terraform: IaC-of-record for the cc-ci Hetzner host (salvaged from PR#2)
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
The cc-ci server already runs on Hetzner (migration done; nix/hosts/cc-ci-hetzner landed directly on main 2026-05-31). PR#2's host config was superseded by newer main commits, but its terraform/ provisioning scaffolding (cpx32 + nixos-infect) was never preserved. Add it here as the infrastructure-of-record so the box is reproducible. .gitignore keeps tfstate + secret tfvars out; HCLOUD_TOKEN is an env var at apply time (no secrets committed). PR#2 closed as superseded. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
19
terraform/.gitignore
vendored
Normal file
19
terraform/.gitignore
vendored
Normal file
@ -0,0 +1,19 @@
|
||||
# Terraform state — may contain secrets; NEVER commit
|
||||
*.tfstate
|
||||
*.tfstate.*
|
||||
*.tfstate.backup
|
||||
|
||||
# Variable files with secret values — NEVER commit
|
||||
*.auto.tfvars
|
||||
*.auto.tfvars.json
|
||||
terraform.tfvars
|
||||
|
||||
# Terraform working directory (downloaded providers, modules)
|
||||
.terraform/
|
||||
|
||||
# Crash logs
|
||||
crash.log
|
||||
crash.*.log
|
||||
|
||||
# NOTE: .terraform.lock.hcl (provider lock file) IS committed — it pins provider SHAs
|
||||
# for reproducibility, analogous to flake.lock.
|
||||
Reference in New Issue
Block a user