# Proxmox LXC Deployment Configuration # Fill out this configuration file to automate the deployment of QR Code Generator # ============================================================================== # PROXMOX HOST CONFIGURATION # ============================================================================== proxmox: # Proxmox host IP address or hostname host: "" # Example: 192.168.1.100 # Proxmox API port (default: 8006) port: 8006 # Authentication method: "api_token" or "password" auth_method: "api_token" # Recommended: api_token # API Token (if using api_token auth) # Format: USER@REALM!TOKENID=UUID api_token_id: "" # Example: root@pam!terraform api_token_secret: "" # Example: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx # OR Username/Password (if using password auth) username: "" # Example: root@pam password: "" # Leave empty if using api_token # Node name where LXC should be created node: "pve" # Default: pve # Deployment method: "local" (run from Proxmox host) or "remote" (run from this machine) deployment_method: "local" # Options: local, remote # ============================================================================== # LXC CONTAINER CONFIGURATION # ============================================================================== lxc: # Container ID (must be unique, typically 100-999) vmid: 200 # Change this to an available ID # Container hostname hostname: "qr-generator" # Linux distribution template # Run 'pveam available' on Proxmox to see available templates template: "ubuntu-22.04-standard" # Options: ubuntu-22.04-standard, debian-12-standard, alpine-3.18-default # Storage pool for container template template_storage: "local" # Where templates are stored # Storage pool for container rootfs rootfs_storage: "local-lvm" # Options: local-lvm, local-zfs, etc. # Container type unprivileged: true # true = more secure (recommended), false = privileged # Auto-start container on Proxmox boot onboot: true # true or false # Start container after creation start_after_creation: true # true or false # ============================================================================== # RESOURCE ALLOCATION # ============================================================================== resources: # RAM in MB memory: 2048 # Recommended: 1024-2048 MB # Swap in MB swap: 512 # Recommended: 512 MB # Number of CPU cores cores: 2 # Recommended: 1-2 cores # CPU limit (percentage, 0-100) cpulimit: 0 # 0 = unlimited # Disk size disk_size: "10G" # Example: 8G, 10G, 20G # ============================================================================== # NETWORK CONFIGURATION # ============================================================================== network: # Network bridge bridge: "vmbr0" # Default: vmbr0 # IP configuration method: "dhcp" or "static" ip_method: "dhcp" # Options: dhcp, static # Static IP configuration (only if ip_method is "static") ip_address: "" # Example: 192.168.1.150/24 gateway: "" # Example: 192.168.1.1 nameserver: "" # Example: 8.8.8.8 or 192.168.1.1 # VLAN tag (optional, leave empty for no VLAN) vlan_tag: "" # Example: 10 # Firewall enabled firewall: false # true or false # ============================================================================== # APPLICATION CONFIGURATION # ============================================================================== application: # Port for Streamlit application port: 8501 # Default: 8501 # Application directory inside container app_dir: "/opt/qr-code-generator" # Python version python_version: "3.11" # Options: 3.11, 3.10, 3.9 # Git repository URL (leave empty to copy files directly) git_repo: "" # Example: https://github.com/yourusername/qr-code-generator.git git_branch: "main" # Default: main # Service management systemd_service: true # Create systemd service to manage the app restart_on_failure: true # Auto-restart service on failure # ============================================================================== # REVERSE PROXY & SSL (OPTIONAL) # ============================================================================== reverse_proxy: # Enable reverse proxy (nginx) enabled: false # true or false # Domain name for the application domain: "" # Example: qr.example.com # Enable SSL/HTTPS ssl_enabled: false # true or false # SSL certificate method: "letsencrypt" or "self-signed" ssl_method: "letsencrypt" # Options: letsencrypt, self-signed # Let's Encrypt email (required if ssl_method is letsencrypt) letsencrypt_email: "" # Example: admin@example.com # HTTP to HTTPS redirect force_https: true # true or false # ============================================================================== # SECURITY & ACCESS # ============================================================================== security: # SSH key for root access (recommended) ssh_public_key: "" # Example: ssh-rsa AAAAB3NzaC1yc2E... user@host # Allow SSH root login permit_root_login: true # true or false # Root password (leave empty to keep default or use SSH key only) root_password: "" # Leave empty for SSH key auth only # Configure firewall rules configure_firewall: false # true or false # Allowed IP addresses/ranges for access (comma-separated) allowed_ips: "" # Example: 192.168.1.0/24,10.0.0.0/8 or leave empty for all # ============================================================================== # UPDATES & MAINTENANCE # ============================================================================== maintenance: # Enable automatic security updates auto_security_updates: true # true or false # Install additional monitoring tools monitoring_tools: false # true or false (installs htop, ncdu, etc.) # Timezone timezone: "UTC" # Example: America/New_York, Europe/London, UTC # ============================================================================== # DEPLOYMENT AUTOMATION PREFERENCES # ============================================================================== automation: # Deployment tool preference # Options: "shell" (simple bash scripts), "terraform" (IaC), "ansible" (config management) tool: "shell" # Backup configuration before deployment backup_enabled: false # true or false # Validate configuration before deployment validate_before_deploy: true # true or false # Verbose output during deployment verbose: true # true or false # ============================================================================== # NOTES # ============================================================================== # Additional notes or requirements: notes: | Add any additional notes, requirements, or customizations here. Examples: - Need to access from specific VPN - Custom DNS requirements - Integration with other services - Backup requirements