sjat
09b0aad342
Review catches: (1) <<-EOT strips by the closing marker's indent, so the cloud-config body must match it (2 spaces) for '#cloud-config' to land at column 0; (2) the Hetzner Cloud Firewall filters public traffic, so ssh_admin_cidrs is ubongo's WAN/egress IP, not its LAN address — a private CIDR would lock SSH out of the live VPS. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| environments | ||
| modules | ||
| README.md | ||
terraform/
Infrastructure provisioning. Terraform owns VM existence only — creating and destroying Proxmox VMs. It writes no DNS records and configures nothing inside a VM; Ansible owns all of that.
modules/proxmox_vm/— reusable VM module (Proxmox only).environments/{staging,production}/— separate state per environment. Add a VM by editinglocal.vmsin that env'smain.tf, thenmake tf-plan→tf-apply→tf-inventory.
Rationale: ADR-006. Handoff to Ansible: ADR-009. Secrets via TF_VAR_*
only — never in .tfvars. Not yet terraform inited — see STATUS.md.