Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements

- Add comprehensive database migrations (001-024) for schema evolution - Enhance API schema with expanded type definitions and resolvers - Add new middleware: audit logging, rate limiting, MFA enforcement, security, tenant auth - Implement new services: AI optimization, billing, blockchain, compliance, marketplace - Add adapter layer for cloud integrations (Cloudflare, Kubernetes, Proxmox, storage) - Update Crossplane provider with enhanced VM management capabilities - Add comprehensive test suite for API endpoints and services - Update frontend components with improved GraphQL subscriptions and real-time updates - Enhance security configurations and headers (CSP, CORS, etc.) - Update documentation and configuration files - Add new CI/CD workflows and validation scripts - Implement design system improvements and UI enhancements
2025-12-12 18:01:35 -08:00
parent e01131efaf
commit 9daf1fd378
968 changed files with 160890 additions and 1092 deletions
--- a/examples/production/basic-vm.yaml
+++ b/examples/production/basic-vm.yaml
@@ -0,0 +1,219 @@
+apiVersion: proxmox.sankofa.nexus/v1alpha1
+kind: ProxmoxVM
+metadata:
+  name: basic-vm-001
+  namespace: default
+  labels:
+    tenant.sankofa.nexus/id: "tenant-001"
+    environment: "production"
+    app: "basic"
+spec:
+  forProvider:
+    node: "ml110-01"
+    name: "basic-vm-001"
+    cpu: 2
+    memory: "4Gi"
+    disk: "50Gi"
+    storage: "local-lvm"
+    network: "vmbr0"
+    image: "local:iso/ubuntu-22.04-cloud.img"
+    site: "site-1"
+    userData: |
+      #cloud-config
+      # Package management
+      package_update: true
+      package_upgrade: true
+      
+      # Required packages
+      packages:
+        - qemu-guest-agent
+        - curl
+        - wget
+        - net-tools
+        - apt-transport-https
+        - ca-certificates
+        - gnupg
+        - lsb-release
+        - chrony
+        - unattended-upgrades
+        - apt-listchanges
+      
+      # Time synchronization (NTP)
+      ntp:
+        enabled: true
+        ntp_client: chrony
+        servers:
+          - 0.pool.ntp.org
+          - 1.pool.ntp.org
+          - 2.pool.ntp.org
+          - 3.pool.ntp.org
+      
+      # User configuration
+      users:
+        - name: admin
+          groups: sudo
+          shell: /bin/bash
+          sudo: ALL=(ALL) NOPASSWD:ALL
+          lock_passwd: false
+          ssh_authorized_keys:
+            - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbGtLMmN6px4J2QUYk0BjnNT2wytgiTLSDzL+AwhE6qQWbL+h8AeFET2CHeEf09m5KYLAbHkYTq5aUleuXsluPer9A5moPD1UfdSVLpyyIv8OvKU4mnabk4z31yenPD7Wn1hKd3WoZs2ZflFIvzXaVGBoQXFlWztWLO1fh6CXmppf731FMcTMr4x7uxd8dkG4B400a1xWFx7H4e/u33KDUApqimTrwPTfooRLuyyKV7FWpopSvbSl0ANkZsuyrjbQRR3uD66iQaI60sZArTjhjwnJz+VCOnmJhlGmfMMwov4SOemt+Ut3x0Z6CwagjvxbpGf4hoI9coYD89IFzYwXVUyB9CyvlxEyPTX3v8QwIEZtWWPDStAHTkwZ80z+LU/pvP12Su32D4Wu+ziDkONVpxh1Qh6tV+jvuA9oSKno9jLa4FO0ZTs4bPkww8AbglH3h+dV7zd7qtwwW1oeSw5GHaOq/NetfpvPVuYkOe0IxVvlODZ/d6vAjCBZ0fRgtsEuZvmCVrxwGzZEHWLeAF9G/XD+wpaA5OonceeuhF6K4H12TC3AH6ycUPIBdYOeD2askutLprLmukj8xAC5mRW4ehCnXmwjABrhLSJb7A326q6t8EO2+3u12vvMQt7xKi+aY0+wGZXSvHfiabp93OMuf3WL80A8+5NaRtby44fY6bw== defi@defi-oracle.io
+      
+      # Boot commands - executed in order
+      runcmd:
+        # Verify packages are installed
+        - |
+          echo "=========================================="
+          echo "Verifying required packages are installed..."
+          echo "=========================================="
+          for pkg in qemu-guest-agent curl wget net-tools chrony unattended-upgrades; do
+            if ! dpkg -l | grep -q "^ii.*$pkg"; then
+              echo "ERROR: Package $pkg is not installed"
+              exit 1
+            fi
+            echo "✅ Package $pkg is installed"
+          done
+          echo "All required packages verified"
+        
+        # Verify qemu-guest-agent package details
+        - |
+          echo "=========================================="
+          echo "Checking qemu-guest-agent package details..."
+          echo "=========================================="
+          if dpkg -l | grep -q "^ii.*qemu-guest-agent"; then
+            echo "✅ qemu-guest-agent package IS installed"
+            dpkg -l | grep qemu-guest-agent
+          else
+            echo "❌ qemu-guest-agent package is NOT installed"
+            echo "Attempting to install..."
+            apt-get update
+            apt-get install -y qemu-guest-agent
+          fi
+        
+        # Enable and start QEMU Guest Agent
+        - |
+          echo "=========================================="
+          echo "Enabling and starting QEMU Guest Agent..."
+          echo "=========================================="
+          systemctl enable qemu-guest-agent
+          systemctl start qemu-guest-agent
+          echo "QEMU Guest Agent enabled and started"
+        
+        # Verify guest agent service is running
+        - |
+          echo "=========================================="
+          echo "Verifying QEMU Guest Agent service status..."
+          echo "=========================================="
+          for i in {1..30}; do
+            if systemctl is-active --quiet qemu-guest-agent; then
+              echo "✅ QEMU Guest Agent service IS running"
+              systemctl status qemu-guest-agent --no-pager -l
+              exit 0
+            fi
+            echo "Waiting for QEMU Guest Agent to start... ($i/30)"
+            sleep 1
+          done
+          echo "⚠️  WARNING: QEMU Guest Agent may not have started properly"
+          systemctl status qemu-guest-agent --no-pager -l || true
+          echo "Attempting to restart..."
+          systemctl restart qemu-guest-agent
+          sleep 3
+          if systemctl is-active --quiet qemu-guest-agent; then
+            echo "✅ QEMU Guest Agent started after restart"
+          else
+            echo "❌ QEMU Guest Agent failed to start"
+          fi
+        
+        # Configure automatic security updates
+        - |
+          echo "Configuring automatic security updates..."
+          cat > /etc/apt/apt.conf.d/50unattended-upgrades <<'EOF'
+          Unattended-Upgrade::Allowed-Origins {
+              "${distro_id}:${distro_codename}-security";
+              "${distro_id}ESMApps:${distro_codename}-apps-security";
+              "${distro_id}ESM:${distro_codename}-infra-security";
+          };
+          Unattended-Upgrade::AutoFixInterruptedDpkg "true";
+          Unattended-Upgrade::MinimalSteps "true";
+          Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
+          Unattended-Upgrade::Remove-Unused-Dependencies "true";
+          Unattended-Upgrade::Automatic-Reboot "false";
+          Unattended-Upgrade::Automatic-Reboot-Time "02:00";
+          EOF
+          systemctl enable unattended-upgrades
+          systemctl start unattended-upgrades
+          echo "Automatic security updates configured"
+        
+        # Configure NTP (Chrony)
+        - |
+          echo "Configuring NTP (Chrony)..."
+          systemctl enable chrony
+          systemctl restart chrony
+          sleep 3
+          if systemctl is-active --quiet chrony; then
+            echo "NTP (Chrony) is running"
+            chronyc tracking | head -1 || true
+          else
+            echo "WARNING: NTP (Chrony) may not be running"
+          fi
+        
+        # SSH hardening
+        - |
+          echo "Hardening SSH configuration..."
+          if ! grep -q "^PermitRootLogin no" /etc/ssh/sshd_config; then
+            sed -i 's/^#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
+            sed -i 's/^PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
+          fi
+          if ! grep -q "^PasswordAuthentication no" /etc/ssh/sshd_config; then
+            sed -i 's/^#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
+            sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
+          fi
+          if ! grep -q "^PubkeyAuthentication yes" /etc/ssh/sshd_config; then
+            sed -i 's/^#PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
+          fi
+          systemctl restart sshd
+          echo "SSH hardening completed"
+      
+      # Write files for security configuration
+      write_files:
+        - path: /etc/apt/apt.conf.d/20auto-upgrades
+          content: |
+            APT::Periodic::Update-Package-Lists "1";
+            APT::Periodic::Download-Upgradeable-Packages "1";
+            APT::Periodic::AutocleanInterval "7";
+            APT::Periodic::Unattended-Upgrade "1";
+          permissions: '0644'
+          owner: root:root
+      
+      # Final message
+      final_message: |
+        ==========================================
+        System Boot Completed Successfully!
+        ==========================================
+        
+        Services Status:
+        - QEMU Guest Agent: $(systemctl is-active qemu-guest-agent)
+        - NTP (Chrony): $(systemctl is-active chrony)
+        - Automatic Security Updates: $(systemctl is-active unattended-upgrades)
+        
+        System Information:
+        - Hostname: $(hostname)
+        - IP Address: $(hostname -I | awk '{print $1}')
+        - Time: $(date)
+        
+        Packages Installed:
+        - qemu-guest-agent, curl, wget, net-tools
+        - chrony (NTP), unattended-upgrades (Security)
+        
+        Security Configuration:
+        - SSH: Root login disabled, Password auth disabled
+        - Automatic security updates: Enabled
+        - NTP synchronization: Enabled
+        
+        Next Steps:
+        1. Verify all services are running
+        2. Check cloud-init logs: /var/log/cloud-init-output.log
+        3. Test SSH access
+        ==========================================
+  providerConfigRef:
+    name: proxmox-provider-config
+