justin/new-site
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
86 commits 2 branches 0 tags 96 MiB
Find a file
justin 97e8664cbf Add security-updates Ansible role for automated patching 
Comprehensive security update automation:

1. Debian OS (unattended-upgrades) — tightened to security-only:
   - Removed general Debian updates (prevents feature/breaking changes)
   - Only Debian-Security origins auto-installed
   - Email admin on every upgrade via ops@performancewest.net
   - Auto-reboot at 4 AM if kernel update requires it
   - needrestart auto-restarts services after library updates

2. Docker CE — major version guard:
   - Patch updates within pinned major version auto-applied
   - Major version jumps held + admin alerted for manual review
   - docker-ce, docker-ce-cli, containerd.io all version-guarded

3. Container base images — daily at 3:30 AM:
   - Pulls latest base images for all docker-compose services
   - Compares image digests — only rebuilds if changed
   - Restarts only affected services (not full stack)
   - Alerts admin on rebuild failures requiring manual intervention
   - Covers both prod and dev compose projects

4. k3s — weekly Sunday at 3:45 AM:
   - Patch updates within current minor auto-applied
   - Minor/major upgrades alert admin for manual review
   - Verifies node Ready status after update
   - Alerts on failures with investigation instructions

5. Admin notifications via SMTP:
   - [INFO] for successful patches
   - [WARNING] for available major upgrades needing review
   - [CRITICAL] for failures requiring immediate intervention
   - Falls back to syslog if SMTP unavailable

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-30 01:24:57 -05:00
.claude/projects/-home-justin-projects-performancewest-new-site/memory Initial commit — Performance West telecom compliance platform 2026-04-27 06:54:22 -05:00
api Enable STIR/SHAKEN card in compliance checker with originate/terminate toggle 2026-04-29 10:55:00 -05:00
chrome-extension/fcc-access-helper Initial commit — Performance West telecom compliance platform 2026-04-27 06:54:22 -05:00
docs Add engagement authorization, remove price headers from intake pages, fix duplicate emails 2026-04-28 02:50:02 -05:00
docserver Initial commit — Performance West telecom compliance platform 2026-04-27 06:54:22 -05:00
frappe_adyen Initial commit — Performance West telecom compliance platform 2026-04-27 06:54:22 -05:00
frappe_ca_registry Initial commit — Performance West telecom compliance platform 2026-04-27 06:54:22 -05:00
frappe_crypto Initial commit — Performance West telecom compliance platform 2026-04-27 06:54:22 -05:00
infra Add security-updates Ansible role for automated patching 2026-04-30 01:24:57 -05:00
mcp Initial commit — Performance West telecom compliance platform 2026-04-27 06:54:22 -05:00
node-compile-cache/v25.1.0-x64-392347a2-1000 Initial commit — Performance West telecom compliance platform 2026-04-27 06:54:22 -05:00
performancewest_erpnext Initial commit — Performance West telecom compliance platform 2026-04-27 06:54:22 -05:00
scripts Add terminate-only STIR/SHAKEN option across RMD pipeline 2026-04-29 10:59:28 -05:00
site Validate Q1b and Q2 before proceeding to Step 2 2026-04-29 11:46:11 -05:00
src Initial commit — Performance West telecom compliance platform 2026-04-27 06:54:22 -05:00
.gitignore Initial commit — Performance West telecom compliance platform 2026-04-27 06:54:22 -05:00
CLAUDE.md Update CLAUDE.md with complete deployment guide, infrastructure map, and key patterns 2026-04-28 02:54:44 -05:00
deploy.sh Add deploy.sh for git-based deployment 2026-04-28 02:52:45 -05:00
docker-compose.yml Initial commit — Performance West telecom compliance platform 2026-04-27 06:54:22 -05:00