Initial infrastructure repo structure

- environments/production/main.tf: S3 backend (MinIO), Proxmox provider (commented, ready for bare-metal) - environments/production/variables.tf: Variable stubs for Proxmox - atlantis.yaml: Repo-level config (autoplan on .tf changes, require approval) - .gitignore: Terraform/OpenTofu patterns - modules/: Empty, ready for reusable modules Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-09 05:39:52 +01:00 · 2026-02-09 05:39:52 +01:00 · 80c1d6f624
commit 80c1d6f624
parent 78e026a226
4 changed files with 77 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,17 @@
+# OpenTofu / Terraform
+.terraform/
+*.tfstate
+*.tfstate.*
+*.tfplan
+.terraform.lock.hcl
+crash.log
+crash.*.log
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+*.auto.tfvars
+
+# Secrets (never commit unencrypted)
+*.dec
+*.cleartext
--- a/atlantis.yaml
+++ b/atlantis.yaml
@ -0,0 +1,14 @@
+# Atlantis repo-level config
+# Defines how Atlantis should plan/apply for this repository
+version: 3
+projects:
+  - name: production
+    dir: environments/production
+    workspace: default
+    autoplan:
+      when_modified:
+        - "**/*.tf"
+        - "**/*.tfvars"
+      enabled: true
+    apply_requirements:
+      - approved
--- a/environments/production/main.tf
+++ b/environments/production/main.tf
@ -0,0 +1,33 @@
+# Production environment — managed by Claude AI via Atlantis
+# Changes to this file go through PR → plan → approve → apply
+
+terraform {
+  required_version = ">= 1.6.0"
+
+  backend "s3" {
+    bucket     = "tofu-state"
+    key        = "production/terraform.tfstate"
+    endpoints  = { s3 = "http://minio:9000" }
+    region     = "us-east-1"
+
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_requesting_account_id  = true
+    use_path_style              = true
+  }
+
+  # Proxmox provider will be added when bare-metal is connected
+  # required_providers {
+  #   proxmox = {
+  #     source  = "bpg/proxmox"
+  #     version = "~> 0.66"
+  #   }
+  # }
+}
+
+# Proxmox provider configuration (uncomment when ready)
+# provider "proxmox" {
+#   endpoint = var.proxmox_endpoint
+#   api_token = var.proxmox_api_token
+#   insecure = true
+# }
--- a/environments/production/variables.tf
+++ b/environments/production/variables.tf
@ -0,0 +1,13 @@
+# Variables for production environment
+# Secrets are injected via SOPS or environment variables in Atlantis
+
+# variable "proxmox_endpoint" {
+#   description = "Proxmox API endpoint URL"
+#   type        = string
+# }
+
+# variable "proxmox_api_token" {
+#   description = "Proxmox API token (user@realm!token=secret)"
+#   type        = string
+#   sensitive   = true
+# }