Murat ÖZDEMİR
ed51b6eedd
- Add new Ansible role `wireguard` to set up WireGuard VPN server on DB node with key generation, firewalld rules, and client peer config. - Introduce `pg-proxy` and `mongo-proxy` socat containers in db_stack to expose PostgreSQL (15432) and MongoDB (17017) on host ports, restricted to WireGuard subnet via firewalld. - Update test environment group_vars with WireGuard client entry for `murat-inspiron-15-3525`. - Modify act_runner config: set `docker_host` to unix socket, remove explicit socket mount from options, and change runner label image to `catthehacker/ubuntu:act-22.04`. - Open UDP port 51820 in Hetzner firewall for WireGuard inbound. - Adjust test-db-post-stack playbook to include wireguard role (tagged). - Update roadmap document with APISIX init step order.
23 lines
587 B
YAML
23 lines
587 B
YAML
---
|
|
# WireGuard client eklemek için group_vars/all/vars.yml içindeki
|
|
# wireguard_clients listesine client public key'ini ekleyin.
|
|
#
|
|
# Sadece WireGuard güncellemek için:
|
|
# ansible-playbook test-db-post-stack.yml --vault-password-file=.vault_pass --tags wireguard
|
|
|
|
- name: DB Node - StorageBox Dizinleri, MongoDB Konfigürasyonu ve WireGuard
|
|
hosts: db
|
|
become: yes
|
|
roles:
|
|
- role: db_stack
|
|
tags: [db_stack]
|
|
- role: wireguard
|
|
tags: [wireguard]
|
|
|
|
- name: App Node - DB Stack Deploy
|
|
hosts: app
|
|
become: yes
|
|
roles:
|
|
- role: db_stack
|
|
tags: [db_stack]
|