autonomic-bot
f283a371bb
Sanitized single-commit public mirror of recipe-maintainer. - Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders. - Removed plans/ and planned-updates/ (deployment-planning docs) so no client/ deployment domains appear in the public repo. - All other secret stores were already gitignored. - docs.coopcloud.tech retained as a submodule (public upstream).
Terraform test infrastructure
Provisions a DigitalOcean droplet for running Co-op Cloud recipe tests. The droplet gets Debian 13, Docker, Docker Swarm, a proxy overlay network, and UFW/fail2ban — everything needed to deploy recipes with abra.
A reserved IP is assigned to the droplet so DNS survives droplet destroy/recreate. DNS is managed externally (not by Terraform). The default domain is t1cc.commoninternet.net with wildcard DNS pointing to the reserved IP.
Prerequisites
- Terraform >= 1.0
- A DigitalOcean API token (create one here)
- SSH key pair at
../test-ssh/test-ssh-keys/nptest(the public key must already be uploaded to DigitalOcean asnptest.pub)
Quick start (setup.sh)
The easiest way to provision is with the setup.sh wrapper, which handles reserved IP allocation and tfvars generation automatically:
# 1. Create .testenv with your DO token
echo 'DO_TOKEN=dop_v1_...' > terraform/.testenv
# 2. Run setup (allocates reserved IP on first run, reuses it after)
./terraform/setup.sh
This runs terraform init + terraform apply, then prints the reserved IP for DNS.
Quick start (manual)
cd terraform
# 1. Create your tfvars file
cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars — set do_token and reserved_ip
# 2. Initialize and apply
terraform init
terraform apply
After apply, deploy Traefik before deploying recipes — use abra for that.
Connecting
After apply, get the SSH command:
terraform output ssh_command
What gets provisioned
| Resource | Description |
|---|---|
digitalocean_ssh_key (data) |
Looks up the nptest.pub key already on DigitalOcean |
digitalocean_droplet |
Debian 13, 2 vCPU / 8 GB, AMS3 |
digitalocean_reserved_ip_assignment |
Assigns a pre-allocated reserved IP to the droplet |
digitalocean_firewall |
Allows all inbound/outbound TCP, UDP, and ICMP |
Cloud-init installs Docker, configures UFW (allow all) and fail2ban, initializes Swarm, and creates the proxy overlay network.
Variables
All variables have defaults except do_token and reserved_ip. See terraform.tfvars.example for the full list.
| Variable | Default | Description |
|---|---|---|
do_token |
(required) | DigitalOcean API token |
reserved_ip |
(required) | Pre-allocated reserved IP to assign to the droplet |
domain |
t1cc.commoninternet.net |
Base domain for test instances |
droplet_name |
coopcloud-test |
Droplet name |
region |
ams3 |
DO region |
size |
s-2vcpu-8gb-amd |
Droplet size |
image |
debian-13-x64 |
OS image |
ssh_private_key_path |
../test-ssh/test-ssh-keys/nptest |
SSH private key for provisioner connection |
Outputs
| Output | Description |
|---|---|
droplet_ip |
Droplet's ephemeral IPv4 (use reserved_ip for DNS) |
reserved_ip |
Static reserved IP — point DNS here |
domain |
Base domain for test instances |
ssh_command |
SSH command to connect to the droplet |
Tearing down
cd terraform
terraform destroy
This deletes the droplet, reserved IP assignment, and firewall. The reserved IP itself is kept (managed outside Terraform via setup.sh).