Feat/Security: add hardened Traefik proxy plugin; consistency sweep; security docs Suggested description Summary (ANIT-4)

Merged

Stapel Dev opened 4 months ago

Summary

New plugin: configuration/traefik
- Hardened Traefik v2 reverse proxy with ACME (HTTP-01/TLS-ALPN-01), global HTTP→HTTPS redirect, strict security headers, reusable rate-limit middleware, and external Docker network for app stacks.
- Files: README.md, meta.yml, playbook.yml, files/docker/.env.j2, files/docker/docker-compose.yml.j2.
Security docs
- Keycloak and NetBird controller READMEs: added Security sections and tuning guidance (headers, rate-limit, secrets).
Consistency sweep
- configuration/traefik/playbook.yml: deploy gating, preflight summary, tags, container assert.
- configuration/keycloak/playbook.yml: deploy gating, preflight summary, tags, health/routed checks obey deploy.
- configuration/netbird/client/playbook.yml: tags and final summary.
- inventory/netbox_sync/playbook.yml: assert env/vars for NETBOX_URL/TOKEN; tags; fixed duplicate pre_tasks.
- core/refine_inventory/playbook.yml: play-level tag and final summary.
- maintenance/updates/playbook.yml: assertions for accepted values; preflight summary; role tags.
- TEMPLATE/playbook.yml: appended stack-style skeleton (assert → set_fact → dirs → render → preflight → deploy → health).
- plugins/README.md: added “Conventions” section documenting the standard playbook structure and tags.

Roadmap update

docs/ROADMAP.md: logged new plugins (Traefik, Keycloak, NetBird), security hardening, and refreshed “Last Updated”.

Validation

Reviewer checklist

Commits were merged into target branch

Assignees

Merge Strategy

Create Merge Commit

Watchers (1)

Reference

pull request ANIT-4