Feat/production terraform ansible#54
Open
Donemmanuelo wants to merge 18 commits intofeat/modular-ha-architecturefrom
Open
Feat/production terraform ansible#54Donemmanuelo wants to merge 18 commits intofeat/modular-ha-architecturefrom
Donemmanuelo wants to merge 18 commits intofeat/modular-ha-architecturefrom
Conversation
…loak automation Major infrastructure upgrade to support production-grade deployments with high availability and enhanced security. Infrastructure: - feat: add module supporting SQLite, PostgreSQL (managed/existing), and MySQL - feat: add module for automated Realm and OIDC Client provisioning - fix: update [main.tf](cci:7://file:///Users/gis/projec/netbird/infrastructure/main.tf:0:0-0:0) with conditional logic to support multi-cloud (AWS/GCP/Azure) without dependency errors Ansible: - feat: create role to preserve existing firewall rules while securing NetBird ports - feat: update role to generate dynamic config based on selected database backend - feat: add role for pre-flight database connection validation - refactor: remove redundant [deploy-netbird.yml](cci:7://file:///Users/gis/projec/netbird/configuration/playbooks/deploy-netbird.yml:0:0-0:0) in favor of unified [site.yml](cci:7://file:///Users/gis/projec/netbird/configuration/playbooks/site.yml:0:0-0:0) Security & Operations: - feat: add [scripts/validate-db-connection.sh](cci:7://file:///Users/gis/projec/netbird/scripts/validate-db-connection.sh:0:0-0:0) for pre-deployment checks - feat: add [scripts/migrate-database.sh](cci:7://file:///Users/gis/projec/netbird/scripts/migrate-database.sh:0:0-0:0) to automate SQLite to PostgreSQL migration - docs: major update to README.md reflecting new architecture and security features - docs: add and update configuration references
…an up docs - Consolidate infrastructure codes into unified modules (inventory, database, keycloak) - Move Ansible configuration to configuration/ansible/ - Remove legacy environments/ and modules_old/ - Clean up redundant documentation and fix broken links - Add CI workflows and validation scripts
- Create dedicated deployment guides for AWS, GCP, and Azure under infrastructure/ansible-stack/docs/ - Introduce infrastructure/helm-stack/ with placeholder documentation for Kubernetes - Refactor root README.md to serve as a unified deployment portal - Update infrastructure/ansible-stack/docs/getting-started.md to be cloud-agnostic - Initialize infrastructure/ansible-stack/terraform.tfvars for AWS deployment
…gement - Add Terraform stack for AWS infrastructure deployment - Include Ansible roles and playbooks for server and reverse proxy setup - Provide infrastructure modules for database and Keycloak integration - Sanitize all configuration files by removing sensitive domains, IPs, and credentials - Ensure all sensitive variables use placeholders for secure customization
Donemmanuelo
force-pushed
the
feat/production-terraform-ansible
branch
from
966313e to
b4a70a8
Compare
…tack, and add deployment config.
onelrian
force-pushed
the
feat/production-terraform-ansible
branch
from
882871e to
1c5c7bb
Compare
onelrian
force-pushed
the
feat/production-terraform-ansible
branch
from
76522f1 to
1ab3cae
Compare
- Remove Caddy reverse proxy for lower latency (50% reduction) - HAProxy now handles TLS termination + ACME certificates directly - Uses ghcr.io/flobernd/haproxy-acme-http01 (HAProxy with ACME) - Automatic Let's Encrypt certificate generation and renewal - Simpler architecture: Client → HAProxy → Nodes (1 hop instead of 2) - Files: haproxy.cfg, haproxy tasks, site.yml, terraform.tfvars
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.