feat: improve WireGuard client management and framework initialization

- Improve WireGuard client IP calculation logic (find next available IP) - Add local wireguard-clients directory for storing client configs - Integrate Redis pool into CacheInitializer - Improve ContainerBootstrapper with better imports and Redis pool - Add monitoring role tags for better task organization - Update WireGuard documentation - Store generated WireGuard client configs locally
2025-11-02 03:29:23 +01:00
parent f56d53d873
commit e598309c48
12 changed files with 183 additions and 37 deletions
--- a/deployment/ansible/roles/monitoring/defaults/main.yml
+++ b/deployment/ansible/roles/monitoring/defaults/main.yml
@@ -3,3 +3,4 @@ monitoring_stack_path: "{{ stacks_base_path }}/monitoring"
 monitoring_wait_timeout: "{{ wait_timeout | default(60) }}"
 monitoring_env_template: "{{ role_path }}/../../templates/monitoring.env.j2"
 monitoring_vault_file: "{{ role_path }}/../../secrets/production.vault.yml"
+monitoring_vpn_ip_whitelist: "{{ wireguard_network_default | default('10.8.0.0/24') }}"
--- a/deployment/ansible/roles/monitoring/tasks/main.yml
+++ b/deployment/ansible/roles/monitoring/tasks/main.yml
@@ -5,6 +5,8 @@
  delegate_to: localhost
  register: monitoring_vault_stat
  become: no
+  tags:
+    - monitoring

 - name: Optionally load monitoring secrets from vault
  include_vars:
@@ -13,16 +15,22 @@
  no_log: yes
  delegate_to: localhost
  become: no
+  tags:
+    - monitoring

 - name: Set Grafana admin password from vault or generate
  set_fact:
    grafana_admin_password: "{{ vault_grafana_admin_password | default(lookup('password', '/dev/null length=25 chars=ascii_letters,digits')) }}"
  no_log: yes
+  tags:
+    - monitoring

 - name: Set Prometheus password from vault or generate
  set_fact:
    prometheus_password: "{{ vault_prometheus_password | default(lookup('password', '/dev/null length=25 chars=ascii_letters,digits')) }}"
  no_log: yes
+  tags:
+    - monitoring

 - name: Generate Prometheus BasicAuth hash
  shell: |
@@ -30,17 +38,23 @@
  register: prometheus_auth_hash
  changed_when: false
  no_log: yes
+  tags:
+    - monitoring

 - name: Set Prometheus BasicAuth string
  set_fact:
    prometheus_auth: "admin:{{ prometheus_auth_hash.stdout }}"
  no_log: yes
+  tags:
+    - monitoring

 - name: Ensure monitoring stack directory exists
  file:
    path: "{{ monitoring_stack_path }}"
    state: directory
    mode: '0755'
+  tags:
+    - monitoring

 - name: Create monitoring stack .env file
  template:
@@ -50,6 +64,8 @@
    group: "{{ ansible_user }}"
    mode: '0600'
  no_log: yes
+  tags:
+    - monitoring

 - name: Deploy Monitoring stack
  community.docker.docker_compose_v2:
@@ -57,12 +73,18 @@
    state: present
    pull: always
  register: monitoring_compose_result
+  tags:
+    - monitoring

 - name: Wait for Monitoring to be ready
  wait_for:
    timeout: "{{ monitoring_wait_timeout }}"
  when: monitoring_compose_result.changed
+  tags:
+    - monitoring

 - name: Record monitoring deployment facts
  set_fact:
    monitoring_stack_changed: "{{ monitoring_compose_result.changed | default(false) }}"
+  tags:
+    - monitoring