# Terraform test infrastructure Provisions a DigitalOcean droplet for running Co-op Cloud recipe tests. The droplet gets Debian 13, Docker, Docker Swarm, a `proxy` overlay network, and UFW/fail2ban — everything needed to deploy recipes with `abra`. A reserved IP is assigned to the droplet so DNS survives droplet destroy/recreate. DNS is managed externally (not by Terraform). The default domain is `t1cc.commoninternet.net` with wildcard DNS pointing to the reserved IP. ## Prerequisites - [Terraform](https://developer.hashicorp.com/terraform/install) >= 1.0 - A DigitalOcean API token ([create one here](https://cloud.digitalocean.com/account/api/tokens)) - SSH key pair at `../test-ssh/test-ssh-keys/nptest` (the public key must already be uploaded to DigitalOcean as `nptest.pub`) ## Quick start (setup.sh) The easiest way to provision is with the `setup.sh` wrapper, which handles reserved IP allocation and tfvars generation automatically: ```bash # 1. Create .testenv with your DO token echo 'DO_TOKEN=dop_v1_...' > terraform/.testenv # 2. Run setup (allocates reserved IP on first run, reuses it after) ./terraform/setup.sh ``` This runs `terraform init` + `terraform apply`, then prints the reserved IP for DNS. ## Quick start (manual) ```bash cd terraform # 1. Create your tfvars file cp terraform.tfvars.example terraform.tfvars # Edit terraform.tfvars — set do_token and reserved_ip # 2. Initialize and apply terraform init terraform apply ``` After apply, deploy Traefik before deploying recipes — use `abra` for that. ## Connecting After apply, get the SSH command: ```bash terraform output ssh_command ``` ## What gets provisioned | Resource | Description | |---|---| | `digitalocean_ssh_key` (data) | Looks up the `nptest.pub` key already on DigitalOcean | | `digitalocean_droplet` | Debian 13, 2 vCPU / 8 GB, AMS3 | | `digitalocean_reserved_ip_assignment` | Assigns a pre-allocated reserved IP to the droplet | | `digitalocean_firewall` | Allows all inbound/outbound TCP, UDP, and ICMP | Cloud-init installs Docker, configures UFW (allow all) and fail2ban, initializes Swarm, and creates the `proxy` overlay network. ## Variables All variables have defaults except `do_token` and `reserved_ip`. See `terraform.tfvars.example` for the full list. | Variable | Default | Description | |---|---|---| | `do_token` | *(required)* | DigitalOcean API token | | `reserved_ip` | *(required)* | Pre-allocated reserved IP to assign to the droplet | | `domain` | `t1cc.commoninternet.net` | Base domain for test instances | | `droplet_name` | `coopcloud-test` | Droplet name | | `region` | `ams3` | DO region | | `size` | `s-2vcpu-8gb-amd` | Droplet size | | `image` | `debian-13-x64` | OS image | | `ssh_private_key_path` | `../test-ssh/test-ssh-keys/nptest` | SSH private key for provisioner connection | ## Outputs | Output | Description | |---|---| | `droplet_ip` | Droplet's ephemeral IPv4 (use reserved_ip for DNS) | | `reserved_ip` | Static reserved IP — point DNS here | | `domain` | Base domain for test instances | | `ssh_command` | SSH command to connect to the droplet | ## Tearing down ```bash cd terraform terraform destroy ``` This deletes the droplet, reserved IP assignment, and firewall. The reserved IP itself is kept (managed outside Terraform via `setup.sh`).