2026-06-14 12:03:31 +02:00
|
|
|
# offsite/main.tf — off-site Hetzner hosts. Terraform owns VM existence (ADR-006,
|
|
|
|
|
# generalized to Hetzner). ALWAYS `make tf-plan TF_ENV=offsite` and review before
|
|
|
|
|
# `make tf-apply TF_ENV=offsite`.
|
|
|
|
|
|
|
|
|
|
module "askari" {
|
|
|
|
|
source = "../../modules/hetzner_vm"
|
|
|
|
|
|
2026-06-14 17:38:51 +02:00
|
|
|
name = "askari"
|
|
|
|
|
server_type = "cx23" # x86, 2 vCPU / 4 GB / 40 GB (CAX11/ARM was out of stock in
|
2026-06-14 16:23:01 +02:00
|
|
|
# every EU location 2026-06-14; cx23 is same-spec + cheaper)
|
|
|
|
|
location = "hel1" # Helsinki
|
2026-06-14 12:03:31 +02:00
|
|
|
image = "debian-13"
|
|
|
|
|
ansible_ssh_pubkey = var.ansible_ssh_pubkey
|
2026-06-17 20:51:24 +02:00
|
|
|
ssh_admin_cidrs = [] # mesh-only: SSH is reached over wt0; WAN :22 retired (mesh-hardening 1/3)
|
2026-06-14 17:38:51 +02:00
|
|
|
public_web = true # Caddy 80/443 + NetBird 3478 (M4)
|
2026-06-14 12:03:31 +02:00
|
|
|
labels = {
|
|
|
|
|
env = "offsite"
|
|
|
|
|
group = "offsite_hosts"
|
|
|
|
|
managed-by = "terraform"
|
|
|
|
|
}
|
|
|
|
|
}
|