Environment_Infrastructure

iklim.co/Environment_Infrastructure

Fork 0

Commit Graph

Author	SHA1	Message	Date
Murat ÖZDEMİR	2198f932cd	Implement: Gitea Actions runner, automated DB stack, and Turkish localization * Introduces an Ansible role for installing and registering `act_runner` for Gitea Actions. * Automates PostgreSQL and MongoDB deployment on Docker Swarm in the test environment, leveraging Docker named volumes for data persistence. * Translates core documentation, including `README.md` and `setup/04-test-db-docker-kurulum.md`, to Turkish. * Adds comprehensive documentation for firewall architecture (`facts/firewall.md`) and Docker Swarm node recovery (`facts/swarm-node-recovery.md`). * Enhances security hardening by ensuring `fail2ban` is enabled and streamlining admin SSH key management via Ansible. * Updates Ansible vault structure to support new secret variables and adds `.vault_pass` to `.gitignore`.	2026-05-12 18:34:24 +03:00
Murat ÖZDEMİR	bbeaf97815	Implement: Administrative user, keyboard layout, and Ansible variable refactor This commit introduces several core configurations and structural improvements: * User Management: Creates a new `iklim` administrative user with a securely hashed password, enabled by `python3-passlib`. * System Configuration: Sets the system keyboard layout to Turkish Q (`trq`). * Security Hardening: Refines firewall rules for SSH using a rich rule and ensures `journald` log limits file creation. * Ansible Variable Management: Restructures `group_vars` by consolidating global variables into `group_vars/all/vars.yml` and sensitive data into a dedicated `group_vars/all/vault.yml`. * Ansible Compatibility: Adds `!unsafe` to a `docker info` shell command to prevent future warnings.	2026-05-11 19:00:31 +03:00
Murat ÖZDEMİR	f73504c0f2	Implement: Initial Ansible environment bootstrapping and core roles This commit introduces the foundational Ansible playbooks, roles, and configurations for automated provisioning of both production and test environments. Key capabilities include: - Base System Setup: Common packages, timezone, chrony, and hostname. - Security Hardening: SELinux disable, SSH configuration, `dnf-automatic`, `fail2ban`, `firewalld` setup, and `journald` log limits. - Docker & Swarm: Docker installation and configuration, Docker Swarm initialization/joining for managers and workers, overlay network creation, and node labeling. - Storage: Hetzner StorageBox integration using `davfs2`. - Directory Structure: Creation of application and database-specific directories. This establishes a comprehensive, automated pipeline for infrastructure deployment and initial configuration.	2026-05-11 17:51:43 +03:00

Author

SHA1

Message

Date

Murat ÖZDEMİR

2198f932cd

Implement: Gitea Actions runner, automated DB stack, and Turkish localization

*   Introduces an Ansible role for installing and registering `act_runner` for Gitea Actions.
*   Automates PostgreSQL and MongoDB deployment on Docker Swarm in the test environment, leveraging Docker named volumes for data persistence.
*   Translates core documentation, including `README.md` and `setup/04-test-db-docker-kurulum.md`, to Turkish.
*   Adds comprehensive documentation for firewall architecture (`facts/firewall.md`) and Docker Swarm node recovery (`facts/swarm-node-recovery.md`).
*   Enhances security hardening by ensuring `fail2ban` is enabled and streamlining admin SSH key management via Ansible.
*   Updates Ansible vault structure to support new secret variables and adds `.vault_pass` to `.gitignore`.

2026-05-12 18:34:24 +03:00

Murat ÖZDEMİR

bbeaf97815

Implement: Administrative user, keyboard layout, and Ansible variable refactor

This commit introduces several core configurations and structural improvements:

*   **User Management:** Creates a new `iklim` administrative user with a securely hashed password, enabled by `python3-passlib`.
*   **System Configuration:** Sets the system keyboard layout to Turkish Q (`trq`).
*   **Security Hardening:** Refines firewall rules for SSH using a rich rule and ensures `journald` log limits file creation.
*   **Ansible Variable Management:** Restructures `group_vars` by consolidating global variables into `group_vars/all/vars.yml` and sensitive data into a dedicated `group_vars/all/vault.yml`.
*   **Ansible Compatibility:** Adds `!unsafe` to a `docker info` shell command to prevent future warnings.

2026-05-11 19:00:31 +03:00

Murat ÖZDEMİR

f73504c0f2

Implement: Initial Ansible environment bootstrapping and core roles

This commit introduces the foundational Ansible playbooks, roles, and configurations for automated provisioning of both production and test environments.

Key capabilities include:
-   **Base System Setup:** Common packages, timezone, chrony, and hostname.
-   **Security Hardening:** SELinux disable, SSH configuration, `dnf-automatic`, `fail2ban`, `firewalld` setup, and `journald` log limits.
-   **Docker & Swarm:** Docker installation and configuration, Docker Swarm initialization/joining for managers and workers, overlay network creation, and node labeling.
-   **Storage:** Hetzner StorageBox integration using `davfs2`.
-   **Directory Structure:** Creation of application and database-specific directories.

This establishes a comprehensive, automated pipeline for infrastructure deployment and initial configuration.

2026-05-11 17:51:43 +03:00

3 Commits