Post-X-Society/Post-Tyranny-Tech-Infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Post-Tyranny-Tech-Infrastru.../ansible/playbooks
History
Pieter 79635eeece feat: Add private network architecture with NAT gateway 
Enable deployment of client servers without public IPs using private
network (10.0.0.0/16) with NAT gateway via edge server.

## Infrastructure Changes:

### Terraform (tofu/):
- **network.tf**: Define private network and subnet (10.0.0.0/24)
  - NAT gateway route through edge server
  - Firewall rules for client servers

- **main.tf**: Support private-only servers
  - Optional public_ip_enabled flag per client
  - Dynamic network block for private IP assignment
  - User-data templates for public vs private servers

- **user-data-*.yml**: Cloud-init templates
  - Private servers: Configure default route via NAT gateway
  - Public servers: Standard configuration

- **dns.tf**: Update DNS to support edge routing
  - Client domains point to edge server IP
  - Wildcard DNS for subdomains

- **variables.tf**: Add private_ip and public_ip_enabled options

### Ansible:
- **deploy.yml**: Add diun and kuma roles to deployment

## Benefits:
- Cost savings: No public IP needed for each client
- Scalability: No public IP exhaustion limits
- Security: Clients not directly exposed to internet
- Centralized SSL: All TLS termination at edge

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-20 19:06:19 +01:00
..
cleanup.yml fix: Resolve Authentik email delivery issues 2026-01-13 09:52:23 +01:00
deploy.yml feat: Add private network architecture with NAT gateway 2026-01-20 19:06:19 +01:00
setup-edge.yml feat: Add infrastructure roles for multi-tenant architecture 2026-01-20 19:05:51 +01:00
setup.yml Complete Ansible base configuration (#2) 2025-12-27 14:13:15 +01:00
update-enrollment-flow.yml feat: Add playbook to update enrollment flow and fix brand default 2026-01-15 13:29:26 +01:00