ansible/roles/edge_vps/README.md

# Edge VPS

Configures edge VPS instances with WireGuard VPN, Traefik reverse proxy, Pangolin, and Elastic Fleet Agent.

## Requirements

- Docker and Docker Compose installed
- Ansible community.docker collection

## Role Variables

### WireGuard

| Variable | Default | Description |
|----------|---------|-------------|
| `edge_vps_wireguard_address` | `10.133.7.1/24` | WireGuard interface address |
| `edge_vps_wireguard_port` | `61975` | WireGuard listen port |
| `edge_vps_wireguard_interface` | `wg0` | WireGuard interface name |
| `edge_vps_wireguard_routes` | `[]` | List of routes to add (network, gateway) |

### Traefik

| Variable | Default | Description |
|----------|---------|-------------|
| `edge_vps_traefik_config_dir` | `/root/config/traefik` | Traefik config directory |
| `edge_vps_acme_email` | - | Email for Let's Encrypt |

### Pangolin

| Variable | Default | Description |
|----------|---------|-------------|
| `edge_vps_pangolin_dashboard_url` | - | Pangolin dashboard URL |
| `edge_vps_pangolin_base_endpoint` | - | Pangolin base endpoint |
| `edge_vps_pangolin_base_domain` | - | Base domain for Pangolin |

### Elastic Agent

| Variable | Default | Description |
|----------|---------|-------------|
| `edge_vps_elastic_version` | `9.2.2` | Elastic Agent version |
| `edge_vps_elastic_fleet_url` | - | Fleet server URL |
| `edge_vps_elastic_dns_server` | `10.43.0.10` | DNS server for agent |

## Secrets

Store secrets in `vars/group_vars/vps/secrets.yaml` (ansible-vault encrypted):

```yaml
vault_edge_vps:
  wireguard:
    private_key: "..."
    peers: [...]
  pangolin:
    server_secret: "..."
  traefik:
    cloudflare_api_token: "..."
  elastic:
    fleet_enrollment_token: "..."
```

## Dependencies

None.

## Example Playbook

```yaml
- hosts: vps
  roles:
    - role: edge_vps
```

## License

MIT