f5e32afd81
Some checks failed
CI / lint-and-test (pull_request) Failing after 1m20s
CI / ansible-validation (pull_request) Successful in 6m40s
CI / secret-scanning (pull_request) Successful in 2m36s
CI / dependency-scan (pull_request) Successful in 6m12s
CI / sast-scan (pull_request) Successful in 6m48s
CI / license-check (pull_request) Successful in 1m16s
CI / vault-check (pull_request) Failing after 6m13s
CI / playbook-test (pull_request) Successful in 6m34s
CI / container-scan (pull_request) Successful in 6m57s
CI / sonar-analysis (pull_request) Failing after 1m10s
CI / workflow-summary (pull_request) Successful in 1m11s
- Add roles/pote: Python/venv deployment role with PostgreSQL, cron jobs - Add playbooks/app/: Proxmox app stack provisioning and configuration - Add roles/app_setup: Generic app deployment role (Node.js/systemd) - Add roles/base_os: Base OS hardening role - Enhance roles/proxmox_vm: Split LXC/KVM tasks, improve error handling - Add IP uniqueness validation: Preflight check for duplicate IPs within projects - Add Proxmox-side IP conflict detection: Check existing LXC net0 configs - Update inventories/production/group_vars/all/main.yml: Add pote project config - Add vault.example.yml: Template for POTE secrets (git key, DB, SMTP) - Update .gitignore: Exclude deploy keys, backup files, and other secrets - Update documentation: README, role docs, execution flow guides Security: - All secrets stored in encrypted vault.yml (never committed in plaintext) - Deploy keys excluded via .gitignore - IP conflict guardrails prevent accidental duplicate IP assignments
5.7 KiB
5.7 KiB
Installed Applications Reference
Complete inventory of applications and tools deployed by Ansible playbooks.
Application Categories
🔧 System Tools
| Package | Description | Source | Role |
|---|---|---|---|
| curl | Command line HTTP client | apt | base |
| wget | Network downloader | apt | base |
| unzip | Archive extraction | apt | base |
| xclip | Clipboard utility | apt | base |
| tree | Directory tree viewer | apt | base |
| net-tools | Network utilities | apt | base |
| jq | JSON processor | apt | base |
| yq | YAML processor | snap | base |
| ripgrep | Fast text search | apt | base |
| fd-find | Fast file finder | apt | base |
🔒 Security Tools
| Package | Description | Source | Role |
|---|---|---|---|
| ufw | Uncomplicated Firewall | apt | ssh |
| fail2ban | Intrusion prevention | apt | monitoring |
| openssh-server | SSH daemon | apt | ssh |
| mailutils | Mail utilities | apt | base |
| nmap | Network scanner | apt | monitoring |
| tcpdump | Packet analyzer | apt | monitoring |
| wireshark-common | Protocol analyzer | apt | monitoring |
💻 Development Tools
| Package | Description | Source | Role |
|---|---|---|---|
| git | Version control | apt | development |
| nodejs | JavaScript runtime | apt | development |
| npm | Node package manager | apt | development |
| build-essential | Compilation tools | apt | development |
| python3 | Python interpreter | apt | development |
| python3-pip | Python package manager | apt | development |
🐳 Container Platform
| Package | Description | Source | Role |
|---|---|---|---|
| docker-ce | Docker Community Edition | docker | docker |
| docker-ce-cli | Docker CLI | docker | docker |
| containerd.io | Container runtime | docker | docker |
| docker-buildx-plugin | Multi-platform builds | docker | docker |
| docker-compose-plugin | Multi-container apps | docker | docker |
🖥️ Shell Environment
| Package | Description | Source | Role |
|---|---|---|---|
| zsh | Z shell | apt | shell |
| tmux | Terminal multiplexer | apt | shell |
| fzf | Fuzzy finder | apt | shell |
| oh-my-zsh | Zsh framework | git | shell |
| powerlevel10k | Zsh theme | git | shell |
| zsh-syntax-highlighting | Syntax highlighting | git | shell |
| zsh-autosuggestions | Command suggestions | git | shell |
📊 Monitoring Tools
| Package | Description | Source | Role |
|---|---|---|---|
| htop | Process viewer | apt | monitoring |
| btop | Modern system monitor | snap | monitoring |
| iotop | I/O monitor | apt | monitoring |
| nethogs | Network usage monitor | apt | monitoring |
| iftop | Bandwidth monitor | apt | monitoring |
| bandwhich | Network utilization | snap | monitoring |
| ncdu | Disk usage analyzer | apt | monitoring |
| dstat | System statistics | apt | monitoring |
| sysstat | Performance tools | apt | monitoring |
| atop | Advanced monitor | apt | monitoring |
| logwatch | Log analyzer | apt | monitoring |
🌐 Network Tools
| Package | Description | Source | Role |
|---|---|---|---|
| tailscale | Mesh VPN client | tailscale | tailscale |
| tailscaled | Tailscale daemon | tailscale | tailscale |
🖱️ Desktop Applications
| Package | Description | Source | Role |
|---|---|---|---|
| brave-browser | Privacy-focused browser | brave | applications |
| libreoffice | Office suite | apt | applications |
| evince | PDF viewer | apt | applications |
| redshift | Blue light filter | apt | applications |
📝 Code Editors
| Package | Description | Source | Role |
|---|---|---|---|
| code | Visual Studio Code | snap | snap |
| cursor | AI-powered editor | snap | snap |
Installation by Playbook
playbooks/development.yml
Installs all roles for development machines:
- All system tools
- Development environment
- Docker platform
- Shell configuration
- Desktop applications
- Monitoring tools
- Tailscale VPN
playbooks/local.yml
Installs for local machine management:
- Core system tools
- Shell environment
- Development basics
- Selected applications
playbooks/maintenance.yml
Maintains existing installations:
- System updates
- Package cleanup
- Security updates
Custom Scripts
System Information
/usr/local/bin/monitoring/sysinfo- System overview dashboard/usr/local/bin/monitoring/netinfo- Network information
Package Sources
| Source | Description | Configuration |
|---|---|---|
| apt | Debian/Ubuntu packages | System default |
| snap | Snap packages | snapd daemon |
| docker | Docker repository | Docker GPG key + repo |
| tailscale | Tailscale repository | Tailscale GPG key + repo |
| brave | Brave browser repository | Brave GPG key + repo |
| git | Git repositories | Direct clone |
Services Enabled
| Service | Description | Management |
|---|---|---|
| docker | Container runtime | systemctl |
| tailscaled | VPN daemon | systemctl |
| ufw | Firewall | systemctl |
| fail2ban | Intrusion prevention | systemctl |
| sshd | SSH server | systemctl |
| snapd | Snap daemon | systemctl |
| sysstat | System statistics | systemctl |
Version Management
Most packages are installed from distribution repositories and update with system updates. Exceptions:
- Docker: Tracks Docker CE stable channel
- Node.js: Latest LTS from NodeSource
- Tailscale: Latest stable from Tailscale repository
Total Count: 65+ Applications
- System & Security: 20+ tools
- Development: 6+ tools
- Shell Environment: 7+ components
- Monitoring: 15+ tools
- Container Platform: 5 components
- Desktop Applications: 6+ apps
- Network: 2+ tools
- Custom Scripts: 4+ scripts