As of today, the actual IP of the Scaleway VM is actually stored in the repository. It defeats the whole point of using CloudFlare: attackers can directly target the IP of any of our servers.
Those IPs must be kept secret.
[ ] Remove any public IP address from the code base.
[ ] Swap any public IP for a new one.
[ ] Pass any public IP to Ansible using secrets (Ansible Vault?).
As of today, the actual IP of the Scaleway VM is actually stored in the repository. It defeats the whole point of using CloudFlare: attackers can directly target the IP of any of our servers.
Those IPs must be kept secret.