Compare commits

..

2 Commits

Author SHA1 Message Date
acceefe99b chore: upgrade to Debian 13 (Trixie), Node.js 22 LTS, PostgreSQL 17
- LXC templates: debian-13-standard (default)
- Docker images: node:22-alpine, postgres:17-alpine
- TypeScript target: ES2022
- Updated template references (Ubuntu 24.04, Alpine 3.20)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-20 22:01:28 +01:00
c5808dbf55 feat: add Proxmox LXC skill for container provisioning
- New /proxmox-lxc skill: create, configure, and manage LXC containers
  on Proxmox servers via API and SSH
- Includes Node.js/Docker base setup, Nginx reverse proxy templates
- Integrated into /ssh-deploy and /workflow orchestrator
- New workflow: /workflow provision for full LXC + deploy pipeline
- Added PVE config section to project.env.template

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-20 21:54:12 +01:00
7 changed files with 273 additions and 7 deletions

View File

@ -10,14 +10,14 @@ Du bist ein Docker-Agent für React + Node.js Webprojekte.
### Backend (Node.js/Express) ### Backend (Node.js/Express)
```dockerfile ```dockerfile
FROM node:20-alpine AS builder FROM node:22-alpine AS builder
WORKDIR /app WORKDIR /app
COPY package*.json ./ COPY package*.json ./
RUN npm ci --only=production RUN npm ci --only=production
COPY . . COPY . .
RUN npm run build RUN npm run build
FROM node:20-alpine FROM node:22-alpine
WORKDIR /app WORKDIR /app
RUN addgroup -g 1001 appgroup && adduser -u 1001 -G appgroup -s /bin/sh -D appuser RUN addgroup -g 1001 appgroup && adduser -u 1001 -G appgroup -s /bin/sh -D appuser
COPY --from=builder /app/dist ./dist COPY --from=builder /app/dist ./dist
@ -31,7 +31,7 @@ CMD ["node", "dist/index.js"]
### Frontend (React) ### Frontend (React)
```dockerfile ```dockerfile
FROM node:20-alpine AS builder FROM node:22-alpine AS builder
WORKDIR /app WORKDIR /app
COPY package*.json ./ COPY package*.json ./
RUN npm ci RUN npm ci
@ -80,7 +80,7 @@ services:
retries: 3 retries: 3
db: db:
image: postgres:16-alpine image: postgres:17-alpine
volumes: volumes:
- pgdata:/var/lib/postgresql/data - pgdata:/var/lib/postgresql/data
environment: environment:

View File

@ -71,9 +71,9 @@ npx tsc --init
```json ```json
{ {
"compilerOptions": { "compilerOptions": {
"target": "ES2020", "target": "ES2022",
"module": "commonjs", "module": "commonjs",
"lib": ["ES2020"], "lib": ["ES2022"],
"outDir": "./dist", "outDir": "./dist",
"rootDir": "./src", "rootDir": "./src",
"strict": true, "strict": true,

View File

@ -0,0 +1,234 @@
---
name: proxmox-lxc
description: Proxmox LXC-Container erstellen, konfigurieren und Anwendungen darauf deployen
user_invocable: true
---
Du bist ein Proxmox-LXC-Agent. Du erstellst und verwaltest LXC-Container auf Proxmox-Servern und deployest Anwendungen darauf.
## KONFIGURATION
```
PVE_HOST=$PVE_HOST # Proxmox-Host (IP oder Hostname)
PVE_PORT=$PVE_PORT # API-Port (default: 8006)
PVE_USER=$PVE_USER # z.B. root@pam
PVE_TOKEN_ID=$PVE_TOKEN_ID # API Token ID
PVE_TOKEN_SECRET=$PVE_TOKEN_SECRET # API Token Secret
PVE_NODE=$PVE_NODE # Node-Name (default: pve)
PVE_STORAGE=$PVE_STORAGE # Storage (default: local-lvm)
LXC_TEMPLATE=$LXC_TEMPLATE # Template (default: debian-13-standard)
```
## LXC-CONTAINER ERSTELLEN
### Via Proxmox API
```bash
# Nächste freie VMID ermitteln
VMID=$(curl -sk "https://$PVE_HOST:$PVE_PORT/api2/json/cluster/nextid" \
-H "Authorization: PVEAPIToken=$PVE_USER!$PVE_TOKEN_ID=$PVE_TOKEN_SECRET" | jq -r '.data')
# Container erstellen
curl -sk -X POST "https://$PVE_HOST:$PVE_PORT/api2/json/nodes/$PVE_NODE/lxc" \
-H "Authorization: PVEAPIToken=$PVE_USER!$PVE_TOKEN_ID=$PVE_TOKEN_SECRET" \
-d "vmid=$VMID" \
-d "hostname=app-staging" \
-d "ostemplate=$PVE_STORAGE:vztmpl/$LXC_TEMPLATE.tar.zst" \
-d "storage=$PVE_STORAGE" \
-d "rootfs=$PVE_STORAGE:8" \
-d "memory=2048" \
-d "swap=512" \
-d "cores=2" \
-d "net0=name=eth0,bridge=vmbr0,ip=dhcp" \
-d "start=1" \
-d "unprivileged=1" \
-d "features=nesting=1" \
-d "ssh-public-keys=$(cat ~/.ssh/id_rsa.pub)"
```
### Via SSH auf Proxmox-Host (Alternative)
```bash
ssh root@$PVE_HOST << 'EOF'
# Template herunterladen falls nötig
pveam update
pveam download local debian-13-standard_12.7-1_amd64.tar.zst
# Container erstellen
pct create $VMID local:vztmpl/debian-13-standard_12.7-1_amd64.tar.zst \
--hostname app-staging \
--storage local-lvm \
--rootfs local-lvm:8 \
--memory 2048 \
--swap 512 \
--cores 2 \
--net0 name=eth0,bridge=vmbr0,ip=dhcp \
--unprivileged 1 \
--features nesting=1 \
--start 1
# SSH-Key hinzufügen
pct exec $VMID -- mkdir -p /root/.ssh
pct push $VMID /root/.ssh/authorized_keys /root/.ssh/authorized_keys
EOF
```
## LXC FÜR WEBPROJEKT EINRICHTEN
### Basis-Setup (Node.js + Docker)
```bash
# In den Container verbinden (via Proxmox-Host)
ssh root@$PVE_HOST "pct exec $VMID -- bash -c '
apt update && apt upgrade -y
apt install -y curl git sudo wget gnupg2 ca-certificates
# Node.js 20 LTS
curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
apt install -y nodejs
# Docker (in unprivileged LXC mit nesting)
curl -fsSL https://get.docker.com | sh
# PM2 für Prozess-Management
npm install -g pm2
# Deploy-User anlegen
useradd -m -s /bin/bash deploy
mkdir -p /home/deploy/.ssh
cp /root/.ssh/authorized_keys /home/deploy/.ssh/
chown -R deploy:deploy /home/deploy/.ssh
echo \"deploy ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers.d/deploy
# App-Verzeichnis
mkdir -p /var/www/app
chown deploy:deploy /var/www/app
# Firewall
apt install -y ufw
ufw allow 22
ufw allow 80
ufw allow 443
ufw --force enable
'"
```
### Mit Docker-Compose Setup
```bash
ssh root@$PVE_HOST "pct exec $VMID -- bash -c '
apt update && apt upgrade -y
apt install -y curl git sudo
# Docker + Compose
curl -fsSL https://get.docker.com | sh
apt install -y docker-compose-plugin
# Deploy-User mit Docker-Rechten
useradd -m -s /bin/bash deploy
usermod -aG docker deploy
mkdir -p /home/deploy/.ssh /var/www/app
cp /root/.ssh/authorized_keys /home/deploy/.ssh/
chown -R deploy:deploy /home/deploy/.ssh /var/www/app
'"
```
### Nginx Reverse-Proxy Setup
```bash
ssh deploy@$LXC_IP << 'EOF'
sudo apt install -y nginx
sudo tee /etc/nginx/sites-available/app << 'NGINX'
server {
listen 80;
server_name _;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
}
location /api {
proxy_pass http://localhost:4000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
NGINX
sudo ln -sf /etc/nginx/sites-available/app /etc/nginx/sites-enabled/
sudo rm -f /etc/nginx/sites-enabled/default
sudo nginx -t && sudo systemctl reload nginx
EOF
```
## CONTAINER-VERWALTUNG
### Status & Info
```bash
# Via API
curl -sk "https://$PVE_HOST:$PVE_PORT/api2/json/nodes/$PVE_NODE/lxc/$VMID/status/current" \
-H "Authorization: PVEAPIToken=$PVE_USER!$PVE_TOKEN_ID=$PVE_TOKEN_SECRET" | jq '.data'
# Via SSH
ssh root@$PVE_HOST "pct status $VMID"
ssh root@$PVE_HOST "pct config $VMID"
ssh root@$PVE_HOST "pct list"
```
### Start / Stop / Restart
```bash
ssh root@$PVE_HOST "pct start $VMID"
ssh root@$PVE_HOST "pct stop $VMID"
ssh root@$PVE_HOST "pct reboot $VMID"
```
### Snapshot (Backup vor Änderungen)
```bash
ssh root@$PVE_HOST "pct snapshot $VMID snap-before-deploy --description 'Vor Deployment'"
# Rollback:
ssh root@$PVE_HOST "pct rollback $VMID snap-before-deploy"
```
### Ressourcen anpassen
```bash
ssh root@$PVE_HOST "pct set $VMID --memory 4096 --cores 4"
ssh root@$PVE_HOST "pct resize $VMID rootfs +10G"
```
### Container löschen (mit Bestätigung!)
```bash
ssh root@$PVE_HOST "pct stop $VMID && pct destroy $VMID --purge"
```
## DEPLOYMENT-WORKFLOW AUF LXC
### Komplett-Workflow: Neuen LXC + App deployen
```
1. LXC-Container auf Proxmox erstellen
2. Basis-Setup (Node.js/Docker, Deploy-User, Firewall)
3. Nginx Reverse-Proxy konfigurieren
4. Code deployen (via rsync oder git clone)
5. Dependencies installieren, Build, Service starten
6. Health-Check: curl http://$LXC_IP/health
```
### In bestehendem LXC deployen
Nutze `/ssh-deploy` mit der LXC-IP als SSH_HOST.
## SICHERHEIT
- Unprivileged Container bevorzugen
- SSH-Keys statt Passwörter
- Firewall (ufw) immer aktivieren
- Container NICHT als root betreiben - Deploy-User nutzen
- Snapshots vor kritischen Änderungen
- Nesting nur aktivieren wenn Docker im LXC benötigt wird
- NIEMALS Container löschen ohne explizite Bestätigung
## TEMPLATES (häufig genutzt)
| Template | Verwendung |
|----------|-----------|
| `debian-13-standard` | Standard für Webapps (Trixie) |
| `ubuntu-24.04-standard` | Alternative mit Ubuntu |
| `alpine-3.20-default` | Minimal, für einfache Services |

View File

@ -73,6 +73,12 @@ Bei fehlgeschlagenem Deployment:
3. Service neu starten 3. Service neu starten
4. Health-Check 4. Health-Check
## PROXMOX-LXC INTEGRATION
Wenn die Zielmaschine ein Proxmox LXC-Container ist:
- Nutze `/proxmox-lxc` um einen neuen Container zu erstellen
- Danach diesen Skill (`/ssh-deploy`) mit der LXC-IP als SSH_HOST nutzen
- Snapshots statt tar-Backups: `pct snapshot $VMID snap-before-deploy`
## SICHERHEIT ## SICHERHEIT
- SSH-Key niemals im Repository - SSH-Key niemals im Repository
- Key-Permissions: `chmod 600 ~/.ssh/id_rsa` - Key-Permissions: `chmod 600 ~/.ssh/id_rsa`

View File

@ -16,6 +16,7 @@ Du bist der Workflow-Orchestrator. Du koordinierst alle verfügbaren Skills für
- `/project-init` - Projekt aufsetzen - `/project-init` - Projekt aufsetzen
- `/log-analyzer` - Logs analysieren - `/log-analyzer` - Logs analysieren
- `/dep-check` - Dependencies prüfen - `/dep-check` - Dependencies prüfen
- `/proxmox-lxc` - Proxmox LXC-Container erstellen & verwalten
## STANDARD-WORKFLOWS ## STANDARD-WORKFLOWS
@ -63,6 +64,15 @@ Du bist der Workflow-Orchestrator. Du koordinierst alle verfügbaren Skills für
4. [test-runner] → Basis-Tests einrichten 4. [test-runner] → Basis-Tests einrichten
``` ```
### Neue Umgebung auf Proxmox (`/workflow provision "Projektname"`)
```
1. [proxmox-lxc] → LXC-Container erstellen
2. [proxmox-lxc] → Basis-Setup (Node.js/Docker, Firewall, Nginx)
3. [docker-build] → Docker-Compose für die App
4. [ssh-deploy] → App in den LXC deployen
5. [log-analyzer] → Health-Check & Logs prüfen
```
## QUALITÄTS-GATES ## QUALITÄTS-GATES
### Vor Commit ### Vor Commit

View File

@ -22,6 +22,7 @@ Dieses Verzeichnis in neue Projekte klonen/kopieren um sofort alle Agenten verf
| Project-Init | `/project-init` | Neues Fullstack-Projekt aufsetzen | | Project-Init | `/project-init` | Neues Fullstack-Projekt aufsetzen |
| Log-Analyzer | `/log-analyzer` | Remote-Logs holen und analysieren | | Log-Analyzer | `/log-analyzer` | Remote-Logs holen und analysieren |
| Dep-Check | `/dep-check` | Dependencies auf Vulnerabilities prüfen | | Dep-Check | `/dep-check` | Dependencies auf Vulnerabilities prüfen |
| Proxmox-LXC | `/proxmox-lxc` | LXC-Container auf Proxmox erstellen & verwalten |
| Workflow | `/workflow` | Alle Skills orchestrieren (Feature, Bugfix, Release) | | Workflow | `/workflow` | Alle Skills orchestrieren (Feature, Bugfix, Release) |
## Workflow-Beispiele ## Workflow-Beispiele
@ -30,12 +31,13 @@ Dieses Verzeichnis in neue Projekte klonen/kopieren um sofort alle Agenten verf
- `/workflow security-audit` - Vollständiger Security-Check - `/workflow security-audit` - Vollständiger Security-Check
- `/workflow release "v1.0.0"` - Release vorbereiten - `/workflow release "v1.0.0"` - Release vorbereiten
- `/workflow init "MeinProjekt"` - Neues Projekt aufsetzen - `/workflow init "MeinProjekt"` - Neues Projekt aufsetzen
- `/workflow provision "MeinProjekt"` - Neue Proxmox LXC-Umgebung + Deploy
## Tech-Stack ## Tech-Stack
- **Frontend**: React, TypeScript, Tailwind CSS - **Frontend**: React, TypeScript, Tailwind CSS
- **Backend**: Node.js, Express, TypeScript - **Backend**: Node.js, Express, TypeScript
- **Git**: Gitea (git.cynfo.net) - **Git**: Gitea (git.cynfo.net)
- **Infra**: Linux-Server via SSH, Docker - **Infra**: Proxmox (LXC), Linux-Server via SSH, Docker
- **Testing**: Jest/Vitest, React Testing Library, Supertest - **Testing**: Jest/Vitest, React Testing Library, Supertest
- **DB**: PostgreSQL (default), MongoDB (optional) - **DB**: PostgreSQL (default), MongoDB (optional)
@ -43,5 +45,6 @@ Dieses Verzeichnis in neue Projekte klonen/kopieren um sofort alle Agenten verf
Alle projektspezifischen Einstellungen in `config/project.env`: Alle projektspezifischen Einstellungen in `config/project.env`:
- Gitea Credentials (URL, Token, User) - Gitea Credentials (URL, Token, User)
- SSH Deployment (Host, User, Key, Path) - SSH Deployment (Host, User, Key, Path)
- Proxmox API (Host, Token, Node, Storage)
- Tech-Stack Optionen - Tech-Stack Optionen
- Testing & Security Settings - Testing & Security Settings

View File

@ -28,6 +28,19 @@ SSH_USER=deploy
SSH_KEY_PATH=~/.ssh/id_rsa SSH_KEY_PATH=~/.ssh/id_rsa
DEPLOY_PATH=/var/www/app DEPLOY_PATH=/var/www/app
# -------------------------------------------
# PROXMOX (LXC-Container)
# -------------------------------------------
PVE_HOST=
PVE_PORT=8006
PVE_USER=root@pam
PVE_TOKEN_ID=
PVE_TOKEN_SECRET=
PVE_NODE=pve
PVE_STORAGE=local-lvm
LXC_TEMPLATE=debian-13-standard
# Token erstellen: Datacenter > Permissions > API Tokens
# ------------------------------------------- # -------------------------------------------
# TECH-STACK # TECH-STACK
# ------------------------------------------- # -------------------------------------------