ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
ansible/roles/pote/README.md
ilia f5e32afd81
Some checks failed
CI / lint-and-test (pull_request) Failing after 1m20s
Details
CI / ansible-validation (pull_request) Successful in 6m40s
Details
CI / secret-scanning (pull_request) Successful in 2m36s
Details
CI / dependency-scan (pull_request) Successful in 6m12s
Details
CI / sast-scan (pull_request) Successful in 6m48s
Details
CI / license-check (pull_request) Successful in 1m16s
Details
CI / vault-check (pull_request) Failing after 6m13s
Details
CI / playbook-test (pull_request) Successful in 6m34s
Details
CI / container-scan (pull_request) Successful in 6m57s
Details
CI / sonar-analysis (pull_request) Failing after 1m10s
Details
CI / workflow-summary (pull_request) Successful in 1m11s
Details
Add POTE app project support and improve IP conflict detection 
- Add roles/pote: Python/venv deployment role with PostgreSQL, cron jobs
- Add playbooks/app/: Proxmox app stack provisioning and configuration
- Add roles/app_setup: Generic app deployment role (Node.js/systemd)
- Add roles/base_os: Base OS hardening role
- Enhance roles/proxmox_vm: Split LXC/KVM tasks, improve error handling
- Add IP uniqueness validation: Preflight check for duplicate IPs within projects
- Add Proxmox-side IP conflict detection: Check existing LXC net0 configs
- Update inventories/production/group_vars/all/main.yml: Add pote project config
- Add vault.example.yml: Template for POTE secrets (git key, DB, SMTP)
- Update .gitignore: Exclude deploy keys, backup files, and other secrets
- Update documentation: README, role docs, execution flow guides

Security:
- All secrets stored in encrypted vault.yml (never committed in plaintext)
- Deploy keys excluded via .gitignore
- IP conflict guardrails prevent accidental duplicate IP assignments
2025-12-28 20:52:45 -05:00

28 lines
935 B
Markdown
Raw Blame History

# `pote`
Deploys the **POTE** project as a Python/venv application (no HTTP services required) and schedules cron jobs.
## What it does
- Installs required system packages (git, python3.11/venv, build deps, postgresql server/client)
- Ensures a dedicated OS user exists (default: `poteapp`)
- Creates PostgreSQL database and user
- Clones/updates the repo from an SSH remote using a vault-backed private key
- Creates a Python virtualenv and installs from `pyproject.toml` (editable mode)
- Renders an environment file (default: `{{ pote_app_dir }}/.env`)
- Runs Alembic database migrations
- Installs cron jobs (daily/weekly/health-check)
## Key variables
See `defaults/main.yml`. Common inputs:
- `pote_git_repo`, `pote_git_branch`
- `pote_git_ssh_key` (set `vault_pote_git_ssh_key` in your vault)
- `pote_user`, `pote_app_dir`, `pote_venv_dir`
- `pote_db_*`, `pote_smtp_*`
- `pote_enable_cron`, `pote_*_time`, `pote_*_job`
Reference in New Issue View Git Blame Copy Permalink