- Add Email section with Postfix/Postmark configuration
- Document DNS records (DKIM, return-path, DMARC) for email
- Update Forgejo section with AI scrapers blocklist and OIDC details
- Update Role layout to include Postfix and Traefik file provider notes
- Add Notes about Traefik Docker API workaround and Postfix port 2525
- Add DKIM, return-path (CNAME), and DMARC DNS records to Terraform
- Add example variables for Postmark integration to vault.example.yml
- Update .gitignore patterns
- Add AI scrapers robots.txt update script with weekly cron job
- Add OIDC group claim and admin group configuration for Authelia
- Add UI settings (SHOW_USER_EMAIL: false)
- Increase memory limit to 512M
- Change default relay port from 587 to 2525 (Postmark)
- Add Docker provider environment variables for API version compatibility
- Configure for Postmark server token authentication
- Add vault vars include with traefik tag for CF_DNS_API_TOKEN availability
- Add Docker provider socket and API version to home compose
- Add Forgejo router to file provider as fallback (Docker provider broken due to API version mismatch)
- Fixes 404 errors on git.jfraeys.com when Docker provider fails
- Delete playbooks/app.yml (replaced by deploy-app.yml)
- Delete playbooks/test_config.yml (moved to playbooks/tests/)
- Delete setup.sh (renamed to setup)
- Update deploy.yml with improved deployment orchestration
- Update services.yml to include new infrastructure roles
- Add deploy-app.yml playbook for application-specific deployments
- Add web.yml playbook for web infrastructure management
- Restructure tests/test_config.yml for better organization
- Update inventory/group_vars/all.yml with new hostnames and settings
- Systemd service and timer for deployment orchestration
- Webhook listener for Git-triggered deployments
- Forgejo Actions workflow for CI/CD pipeline
- Deployment scripts with rollback capability
- Deploy token validation for security
- Add Redis cache support to Forgejo for improved performance
- Add AI scrapers blocking with update script and robots.txt
- Update Forgejo runner tasks with improved caching support
- Add OIDC authentication configuration tasks
- Add firewall role for UFW/iptables management
- Add fail2ban role for intrusion prevention with Docker-aware jails
- Add postfix role for mail relay capabilities
- Add backups role for automated infrastructure backups
- systemd timer for scheduled backups
- Backup scripts for Docker volumes and configurations
- Update README.md with current architecture documentation
- Add INFRA_GAP_ANALYSIS.md for tracking infrastructure improvements
- Add .python-version for pyenv version management
- Rename setup.sh to setup (drop extension for cleaner CLI)
- Update ansible.cfg for improved playbook execution
- Update .env.example with current environment variables
- Add --scope {user,org,repo} (default user) to upsert Actions secrets\n- Keep repo support and add --org for org scope\n- Include security caveat in CLI help and warning output
- Persist runner registration state by setting container working_dir to /data\n- Add post-register assertion that /opt/forgejo-runner/data/.runner exists
- Add --help and ansible-only/no-terraform modes\n- Add basic prereq checks and clearer error messages\n- Update README with new setup options and python requirements for helper scripts
- Add infra_controller role to provision a dedicated user\n- Install register/deregister forced-command authorized_keys entries\n- Read SSH public keys from vault/env and restrict access by source IP
- Document required register/deregister SSH keys for controller workflows\n- Update vault.example.yml with FORGEJO_API_TOKEN and SSH public key placeholders
- Add app_ssh_access role to install forced-command keys for infra-register-stdin and infra-deregister\n- Ensure required infra-controller runtime directories exist on services host\n- Add helper script to generate/register both Actions SSH secrets and update vault public keys
