79635eeece
Enable deployment of client servers without public IPs using private network (10.0.0.0/16) with NAT gateway via edge server. ## Infrastructure Changes: ### Terraform (tofu/): - **network.tf**: Define private network and subnet (10.0.0.0/24) - NAT gateway route through edge server - Firewall rules for client servers - **main.tf**: Support private-only servers - Optional public_ip_enabled flag per client - Dynamic network block for private IP assignment - User-data templates for public vs private servers - **user-data-*.yml**: Cloud-init templates - Private servers: Configure default route via NAT gateway - Public servers: Standard configuration - **dns.tf**: Update DNS to support edge routing - Client domains point to edge server IP - Wildcard DNS for subdomains - **variables.tf**: Add private_ip and public_ip_enabled options ### Ansible: - **deploy.yml**: Add diun and kuma roles to deployment ## Benefits: - Cost savings: No public IP needed for each client - Scalability: No public IP exhaustion limits - Security: Clients not directly exposed to internet - Centralized SSL: All TLS termination at edge 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
11 lines
170 B
YAML
11 lines
170 B
YAML
#cloud-config
|
|
package_update: true
|
|
package_upgrade: true
|
|
packages:
|
|
- curl
|
|
- wget
|
|
- git
|
|
- python3
|
|
- python3-pip
|
|
runcmd:
|
|
- hostnamectl set-hostname ${hostname}
|