feat: CI/CD pipeline setup complete - Ansible playbooks updated, secrets configured, workflow ready

.deployment-archive-20251030-111806/ansible/templates/gitea-runner.service.j2

@@ -0,0 +1,26 @@
+[Unit]
+Description=Gitea Actions Runner
+After=network.target docker.service
+Requires=docker.service
+
+[Service]
+Type=simple
+User={{ runner_user }}
+WorkingDirectory={{ runner_install_dir }}
+ExecStart={{ runner_install_dir }}/act_runner daemon --config {{ runner_install_dir }}/.runner
+Restart=always
+RestartSec=10
+
+# Security hardening
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths={{ runner_work_dir }}
+
+# Resource limits
+LimitNOFILE=65536
+LimitNPROC=4096
+
+[Install]
+WantedBy=multi-user.target

.deployment-archive-20251030-111806/ansible/templates/production.env.j2

@@ -0,0 +1,50 @@
+# Production Environment Configuration
+# Generated by Ansible - DO NOT EDIT MANUALLY
+# Last updated: {{ ansible_date_time.iso8601 }}
+
+# Application
+APP_ENV=production
+APP_DEBUG=false
+APP_KEY={{ vault_app_key }}
+APP_URL=https://michaelschiemer.de
+
+# Database
+DB_CONNECTION=mysql
+DB_HOST=mysql
+DB_PORT=3306
+DB_DATABASE={{ vault_db_name }}
+DB_USERNAME={{ vault_db_user }}
+DB_PASSWORD={{ vault_db_password }}
+
+# Redis
+REDIS_HOST=redis
+REDIS_PASSWORD={{ vault_redis_password }}
+REDIS_PORT=6379
+
+# Cache
+CACHE_DRIVER=redis
+QUEUE_CONNECTION=redis
+
+# Session
+SESSION_DRIVER=redis
+SESSION_LIFETIME=120
+
+# JWT
+JWT_SECRET={{ vault_jwt_secret }}
+JWT_TTL=60
+
+# Docker Registry
+REGISTRY_URL={{ vault_registry_url }}
+REGISTRY_USER={{ vault_registry_user }}
+REGISTRY_PASSWORD={{ vault_registry_password }}
+
+# Logging
+LOG_CHANNEL=stack
+LOG_LEVEL=warning
+
+# Security
+ADMIN_ALLOWED_IPS={{ vault_admin_allowed_ips }}
+
+# Performance
+OPCACHE_ENABLE=1
+OPCACHE_VALIDATE_TIMESTAMPS=0