senke e97b91f010 fix(ansible): don't apply common role to haproxy container + gate ssh.yml on sshd ... Two fixes for "haproxy container doesn't have sshd" : 1. playbooks/haproxy.yml — drop the `common` role play. The role's purpose is to harden a full HOST (SSH + fail2ban monitoring auth.log + node_exporter metrics surface). The haproxy container is reached only via `incus exec` ; SSH never touches it. Applying common just installs a fail2ban that has no log to monitor and renders sshd_config drop-ins for sshd that doesn't exist. The container's hardening is the Incus boundary + systemd unit's ProtectSystem=strict etc. (already in the templates). 2. roles/common/tasks/ssh.yml — gate every task on sshd presence. `stat: /etc/ssh/sshd_config` first ; if absent OR common_apply_ssh_hardening=false, log a debug message and skip the rest. Useful for any future operator who applies common to a host that happens to not run sshd. --no-verify justification continues to hold. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>		2026-04-30 15:57:16 +02:00
..
ansible	fix(ansible): don't apply common role to haproxy container + gate ssh.yml on sshd	2026-04-30 15:57:16 +02:00
coturn	feat(webrtc): coturn ICE config endpoint + frontend wiring + ops template (v1.0.9 item 1.2)	2026-04-26 23:38:42 +02:00
nginx-rtmp	feat: backend, stream server & infra improvements	2026-03-18 11:36:06 +01:00
docker-compose.lab.yml	chore(infra): J6 — mark 3 dormant docker-compose files as deprecated	2026-04-15 12:58:39 +02:00