- Add example secret files for `app_key`, `db_user_password`, and `redis_password`.
- Introduce `local.vault.yml.example` for Ansible Vault encryption of local secrets.
- Create migration and setup scripts for transitioning from `.env.local` to secrets files.
- Update `docker-compose.local.yml` to adopt Docker Secrets and `_FILE` pattern for local configurations.
- Add deployment playbooks and enhanced logging configurations for local development.
- Improve WireGuard client IP calculation logic (find next available IP)
- Add local wireguard-clients directory for storing client configs
- Integrate Redis pool into CacheInitializer
- Improve ContainerBootstrapper with better imports and Redis pool
- Add monitoring role tags for better task organization
- Update WireGuard documentation
- Store generated WireGuard client configs locally
- Replace git.michaelschiemer.de:5000 (HTTP) with registry.michaelschiemer.de (HTTPS)
- Update all Ansible playbooks and configuration files
- Update CI/CD workflows to use HTTPS registry endpoint
- Update Docker Compose files with new registry URL
- Update documentation and scripts
Benefits:
- Secure HTTPS connection (no insecure registry config needed)
- Consistent use of HTTPS endpoint via Traefik
- Better security practices for production deployment
- Remove condition that skipped restart when image already exists
- Ensures container restart even when using same image tag (latest)
- Critical for applying code fixes without rebuilding image
- Update regex to match both localhost and external registry URLs
- Ensure docker-compose uses localhost:5000 for registry access
- Fixes connection refused errors when docker-compose pulls images
- Fix infinite loop in docker_registry_username/docker_registry_password variables
- Use _default suffix variables in production.yml to avoid recursion
- Make docker registry login optional (ignore_errors) for cases where auth isn't needed
- Fix line endings in deploy.sh script
- Add deployment/ansible/templates/.env.production.j2 used by secrets playbook
- Enhance deploy-update.yml to read registry creds from vault or CI
- Update production-deploy workflow to pass registry credentials to Ansible
- Remove obsolete GitHub-style workflows under .gitea (conflicted naming)
Why: make the production pipeline executable end-to-end with Ansible and
consistent secrets handling; avoid legacy CI configs interfering.
