recipe-maintainers/recipe-maintainer
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
460eba090ba6765b05a929d32d16ca984cf66e5a
recipe-maintainer/terraform/README.md
autonomic-bot f283a371bb recipe-maintainer: public snapshot (secrets + deployment plans removed, single commit) 
Sanitized single-commit public mirror of recipe-maintainer.
- Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders.
- Removed plans/ and planned-updates/ (deployment-planning docs) so no client/
  deployment domains appear in the public repo.
- All other secret stores were already gitignored.
- docs.coopcloud.tech retained as a submodule (public upstream).
2026-06-16 20:18:24 +00:00

94 lines
3.2 KiB
Markdown
Raw Blame History

# Terraform test infrastructure
Provisions a DigitalOcean droplet for running Co-op Cloud recipe tests. The droplet gets Debian 13, Docker, Docker Swarm, a `proxy` overlay network, and UFW/fail2ban — everything needed to deploy recipes with `abra`.
A reserved IP is assigned to the droplet so DNS survives droplet destroy/recreate. DNS is managed externally (not by Terraform). The default domain is `t1cc.commoninternet.net` with wildcard DNS pointing to the reserved IP.
## Prerequisites
- [Terraform](https://developer.hashicorp.com/terraform/install) >= 1.0
- A DigitalOcean API token ([create one here](https://cloud.digitalocean.com/account/api/tokens))
- SSH key pair at `../test-ssh/test-ssh-keys/nptest` (the public key must already be uploaded to DigitalOcean as `nptest.pub`)
## Quick start (setup.sh)
The easiest way to provision is with the `setup.sh` wrapper, which handles reserved IP allocation and tfvars generation automatically:
```bash
# 1. Create .testenv with your DO token
echo 'DO_TOKEN=dop_v1_...' > terraform/.testenv
# 2. Run setup (allocates reserved IP on first run, reuses it after)
./terraform/setup.sh
```
This runs `terraform init` + `terraform apply`, then prints the reserved IP for DNS.
## Quick start (manual)
```bash
cd terraform
# 1. Create your tfvars file
cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars — set do_token and reserved_ip
# 2. Initialize and apply
terraform init
terraform apply
```
After apply, deploy Traefik before deploying recipes — use `abra` for that.
## Connecting
After apply, get the SSH command:
```bash
terraform output ssh_command
```
## What gets provisioned
| Resource | Description |
|---|---|
| `digitalocean_ssh_key` (data) | Looks up the `nptest.pub` key already on DigitalOcean |
| `digitalocean_droplet` | Debian 13, 2 vCPU / 8 GB, AMS3 |
| `digitalocean_reserved_ip_assignment` | Assigns a pre-allocated reserved IP to the droplet |
| `digitalocean_firewall` | Allows all inbound/outbound TCP, UDP, and ICMP |
Cloud-init installs Docker, configures UFW (allow all) and fail2ban, initializes Swarm, and creates the `proxy` overlay network.
## Variables
All variables have defaults except `do_token` and `reserved_ip`. See `terraform.tfvars.example` for the full list.
| Variable | Default | Description |
|---|---|---|
| `do_token` | *(required)* | DigitalOcean API token |
| `reserved_ip` | *(required)* | Pre-allocated reserved IP to assign to the droplet |
| `domain` | `t1cc.commoninternet.net` | Base domain for test instances |
| `droplet_name` | `coopcloud-test` | Droplet name |
| `region` | `ams3` | DO region |
| `size` | `s-2vcpu-8gb-amd` | Droplet size |
| `image` | `debian-13-x64` | OS image |
| `ssh_private_key_path` | `../test-ssh/test-ssh-keys/nptest` | SSH private key for provisioner connection |
## Outputs
| Output | Description |
|---|---|
| `droplet_ip` | Droplet's ephemeral IPv4 (use reserved_ip for DNS) |
| `reserved_ip` | Static reserved IP — point DNS here |
| `domain` | Base domain for test instances |
| `ssh_command` | SSH command to connect to the droplet |
## Tearing down
```bash
cd terraform
terraform destroy
```
This deletes the droplet, reserved IP assignment, and firewall. The reserved IP itself is kept (managed outside Terraform via `setup.sh`).
Reference in New Issue View Git Blame Copy Permalink