feat(netbird): implement secure infrastructure and configuration management

- Add Terraform stack for AWS infrastructure deployment
- Include Ansible roles and playbooks for server and reverse proxy setup
- Provide infrastructure modules for database and Keycloak integration
- Sanitize all configuration files by removing sensitive domains, IPs, and credentials
- Ensure all sensitive variables use placeholders for secure customization

Author: Donemmanuelo

.gitignore

@@ -55,3 +55,6 @@ monitor-netbird/kubernetes/helm/monitoring-stack/charts/_loki/
 .vivus
 .agent
 *.tfvars
+.elastic-copilot
+.zencoder
+.zenflow

configuration/ansible/inventory/terraform_inventory.yaml

@@ -1,11 +1,11 @@
 all:
   vars:
     # NetBird Configuration
-    netbird_domain: "netbird.net.observe.camer.digital"
+    netbird_domain: "vpn.example.com"
     netbird_version: "latest"
-    relay_auth_secret: "b&{iWS+B}X>9IpiG#XS(2pLBGSX{vmFW"
-    coturn_password: "[HlY!rSbtF?gpu(6Ya}=F0=jt0D%wBdY"
-    netbird_encryption_key: "J1tVwuoWBOxGIpXY25tO82WhzzPQWHFGxv0Il6Zw2R0="
+    relay_auth_secret: "CHANGE_ME"
+    coturn_password: "CHANGE_ME"
+    netbird_encryption_key: "CHANGE_ME"
 
     # Database Configuration
     database_type: "sqlite"
@@ -15,11 +15,11 @@ all:
     sqlite_database_path: "/var/lib/netbird/store.db"
 
     # Keycloak Configuration
-    keycloak_url: "https://keycloak.net.observe.camer.digital/auth"
+    keycloak_url: "https://keycloak.example.com/auth"
     keycloak_realm: "netbird"
     keycloak_client_id: "netbird-client"
-    keycloak_client_secret: "ye07XoCAqazpRSWMwkn6RLloeZlujciA"
-    keycloak_oidc_endpoint: "https://keycloak.net.observe.camer.digital/auth/realms/netbird/.well-known/openid-configuration"
+    keycloak_client_secret: "CHANGE_ME"
+    keycloak_oidc_endpoint: "https://keycloak.example.com/auth/realms/netbird/.well-known/openid-configuration"
 
     # Ansible Connection
     ansible_user: "ubuntu"
@@ -29,15 +29,15 @@ all:
     management:
       hosts:
         net:
-          ansible_host: 16.171.59.171
-          private_ip: 172.31.4.141
+          ansible_host: 1.2.3.4
+          private_ip: 10.0.0.1
     reverse_proxy:
       hosts:
         net:
-          ansible_host: 16.171.59.171
-          private_ip: 172.31.4.141
+          ansible_host: 1.2.3.4
+          private_ip: 10.0.0.1
     relay:
       hosts:
         net:
-          ansible_host: 16.171.59.171
-          private_ip: 172.31.4.141
+          ansible_host: 1.2.3.4
+          private_ip: 10.0.0.1

infrastructure/ansible-stack/terraform.tfvars

@@ -48,17 +48,17 @@ enable_ha            = false # MUST be false for SQLite
 # enable_ha = true
 
 # Common Variables
-netbird_domain  = "netbird.net.observe.camer.digital"
+netbird_domain  = "vpn.example.com"
 cloud_provider  = "aws"
 environment     = "prod"
 aws_region      = "eu-north-1"
-aws_tag_filters = { "Name" = "net" }
+aws_tag_filters = { "Name" = "netbird" }
 
 # Keycloak Configuration
-keycloak_url                 = "https://keycloak.net.observe.camer.digital/auth"
+keycloak_url                 = "https://keycloak.example.com/auth"
 keycloak_admin_username      = "admin"
-keycloak_admin_password      = "password123!"
-keycloak_admin_client_secret = "rk9v8yewnXKOZ1oAbXktyHIIUl7rDVob"
+keycloak_admin_password      = "CHANGE_ME"
+keycloak_admin_client_secret = "CHANGE_ME"
 keycloak_use_existing_realm  = false
 
 # Authentication Secrets (Leave empty to generate automatically)
@@ -70,7 +70,7 @@ netbird_log_level      = "info"
 
 # Default Administrator
 netbird_admin_email    = "admin@example.com"
-netbird_admin_password = "qwerty12345!A"
+netbird_admin_password = "CHANGE_ME"
 
 # SSH Configuration for Ansible
 ssh_user             = "ubuntu"