eef01d87d0
- Add roles/pote: Python/venv deployment role with PostgreSQL, cron jobs - Add playbooks/app/: Proxmox app stack provisioning and configuration - Add roles/app_setup: Generic app deployment role (Node.js/systemd) - Add roles/base_os: Base OS hardening role - Enhance roles/proxmox_vm: Split LXC/KVM tasks, improve error handling - Add IP uniqueness validation: Preflight check for duplicate IPs within projects - Add Proxmox-side IP conflict detection: Check existing LXC net0 configs - Update inventories/production/group_vars/all/main.yml: Add pote project config - Add vault.example.yml: Template for POTE secrets (git key, DB, SMTP) - Update .gitignore: Exclude deploy keys, backup files, and other secrets - Update documentation: README, role docs, execution flow guides Security: - All secrets stored in encrypted vault.yml (never committed in plaintext) - Deploy keys excluded via .gitignore - IP conflict guardrails prevent accidental duplicate IP assignments
710 B
710 B
base_os
Baseline OS configuration for app guests:
- Installs required packages (git/curl/nodejs/npm/ufw/openssh-server/etc.)
- Creates deployment user (default
appuser) with passwordless sudo - Adds your authorized SSH key
- Configures UFW to allow SSH + backend/frontend ports
Variables
See defaults/main.yml. Common inputs in the app stack:
appuser_name,appuser_groups,appuser_shellappuser_ssh_public_key(usually{{ vault_ssh_public_key }})components.backend,components.frontend(enable/disable firewall rules per component)app_backend_port,app_frontend_port
This role is used by playbooks/app/configure_app.yml after provisioning.