Refactor HAProxy configuration and certificate management

- Updated HAProxy configuration template to reflect changes for the Taurus Production Environment, including SSL settings and rate limiting for specific endpoints.
- Introduced new playbooks for certificate distribution and validation with OCI Vault, ensuring certificates are correctly managed and renewed.
- Added hooks for uploading renewed certificates to OCI Vault and validating their integrity.
- Enhanced the HAProxy configuration playbook to ensure proper service management and verification of the HAProxy service.
- Updated inventory variables for certificate management and ensured compatibility with the new structure.

ansible/haproxy/configure.yml

@@ -0,0 +1,101 @@
+---
+# -----------------------------------------------------------------------------
+# HAProxy Configuration Playbook
+# -----------------------------------------------------------------------------
+# Templates haproxy.cfg and starts the HAProxy service. Must run AFTER both
+# haproxy/deploy.yml and certbot/deploy.yml so that:
+#   - The HAProxy package is installed
+#   - The real Let's Encrypt certificate exists at haproxy_cert_path
+#
+# Dependency chain:
+#   haproxy/deploy.yml      ← package + dirs
+#   certbot/deploy.yml      ← writes cert to /etc/haproxy/certs/
+#   haproxy/configure.yml   ← this playbook (config + start)
+#
+# Hosts: horkos (public reverse proxy), bootes (internal HAProxy)
+# -----------------------------------------------------------------------------
+
+- name: Configure and start HAProxy
+  hosts: all
+  become: true
+  tags: [haproxy, service, configure]
+
+  handlers:
+    - name: reload haproxy
+      ansible.builtin.systemd:
+        name: haproxy
+        state: reloaded
+
+    - name: restart haproxy
+      ansible.builtin.systemd:
+        name: haproxy
+        state: restarted
+
+  tasks:
+    - name: Check if host has haproxy service
+      ansible.builtin.set_fact:
+        has_haproxy_service: "{{ 'haproxy' in services | default([]) }}"
+
+    - name: Skip hosts without haproxy service
+      ansible.builtin.meta: end_host
+      when: not has_haproxy_service
+
+    # -------------------------------------------------------------------------
+    # Certificate Check
+    # -------------------------------------------------------------------------
+
+    - name: Check if TLS certificate exists
+      ansible.builtin.stat:
+        path: "{{ haproxy_cert_path }}"
+      register: cert_file
+
+    - name: Fail if certificate is missing
+      ansible.builtin.fail:
+        msg: >
+          Certificate not found at {{ haproxy_cert_path }}.
+          Run certbot/deploy.yml before haproxy/configure.yml.
+          Command: ansible-playbook certbot/deploy.yml
+      when: not cert_file.stat.exists
+
+    # -------------------------------------------------------------------------
+    # Configuration
+    # -------------------------------------------------------------------------
+
+    - name: Template HAProxy configuration
+      ansible.builtin.template:
+        src: haproxy.cfg.j2
+        dest: /etc/haproxy/haproxy.cfg
+        owner: root
+        group: "{{ haproxy_group | default('haproxy') }}"
+        mode: '0640'
+        validate: "haproxy -c -f %s"
+      notify: reload haproxy
+
+    # -------------------------------------------------------------------------
+    # Service Management
+    # -------------------------------------------------------------------------
+
+    - name: Enable and start HAProxy service
+      ansible.builtin.systemd:
+        name: haproxy
+        enabled: true
+        state: started
+        daemon_reload: true
+
+    # -------------------------------------------------------------------------
+    # Verification
+    # -------------------------------------------------------------------------
+
+    - name: Wait for HAProxy stats port to be ready
+      ansible.builtin.uri:
+        url: "http://localhost:{{ haproxy_stats_port }}/metrics"
+        method: GET
+        status_code: 200
+      register: haproxy_health
+      retries: 5
+      delay: 3
+      until: haproxy_health.status == 200
+
+    - name: HAProxy configuration status
+      ansible.builtin.debug:
+        msg: "HAProxy is running and serving metrics on port {{ haproxy_stats_port }}"