chore: remove test trigger file

deployment/ansible/templates/application.env.j2

@@ -0,0 +1,40 @@
+# Application Stack Environment Configuration
+# Generated by Ansible - DO NOT EDIT MANUALLY
+
+# Timezone
+TZ={{ timezone | default('Europe/Berlin') }}
+
+# Application Domain
+APP_DOMAIN={{ app_domain | default('michaelschiemer.de') }}
+
+# Application Settings
+APP_ENV={{ app_env | default('production') }}
+APP_DEBUG={{ app_debug | default('false') }}
+APP_URL=https://{{ app_domain | default('michaelschiemer.de') }}
+
+# Database Configuration
+# Using PostgreSQL from postgres stack
+DB_HOST=postgres
+DB_PORT={{ db_port | default('5432') }}
+DB_NAME={{ db_name | default('michaelschiemer') }}
+DB_USER={{ db_user | default('postgres') }}
+DB_PASS={{ db_password }}
+
+# Redis Configuration
+# Redis runs in this stack
+REDIS_PASSWORD={{ redis_password }}
+
+# Cache Configuration
+CACHE_DRIVER={{ cache_driver | default('redis') }}
+CACHE_PREFIX={{ cache_prefix | default('app') }}
+
+# Session Configuration
+SESSION_DRIVER={{ session_driver | default('redis') }}
+SESSION_LIFETIME={{ session_lifetime | default('120') }}
+
+# Queue Worker Configuration
+QUEUE_DRIVER={{ queue_driver | default('redis') }}
+QUEUE_CONNECTION={{ queue_connection | default('default') }}
+QUEUE_WORKER_SLEEP={{ queue_worker_sleep | default('3') }}
+QUEUE_WORKER_TRIES={{ queue_worker_tries | default('3') }}
+QUEUE_WORKER_TIMEOUT={{ queue_worker_timeout | default('60') }}

deployment/ansible/templates/monitoring.env.j2

@@ -17,4 +17,5 @@ GRAFANA_PLUGINS={{ grafana_plugins | default('') }}
 
 # Prometheus BasicAuth
 # Format: username:hashed_password
-PROMETHEUS_AUTH={{ prometheus_auth }}
+# Note: Dollar signs are escaped for Docker Compose ($$ becomes $)
+PROMETHEUS_AUTH={{ prometheus_auth | replace('$', '$$') }}

deployment/ansible/templates/wireguard-client.conf.j2

@@ -0,0 +1,27 @@
+# WireGuard Client Configuration for {{ client_name }}
+# Generated by Ansible - DO NOT EDIT MANUALLY
+
+[Interface]
+# Client private key
+PrivateKey = {{ client_private_key.stdout }}
+
+# Client IP address in VPN network
+Address = {{ client_ip }}/24
+
+# DNS server (optional)
+DNS = 1.1.1.1, 8.8.8.8
+
+[Peer]
+# Server public key
+PublicKey = {{ server_public_key_cmd.stdout }}
+
+# Server endpoint
+Endpoint = {{ server_external_ip_content }}:{{ wireguard_port }}
+
+# Allowed IPs (routes through VPN)
+# IMPORTANT: Only VPN network is routed through VPN by default
+# SSH access via normal IP ({{ server_external_ip_content }}) remains available
+AllowedIPs = {{ allowed_ips }}
+
+# Keep connection alive
+PersistentKeepalive = 25

deployment/ansible/templates/wireguard-server.conf.j2

@@ -0,0 +1,22 @@
+# WireGuard Server Configuration
+# Generated by Ansible - DO NOT EDIT MANUALLY
+
+[Interface]
+# Server private key
+PrivateKey = {{ server_private_key_for_config }}
+
+# Server IP address in VPN network
+Address = {{ wireguard_server_ip }}/24
+
+# Port to listen on
+ListenPort = {{ wireguard_port }}
+
+# Enable NAT for VPN clients to access internet
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ wireguard_interface_name }} -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {{ wireguard_interface_name }} -j MASQUERADE
+
+# Clients will be added here by the add-wireguard-client playbook
+# Example:
+# [Peer]
+# PublicKey = <client_public_key>
+# AllowedIPs = 10.8.0.2/32