Post-X-Society/Post-Tyranny-Tech-Infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Post-Tyranny-Tech-Infrastru.../tofu/variables.tf
Pieter b6c9fa666d chore: Post-workshop state - January 23rd, 2026 
This commit captures the infrastructure state immediately following
the "Post-Tyranny Tech" workshop on January 23rd, 2026.

Infrastructure Status:
- 13 client servers deployed (white, valk, zwaan, specht, das, uil, vos,
  haas, wolf, ree, mees, mus, mol, kikker)
- Services: Authentik SSO, Nextcloud, Collabora Office, Traefik
- Private network architecture with edge NAT gateway
- OIDC integration between Authentik and Nextcloud
- Automated recovery flows and invitation system
- Container update monitoring with Diun
- Uptime monitoring with Uptime Kuma

Changes include:
- Multiple new client host configurations
- Network architecture improvements (private IPs + NAT)
- DNS management automation
- Container update notifications
- Email configuration via Mailgun
- SSH key generation for all clients
- Encrypted secrets for all deployments
- Health check and diagnostic scripts

Known Issues to Address:
- Nextcloud version pinned to v30 (should use 'latest' or v32)
- Zitadel references in templates (migrated to Authentik but templates not updated)
- Traefik dynamic config has obsolete static routes

🤖 Generated with Claude Code (https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-23 20:36:31 +01:00

43 lines
1.4 KiB
HCL
Raw Permalink Blame History

# Hetzner Cloud API Token
variable "hcloud_token" {
description = "Hetzner Cloud API Token (Read & Write)"
type = string
sensitive = true
}
# Hetzner DNS API Token (can be same as Cloud token)
variable "hetznerdns_token" {
description = "Hetzner DNS API Token"
type = string
sensitive = true
}
# SSH keys are now per-client, stored in keys/ssh/<client>.pub
# No global ssh_public_key variable needed
# Base Domain (optional - only needed if using DNS)
variable "base_domain" {
description = "Base domain for client subdomains (e.g., platform.nl) - leave empty if not using DNS"
type = string
default = ""
}
# Client Configurations
variable "clients" {
description = "Map of client configurations"
type = map(object({
server_type = string # e.g., "cx22" (2 vCPU, 4 GB RAM)
location = string # e.g., "fsn1" (Falkenstein), "nbg1" (Nuremberg), "hel1" (Helsinki)
subdomain = string # e.g., "alpha" for alpha.platform.nl
apps = list(string) # e.g., ["zitadel", "nextcloud"]
nextcloud_volume_size = number # Size in GB for Nextcloud data volume (min 10, max 10000)
}))
default = {}
}
# Enable automated snapshots
variable "enable_snapshots" {
description = "Enable automated daily snapshots (20% of server cost)"
type = bool
default = true
}
Reference in a new issue View git blame Copy permalink