developer/tf-services
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tf-services/main.tf

90 lines
2.7 KiB
Terraform
Raw Permalink Normal View History

feat(tf-services): shared services droplet (3 Forgejo + Verdaccio) module DO droplet (nyc3 s-2vcpu-4gb + swap) running 3 co-located Forgejo (ct/mc/quinn) + Verdaccio via docker-compose. HTTP+token (built-in SSH disabled). Provisioned 165.227.191.38; state local (gitignored). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 18:20:43 -04:00
###############################################################################
# Shared services droplet — 3 Forgejo instances (ct/mc/quinn) + Verdaccio,
# co-located. Public-facing (like the current ct-forge). 4GB + swap (tight but
# fine for low-traffic git + npm). PyPI / SwiftPM / DNS / Caddy are fast-follow.
###############################################################################
resource "digitalocean_droplet" "services" {
name = var.name
image = "ubuntu-24-04-x64"
size = var.droplet_size
region = var.region
ssh_keys = var.ssh_key_fingerprints
tags = ["services", "forge", "quinn-infra"]
user_data = file("${path.module}/cloud-init.yaml")
lifecycle {
# Forgejo/Verdaccio data lives in /opt/services volumes; never let a
feat(tf-services): reverse-DNS name + Caddy/TLS + ROOT_URLs Droplet com.uvlava.quinn.artifacts (ignore_changes name+user_data). cloud-init now provisions Caddy with auto-TLS routing forge/npm/pypi.{ct,mc,quinn}.uvlava.com to the 3 Forgejo, each with its ROOT_URL. Matches live 134.199.243.61. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 23:45:43 -04:00
# user_data tweak silently rebuild and wipe it. `name` is ForceNew in the
# provider — rename live via doctl, never let a label change replace the box.
ignore_changes = [user_data, name]
feat(tf-services): shared services droplet (3 Forgejo + Verdaccio) module DO droplet (nyc3 s-2vcpu-4gb + swap) running 3 co-located Forgejo (ct/mc/quinn) + Verdaccio via docker-compose. HTTP+token (built-in SSH disabled). Provisioned 165.227.191.38; state local (gitignored). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 18:20:43 -04:00
}
}
resource "digitalocean_firewall" "services" {
name = "services-fw"
droplet_ids = [digitalocean_droplet.services.id]
inbound_rule {
protocol = "tcp"
port_range = "22"
source_addresses = ["0.0.0.0/0", "::/0"]
}
# Forgejo HTTP (ct 3000 / mc 3001 / quinn 3002) + git-SSH (2222/2223/2224) + Verdaccio 4873
inbound_rule {
protocol = "tcp"
port_range = "3000-3002"
source_addresses = ["0.0.0.0/0", "::/0"]
}
inbound_rule {
protocol = "tcp"
port_range = "2222-2224"
source_addresses = ["0.0.0.0/0", "::/0"]
}
inbound_rule {
protocol = "tcp"
port_range = "4873"
source_addresses = ["0.0.0.0/0", "::/0"]
}
# 80/443 for future Caddy/TLS
inbound_rule {
protocol = "tcp"
port_range = "80"
source_addresses = ["0.0.0.0/0", "::/0"]
}
inbound_rule {
protocol = "tcp"
port_range = "443"
source_addresses = ["0.0.0.0/0", "::/0"]
}
outbound_rule {
protocol = "tcp"
port_range = "1-65535"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
outbound_rule {
protocol = "udp"
port_range = "1-65535"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
outbound_rule {
protocol = "icmp"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
}
output "services_ip" {
value = digitalocean_droplet.services.ipv4_address
}
output "forge_urls" {
value = {
ct = "http://${digitalocean_droplet.services.ipv4_address}:3000"
mc = "http://${digitalocean_droplet.services.ipv4_address}:3001"
quinn = "http://${digitalocean_droplet.services.ipv4_address}:3002"
npm = "http://${digitalocean_droplet.services.ipv4_address}:4873"
}
}
Reference in a new issue Copy permalink