Commit Graph

12 Commits

Author SHA1 Message Date
Adyrem c626177daa Enable autostart for Gitea and monitoring VMs
Set onboot=1 on VM 100 (gitea) and VM 101 (monitoring) so they start
automatically on Proxmox host boot.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-15 16:18:49 +02:00
Adyrem d50451fde4 Add Windows VM config and update remote access docs
VM 102: Windows 11 Home N, 8 cores/16GB, OVMF+TPM2, QXL/SPICE display,
vmbr3 (desktop-net). SPICE used instead of RDP — Home N has no RDP server.
Clean-install snapshot taken and synced to HDD.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-15 16:14:50 +02:00
Adyrem 81a2a4ba54 Add sanoid/syncoid ZFS snapshot and replication config
- sanoid: daily snapshots (7d) + weekly (4w) for rpool/data (VM disks)
  and rpool/ROOT (Proxmox OS); runs every 15 min via systemd timer
- syncoid: daily replication from rpool/data and pve-root to hdd/backups
  at 02:00; first full sync completed successfully
- All VM disks (gitea, monitoring) now backed up to HDD pool

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-15 14:45:18 +02:00
Adyrem 069ad6afac Add claude-code SFTP user and clarify Claude Code execution model
- Create claude-code user on Proxmox with chroot + ForceCommand internal-sftp
- Add dedicated SSH keypair (public key committed, private key in keys/)
- Update requirements to document that Claude Code runs in a persistent VM,
  connects to other VMs via SSH, and to the Proxmox host via SFTP only
- Session persistence via tmux allows reconnecting from any WireGuard device

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-15 14:38:51 +02:00
Adyrem 37b5b12478 Rotate Gitea secret_key and internal_token
Ansible Lint / lint (push) Failing after 4s
Old values were exposed in plaintext in the initial commit history.
New values generated via `gitea generate secret`.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 18:16:33 +02:00
Adyrem 60856b5b65 Fix authorized_key FQCN and add ansible.posix to CI collections
ansible.posix.authorized_key replaces the bare module name removed
in ansible-core 2.x.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 18:00:11 +02:00
Adyrem 33f42e8ebd Fix CI: add vault password from secret for ansible-lint
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 17:56:46 +02:00
Adyrem b633f8b4ed Fix CI: use python3 -m pip and explicit ansible-galaxy collection install
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 17:48:47 +02:00
Adyrem 6e50504923 Add nodejs and python-pip to gitea_runner dependencies
Node.js is required by JS-based actions (e.g. actions/checkout@v4)
on native host runners. python-pip is needed for ansible-lint install.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 17:39:41 +02:00
Adyrem 39be9fafe7 Add Gitea Actions runner, ansible-lint CI, vault setup, and fix group_vars layout
- Move group_vars into inventory/ so playbooks can find them (was only
  visible to ad-hoc commands via CWD)
- Add Ansible Vault for sensitive variables (gitea/grafana passwords,
  tokens, db credentials) with vault_password_file outside the repo
- Enable Gitea Actions and deploy act_runner with Docker backend on
  the gitea VM
- Add .gitea/workflows/lint.yml to run ansible-lint on every push
- Set up Gitea → GitHub push mirror (sync_on_commit)
- Fix ansible.cfg stdout_callback for ansible-core 2.20 compatibility
- Add python-psycopg2 to gitea role (required for postgresql modules)
- Add docker to gitea_runner role (required by act_runner at startup)
- Exclude password hashes and VM images from git

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 17:34:03 +02:00
Adyrem 72d07f49e3 Add .gitignore to exclude keys and secrets 2026-05-13 16:32:35 +02:00
Adyrem c23274c7ab Initial Ansible automation for homelab infrastructure 2026-05-13 16:17:04 +02:00