sjat
64f1e821d8
11 safe auto-fixes (docs/comments only): reverse_proxy meta stale DNS-01 description, base/playbooks/scripts/terraform/public_dns README build-state, CAPABILITIES reverse-proxy Traefik→Caddy, README ADR list → 024, TF cax11→cx23 stamps, public_dns wildcard DNS-01→HTTP-01 comment. 29 open findings reported. make lint green. No stale-deferred (ADR-011 open questions still open). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
17 lines
922 B
Markdown
17 lines
922 B
Markdown
# terraform/
|
|
|
|
Infrastructure provisioning. Terraform owns **VM existence only** — creating and
|
|
destroying Proxmox VMs. It writes no DNS records and configures nothing inside a
|
|
VM; Ansible owns all of that.
|
|
|
|
- `modules/proxmox_vm/` — reusable VM module (Proxmox only).
|
|
- `modules/hetzner_vm/` — reusable VM module (Hetzner Cloud: server + firewall +
|
|
SSH key + cloud-init).
|
|
- `environments/{staging,production}/` — separate state per environment (Proxmox).
|
|
Add a VM by editing `local.vms` in that env's `main.tf`, then `make tf-plan` →
|
|
`tf-apply` → `tf-inventory`. Not yet `terraform init`ed.
|
|
- `environments/offsite/` — the off-site Hetzner host (`askari`); the one
|
|
**applied** environment. Use `make tf-* TF_ENV=offsite` and `tf-inventory-offsite`.
|
|
|
|
Rationale: **ADR-006**. Handoff to Ansible: **ADR-009**. Secrets via `TF_VAR_*`
|
|
only — never in `.tfvars`. See `STATUS.md` for what is provisioned.
|