apiVersion: proxmox.sankofa.nexus/v1alpha1 kind: ProxmoxVM metadata: name: phoenix-codespaces-ide namespace: default labels: tenant.sankofa.nexus/id: "infrastructure" environment: "production" app: "phoenix" component: "codespaces" service: "ide" spec: forProvider: node: "ml110-01" name: "phoenix-codespaces-ide" cpu: 8 memory: "32Gi" disk: "200Gi" storage: "local-lvm" network: "vmbr0" image: "local:iso/ubuntu-22.04-cloud.img" site: "site-1" userData: | #cloud-config # Package management package_update: true package_upgrade: true # Time synchronization (NTP) ntp: enabled: true ntp_client: chrony servers: - 0.pool.ntp.org - 1.pool.ntp.org - 2.pool.ntp.org - 3.pool.ntp.org # Required packages packages: - qemu-guest-agent - curl - wget - net-tools - apt-transport-https - ca-certificates - gnupg - lsb-release - chrony - unattended-upgrades - apt-listchanges # IDE and development tools - git - docker.io - docker-compose - nginx - certbot - python3-certbot-nginx - build-essential - nodejs - npm - python3 - python3-pip - python3-venv - golang-go - jq - ufw # AI/ML tools - python3-dev - python3-wheel # User configuration users: - name: admin groups: sudo, docker shell: /bin/bash sudo: ALL=(ALL) NOPASSWD:ALL lock_passwd: false ssh_authorized_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbGtLMmN6px4J2QUYk0BjnNT2wytgiTLSDzL+AwhE6qQWbL+h8AeFET2CHeEf09m5KYLAbHkYTq5aUleuXsluPer9A5moPD1UfdSVLpyyIv8OvKU4mnabk4z31yenPD7Wn1hKd3WoZs2ZflFIvzXaVGBoQXFlWztWLO1fh6CXmppf731FMcTMr4x7uxd8dkG4B400a1xWFx7H4e/u33KDUApqimTrwPTfooRLuyyKV7FWpopSvbSl0ANkZsuyrjbQRR3uD66iQaI60sZArTjhjwnJz+VCOnmJhlGmfMMwov4SOemt+Ut3x0Z6CwagjvxbpGf4hoI9coYD89IFzYwXVUyB9CyvlxEyPTX3v8QwIEZtWWPDStAHTkwZ80z+LU/pvP12Su32D4Wu+ziDkONVpxh1Qh6tV+jvuA9oSKno9jLa4FO0ZTs4bPkww8AbglH3h+dV7zd7qtwwW1oeSw5GHaOq/NetfpvPVuYkOe0IxVvlODZ/d6vAjCBZ0fRgtsEuZvmCVrxwGzZEHWLeAF9G/XD+wpaA5OonceeuhF6K4H12TC3AH6ycUPIBdYOeD2askutLprLmukj8xAC5mRW4ehCnXmwjABrhLSJb7A326q6t8EO2+3u12vvMQt7xKi+aY0+wGZXSvHfiabp93OMuf3WL80A8+5NaRtby44fY6bw== defi@defi-oracle.io # Boot commands - executed in order runcmd: # Verify packages are installed - | echo "==========================================" echo "Verifying required packages are installed..." echo "==========================================" for pkg in qemu-guest-agent curl wget net-tools chrony unattended-upgrades; do if ! dpkg -l | grep -q "^ii.*$pkg"; then echo "ERROR: Package $pkg is not installed" exit 1 fi echo "✅ Package $pkg is installed" done echo "All required packages verified" # Verify qemu-guest-agent package details - | echo "==========================================" echo "Checking qemu-guest-agent package details..." echo "==========================================" if dpkg -l | grep -q "^ii.*qemu-guest-agent"; then echo "✅ qemu-guest-agent package IS installed" dpkg -l | grep qemu-guest-agent else echo "❌ qemu-guest-agent package is NOT installed" echo "Attempting to install..." apt-get update apt-get install -y qemu-guest-agent fi # Enable and start QEMU Guest Agent - | echo "==========================================" echo "Enabling and starting QEMU Guest Agent..." echo "==========================================" systemctl enable qemu-guest-agent systemctl start qemu-guest-agent echo "QEMU Guest Agent enabled and started" # Verify guest agent service is running - | echo "==========================================" echo "Verifying QEMU Guest Agent service status..." echo "==========================================" for i in {1..30}; do if systemctl is-active --quiet qemu-guest-agent; then echo "✅ QEMU Guest Agent service IS running" systemctl status qemu-guest-agent --no-pager -l exit 0 fi echo "Waiting for QEMU Guest Agent to start... ($i/30)" sleep 1 done echo "⚠️ WARNING: QEMU Guest Agent may not have started properly" systemctl status qemu-guest-agent --no-pager -l || true echo "Attempting to restart..." systemctl restart qemu-guest-agent sleep 3 if systemctl is-active --quiet qemu-guest-agent; then echo "✅ QEMU Guest Agent started after restart" else echo "❌ QEMU Guest Agent failed to start" fi # Configure Docker - systemctl enable docker - systemctl start docker # Install code-server (VS Code in browser) - | echo "Installing code-server..." curl -fsSL https://code-server.dev/install.sh | sh systemctl enable --now code-server@admin || echo "Code-server will be configured post-deployment" # Install Python AI/ML packages - | echo "Installing Python AI/ML packages..." python3 -m pip install --upgrade pip python3 -m pip install --user langchain openai anthropic transformers torch torchvision || echo "AI packages will be installed post-deployment" # Create directories for code-server - | mkdir -p /home/admin/.config/code-server mkdir -p /home/admin/workspaces mkdir -p /opt/phoenix-ide chown -R admin:admin /home/admin/.config chown -R admin:admin /home/admin/workspaces chown -R admin:admin /opt/phoenix-ide # Create Phoenix-branded code-server config - | cat > /home/admin/.config/code-server/config.yaml < /etc/nginx/sites-available/phoenix-codespaces < /opt/phoenix-ide/phoenix-ai-agent.py <<'PYEOF' #!/usr/bin/env python3 """ Phoenix AI Agent - Copilot-like AI assistant for Phoenix Codespaces IDE This script provides AI-powered code completion and assistance """ import sys import json def main(): print("Phoenix AI Agent - Initialized") print("This agent will be configured post-deployment") print("Features:") print(" - Code completion") print(" - Code generation") print(" - Code review") print(" - Automated testing") print(" - Documentation generation") if __name__ == "__main__": main() PYEOF chmod +x /opt/phoenix-ide/phoenix-ai-agent.py chown admin:admin /opt/phoenix-ide/phoenix-ai-agent.py # Configure automatic security updates - | echo "Configuring automatic security updates..." cat > /etc/apt/apt.conf.d/50unattended-upgrades <<'EOF' Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-security"; "${distro_id}ESMApps:${distro_codename}-apps-security"; "${distro_id}ESM:${distro_codename}-infra-security"; }; Unattended-Upgrade::AutoFixInterruptedDpkg "true"; Unattended-Upgrade::MinimalSteps "true"; Unattended-Upgrade::Remove-Unused-Kernel-Packages "true"; Unattended-Upgrade::Remove-Unused-Dependencies "true"; Unattended-Upgrade::Automatic-Reboot "false"; Unattended-Upgrade::Automatic-Reboot-Time "02:00"; EOF systemctl enable unattended-upgrades systemctl start unattended-upgrades echo "Automatic security updates configured" # Configure NTP (Chrony) - | echo "Configuring NTP (Chrony)..." systemctl enable chrony systemctl restart chrony sleep 3 if systemctl is-active --quiet chrony; then echo "NTP (Chrony) is running" chronyc tracking | head -1 || true else echo "WARNING: NTP (Chrony) may not be running" fi # SSH hardening - | echo "Hardening SSH configuration..." if ! grep -q "^PermitRootLogin no" /etc/ssh/sshd_config; then sed -i 's/^#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config sed -i 's/^PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config fi if ! grep -q "^PasswordAuthentication no" /etc/ssh/sshd_config; then sed -i 's/^#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config fi if ! grep -q "^PubkeyAuthentication yes" /etc/ssh/sshd_config; then sed -i 's/^#PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config fi systemctl restart sshd echo "SSH hardening completed # Write files for security configuration write_files: - path: /etc/apt/apt.conf.d/20auto-upgrades content: | APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "7"; APT::Periodic::Unattended-Upgrade "1"; permissions: '0644' owner: root:root # Final message final_message: | ========================================== providerConfigRef: name: proxmox-provider-config