- Anglicized setup and facts markdown file names for better consistency.
- Updated 01-swarm-init-multinode.md to highlight Ansible automation of Swarm initialization and labeling.
- Overhauled 03-infra-stack-changes.md to describe the single monolithic file strategy and reflect current Redis, RabbitMQ, and etcd cluster configurations.
- Fixed minor overrides and typos in Patroni templates and Ansible bootstrap documents.
- Restructured README and roadmap mapping to align with the renamed setup documents.
Document and commit the production bootstrap state after the initial Hetzner and Ansible rollout.
- switch Ansible prod runbooks to use the shared vault password file
- record production admin CIDRs, SSH key path, encrypted group vault, and encrypted per-host vault files
- add generated production inventory and the prod setup history notes from the first bootstrap
- keep root password login disabled while preserving key-based root access for Ansible bootstrap continuity
- document separate Hetzner projects and tokens for test/prod and commit the prod provider lock file
- remove the private Redis firewall allowance from the prod Terraform firewall and matching setup docs
- Updated roadmap (03-infra-stack-changes.md) to deprecate database proxies in prod.
- Detailed direct subnet access via WireGuard for production developers.
- Provided multi-host connection parameters for Patroni and MongoDB Replica Sets in setup guide (08-prod-db-cluster-kurulum.md).
- Added environment comparison table to developer access guide.
- 01: Add WireGuard 51820/udp to public ingress table; add 9000/tcp
(APISIX Dashboard) to admin CIDR row in test private rules
- 02: Fix admin_ssh_public_key_path (id_rsa.pub, not id_ed25519.pub);
add WireGuard 51820/udp to DB firewall table; clarify 9000/9180 port
descriptions (app subnet access + SWAG proxy)
- 03: Update file structure with new roles (db_stack, wireguard,
act_runner) and playbooks (test-app/db-post-stack.yml); add floating
IP systemd service to base role description; clarify node labels
- 04: Clarify two-phase deployment (Ansible prepares dirs/config,
Gitea CI/CD deploys stack); add WireGuard setup info
- 05: Add system user column to runner table; fix runner name in
acceptance criteria (iklim-test-app → test-runner)
This commit brings the `README.md` and Ansible setup guides (`03-test-ansible-bootstrap.md`, `07-prod-ansible-bootstrap.md`) in sync with the current state of the Ansible automation.
Key updates include:
- Acknowledging the presence of in-repository Ansible playbooks and shared roles.
- Correcting Ansible inventory output paths and Terraform output commands.
- Detailing the new `group_vars/all/{vars.yml,vault.yml}` structure.
- Updating Ansible prerequisites to include `passlib` for password hashing.
- Adding documentation for `iklim` system user creation, keyboard layout, and refined firewall rules.
- Removing outdated "Known Gaps" related to missing Ansible code.
Adjusts documentation for test and production Ansible bootstrapping to leverage `ansible.cfg`. Commands are now run from specific environment directories (`ansible/test/` or `ansible/prod/`), eliminating the need to explicitly specify inventory and playbook paths.
Also adds an initial step to install required Ansible collections using `ansible-galaxy`.
This commit introduces a reordered and renumbered set of setup documentation files to better reflect the deployment stages for both test and production environments.
Key changes include:
* A new `setup-vs-roadmap-map.md` file to provide a clear mapping between roadmap tasks and their corresponding setup phases.
* Significantly expanded Ansible bootstrap documentation for both test and production, detailing Docker, Swarm, security hardening, and StorageBox SSH key management roles.
* Formalized database Docker and Swarm cluster setup instructions for test and production, including explicit steps for Swarm worker integration of DB nodes.
* Updated roadmap documentation (`roadmap/prod-env/*`) to align with the refined setup, incorporating correct private IP addresses for Swarm joins, new node labels, and floating IP usage for GoDaddy DNS records.
- Add `hetzner-sizing-report.md` defining data-driven server type recommendations for test and prod environments.
- Update Terraform configurations to align with the recommended `CPX` server types and refine firewall rules for Docker Swarm and database interactions.
- Introduce comprehensive documentation and stack files for:
- Single-node PostgreSQL/MongoDB deployment on a test DB worker node.
- High-availability 3-node MongoDB replica set and Patroni+etcd PostgreSQL cluster for production.
- Enhance Ansible bootstrap roles with SELinux disabling, fail2ban configuration, and StorageBox SSH key management for CI/CD.
- Reorganize and rename setup documentation files for improved structure and clarity.
