d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc8abb06e2bbd33e30803ca59d284ead8ea970c6
proxmox/services/sankofa-it-read-api/README.md
defiQUG a41c3adea0
All checks were successful
Deploy to Phoenix / deploy (push) Successful in 6s
Details
feat(it-ops): LAN bootstrap for read API, NPM proxy, Cloudflare DNS 
- bootstrap-sankofa-it-read-api-lan.sh: rsync /opt/proxmox, systemd + env file,
  repo .env keys, portal CT 7801 merge, weekly export timer; tolerate export exit 2
- upsert-it-read-api-proxy-host.sh, add-it-api-sankofa-dns.sh
- systemd example uses EnvironmentFile; docs, spec, AGENTS, read API README

Made-with: Cursor
2026-04-09 01:50:14 -07:00

41 lines
1.8 KiB
Markdown
Raw Blame History

# Sankofa IT read API (Phase 0)
Minimal **read-only** JSON service for `reports/status/live_inventory.json` and `drift.json`. Intended to run on a **LAN** host (or CT) with access to the repo checkout and optional SSH to Proxmox for refresh.
**Production LAN install:** `bash scripts/deployment/bootstrap-sankofa-it-read-api-lan.sh` (rsync to `/opt/proxmox` on the seed node, `/etc/sankofa-it-read-api.env`, systemd, portal merge). See [SANKOFA_IT_OPS_KEYCLOAK_PORTAL_NEXT_STEPS.md](../../docs/03-deployment/SANKOFA_IT_OPS_KEYCLOAK_PORTAL_NEXT_STEPS.md).
## Run
```bash
cd /path/to/proxmox
python3 services/sankofa-it-read-api/server.py
```
With API key protection for `/v1/*`:
```bash
export IT_READ_API_KEY='your-long-random-secret'
python3 services/sankofa-it-read-api/server.py
```
Clients send `X-API-Key: your-long-random-secret` on `/v1/inventory/*`. `/health` stays unauthenticated.
## Endpoints
| Method | Path | Description |
|--------|------|-------------|
| GET | `/health` | Liveness + paths |
| GET | `/v1/inventory/live` | Latest live guest inventory |
| GET | `/v1/inventory/drift` | Latest drift report |
| POST | `/v1/inventory/refresh` | Runs `scripts/it-ops/export-live-inventory-and-drift.sh` (requires `IT_READ_API_KEY`) |
Optional **`IT_READ_API_CORS_ORIGINS`**: comma-separated browser origins; enables `OPTIONS` and `Access-Control-Allow-*` for direct SPA calls (prefer Next.js `/api/it/*` proxy so keys stay server-side).
## systemd
See [`config/systemd/sankofa-it-read-api.service.example`](../../config/systemd/sankofa-it-read-api.service.example).
## Next (full BFF)
Replace with OIDC-validated service, Postgres, and Proxmox/UniFi adapters per [SANKOFA_IT_OPERATIONS_CONTROLLER_SPEC.md](../../docs/02-architecture/SANKOFA_IT_OPERATIONS_CONTROLLER_SPEC.md).
Reference in New Issue View Git Blame Copy Permalink