feat: add PHP ini management system and update infrastructure configs

- Add PHP ini management classes (Access, IniDirective, IniKey, PhpIni)
- Update deployment configurations (Wireguard, Traefik, Monitoring)
- Add DNS stack and Ansible role
- Add deployment debugging playbooks
- Update framework components (FilePath, RedisConnectionPool)
- Update .gitignore and documentation

deployment/ansible/roles/dns/defaults/main.yml

@@ -0,0 +1,9 @@
+---
+dns_stack_path: "{{ stacks_base_path }}/dns"
+dns_corefile_template: "{{ role_path }}/../../templates/dns-Corefile.j2"
+dns_forwarders:
+  - 1.1.1.1
+  - 8.8.8.8
+dns_records:
+  - host: "grafana.{{ app_domain }}"
+    address: "{{ wireguard_server_ip_default | default('10.8.0.1') }}"

deployment/ansible/roles/dns/tasks/main.yml

@@ -0,0 +1,33 @@
+---
+- name: Ensure DNS stack directory exists
+  file:
+    path: "{{ dns_stack_path }}"
+    state: directory
+    mode: '0755'
+  tags:
+    - dns
+
+- name: Render CoreDNS configuration
+  template:
+    src: "{{ dns_corefile_template }}"
+    dest: "{{ dns_stack_path }}/Corefile"
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+    mode: '0644'
+  tags:
+    - dns
+
+- name: Deploy DNS stack
+  community.docker.docker_compose_v2:
+    project_src: "{{ dns_stack_path }}"
+    state: present
+    pull: always
+  register: dns_compose_result
+  tags:
+    - dns
+
+- name: Record DNS deployment facts
+  set_fact:
+    dns_stack_changed: "{{ dns_compose_result.changed | default(false) }}"
+  tags:
+    - dns

deployment/ansible/roles/monitoring/defaults/main.yml

@@ -3,4 +3,5 @@ monitoring_stack_path: "{{ stacks_base_path }}/monitoring"
 monitoring_wait_timeout: "{{ wait_timeout | default(60) }}"
 monitoring_env_template: "{{ role_path }}/../../templates/monitoring.env.j2"
 monitoring_vault_file: "{{ role_path }}/../../secrets/production.vault.yml"
-monitoring_vpn_ip_whitelist: "{{ wireguard_network_default | default('10.8.0.0/24') }}"
+# VPN IP whitelist: Allow WireGuard VPN network only (override via extra vars if needed)
+monitoring_vpn_ip_whitelist: "{{ monitoring_vpn_ip_whitelist_ranges | default([wireguard_network_default | default('10.8.0.0/24')]) | join(',') }}"

deployment/ansible/roles/monitoring/tasks/main.yml

@@ -15,6 +15,7 @@
   no_log: yes
   delegate_to: localhost
   become: no
+  ignore_errors: yes
   tags:
     - monitoring
 
@@ -48,6 +49,36 @@
   tags:
     - monitoring
 
+- name: Build VPN IP whitelist with endpoints
+  set_fact:
+    monitoring_vpn_ip_whitelist_ranges: "{{ [wireguard_network_default | default('10.8.0.0/24')] }}"
+  tags:
+    - monitoring
+
+- name: Set VPN IP whitelist for monitoring
+  set_fact:
+    monitoring_vpn_ip_whitelist: "{{ monitoring_vpn_ip_whitelist_ranges | join(',') }}"
+  tags:
+    - monitoring
+
+- name: Set Traefik stack path
+  set_fact:
+    traefik_stack_path: "{{ stacks_base_path }}/traefik"
+  tags:
+    - monitoring
+
+- name: Update Traefik middleware with dynamic VPN IPs
+  template:
+    src: "{{ role_path }}/../../templates/traefik-middlewares.yml.j2"
+    dest: "{{ traefik_stack_path }}/dynamic/middlewares.yml"
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+    mode: '0644'
+  vars:
+    vpn_network: "{{ wireguard_network_default | default('10.8.0.0/24') }}"
+  tags:
+    - monitoring
+
 - name: Ensure monitoring stack directory exists
   file:
     path: "{{ monitoring_stack_path }}"