# offsite/main.tf — off-site Hetzner hosts. Terraform owns VM existence (ADR-006, # generalized to Hetzner). ALWAYS `make tf-plan TF_ENV=offsite` and review before # `make tf-apply TF_ENV=offsite`. module "askari" { source = "../../modules/hetzner_vm" name = "askari" server_type = "cax11" # ARM, 2 vCPU / 4 GB location = "hel1" # Helsinki image = "debian-13" ansible_ssh_pubkey = var.ansible_ssh_pubkey ssh_admin_cidrs = var.ssh_admin_cidrs labels = { env = "offsite" group = "offsite_hosts" managed-by = "terraform" } }