# TODO - Ansible Infrastructure Automation

**Last Updated:** 2025-11-11
**Priority:** CRITICAL = 🔥 | HIGH = ⚠️ | MEDIUM = 📋 | LOW = 💡

---

## This Week (Week 47)

### 🔥 Critical
- [ ] Recover derp VM (192.168.122.99) - manual console access required
- [ ] Resolve git push permission issue (Gitea pre-receive hook)
- [ ] Install qemu-guest-agent on mymx (execute playbook)

### ⚠️ High Priority
- [ ] Create and execute Docker security audit playbook
- [ ] Fix dynamic inventory UUID-based group warnings
- [ ] Plan pihole LVM migration (or document exception)
- [ ] Update CHANGELOG.md with Week 46 improvements

### 📋 Medium Priority
- [ ] Implement monitoring (prometheus_node_exporter role)
- [ ] Capacity planning analysis for mymx
- [ ] Document derp recovery procedures

---

## Next 2 Weeks (Weeks 48-49)

### ⚠️ High Priority
- [ ] Create separate inventories public repository
- [ ] Implement automated compliance checking
- [ ] Set up CI/CD pipeline (Gitea Actions/Jenkins)
- [ ] Create backup procedures for critical VMs

### 📋 Medium Priority
- [ ] Add production/staging inventory configurations
- [ ] Create pre-commit hooks for quality checks
- [ ] Docker security hardening implementation

---

## Next Month (Dec 2025)

### ⚠️ High Priority
- [ ] Create functional Molecule test scenarios
- [ ] Implement common base system role
- [ ] Create security_hardening role (CIS compliance)

### 📋 Medium Priority
- [ ] Set up monitoring stack (Prometheus + Grafana)
- [ ] Create disaster recovery automation
- [ ] Implement HashiCorp Vault integration

### 💡 Low Priority
- [ ] Create nginx/apache roles
- [ ] Create postgresql/mysql roles
- [ ] Publish collections to Ansible Galaxy

---

## Known Issues

1. **derp VM unreachable** - SSH authentication failure, console access needed
2. **Git push blocked** - Gitea server pre-receive hook permission issue
3. **pihole LVM missing** - Non-compliant with CLAUDE.md, migration needed
4. **QEMU agent channels** - mymx needs virtio-serial channel configuration
5. **Molecule tests** - Structure exists but not functional

---

## Quick Wins (< 30 min each)

- [ ] Execute install_qemu_agent.yml on mymx
- [ ] Fix inventory group name sanitization
- [ ] Add audit_docker.yml playbook
- [ ] Create testing cheatsheet
- [ ] Update role CHANGELOGs

---

**Next Review:** Weekly (Mondays)
**Roadmap:** See [ROADMAP.md](ROADMAP.md)
**Analysis:** See [SYSTEM_ANALYSIS_AND_REMEDIATION.md](SYSTEM_ANALYSIS_AND_REMEDIATION.md)