feat: implement comprehensive variable management system

- Create standardized group_vars directory structure
- Add domains.yml with centralized subdomain mappings
- Add infrastructure.yml with network, SMTP, and path config
- Reorganize vault.yml secrets by service with consistent naming
- Update 15+ Docker compose templates to use new variable structure
- Simplify playbook commands by removing --extra-vars requirement
- Replace hardcoded domains/IPs with template variables
- Standardize secret references across all services

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

roles/docker/templates/mmdl-compose.yml.j2

@@ -9,12 +9,12 @@ services:
       - .env.local
     extra_hosts:
       - "host.docker.internal:host-gateway"
-      - "auth.thesatelliteoflove.com:172.20.0.5"
-      - "cal.thesatelliteoflove.com:172.20.0.5"
+      - "{{ subdomains.auth }}:{{ docker.hairpin_ip }}"
+      - "{{ subdomains.cal }}:{{ docker.hairpin_ip }}"
     labels:
       glance.name: MMDL
       glance.icon: si:task
-      glance.url: https://tasks.thesatelliteoflove.com/
+      glance.url: https://{{ subdomains.tasks }}/
       glance.description: Task and calendar management
       glance.id: mmdl
 
@@ -26,8 +26,8 @@ services:
     environment:
       MYSQL_DATABASE: mmdl
       MYSQL_USER: mmdl
-      MYSQL_PASSWORD: "{{ vault_mmdl_mysql_password }}"
-      MYSQL_ROOT_PASSWORD: "{{ vault_mmdl_mysql_root_password }}"
+      MYSQL_PASSWORD: "{{ vault_mmdl.mysql_password }}"
+      MYSQL_ROOT_PASSWORD: "{{ vault_mmdl.mysql_root_password }}"
       MYSQL_ALLOW_EMPTY_PASSWORD: "yes"
       MYSQL_ROOT_HOST: "%"
     volumes:
@@ -43,4 +43,4 @@ volumes:
 networks:
   default:
     external: true
-    name: lava
+    name: {{ docker.network_name }}