Add Cloudflare automation, ngrok tunnel, fix Dockerfiles

- Ansible cloudflare.yml: DNS, SSL, HSTS, Brotli, bot fight, SEO bots allow - Vault: add cloudflare_zone_id - Workflow: run cloudflare config before deploy - docker-compose-dev: add ngrok tunnel, vault, minio - Ngrok sync script: writes OUTSIDE_URL to .env.local - Fix Dockerfiles: remove mbstring/xml (built-in PHP 8.4), fix libfreetype-dev - Makefile: maintenance_on/off, clear_prod - Playbook: stop_prod, install_prod, start_prod, migrate, clear steps Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 21:06:11 +01:00
parent 507500e20d
commit e3de0da1bf
7 changed files with 266 additions and 13 deletions
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -20,5 +20,8 @@ jobs:
          chmod 600 ~/.ssh/id_ed25519
          ssh-keyscan 34.90.187.4 >> ~/.ssh/known_hosts

+      - name: Configure Cloudflare
+        run: ansible-playbook ansible/cloudflare.yml --vault-password-file <(echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}")
+
      - name: Deploy
        run: ansible-playbook -i ansible/hosts.ini ansible/deploy-caddy.yml --vault-password-file <(echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}")