ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
ansible/roles/proxmox_vm/defaults/main.yml
ilia 69a39e5e5b Add POTE app project support and improve IP conflict detection (#3) 
## Summary

This PR adds comprehensive support for deploying the **POTE** application project via Ansible, along with improvements to IP conflict detection and a new app stack provisioning system for Proxmox-managed LXC containers.

## Key Features

### 🆕 New Roles
- **`roles/pote`**: Python/venv deployment role for POTE (PostgreSQL, cron jobs, Alembic migrations)
- **`roles/app_setup`**: Generic app deployment role (Node.js/systemd)
- **`roles/base_os`**: Base OS hardening role

### 🛡️ Safety Improvements
- IP uniqueness validation within projects
- Proxmox-side IP conflict detection
- Enhanced error messages for IP conflicts

### 📦 New Playbooks
- `playbooks/app/site.yml`: End-to-end app stack deployment
- `playbooks/app/provision_vms.yml`: Proxmox guest provisioning
- `playbooks/app/configure_app.yml`: OS + application configuration

## Security
-  All secrets stored in encrypted vault.yml
-  Deploy keys excluded via .gitignore
-  No plaintext secrets committed

## Testing
-  POTE successfully deployed to dev/qa/prod environments
-  All components validated (Git, PostgreSQL, cron, migrations)

Co-authored-by: ilia <ilia@levkin.ca>
Reviewed-on: #3
2026-01-01 11:19:54 -05:00

56 lines
1.6 KiB
YAML
Raw Blame History

---
# Proxmox VM defaults based on your current setup
vm_name: "ansible-control"
vm_id: 110
vm_memory: 8192 # 8GB (match current successful setup)
vm_cores: 2 # 2 cores (perfect for Ansible)
vm_sockets: 1
vm_disk_size: 20G # Increase from current 6.1GB
vm_storage: "local-lvm"
vm_network_bridge: "vmbr0"
vm_os_type: "l26" # Linux 2.6+ kernel
# Ubuntu Server ISO
vm_iso: "ubuntu-24.04-live-server-amd64.iso"
vm_iso_storage: "local"
# Cloud-init settings
vm_ciuser: "master"
vm_cipassword: "" # Set in vault: vault_vm_cipassword
vm_ssh_keys: [] # Add SSH public keys
vm_ip_config: "dhcp" # or "192.168.1.100/24,gw=192.168.1.1"
vm_nameservers: "8.8.8.8 8.8.4.4"
# VM behavior
vm_start_after_create: true
vm_enable_agent: true
vm_boot_order: "order=scsi0"
# -----------------------------------------------------------------------------
# Proxmox LXC defaults (used when proxmox_guest_type == 'lxc')
# -----------------------------------------------------------------------------
lxc_vmid: 300
lxc_hostname: "app-container"
lxc_ostemplate: "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
lxc_storage: "local-lvm"
lxc_network_bridge: "vmbr0"
lxc_ip: "" # e.g. "10.0.10.101/24"
lxc_gateway: "" # e.g. "10.0.10.1"
lxc_nameserver: "1.1.1.1 8.8.8.8"
lxc_unprivileged: true
# Use list form because community.proxmox.proxmox expects list for `features`
lxc_features_list:
- "keyctl=1"
- "nesting=1"
lxc_cores: 2
lxc_memory_mb: 2048
lxc_swap_mb: 512
lxc_rootfs_size_gb: 16
# Add to /root/.ssh/authorized_keys (bootstrap). Override with appuser_ssh_public_key.
lxc_pubkey: ""
lxc_start_after_create: true
Reference in New Issue View Git Blame Copy Permalink