Properties

category: reference
tags: [dev, vps, ops, v7]
last_updated: 2026-03-15
confidence: high

V7 Operational Hardening

Ansible roles for backup, health checks, logging, and disk monitoring on the robot.wtf VPS. Run via ansible-playbook -i ansible/inventory.yml ansible/v7-harden.yml.

Roles

backup (roles/backup/)

SQLite .backup cron every 4 hours. Backs up robot.db and mcp_oauth.db to /srv/backups/. Prunes after 7 days. Uses sqlite3 .backup (handles WAL mode correctly without stopping services). VM-level backups via Proxmox snapshots are configured separately.

healthcheck (roles/healthcheck/)

Per-minute cron checks all services: systemctl is-active + curl localhost:port for ports 8000-8003 and 8001. Emails via msmtp/Gmail on failure.

logging (roles/logging/)

Configures systemd-journald: 500MB max, 200MB keep-free, 30-day retention. All services use StandardOutput=journal.

diskmon (roles/diskmon/)

Hourly cron checks disk usage on / and /srv. Warns at 80%, critical at 90%. Emails via same msmtp config.

Prerequisites

Set smtp_user, smtp_password, and alert_email in ansible/group_vars/all/vault.yml (encrypted) before running the hardening playbook.

Semantic Search Switch

Switched from ChromaDB (server mode on port 8004) to FAISS + ONNX MiniLM embedding. ChromaDB service disabled. See Tasks/Semantic_Search_Multi_Tenant for the multi-tenant indexing issue.