iklim.co/Environment_Infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Environment_Infrastructure/ansible/roles/db_stack/templates/db.stack.yml.j2
Murat ÖZDEMİR ed51b6eedd feat(vpn): add WireGuard and DB proxy services for secure management 
- Add new Ansible role `wireguard` to set up WireGuard VPN server on
  DB node with key generation, firewalld rules, and client peer config.
- Introduce `pg-proxy` and `mongo-proxy` socat containers in db_stack
  to expose PostgreSQL (15432) and MongoDB (17017) on host ports,
  restricted to WireGuard subnet via firewalld.
- Update test environment group_vars with WireGuard client entry for
  `murat-inspiron-15-3525`.
- Modify act_runner config: set `docker_host` to unix socket, remove
  explicit socket mount from options, and change runner label image to
  `catthehacker/ubuntu:act-22.04`.
- Open UDP port 51820 in Hetzner firewall for WireGuard inbound.
- Adjust test-db-post-stack playbook to include wireguard role (tagged).
- Update roadmap document with APISIX init step order.
2026-05-13 18:50:07 +03:00

81 lines
1.9 KiB
Django/Jinja
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

version: "3.8"
networks:
iklimco-net:
external: true
volumes:
postgresql_data:
mongodb_data:
services:
postgresql:
image: {{ db_postgres_image }}
environment:
POSTGRES_USER: "{{ db_postgres_root_user }}"
POSTGRES_PASSWORD: "{{ db_postgres_password }}"
POSTGRES_DB: postgres
PGDATA: /var/lib/postgresql/data/pgdata
volumes:
- postgresql_data:/var/lib/postgresql/data
networks:
- iklimco-net
deploy:
placement:
constraints:
- node.labels.role == db
mongodb:
image: {{ db_mongo_image }}
environment:
MONGO_INITDB_ROOT_USERNAME: "{{ db_mongo_root_user }}"
MONGO_INITDB_ROOT_PASSWORD: "{{ db_mongo_root_password }}"
volumes:
- mongodb_data:/data/db
- /opt/iklimco/db/mongodb/config/mongod.conf:/etc/mongod.conf
command: ["--config", "/etc/mongod.conf"]
networks:
- iklimco-net
deploy:
placement:
constraints:
- node.labels.role == db
# WireGuard üzerinden DB manager erişimi için köprü servisler.
# Host portları firewalld ile sadece WireGuard subnet'ine (10.8.0.0/24) açılır.
pg-proxy:
image: alpine/socat:latest
command: TCP-LISTEN:5432,fork,reuseaddr TCP:postgresql:5432
ports:
- target: 5432
published: 15432
protocol: tcp
mode: host
networks:
- iklimco-net
deploy:
placement:
constraints:
- node.labels.role == db
restart_policy:
condition: on-failure
delay: 5s
mongo-proxy:
image: alpine/socat:latest
command: TCP-LISTEN:27017,fork,reuseaddr TCP:mongodb:27017
ports:
- target: 27017
published: 17017
protocol: tcp
mode: host
networks:
- iklimco-net
deploy:
placement:
constraints:
- node.labels.role == db
restart_policy:
condition: on-failure
delay: 5s
Reference in New Issue View Git Blame Copy Permalink