75cff49e85
Implement provider-agnostic infrastructure for local testing and production deployment. Terraform configuration: - Local environment: libvirt provider (KVM/QEMU on Debian 13) - Production environment: OVH provider (cloud infrastructure) - Network and VM provisioning - SSH key management - State management (local and S3 backends) Ansible playbooks: - VM provisioning (OS hardening, Docker, Cloudron) - Security configuration (UFW, fail2ban) - Application setup - Monitoring (node exporter) Inventory management: - Local VMs for testing - Production instances - Dynamic inventory support Provider abstraction: - Same Terraform modules work for both providers - Same Ansible playbooks work for all environments - Easy swap between local testing and production 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
111 lines
2.4 KiB
HCL
111 lines
2.4 KiB
HCL
# Production environment Terraform configuration
|
|
# Uses OVH provider for production VPS provisioning
|
|
|
|
terraform {
|
|
required_version = ">= 1.5.0"
|
|
|
|
required_providers {
|
|
ovh = {
|
|
source = "ovh/ovh"
|
|
version = "~> 0.42.0"
|
|
}
|
|
random = {
|
|
source = "hashicorp/random"
|
|
version = "~> 3.5.0"
|
|
}
|
|
}
|
|
|
|
backend "s3" {
|
|
bucket = "ydn-terraform-state"
|
|
key = "production/terraform.tfstate"
|
|
region = "GRA"
|
|
}
|
|
}
|
|
|
|
provider "ovh" {
|
|
endpoint = var.ovh_endpoint
|
|
application_key = var.ovh_application_key
|
|
application_secret = var.ovh_application_secret
|
|
consumer_key = var.ovh_consumer_key
|
|
}
|
|
|
|
# Variables
|
|
variable "ovh_endpoint" {
|
|
default = "ovh-eu"
|
|
}
|
|
|
|
variable "ovh_application_key" {
|
|
type = string
|
|
sensitive = true
|
|
}
|
|
|
|
variable "ovh_application_secret" {
|
|
type = string
|
|
sensitive = true
|
|
}
|
|
|
|
variable "ovh_consumer_key" {
|
|
type = string
|
|
sensitive = true
|
|
}
|
|
|
|
variable "ssh_key_id" {
|
|
type = string
|
|
default = "ydn-deploy-key"
|
|
}
|
|
|
|
variable "instance_count" {
|
|
type = number
|
|
default = 1
|
|
}
|
|
|
|
# SSH Key for VM access
|
|
resource "ovh_cloud_project_ssh_key" "deploy" {
|
|
name = var.ssh_key_id
|
|
public_key = file("~/.ssh/ydn-deploy.pub")
|
|
project_id = var.ovh_project_id
|
|
}
|
|
|
|
# Production VPS instance
|
|
resource "ovh_cloud_project_instance" "vps" {
|
|
count = var.instance_count
|
|
name = "ydn-prod-vps-${count.index}"
|
|
project_id = var.ovh_project_id
|
|
flavor = "vps-standard-2-4-40" # 2 vCPU, 4GB RAM, 40GB SSD
|
|
image = "Debian 12"
|
|
ssh_key_id = ovh_cloud_project_ssh_key.deploy.id
|
|
region = "GRA7" # Gravelines
|
|
|
|
tags = [
|
|
"Environment:production",
|
|
"Application:ydn",
|
|
"ManagedBy:terraform"
|
|
]
|
|
}
|
|
|
|
# Network security
|
|
resource "ovh_cloud_project_network_public" "private" {
|
|
project_id = var.ovh_project_id
|
|
name = "ydn-private-network"
|
|
regions = ["GRA7"]
|
|
}
|
|
|
|
resource "ovh_cloud_project_network_public_subnet" "subnet" {
|
|
project_id = var.ovh_cloud_project_network_public.private.project_id
|
|
network_id = ovh_cloud_project_network_public.private.id
|
|
name = "ydn-subnet"
|
|
region = "GRA7"
|
|
cidr = "192.168.0.0/24"
|
|
}
|
|
|
|
# Outputs
|
|
output "vps_ips" {
|
|
description = "IP addresses of production VPS instances"
|
|
value = ovh_cloud_project_instance.vps[*].ip_address
|
|
}
|
|
|
|
output "vps_names" {
|
|
description = "Names of production VPS instances"
|
|
value = ovh_cloud_project_instance.vps[*].name
|
|
}
|