tf-ct-services/main.tf
quinn 67d2c98696 feat(tf-ct-services): com.uvlava.ct.services base host (docker+swap)
Standing CT services droplet for CT + MC MCPs + cocottetech app backends.
Provisioned 138.197.120.105 (nyc3 s-2vcpu-4gb). Base image; app/MCP deploys land later.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-30 01:55:23 -04:00

62 lines
1.8 KiB
HCL

###############################################################################
# com.uvlava.ct.services — standing CT services host: CT + MC MCPs (always-up)
# + cocottetech app backends (prospector / finances / marketing / onlyfans /
# cocottetech). Each app self-declares onto this host via its own .infra.yaml.
# Base image only here (docker + swap); app/MCP deploys land later.
###############################################################################
resource "digitalocean_droplet" "ct_services" {
name = var.name
image = "ubuntu-24-04-x64"
size = var.droplet_size
region = var.region
ssh_keys = var.ssh_key_fingerprints
tags = ["ct", "services", "mcp"]
user_data = file("${path.module}/cloud-init.yaml")
lifecycle {
# App/MCP data + state live in /opt volumes; `name` is ForceNew (rename via doctl).
ignore_changes = [user_data, name]
}
}
resource "digitalocean_firewall" "ct_services" {
name = "ct-services-fw"
droplet_ids = [digitalocean_droplet.ct_services.id]
inbound_rule {
protocol = "tcp"
port_range = "22"
source_addresses = ["0.0.0.0/0", "::/0"]
}
inbound_rule {
protocol = "tcp"
port_range = "80"
source_addresses = ["0.0.0.0/0", "::/0"]
}
inbound_rule {
protocol = "tcp"
port_range = "443"
source_addresses = ["0.0.0.0/0", "::/0"]
}
outbound_rule {
protocol = "tcp"
port_range = "1-65535"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
outbound_rule {
protocol = "udp"
port_range = "1-65535"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
outbound_rule {
protocol = "icmp"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
}
output "ct_services_ip" {
value = digitalocean_droplet.ct_services.ipv4_address
}