terraform: IaC-of-record for the cc-ci Hetzner host (salvaged from PR#2)

The cc-ci server already runs on Hetzner (migration done; nix/hosts/cc-ci-hetzner landed directly on main 2026-05-31). PR#2's host config was superseded by newer main commits, but its terraform/ provisioning scaffolding (cpx32 + nixos-infect) was never preserved. Add it here as the infrastructure-of-record so the box is reproducible. .gitignore keeps tfstate + secret tfvars out; HCLOUD_TOKEN is an env var at apply time (no secrets committed). PR#2 closed as superseded. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-11 21:09:02 +00:00
parent b17b6f1232
commit e37a7df496
8 changed files with 269 additions and 0 deletions
--- a/terraform/main.tf
+++ b/terraform/main.tf
@ -0,0 +1,32 @@
+resource "hcloud_ssh_key" "cc_ci" {
+  name       = "cc-ci-deploy"
+  public_key = var.ssh_public_key
+
+  labels = {
+    project = "cc-ci"
+    managed = "terraform"
+  }
+}
+
+resource "hcloud_server" "cc_ci" {
+  name        = var.server_name
+  server_type = var.server_type
+  image       = var.image
+  location    = var.location
+  ssh_keys    = [hcloud_ssh_key.cc_ci.id]
+
+  # Stage 1: cloud-init runs nixos-infect on first boot, converting Ubuntu to NixOS,
+  # then reboots. See user-data.sh for the pinned infect revision.
+  user_data = file("${path.module}/user-data.sh")
+
+  public_net {
+    ipv4_enabled = true
+    ipv6_enabled = false
+  }
+
+  labels = {
+    project = "cc-ci"
+    managed = "terraform"
+    stage   = "infect"
+  }
+}