From 193da30e656d9a9adbd5ffdf6cca5ec021d245e6 Mon Sep 17 00:00:00 2001
From: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
Date: Wed, 25 Feb 2026 00:12:50 +0100
Subject: [PATCH] docs(edge_vps): update README with role documentation

---
 roles/edge_vps/README.md | 60 ++++++++++++++++++++++++++++++++++------
 1 file changed, 52 insertions(+), 8 deletions(-)

diff --git a/roles/edge_vps/README.md b/roles/edge_vps/README.md
index a6eec43..0b1eb40 100644
--- a/roles/edge_vps/README.md
+++ b/roles/edge_vps/README.md
@@ -1,18 +1,62 @@
 # Edge VPS
 
-(Work In Progress)
-
-## Description
-
-This role is currently a placeholder for configuring Edge VPS instances. It is intended to contain tasks for setting up and managing VPS hosts at the edge of the infrastructure.
+Configures edge VPS instances with WireGuard VPN, Traefik reverse proxy, Pangolin, and Elastic Fleet Agent.
 
 ## Requirements
 
-None.
+- Docker and Docker Compose installed
+- Ansible community.docker collection
 
 ## Role Variables
 
-None defined yet.
+### WireGuard
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `edge_vps_wireguard_address` | `10.133.7.1/24` | WireGuard interface address |
+| `edge_vps_wireguard_port` | `61975` | WireGuard listen port |
+| `edge_vps_wireguard_interface` | `wg0` | WireGuard interface name |
+| `edge_vps_wireguard_routes` | `[]` | List of routes to add (network, gateway) |
+
+### Traefik
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `edge_vps_traefik_config_dir` | `/root/config/traefik` | Traefik config directory |
+| `edge_vps_acme_email` | - | Email for Let's Encrypt |
+
+### Pangolin
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `edge_vps_pangolin_dashboard_url` | - | Pangolin dashboard URL |
+| `edge_vps_pangolin_base_endpoint` | - | Pangolin base endpoint |
+| `edge_vps_pangolin_base_domain` | - | Base domain for Pangolin |
+
+### Elastic Agent
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `edge_vps_elastic_version` | `9.2.2` | Elastic Agent version |
+| `edge_vps_elastic_fleet_url` | - | Fleet server URL |
+| `edge_vps_elastic_dns_server` | `10.43.0.10` | DNS server for agent |
+
+## Secrets
+
+Store secrets in `vars/group_vars/vps/secrets.yaml` (ansible-vault encrypted):
+
+```yaml
+vault_edge_vps:
+  wireguard:
+    private_key: "..."
+    peers: [...]
+  pangolin:
+    server_secret: "..."
+  traefik:
+    cloudflare_api_token: "..."
+  elastic:
+    fleet_enrollment_token: "..."
+```
 
 ## Dependencies
 
@@ -21,7 +65,7 @@ None.
 ## Example Playbook
 
 ```yaml
-- hosts: all
+- hosts: vps
   roles:
     - role: edge_vps
 ```