chore: remove old inventory for now and add vagrant

old inventory was never in use. Vagrant for local development

inventories/vagrant/group_vars/all.yml

@@ -0,0 +1,3 @@
+---
+# Variables for all hosts
+ansible_python_interpreter: /usr/bin/python3

inventories/vagrant/group_vars/traefik_servers_backend.yml

@@ -0,0 +1,10 @@
+---
+# Configuration for backend reverse proxy servers
+# These use Docker provider for local service discovery
+
+traefik_mode: backend
+use_ssl: true
+cert_mode: "selfsigned"
+enable_dashboard: true
+log_level: DEBUG
+traefik_network: proxy

inventories/vagrant/group_vars/traefik_servers_dmz.yml

@@ -0,0 +1,24 @@
+---
+# Configuration for DMZ reverse proxy servers
+# These are public-facing proxies that route traffic to backend servers
+
+traefik_mode: dmz
+use_ssl: true
+cert_mode: "selfsigned"  # Use 'acme' for production
+enable_dashboard: true
+log_level: DEBUG
+traefik_network: proxy
+
+# Backend servers to proxy (if empty, proxies to all backend_servers)
+# This allows multiple DMZ proxies to handle different backend servers
+# backend_servers_to_proxy:
+#   - backend1
+#   - backend2
+
+# ACME configuration (uncomment for production with cert_mode: acme)
+# ssl_email: "admin@example.com"
+# ssl_cert_resolver: "dns"
+# acme_dns_zone: "digitalboard._acme.digitalboard.ch."
+# acme_dns_nameserver: "192.168.1.1:53"
+# acme_tsig_key: "your-tsig-key-name"
+# acme_tsig_secret: "your-tsig-secret"

inventories/vagrant/host_vars/backend/keycloak.yml

@@ -0,0 +1 @@
+keycloak_admin_password: admin

inventories/vagrant/host_vars/backend/main.yml

@@ -0,0 +1,3 @@
+---
+# Backend server configuration
+# This server hosts application services that are exposed via the DMZ reverse proxy

inventories/vagrant/host_vars/backend/traefik.yml

@@ -0,0 +1,21 @@
+# Services to be exposed through the DMZ reverse proxy
+traefik_services:
+  - name: httpbin
+    domain: httpbin.local.test
+    port: 443
+    protocol: https
+  - name: keycloak
+    domain: keycloak.local.test
+    port: 443
+    protocol: https
+
+  # Example: Add more services as you deploy them
+  # - name: forgejo
+  #   domain: git.example.com
+  #   port: 3000
+  #   protocol: http
+
+  # - name: nextcloud
+  #   domain: cloud.example.com
+  #   port: 80
+  #   protocol: http

inventories/vagrant/host_vars/backend2/httbin.yml

@@ -0,0 +1,2 @@
+# Httpbin service configuration (overrides for this host)
+httpbin_domain: "httpbin-srv2.local.test"

inventories/vagrant/host_vars/backend2/main.yml

@@ -0,0 +1,3 @@
+---
+# Backend2 server configuration
+# This is a minimal test server for testing multi-backend routing

inventories/vagrant/host_vars/backend2/traefik.yml

@@ -0,0 +1,6 @@
+# Services to be exposed through the DMZ reverse proxy
+traefik_services:
+  - name: httpbin-srv2
+    domain: "{{ httpbin_domain }}"
+    port: 443
+    protocol: https

inventories/vagrant/host_vars/dmz/main.yml

@@ -0,0 +1,4 @@
+---
+# Host-specific variables for dmz
+# Example:
+# custom_var: value

inventories/vagrant/hosts.ini

@@ -0,0 +1,36 @@
+# This file defines the group structure for vagrant VMs
+# Fixed IPs are defined in the Vagrantfile
+# Additional host-specific variables should go in host_vars/
+# Group-specific variables should go in group_vars/
+
+[all_servers]
+dmz ansible_host=192.168.56.10 ansible_ssh_private_key_file=.vagrant/machines/dmz/libvirt/private_key ansible_user=vagrant
+backend ansible_host=192.168.56.11 ansible_ssh_private_key_file=.vagrant/machines/backend/libvirt/private_key ansible_user=vagrant
+backend2 ansible_host=192.168.56.12 ansible_ssh_private_key_file=.vagrant/machines/backend2/libvirt/private_key ansible_user=vagrant
+
+# Backend servers that host application services
+[backend_servers]
+backend
+backend2
+
+# Reverse proxy servers in DMZ (public-facing, file provider mode)
+[traefik_servers_dmz]
+dmz
+
+# Reverse proxy servers on backend (docker provider mode)
+[traefik_servers_backend]
+backend
+backend2
+
+# All reverse proxy servers
+[traefik_servers:children]
+traefik_servers_dmz
+traefik_servers_backend
+
+# Application servers
+[httpbin_servers]
+backend
+backend2
+
+[keycloak_servers]
+backend