boma/terraform/environments/offsite/terraform.tfvars.example

14 lines
737 B
Text
Raw Normal View History

# offsite environment — non-secret values. Copy to terraform.tfvars and fill in.
#
# Secret is exported as an env var (never in this file); the make tf-* targets do this
# automatically for TF_ENV=offsite, sourcing vault.hetzner.token:
# export TF_VAR_hcloud_token="...from vault.hetzner.token..."
#
# State is local (see backend.tf).
ansible_ssh_pubkey = "ssh-ed25519 AAAA... ansible@ubongo"
# The Hetzner Cloud Firewall filters PUBLIC traffic, so this is ubongo's WAN/egress
# IP (the perimeter analog of OPNsense, ADR-020) — NOT its LAN address. Find it with
# `curl -s ifconfig.me` from ubongo. Narrows to the NetBird `wt0` path once M5 lands.
ssh_admin_cidrs = ["203.0.113.10/32"] # placeholder — ubongo's WAN/egress IP