar-analysis (pull_request) Failing after 1m11s
Details
CI / workflow-summary (pull_request) Successful in 1m11s
Details
Add POTE app project support and improve IP conflict detection 
- Add roles/pote: Python/venv deployment role with PostgreSQL, cron jobs
- Add playbooks/app/: Proxmox app stack provisioning and configuration
- Add roles/app_setup: Generic app deployment role (Node.js/systemd)
- Add roles/base_os: Base OS hardening role
- Enhance roles/proxmox_vm: Split LXC/KVM tasks, improve error handling
- Add IP uniqueness validation: Preflight check for duplicate IPs within projects
- Add Proxmox-side IP conflict detection: Check existing LXC net0 configs
- Update inventories/production/group_vars/all/main.yml: Add pote project config
- Add vault.example.yml: Template for POTE secrets (git key, DB, SMTP)
- Update .gitignore: Exclude deploy keys, backup files, and other secrets
- Update documentation: README, role docs, execution flow guides

Security:
- All secrets stored in encrypted vault.yml (never committed in plaintext)
- Deploy keys excluded via .gitignore
- IP conflict guardrails prevent accidental duplicate IP assignments
2025-12-28 20:54:50 -05:00

935 B
Raw Blame History

pote

Deploys the POTE project as a Python/venv application (no HTTP services required) and schedules cron jobs.

What it does

  • Installs required system packages (git, python3.11/venv, build deps, postgresql server/client)
  • Ensures a dedicated OS user exists (default: poteapp)
  • Creates PostgreSQL database and user
  • Clones/updates the repo from an SSH remote using a vault-backed private key
  • Creates a Python virtualenv and installs from pyproject.toml (editable mode)
  • Renders an environment file (default: {{ pote_app_dir }}/.env)
  • Runs Alembic database migrations
  • Installs cron jobs (daily/weekly/health-check)

Key variables

See defaults/main.yml. Common inputs:

  • pote_git_repo, pote_git_branch
  • pote_git_ssh_key (set vault_pote_git_ssh_key in your vault)
  • pote_user, pote_app_dir, pote_venv_dir
  • pote_db_*, pote_smtp_*
  • pote_enable_cron, pote_*_time, pote_*_job