4e72ddf4ef
Completed Issue #2: Ansible Base Configuration All objectives met: - ✅ Hetzner Cloud dynamic inventory (hcloud plugin) - ✅ Common role (SSH hardening, UFW firewall, fail2ban, auto-updates) - ✅ Docker role (Docker Engine + Compose + networks) - ✅ Traefik role (reverse proxy with Let's Encrypt SSL) - ✅ Setup playbook (orchestrates all base roles) - ✅ Successfully tested on live test server (91.99.210.204) Additional improvements: - Fixed ansible.cfg for Ansible 2.20+ compatibility - Updated ADR dates to 2025 - All roles follow Infrastructure Agent patterns Test Results: - SSH hardening applied (key-only auth) - UFW firewall active (ports 22, 80, 443) - Fail2ban protecting SSH - Automatic security updates enabled - Docker running with traefik network - Traefik deployed and ready for SSL Files added: - ansible/playbooks/setup.yml - ansible/roles/docker/* (complete) - ansible/roles/traefik/* (complete) Closes #2 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
21 lines
480 B
Django/Jinja
21 lines
480 B
Django/Jinja
# Traefik dynamic configuration
|
|
# Managed by Ansible - do not edit manually
|
|
|
|
http:
|
|
middlewares:
|
|
# Security headers
|
|
security-headers:
|
|
headers:
|
|
browserXssFilter: true
|
|
contentTypeNosniff: true
|
|
forceSTSHeader: true
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
stsSeconds: 31536000
|
|
customFrameOptionsValue: "SAMEORIGIN"
|
|
|
|
# Rate limiting
|
|
rate-limit:
|
|
rateLimit:
|
|
average: 100
|
|
burst: 200
|