Add infra setup: Terraform for DO droplet + Cloudflare DNS, Ansible roles for Gitea, Vaultwarden, and Gitea runner

infra/ansible/roles/vaultwarden/defaults/main.yml

@@ -0,0 +1,18 @@
+---
+vaultwarden_domain: "vault.example.com"
+vaultwarden_port: 8080
+vaultwarden_data_dir: /var/lib/vaultwarden
+
+# Set to your postgres connection string or leave as default for SQLite
+vaultwarden_database_url: ""  # e.g. postgresql://user:pass@host/vaultwarden
+
+# Restrict signups after first admin account is created
+vaultwarden_signups_allowed: "true"
+
+# Admin token — set this to a strong random string
+# Generate with: openssl rand -base64 48
+vaultwarden_admin_token: ""
+
+# Cloudflare Origin Certificate
+cf_origin_cert: ""
+cf_origin_key: ""