proxmox/docs/04-configuration/DEV_VM_GITOPS_PLAN.md

Development VM (VMID 5700) + Private GitOps Plan

Status: Plan
VMID: 5700 (Buffer range 5700–5999 per VMID_ALLOCATION_FINAL.md)
Purpose: Shared development environment for four users, Cursor Remote SSH, and private Git (GitOps-style) for all projects under /home/intlc/projects.

---

1. Overview

• Single LXC on Proxmox: hostname dev-vm, VMID 5700, IP 192.168.11.59 (from config/ip-addresses.conf: IP_DEV_VM).
• Lots of storage: 400–500 GB rootfs (override via DEV_VM_DISK_GB) on local-lvm or thin1 (node-dependent).
• Four users: Create accounts for Cursor/SSH; shared workspace under /srv/projects (or /opt/projects) populated from current /home/intlc/projects content.
• Private GitOps: Self-hosted Gitea inside the container (or on same host). Repos are private; push/pull via SSH or HTTPS. Optional: Flux/Argo CD later if you add Kubernetes.

---

2. VMID and IP

Item	Value
VMID	5700
Name	dev-vm
IP	192.168.11.59 (IP_DEV_VM)
Gateway	192.168.11.1
Node	r630-01 (default; override with PROXMOX_HOST)
Storage	local-lvm or thin1 (script uses STORAGE from config)

---

3. Resource Specs (recommended)

Resource	Value	Notes
RAM	16384 MB (16 GB)	4 users × Cursor/editors + Gitea
Cores	4	Parallel builds, Gitea, sync
Disk	400–500 GB	All projects + Git history + Gitea data
Network	vmbr0, static IP	VLAN 11 (MGMT-LAN)

---

4. Content and Layout

• Source (current): /home/intlc/projects on your workstation (proxmox repo and sibling projects: 237-combo, 27-combi, strategic, dbis_core, explorer-monorepo, etc.).
• Target (in container): /srv/projects (or /opt/projects).
  • Option A: One-time rsync/copy from your machine to the container, then add as Git remotes to Gitea.
  • Option B: Gitea “migrate” from existing Git URLs (if already in Git).
  • Option C: rsync + git init for non-Git folders, then add to Gitea as new repos.

Recommended: rsync current /home/intlc/projects into the dev VM, then use Gitea as the private canonical Git server for these repos (create repos in Gitea, add remotes, push). All four users then clone from Gitea (private) and use Cursor Remote SSH to the same VM.

---

5. Four Users

Create four OS users (e.g. dev1, dev2, dev3, dev4) with:

• SSH access (authorized_keys) for Cursor Remote SSH and Git over SSH.
• Membership in a shared group (e.g. dev) so they can read/write under /srv/projects and Gitea data if needed.
• Optional: sudo with NOPASSWD for package installs (or one “admin” user).

User creation can be done in a setup script run once after container creation (see below).

---

6. Private GitOps: Gitea

• Gitea: Lightweight, self-hosted Git server; all repos private by default; runs as a service inside the dev container (or in a sibling LXC if you prefer).
• Flow:
  1. Install Gitea in the dev VM (systemd service, listening on e.g. 127.0.0.1:3000 or 0.0.0.0:3000).
  2. Create a Gitea admin user; create one repo per project (or one monorepo).
  3. Push content from /srv/projects into Gitea (add Gitea as origin or private remote).
  4. Four users: clone from Gitea via SSH (e.g. git@dev-vm:repo.git) or HTTPS; work in Cursor via Remote SSH to the same VM.
• Private: No public exposure required; access only from 192.168.11.0/24 (or via Cloudflare Tunnel later if you want web UI from outside). SSH is key-based.

Optional later:

• Flux CD: If you introduce a Kubernetes cluster, Flux can sync from a Gitea repo (GitOps for deployments). Not required for “private Git for dev content.”

---

7. Cursor Usage

• Each user: Cursor → Remote-SSH → dev1@192.168.11.59 (or dev2, dev3, dev4).
• Workspace: open folder /srv/projects/proxmox (or any project). Code lives on the dev VM; Git remotes point to Gitea on the same host.
• No need to expose Gitea to the internet unless you add a tunnel later.

AI (Cursor, Copilot): Cursor and GitHub Copilot work with Gitea repos—they operate in your editor based on local code. Clone Gitea repos, open in Cursor or VS Code with Copilot, and use AI suggestions as usual. See GITEA_AI_REVIEW_SETUP.md for optional PR-level Claude review.

---

8. Implementation

8.1 Create the container

From the repo root (with config/ip-addresses.conf and optional .env):

# Optional: override node, storage, disk size
# export PROXMOX_HOST=192.168.11.11
# export STORAGE=thin1
# export DEV_VM_DISK_GB=500

bash scripts/create-dev-vm-5700.sh

• Script: scripts/create-dev-vm-5700.sh — creates LXC 5700 (Ubuntu 22.04 or Debian 12), hostname dev-vm, IP IP_DEV_VM (192.168.11.59), large rootfs, start on boot.

8.2 Post-create setup (users + Gitea)

• scripts/setup-dev-vm-users-and-gitea.sh — to be run inside the container (or via pct exec 5700 -- ...):
  • Creates four users with SSH keys (or placeholder for you to add keys).
  • Installs Gitea (binary or package), creates systemd unit, optional reverse-proxy (nginx/caddy) if you want HTTPS later.
  • Optional: create Gitea repos and add remotes from /srv/projects.

8.3 Sync content from your machine

From your workstation (where /home/intlc/projects exists):

rsync -avz --exclude='.git' --exclude='node_modules' \
  /home/intlc/projects/ dev1@192.168.11.59:/srv/projects/

Then on the dev VM, for each project: git init (if not already), add Gitea remote, push.

---

9. Security and Access

• Network: Dev VM only on 192.168.11.0/24; no direct public IP unless you add a Cloudflare Tunnel or port forward.
• Gitea: Private repos; access via SSH (recommended) or HTTPS with strong passwords/keys.
• SSH: Key-based only for dev users; disable password auth if desired.

---

10. Checklist

• Create LXC 5700 with create-dev-vm-5700.sh
• Run setup-dev-vm-users-and-gitea.sh inside the container
• Add four users’ SSH keys to ~dev1/.ssh/authorized_keys etc.
• Rsync or copy /home/intlc/projects content to /srv/projects on the dev VM
• Create Gitea repos and set remotes; push from dev VM
• Test Cursor Remote SSH as each user
• (Optional) Add DNS name for 192.168.11.59 and/or Cloudflare Tunnel for Gitea web UI

---

References

• VMID_ALLOCATION_FINAL.md — VMID 5700 in buffer range
• NETWORK_ARCHITECTURE.md — VLAN 11, gateway
• config/ip-addresses.conf — IP_DEV_VM
• DEV_CODESPACES_76_53_10_40.md — Codespaces-like access via 76.53.10.40, Cloudflare tunnel, fourth NPMplus, Proxmox admin, dotenv inventory
• Gitea — self-hosted Git service