sjat/boma

sjat 64f1e821d8 docs(review): 2026-06-14 repo audit — M4a doc drift + Traefik→Caddy lag

11 safe auto-fixes (docs/comments only): reverse_proxy meta stale DNS-01
description, base/playbooks/scripts/terraform/public_dns README build-state,
CAPABILITIES reverse-proxy Traefik→Caddy, README ADR list → 024, TF cax11→cx23
stamps, public_dns wildcard DNS-01→HTTP-01 comment. 29 open findings reported.
make lint green. No stale-deferred (ADR-011 open questions still open).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-14 18:37:54 +02:00

922 B

Raw Permalink Blame History

terraform/

Infrastructure provisioning. Terraform owns VM existence only — creating and destroying Proxmox VMs. It writes no DNS records and configures nothing inside a VM; Ansible owns all of that.

modules/proxmox_vm/ — reusable VM module (Proxmox only).
modules/hetzner_vm/ — reusable VM module (Hetzner Cloud: server + firewall + SSH key + cloud-init).
environments/{staging,production}/ — separate state per environment (Proxmox). Add a VM by editing local.vms in that env's main.tf, then make tf-plan → tf-apply → tf-inventory. Not yet terraform inited.
environments/offsite/ — the off-site Hetzner host (askari); the one applied environment. Use make tf-* TF_ENV=offsite and tf-inventory-offsite.

Rationale: ADR-006. Handoff to Ansible: ADR-009. Secrets via TF_VAR_* only — never in .tfvars. See STATUS.md for what is provisioned.

922 B Raw Permalink Blame History

terraform/

922 B

Raw Permalink Blame History