feat: initial orchestrator service with FastAPI backend and premium GUI

- FastAPI backend with full Proxmox VE API integration
- ISO builder using proxmox-auto-install-assistant
- Premium dark-mode SPA frontend with glassmorphism design
- VM lifecycle management (create, start, stop, destroy)
- Build pipeline tracking with real-time logs
- Deployment automation for custom auto-installer ISOs
- Production deployment script (setup.sh + systemd)
- Comprehensive README with API documentation

setup.sh

@@ -0,0 +1,153 @@
+#!/usr/bin/env bash
+# setup.sh - Deploy the Sovereign Orchestrator service
+# This script installs all dependencies and configures the service
+# to run on a Debian-based LXC container on the production Proxmox host.
+#
+# Usage: bash setup.sh
+#
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+APP_DIR="/opt/sovereign-orchestrator"
+SERVICE_NAME="sovereign-orchestrator"
+SERVICE_USER="sovereign"
+PORT=8888
+
+echo "╔══════════════════════════════════════════════╗"
+echo "║  Sovereign Orchestrator - Setup Script       ║"
+echo "║  Theta42 Infrastructure Automation           ║"
+echo "╚══════════════════════════════════════════════╝"
+echo ""
+
+# --- 1. System Dependencies ---
+echo "[1/6] Installing system dependencies..."
+apt-get update -qq
+apt-get install -y -qq \
+    python3 \
+    python3-pip \
+    python3-venv \
+    xorriso \
+    curl \
+    jq \
+    wget \
+    2>/dev/null
+
+# --- 2. Install proxmox-auto-install-assistant ---
+echo "[2/6] Checking for proxmox-auto-install-assistant..."
+if ! command -v proxmox-auto-install-assistant &>/dev/null; then
+    echo "  -> Installing proxmox-auto-install-assistant from Proxmox repos..."
+    # Add Proxmox repository for the assistant tool
+    if [ ! -f /etc/apt/sources.list.d/proxmox.list ]; then
+        echo "deb [arch=amd64] http://download.proxmox.com/debian/pve trixie pve-no-subscription" \
+            > /etc/apt/sources.list.d/proxmox.list
+        wget -qO /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg \
+            http://download.proxmox.com/debian/proxmox-release-trixie.gpg 2>/dev/null || true
+        apt-get update -qq
+    fi
+    apt-get install -y -qq proxmox-auto-install-assistant 2>/dev/null || {
+        echo "  [!] Could not install from repo. Checking if binary exists locally..."
+        if [ -f /usr/bin/proxmox-auto-install-assistant ]; then
+            echo "  -> Found at /usr/bin/proxmox-auto-install-assistant"
+        else
+            echo "  [WARNING] proxmox-auto-install-assistant not available."
+            echo "  ISO generation will fail until this is installed."
+        fi
+    }
+else
+    echo "  -> Already installed: $(which proxmox-auto-install-assistant)"
+fi
+
+# --- 3. Create service user ---
+echo "[3/6] Setting up service user..."
+if ! id "$SERVICE_USER" &>/dev/null; then
+    useradd --system --home-dir "$APP_DIR" --shell /usr/sbin/nologin "$SERVICE_USER"
+    echo "  -> Created user: $SERVICE_USER"
+else
+    echo "  -> User already exists: $SERVICE_USER"
+fi
+
+# --- 4. Install application ---
+echo "[4/6] Installing application to $APP_DIR..."
+mkdir -p "$APP_DIR"
+cp -r "$SCRIPT_DIR/app" "$APP_DIR/"
+cp -r "$SCRIPT_DIR/static" "$APP_DIR/"
+cp "$SCRIPT_DIR/requirements.txt" "$APP_DIR/"
+
+# Create Python virtual environment
+python3 -m venv "$APP_DIR/venv"
+"$APP_DIR/venv/bin/pip" install --quiet --upgrade pip
+"$APP_DIR/venv/bin/pip" install --quiet -r "$APP_DIR/requirements.txt"
+
+# Create data directories
+mkdir -p "$APP_DIR/data/isos"
+mkdir -p "$APP_DIR/data/builds"
+mkdir -p "$APP_DIR/data/logs"
+
+chown -R "$SERVICE_USER:$SERVICE_USER" "$APP_DIR"
+echo "  -> Application installed successfully"
+
+# --- 5. Configure Proxmox credentials ---
+echo "[5/6] Configuring Proxmox credentials..."
+CRED_FILE="$APP_DIR/.proxmox-credentials"
+if [ -f "$HOME/.proxmox-credentials" ]; then
+    cp "$HOME/.proxmox-credentials" "$CRED_FILE"
+    chown "$SERVICE_USER:$SERVICE_USER" "$CRED_FILE"
+    chmod 600 "$CRED_FILE"
+    echo "  -> Credentials copied from $HOME/.proxmox-credentials"
+elif [ -f /root/.proxmox-credentials ]; then
+    cp /root/.proxmox-credentials "$CRED_FILE"
+    chown "$SERVICE_USER:$SERVICE_USER" "$CRED_FILE"
+    chmod 600 "$CRED_FILE"
+    echo "  -> Credentials copied from /root/.proxmox-credentials"
+else
+    echo "  [WARNING] No Proxmox credentials found."
+    echo "  Create $CRED_FILE with:"
+    echo "    PROXMOX_HOST=https://your-pve-host:8006"
+    echo "    PROXMOX_TOKEN_ID=user@pam!tokenname"
+    echo "    PROXMOX_TOKEN_SECRET=your-token-secret"
+fi
+
+# --- 6. Create systemd service ---
+echo "[6/6] Creating systemd service..."
+cat > /etc/systemd/system/${SERVICE_NAME}.service << EOF
+[Unit]
+Description=Sovereign Orchestrator - Theta42 Infrastructure Automation
+After=network.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=${SERVICE_USER}
+Group=${SERVICE_USER}
+WorkingDirectory=${APP_DIR}
+EnvironmentFile=-${CRED_FILE}
+ExecStart=${APP_DIR}/venv/bin/uvicorn app.main:app --host 0.0.0.0 --port ${PORT}
+Restart=on-failure
+RestartSec=5
+StandardOutput=append:${APP_DIR}/data/logs/service.log
+StandardError=append:${APP_DIR}/data/logs/service-error.log
+
+# Security hardening
+NoNewPrivileges=true
+ProtectSystem=strict
+ReadWritePaths=${APP_DIR}/data
+ProtectHome=true
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable ${SERVICE_NAME}
+echo "  -> Service created and enabled"
+
+echo ""
+echo "╔══════════════════════════════════════════════╗"
+echo "║  Setup Complete!                             ║"
+echo "╚══════════════════════════════════════════════╝"
+echo ""
+echo "  Start the service:  systemctl start ${SERVICE_NAME}"
+echo "  Check status:       systemctl status ${SERVICE_NAME}"
+echo "  View logs:          journalctl -u ${SERVICE_NAME} -f"
+echo "  Web UI:             http://$(hostname -I | awk '{print $1}'):${PORT}"
+echo ""