# Changelog

All notable changes to the `deploy_linux_vm` role will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

### Added
- Initial CHANGELOG.md creation
- Security hardening: Added `no_log: true` to sensitive cloud-init tasks

### Changed
- N/A

### Deprecated
- N/A

### Removed
- N/A

### Fixed
- N/A

### Security
- Sensitive data in cloud-init templates now protected with `no_log: true`

## [1.0.0] - 2025-11-10

### Added
- Initial role creation for automated Linux VM deployment
- Support for Debian/Ubuntu distributions
- LVM-based storage configuration
- Cloud-init automated provisioning
- Network configuration with cloud-init
- Ansible user creation with sudo privileges
- SSH key deployment and configuration
- Molecule test structure (basic)
- Comprehensive README documentation

### Features
- Automated VM creation using libvirt/KVM
- Customizable VM resources (CPU, memory, disk)
- Cloud-init based unattended installation
- LVM partitioning schema following security best practices
- Passwordless sudo configuration for ansible user
- SSH hardening (key-based auth, no root login)
- Support for multiple network configurations

### Security
- SSH key-based authentication only
- Passwordless sudo with logging enabled
- Separate LVM volumes for system directories
- `/tmp` mounted with `noexec,nosuid,nodev` flags
- Minimal base package installation

[Unreleased]: https://git.mymx.me/ansible/infra-automation/compare/v1.0.0...HEAD
[1.0.0]: https://git.mymx.me/ansible/infra-automation/releases/tag/v1.0.0