Robert Helewka
0f21380fd0
Move TLS termination and reverse proxying entirely to Titania's HAProxy, eliminating the redundant HAProxy instance on Prospero. Backends now communicate over plain HTTP within the internal network. - Remove HAProxy container, config, certs, and syslog from Prospero - Remove ssl_backend flags from Titania backend definitions - Replace pplg_haproxy_* vars with single pplg_domain variable - Remove HAProxy syslog source from Alloy config - Update OAuth2-Proxy to listen on all interfaces for Titania access
Ouranos
Red Panda Approved™ Infrastructure as Code
Ouranos is an infrastructure-as-code project that provisions and manages the Ouranos Lab — a development sandbox at ouranos.helu.ca. All infrastructure is tracked in Git for fully reproducible deployments.
| Component | Purpose |
|---|---|
| Terraform | Provisions 10 specialised Incus containers (LXC) with networking, security policies, and resource dependencies |
| Ansible | Configures Docker, databases, observability stack, and application runtimes across all containers |
Containers are named after moons of Uranus and resolved via the .incus DNS domain.
Quick Start
ℹ️ The Ansible virtual environment is expected at ~/env/ouranos/bin/activate.
# Provision containers
cd terraform
terraform init && terraform apply
# Configure services
cd ../ansible
source ~/env/ouranos/bin/activate
ansible-playbook site.yml
Common Operations
# Start all containers
ansible-playbook sandbox_up.yml
# Stop all containers
ansible-playbook sandbox_down.yml
# Update all hosts
ansible-playbook apt_update.yml
# Deploy a specific service
ansible-playbook <service>/deploy.yml
Documentation
| Document | Description |
|---|---|
| docs/ouranos.md | Complete lab reference — hosts, services, routing, workflows |
| docs/terraform.md | Terraform practices and patterns |
| docs/ansible.md | Ansible project structure and conventions |
| docs/red_panda_standards.md | Red Panda Approval™ quality standards |
🐾 Red Panda Approval™
This project adheres to Red Panda Approval™ standards.