- proxmox-lxc: auto-harden on setup (SSH no-root/no-password,
fail2ban, unattended-upgrades, sysctl kernel hardening)
- security: now covers BOTH code AND infrastructure
- SSH config validation
- Firewall/open ports check
- Fail2Ban status
- Auto-updates verification
- File permissions audit
- Auto-fix for all server issues found
- workflow provision: security check after LXC setup AND after deploy
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- settings.local.json: wildcard permissions for git, ssh, curl, npm, docker
to eliminate constant confirmation prompts
- ssh-deploy: git clone/pull as primary deploy method, rsync as fallback
- workflow provision: git-push before ssh-deploy (push to Gitea first,
then git clone on LXC)
- all workflows: deploy steps now explicitly git-based
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- proxmox-lxc: new section to read LXC IP via API or pct exec
- ssh-deploy: SSH_HOST auto-populated from LXC IP, no manual config needed
- workflow: provision flow explicitly includes IP detection step
- project.env: SSH_HOST marked as optional when using Proxmox LXC
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- New /proxmox-lxc skill: create, configure, and manage LXC containers
on Proxmox servers via API and SSH
- Includes Node.js/Docker base setup, Nginx reverse proxy templates
- Integrated into /ssh-deploy and /workflow orchestrator
- New workflow: /workflow provision for full LXC + deploy pipeline
- Added PVE config section to project.env.template
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>