From 80c1d6f6244d7eefba54a1f8df6bc01ffb9ef649 Mon Sep 17 00:00:00 2001
From: Claude AI <claude@78.109.17.180>
Date: Mon, 9 Feb 2026 05:39:52 +0100
Subject: [PATCH] Initial infrastructure repo structure

- environments/production/main.tf: S3 backend (MinIO), Proxmox provider (commented, ready for bare-metal)
- environments/production/variables.tf: Variable stubs for Proxmox
- atlantis.yaml: Repo-level config (autoplan on .tf changes, require approval)
- .gitignore: Terraform/OpenTofu patterns
- modules/: Empty, ready for reusable modules

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .gitignore                           | 17 ++++++++++++++
 atlantis.yaml                        | 14 ++++++++++++
 environments/production/main.tf      | 33 ++++++++++++++++++++++++++++
 environments/production/variables.tf | 13 +++++++++++
 4 files changed, 77 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 atlantis.yaml
 create mode 100644 environments/production/main.tf
 create mode 100644 environments/production/variables.tf

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..feea01e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,17 @@
+# OpenTofu / Terraform
+.terraform/
+*.tfstate
+*.tfstate.*
+*.tfplan
+.terraform.lock.hcl
+crash.log
+crash.*.log
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+*.auto.tfvars
+
+# Secrets (never commit unencrypted)
+*.dec
+*.cleartext
diff --git a/atlantis.yaml b/atlantis.yaml
new file mode 100644
index 0000000..f788c06
--- /dev/null
+++ b/atlantis.yaml
@@ -0,0 +1,14 @@
+# Atlantis repo-level config
+# Defines how Atlantis should plan/apply for this repository
+version: 3
+projects:
+  - name: production
+    dir: environments/production
+    workspace: default
+    autoplan:
+      when_modified:
+        - "**/*.tf"
+        - "**/*.tfvars"
+      enabled: true
+    apply_requirements:
+      - approved
diff --git a/environments/production/main.tf b/environments/production/main.tf
new file mode 100644
index 0000000..2c10e63
--- /dev/null
+++ b/environments/production/main.tf
@@ -0,0 +1,33 @@
+# Production environment — managed by Claude AI via Atlantis
+# Changes to this file go through PR → plan → approve → apply
+
+terraform {
+  required_version = ">= 1.6.0"
+
+  backend "s3" {
+    bucket     = "tofu-state"
+    key        = "production/terraform.tfstate"
+    endpoints  = { s3 = "http://minio:9000" }
+    region     = "us-east-1"
+
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_requesting_account_id  = true
+    use_path_style              = true
+  }
+
+  # Proxmox provider will be added when bare-metal is connected
+  # required_providers {
+  #   proxmox = {
+  #     source  = "bpg/proxmox"
+  #     version = "~> 0.66"
+  #   }
+  # }
+}
+
+# Proxmox provider configuration (uncomment when ready)
+# provider "proxmox" {
+#   endpoint = var.proxmox_endpoint
+#   api_token = var.proxmox_api_token
+#   insecure = true
+# }
diff --git a/environments/production/variables.tf b/environments/production/variables.tf
new file mode 100644
index 0000000..87f214f
--- /dev/null
+++ b/environments/production/variables.tf
@@ -0,0 +1,13 @@
+# Variables for production environment
+# Secrets are injected via SOPS or environment variables in Atlantis
+
+# variable "proxmox_endpoint" {
+#   description = "Proxmox API endpoint URL"
+#   type        = string
+# }
+
+# variable "proxmox_api_token" {
+#   description = "Proxmox API token (user@realm!token=secret)"
+#   type        = string
+#   sensitive   = true
+# }