tofu setup

2026-04-27 21:00:07 +02:00
parent 7132f5000e
commit d3690d0597
63 changed files with 4809 additions and 9 deletions
--- a/.tofu/platforms/upc/prod/main.tf
+++ b/.tofu/platforms/upc/prod/main.tf
@@ -0,0 +1,24 @@
+module "cluster" {
+  source = "../modules/cluster"
+
+  prefix       = "devhub"
+  zone         = "de-fra1"
+  node_plan    = "4xCPU-8GB"
+  node_count   = 3
+  network_cidr = "10.100.0.0/24"
+
+  # Data services — production-grade plans
+  pg_plan         = "2x2xCPU-4GB-100GB"
+  pg_version      = "16"
+  valkey_plan     = "1x1xCPU-2GB"
+  objstore_region = "europe-1"
+
+  termination_protection = true
+
+  control_plane_ip_filter = ["0.0.0.0/0"] # TODO: restrict to known CIDRs
+
+  tags = {
+    Environment = "prod"
+    ManagedBy   = "tofu"
+  }
+}
--- a/.tofu/platforms/upc/prod/outputs.tf
+++ b/.tofu/platforms/upc/prod/outputs.tf
@@ -0,0 +1,67 @@
+# ─── Cluster ─────────────────────────────────────────────────────────
+
+output "cluster_id" {
+  value = module.cluster.cluster_id
+}
+
+output "cluster_name" {
+  value = module.cluster.cluster_name
+}
+
+output "zone" {
+  value = module.cluster.zone
+}
+
+# ─── PostgreSQL ──────────────────────────────────────────────────────
+
+output "pg_host" {
+  value = module.cluster.pg_host
+}
+
+output "pg_port" {
+  value = module.cluster.pg_port
+}
+
+output "pg_keycloak_password" {
+  value     = module.cluster.pg_keycloak_password
+  sensitive = true
+}
+
+output "pg_gitlab_password" {
+  value     = module.cluster.pg_gitlab_password
+  sensitive = true
+}
+
+# ─── Valkey ──────────────────────────────────────────────────────────
+
+output "valkey_host" {
+  value = module.cluster.valkey_host
+}
+
+output "valkey_port" {
+  value = module.cluster.valkey_port
+}
+
+output "valkey_password" {
+  value     = module.cluster.valkey_password
+  sensitive = true
+}
+
+# ─── Object Storage ─────────────────────────────────────────────────
+
+output "s3_endpoint" {
+  value = module.cluster.s3_endpoint
+}
+
+output "s3_region" {
+  value = module.cluster.s3_region
+}
+
+output "s3_access_key" {
+  value = module.cluster.s3_access_key
+}
+
+output "s3_secret_key" {
+  value     = module.cluster.s3_secret_key
+  sensitive = true
+}
--- a/.tofu/platforms/upc/prod/providers.tf
+++ b/.tofu/platforms/upc/prod/providers.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    upcloud = {
+      source  = "UpCloudLtd/upcloud"
+      version = "~> 5.0"
+    }
+  }
+}
+
+provider "upcloud" {
+  # Set via environment variables: UPCLOUD_USERNAME, UPCLOUD_PASSWORD
+}