Joakim
9e570ac2a3
- Add authentik-deployment-guide.md: Complete step-by-step deployment guide - Add architecture-decisions.md: Document native DB vs containerized rationale - Add authentication-architecture.md: SSO strategy and integration patterns - Update deployment-guide.md: Integrate authentik deployment procedures - Update security-hardening.md: Add multi-layer security documentation - Update service-integration-guide.md: Add authentik integration examples - Update README.md: Professional project overview with architecture benefits - Update authentik role: Fix HTTP binding, add security configs, improve templates - Remove unused authentik task files: containers.yml, networking.yml Key improvements: * Document security benefits of native databases over containers * Document Unix socket IPC architecture advantages * Provide comprehensive troubleshooting and deployment procedures * Add forward auth integration patterns for services * Fix authentik HTTP binding from 127.0.0.1 to 0.0.0.0 * Add shared memory and IPC security configurations
28 lines
786 B
YAML
28 lines
786 B
YAML
---
|
|
# Security hardening establishes secure foundation before web services
|
|
# - import_playbook: playbooks/security.yml
|
|
|
|
- name: Deploy Core Infrastructure
|
|
hosts: arch-vps
|
|
become: true
|
|
gather_facts: true
|
|
|
|
roles:
|
|
# Infrastructure services
|
|
# - role: postgresql
|
|
# tags: ['postgresql', 'infrastructure', 'database']
|
|
# - role: valkey
|
|
# tags: ['valkey', 'redis', 'infrastructure', 'cache']
|
|
# - role: podman
|
|
# tags: ['podman', 'containers', 'infrastructure']
|
|
# - role: caddy
|
|
# tags: ['caddy', 'infrastructure', 'web']
|
|
|
|
# Application services
|
|
# - role: sigvild-gallery
|
|
# tags: ['sigvild', 'gallery', 'wedding']
|
|
- role: gitea
|
|
tags: ['gitea', 'git', 'development']
|
|
- role: authentik
|
|
tags: ['authentik']
|