Switch to terraform

ansible/netbird/group_vars/netbird_servers.yml

@@ -0,0 +1,73 @@
+---
+# =============================================================================
+# NetBird GitOps PoC Configuration
+# =============================================================================
+# Lightweight deployment using NetBird's native user management.
+# No external IdP dependency.
+
+# =============================================================================
+# Domain Configuration
+# =============================================================================
+netbird_domain: "netbird-poc.networkmonitor.cc"
+netbird_protocol: "https"
+
+# =============================================================================
+# Let's Encrypt Configuration
+# =============================================================================
+letsencrypt_email: "vlad.stus@gmail.com"
+
+# =============================================================================
+# Paths
+# =============================================================================
+netbird_base_dir: "/opt/netbird"
+
+# =============================================================================
+# Network Configuration
+# =============================================================================
+netbird_dns_domain: "netbird.local"
+
+# =============================================================================
+# TURN Server Configuration
+# =============================================================================
+turn_user: "netbird"
+turn_password: "{{ vault_turn_password }}"
+
+# =============================================================================
+# Relay Configuration
+# =============================================================================
+relay_secret: "{{ vault_relay_secret }}"
+
+# =============================================================================
+# Embedded IdP Encryption Key
+# =============================================================================
+encryption_key: "{{ vault_encryption_key }}"
+
+# =============================================================================
+# Docker Configuration
+# =============================================================================
+netbird_version: "0.63.0"
+dashboard_version: "v2.27.1"
+caddy_version: "2.10.2"
+coturn_version: "4.8.0-r0"
+
+# =============================================================================
+# PoC Groups (for Terraform/Pulumi comparison)
+# =============================================================================
+# These mirror Achilles network structure for testing IaC tools
+poc_groups:
+  - name: "ground-stations"
+    display_name: "Ground Stations"
+  - name: "pilots"
+    display_name: "Pilots"
+  - name: "operators"
+    display_name: "Operators"
+  - name: "fusion-servers"
+    display_name: "Fusion Servers"
+
+# =============================================================================
+# Admin User Configuration (for setup-bootstrap.yml)
+# =============================================================================
+netbird_admin_user:
+  email: "admin@poc.local"
+  name: "PoC Administrator"
+  password: "{{ vault_admin_password }}"

ansible/netbird/group_vars/vault.yml

@@ -0,0 +1,58 @@
+$ANSIBLE_VAULT;1.1;AES256
+35363237356164656566323662333037363362353262303931363066386262323061636431333535
+3938623466643935666439373239323731633432633166360a393938373433626136323237346338
+39623463663566336662343365643338313162656161613963363262383038326366333730323733
+6137393662316165330a326562663631313637353837333335643838303663356162376361363732
+39393132306330643530393235303136363936343065613361646635666564636436366332366137
+30633965336434653938646339343662653932663330353934343837626335343163326637666331
+34373261616639323635326266346562383065656463373863383039626365656233386230346265
+31393731323530313937323038633135376134663863646137336261643862396561336262636637
+38616536613565623631646363613564623934623736633865626162346330313038663636623438
+65663565313630356433623735663631333932336435663036393839653237383363316162306436
+32383735643434336166383236383464333462346339653638393231316562383331613163303762
+32386464353761333238613562386565316437343265323765373833336666303462656639616662
+32663732373162653239626537313861356466643835643965633737376138363466303736663233
+32313439623163643664643961356337323330316365326231616331666336663562323661313261
+63356130313736303165303365646139346131646165323432383930623630303430353361636635
+37333263373930613930313533623731613264336236623335346364323734613134666465306564
+65313161643831343264363134303066653630343538326165316562666463613633653666613436
+31383331613734366538623636356663613432663138356135666531323534333532353731343561
+31303062306434343534333564336263646564303266373661393837313561343465623734386265
+36336432666163383432353330613862393934303066323463353561393236653963653034363731
+31346635666132303436356230383031623330303861613539663139616266313865313932383035
+38373531386237306233663963613132353435326234383364616136323636636537633235633364
+35613038353730323463346561336231613938656664333030313534396438396538353738336434
+34323963663434633133643739336164623337626339363566323965346136346365626336393737
+66653165306438616535623532313530653338626131353035623832393961643133363561636562
+36303262656231633138336462663332656430306538343461383566623437323830303733333066
+36383834393365393566366333396266346364303232363462663632346236353936616534643438
+64623564383038323038643135356136646262636263623232383136366533636261343536353763
+35666137316262383138646337646133383762346436333137393737613830313064356231643635
+38616164646166363064663962373433313431303861353433356462643865343361646161646263
+63316565393835633163313763336662383636313061636439643966363834623331363561306138
+31633830633531306435633463396332633639316562643334393865396234373831333031643463
+33346466653237343838636639626633633930343465346562623934643732393466393765643162
+36346166643066343766373135383037363834346331343736623537373033383565343864393038
+39396438316437653066303966396261643536373865366463306235326139306365316534393730
+61613966303139643631343831383334656561333730663033653461323139653663313033613664
+64643464323433373833356661383062356465356535396534323336636662303733313636373433
+30613565306165303865363333316631653231636561313737373135383263343532343939333162
+33313338343335313436656239316234363231313264303063333337636637643137393536626661
+66623164636263663663383535663235336432646363393663626363323939666638616335633566
+35303934386630616361343362333361316164356532363964613133633136336435623434343037
+62383733636130303335323163663538333430363465353965333064316530346165653031303832
+61613164356537633436313338636131646161636631376339383237663536336533653361393666
+66363032346431623666326163393633656136303435356430653937323566653261376339623532
+31643232336538626138353433616563656666326630356530346131396162666133666366316562
+32356635663337396662303931633031363963656665383238356662383063303734313333313931
+66613764343836356637396336373833323338623632366630326566623231633138623363366132
+34393566626662643635643036393763666331623431393931366136613566396631393937626132
+33646361346262333730333830343562393635316363373435306333353033316566356238646235
+33376665633937613431303763316564666339626564313737383237393432313365356566313234
+30663636363833313261616630393535376163323637346666613130623338623134633737616237
+34373565306338383531633932623366343864653563313062613131303564356164653137626634
+32333431663365343365346665383032663437636666316163386436633261313839623235373838
+61376131393238623834663838333265316536383439353862633334653135386137353864373034
+39303037363661613263653665376231386266393061646435353038633935623163333630313336
+33343532373565333461373666396335666664663838313037383864643033666538316163336663
+3031

ansible/netbird/group_vars/vault.yml.example

@@ -0,0 +1,42 @@
+---
+# =============================================================================
+# NetBird v1.6 Vault Secrets
+# =============================================================================
+# Copy to vault.yml, edit values, then encrypt:
+#   cp vault.yml.example vault.yml
+#   # Edit vault.yml with your values
+#   ansible-vault encrypt vault.yml
+#
+# Or use: ./generate-vault.sh to auto-generate all secrets
+
+# =============================================================================
+# TURN/Relay Configuration
+# =============================================================================
+
+# TURN server password (alphanumeric only)
+# Generate: openssl rand -base64 32 | tr -d '/+=\n'
+vault_turn_password: "YourTurnPassword2024"
+
+# Relay secret (alphanumeric only)
+# Generate: openssl rand -base64 32 | tr -d '/+=\n'
+vault_relay_secret: "YourRelaySecret2024"
+
+# =============================================================================
+# Embedded IdP Encryption Key
+# =============================================================================
+# CRITICAL: Back this up! Loss prevents recovery of user data.
+# Generate: openssl rand -base64 32
+vault_encryption_key: "YourBase64EncryptionKey=="
+
+# =============================================================================
+# User Provisioning (for setup-bootstrap.yml and setup-users.yml)
+# =============================================================================
+
+# Initial admin password (for setup-bootstrap.yml)
+# Generate: openssl rand -base64 16 | tr -d '/+=\n'
+vault_admin_password: "YourAdminPassword2024"
+
+# Service user PAT for API automation
+# LEAVE EMPTY UNTIL AFTER BOOTSTRAP!
+# Create manually in dashboard: Team → Service Users → Create Token
+vault_netbird_service_pat: ""