- Refactor production setup documentation to reflect a 3-node Vault Raft cluster starting from launch.
- Update all paths to use StorageBox mounts for shared state (SWAG config, TLS certs, Monitoring data).
- Switch Nginx configuration convention from proxy-confs to site-confs to align with SWAG's auto-include behavior.
- Standardize TLS private key extensions to .pem.
- Update node failover and recovery facts to include monitoring services.
- Align deployment pipeline instructions with the latest environment variable-driven approach.
Add the Ansible README and expand prod bootstrap coverage for StorageBox keys, DB labels, DB stack configuration, and act runner setup. Update MongoDB configuration for replica set support and refresh prod roadmap/setup documentation for Swarm labels, StorageBox-backed cert paths, and recovery guidance.
- Include missing WireGuard port (51820/udp) in firewall documentation.
- Synchronize PROD DB firewall rules with the latest Patroni/Swarm setup requirements.
- Complete the PROD section of setup-vs-roadmap-map.md to cover all transition steps.
- Clarify that infra services (Vault, RabbitMQ, etc.) are restricted to private/overlay networks.
* Introduces an Ansible role for installing and registering `act_runner` for Gitea Actions.
* Automates PostgreSQL and MongoDB deployment on Docker Swarm in the test environment, leveraging Docker named volumes for data persistence.
* Translates core documentation, including `README.md` and `setup/04-test-db-docker-kurulum.md`, to Turkish.
* Adds comprehensive documentation for firewall architecture (`facts/firewall.md`) and Docker Swarm node recovery (`facts/swarm-node-recovery.md`).
* Enhances security hardening by ensuring `fail2ban` is enabled and streamlining admin SSH key management via Ansible.
* Updates Ansible vault structure to support new secret variables and adds `.vault_pass` to `.gitignore`.
