# offsite/main.tf — off-site Hetzner hosts. Terraform owns VM existence (ADR-006, # generalized to Hetzner). ALWAYS `make tf-plan TF_ENV=offsite` and review before # `make tf-apply TF_ENV=offsite`. module "askari" { source = "../../modules/hetzner_vm" name = "askari" server_type = "cx23" # x86, 2 vCPU / 4 GB / 40 GB (CAX11/ARM was out of stock in # every EU location 2026-06-14; cx23 is same-spec + cheaper) location = "hel1" # Helsinki image = "debian-13" ansible_ssh_pubkey = var.ansible_ssh_pubkey ssh_admin_cidrs = var.ssh_admin_cidrs labels = { env = "offsite" group = "offsite_hosts" managed-by = "terraform" } }