Environment_Infrastructure

iklim.co/Environment_Infrastructure

Fork 0

Commit Graph

Author	SHA1	Message	Date
Murat ÖZDEMİR	ed51b6eedd	feat(vpn): add WireGuard and DB proxy services for secure management - Add new Ansible role `wireguard` to set up WireGuard VPN server on DB node with key generation, firewalld rules, and client peer config. - Introduce `pg-proxy` and `mongo-proxy` socat containers in db_stack to expose PostgreSQL (15432) and MongoDB (17017) on host ports, restricted to WireGuard subnet via firewalld. - Update test environment group_vars with WireGuard client entry for `murat-inspiron-15-3525`. - Modify act_runner config: set `docker_host` to unix socket, remove explicit socket mount from options, and change runner label image to `catthehacker/ubuntu:act-22.04`. - Open UDP port 51820 in Hetzner firewall for WireGuard inbound. - Adjust test-db-post-stack playbook to include wireguard role (tagged). - Update roadmap document with APISIX init step order.	2026-05-13 18:50:07 +03:00
Murat ÖZDEMİR	2198f932cd	Implement: Gitea Actions runner, automated DB stack, and Turkish localization * Introduces an Ansible role for installing and registering `act_runner` for Gitea Actions. * Automates PostgreSQL and MongoDB deployment on Docker Swarm in the test environment, leveraging Docker named volumes for data persistence. * Translates core documentation, including `README.md` and `setup/04-test-db-docker-kurulum.md`, to Turkish. * Adds comprehensive documentation for firewall architecture (`facts/firewall.md`) and Docker Swarm node recovery (`facts/swarm-node-recovery.md`). * Enhances security hardening by ensuring `fail2ban` is enabled and streamlining admin SSH key management via Ansible. * Updates Ansible vault structure to support new secret variables and adds `.vault_pass` to `.gitignore`.	2026-05-12 18:34:24 +03:00
Murat ÖZDEMİR	bbeaf97815	Implement: Administrative user, keyboard layout, and Ansible variable refactor This commit introduces several core configurations and structural improvements: * User Management: Creates a new `iklim` administrative user with a securely hashed password, enabled by `python3-passlib`. * System Configuration: Sets the system keyboard layout to Turkish Q (`trq`). * Security Hardening: Refines firewall rules for SSH using a rich rule and ensures `journald` log limits file creation. * Ansible Variable Management: Restructures `group_vars` by consolidating global variables into `group_vars/all/vars.yml` and sensitive data into a dedicated `group_vars/all/vault.yml`. * Ansible Compatibility: Adds `!unsafe` to a `docker info` shell command to prevent future warnings.	2026-05-11 19:00:31 +03:00

Author

SHA1

Message

Date

Murat ÖZDEMİR

ed51b6eedd

feat(vpn): add WireGuard and DB proxy services for secure management

- Add new Ansible role `wireguard` to set up WireGuard VPN server on
  DB node with key generation, firewalld rules, and client peer config.
- Introduce `pg-proxy` and `mongo-proxy` socat containers in db_stack
  to expose PostgreSQL (15432) and MongoDB (17017) on host ports,
  restricted to WireGuard subnet via firewalld.
- Update test environment group_vars with WireGuard client entry for
  `murat-inspiron-15-3525`.
- Modify act_runner config: set `docker_host` to unix socket, remove
  explicit socket mount from options, and change runner label image to
  `catthehacker/ubuntu:act-22.04`.
- Open UDP port 51820 in Hetzner firewall for WireGuard inbound.
- Adjust test-db-post-stack playbook to include wireguard role (tagged).
- Update roadmap document with APISIX init step order.

2026-05-13 18:50:07 +03:00

Murat ÖZDEMİR

2198f932cd

Implement: Gitea Actions runner, automated DB stack, and Turkish localization

*   Introduces an Ansible role for installing and registering `act_runner` for Gitea Actions.
*   Automates PostgreSQL and MongoDB deployment on Docker Swarm in the test environment, leveraging Docker named volumes for data persistence.
*   Translates core documentation, including `README.md` and `setup/04-test-db-docker-kurulum.md`, to Turkish.
*   Adds comprehensive documentation for firewall architecture (`facts/firewall.md`) and Docker Swarm node recovery (`facts/swarm-node-recovery.md`).
*   Enhances security hardening by ensuring `fail2ban` is enabled and streamlining admin SSH key management via Ansible.
*   Updates Ansible vault structure to support new secret variables and adds `.vault_pass` to `.gitignore`.

2026-05-12 18:34:24 +03:00

Murat ÖZDEMİR

bbeaf97815

Implement: Administrative user, keyboard layout, and Ansible variable refactor

This commit introduces several core configurations and structural improvements:

*   **User Management:** Creates a new `iklim` administrative user with a securely hashed password, enabled by `python3-passlib`.
*   **System Configuration:** Sets the system keyboard layout to Turkish Q (`trq`).
*   **Security Hardening:** Refines firewall rules for SSH using a rich rule and ensures `journald` log limits file creation.
*   **Ansible Variable Management:** Restructures `group_vars` by consolidating global variables into `group_vars/all/vars.yml` and sensitive data into a dedicated `group_vars/all/vault.yml`.
*   **Ansible Compatibility:** Adds `!unsafe` to a `docker info` shell command to prevent future warnings.

2026-05-11 19:00:31 +03:00

3 Commits