eef01d87d0
- Add roles/pote: Python/venv deployment role with PostgreSQL, cron jobs - Add playbooks/app/: Proxmox app stack provisioning and configuration - Add roles/app_setup: Generic app deployment role (Node.js/systemd) - Add roles/base_os: Base OS hardening role - Enhance roles/proxmox_vm: Split LXC/KVM tasks, improve error handling - Add IP uniqueness validation: Preflight check for duplicate IPs within projects - Add Proxmox-side IP conflict detection: Check existing LXC net0 configs - Update inventories/production/group_vars/all/main.yml: Add pote project config - Add vault.example.yml: Template for POTE secrets (git key, DB, SMTP) - Update .gitignore: Exclude deploy keys, backup files, and other secrets - Update documentation: README, role docs, execution flow guides Security: - All secrets stored in encrypted vault.yml (never committed in plaintext) - Deploy keys excluded via .gitignore - IP conflict guardrails prevent accidental duplicate IP assignments
22 lines
710 B
Markdown
22 lines
710 B
Markdown
# `base_os`
|
|
|
|
Baseline OS configuration for app guests:
|
|
|
|
- Installs required packages (git/curl/nodejs/npm/ufw/openssh-server/etc.)
|
|
- Creates deployment user (default `appuser`) with passwordless sudo
|
|
- Adds your authorized SSH key
|
|
- Configures UFW to allow SSH + backend/frontend ports
|
|
|
|
## Variables
|
|
|
|
See [`defaults/main.yml`](defaults/main.yml). Common inputs in the app stack:
|
|
|
|
- `appuser_name`, `appuser_groups`, `appuser_shell`
|
|
- `appuser_ssh_public_key` (usually `{{ vault_ssh_public_key }}`)
|
|
- `components.backend`, `components.frontend` (enable/disable firewall rules per component)
|
|
- `app_backend_port`, `app_frontend_port`
|
|
|
|
This role is used by `playbooks/app/configure_app.yml` after provisioning.
|
|
|
|
|