psc/vcard4reseller
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
183b7c10b0
vcard4reseller/deploy/terraform/variables.tf
Thomas Peterson c49ff37746 Deploy: Terraform-Code-Rollout auf App-Nodes (ohne Recreate) 
terraform_data.app_deploy führt per remote-exec auf jedem App-Node ein Update
aus (git reset auf origin + deploy/update.sh: SPA bauen, composer, migrate(app-1),
cache:clear), getriggert über var.deploy_version (z. B. Git-SHA). Server werden
NICHT ersetzt: hcloud_server.app ignoriert user_data-Änderungen (cloud-init nur
Erstboot). Gemeinsames deploy/update.sh (cloud-init ruft es ebenfalls auf).
Fix: ${PRIV:-} in der .tftpl als $${PRIV:-} escaped (templatefile-Kollision).

Workflow: tofu apply -var deploy_version=$(git rev-parse --short HEAD)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-04 19:47:59 +02:00

170 lines
3.6 KiB
HCL
Raw Blame History

variable "hcloud_token" {
description = "Hetzner Cloud API Token (Projekt → Security → API Tokens, Read&Write)"
type = string
sensitive = true
}
variable "location" {
description = "Hetzner Standort"
type = string
default = "nbg1"
}
variable "network_zone" {
description = "Netzwerk-Zone passend zum Standort (eu-central für nbg1/fsn1/hel1)"
type = string
default = "eu-central"
}
variable "ssh_public_key" {
description = "Öffentlicher SSH-Schlüssel für Server-Zugang"
type = string
}
variable "admin_cidr" {
description = "CIDR, das per SSH auf die Server darf (z. B. deine IP/32)"
type = string
}
variable "app_count" {
description = "Anzahl App-Nodes (für den Skalierungstest >= 2)"
type = number
default = 2
}
variable "app_server_type" {
description = "Servertyp App-Nodes"
type = string
default = "cx23"
}
variable "db_server_type" {
description = "Servertyp DB-Node"
type = string
default = "cx23"
}
# --- Anwendung / Deploy ---
variable "repo_url" {
description = "Git-URL des Repos (per cloud-init geklont; bei privat: Deploy-Token in der URL)"
type = string
}
variable "repo_branch" {
description = "Zu deployender Branch"
type = string
default = "main"
}
variable "domain" {
description = "Öffentliche Portal-Domain (CORS, Profil-URLs, TLS)"
type = string
}
variable "acme_email" {
description = "E-Mail für Let's Encrypt (Caddy ACME)"
type = string
}
# --- DNS (optional, Hetzner DNS API) ---
variable "manage_dns" {
description = "true = A-Records (Portal + Wildcard) per Hetzner DNS anlegen"
type = bool
default = false
}
variable "hetzner_dns_token" {
description = "Hetzner DNS API Token (separat vom Cloud-Token; nur bei manage_dns)"
type = string
default = ""
sensitive = true
}
variable "dns_zone_name" {
description = "DNS-Zone bei Hetzner DNS (z. B. example.com), nur bei manage_dns"
type = string
default = ""
}
variable "app_secret" {
description = "Symfony APP_SECRET"
type = string
sensitive = true
}
variable "db_name" {
type = string
default = "vcard4reseller"
}
variable "db_user" {
type = string
default = "app"
}
variable "db_password" {
type = string
sensitive = true
}
variable "db_root_password" {
type = string
sensitive = true
}
variable "jwt_passphrase" {
description = "Passphrase der JWT-Schlüssel (identisch zu den erzeugten Keys)"
type = string
sensitive = true
}
variable "jwt_private_key" {
description = "Inhalt von config/jwt/private.pem (auf ALLEN Nodes identisch)"
type = string
sensitive = true
}
variable "jwt_public_key" {
description = "Inhalt von config/jwt/public.pem"
type = string
sensitive = true
}
# --- Hetzner Object Storage (S3) ---
variable "s3_endpoint" {
description = "z. B. https://nbg1.your-objectstorage.com"
type = string
}
variable "s3_region" {
type = string
default = "nbg1"
}
variable "s3_bucket" {
type = string
}
variable "s3_key" {
type = string
sensitive = true
}
variable "s3_secret" {
type = string
sensitive = true
}
# --- Code-Rollout ---
variable "deploy_version" {
description = "Code-Version (z. B. Git-SHA). Ändern → 'tofu apply' rollt den Code auf alle App-Nodes aus."
type = string
default = "init"
}
variable "ssh_private_key_path" {
description = "Privater SSH-Key für den Code-Rollout (Gegenstück zu ssh_public_key)."
type = string
default = "~/.ssh/vcard4_deploy"
}
Reference in New Issue View Git Blame Copy Permalink