Initial infrastructure repo structure

- environments/production/main.tf: S3 backend (MinIO), Proxmox provider (commented, ready for bare-metal)
- environments/production/variables.tf: Variable stubs for Proxmox
- atlantis.yaml: Repo-level config (autoplan on .tf changes, require approval)
- .gitignore: Terraform/OpenTofu patterns
- modules/: Empty, ready for reusable modules

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.gitignore

@@ -0,0 +1,17 @@
+# OpenTofu / Terraform
+.terraform/
+*.tfstate
+*.tfstate.*
+*.tfplan
+.terraform.lock.hcl
+crash.log
+crash.*.log
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+*.auto.tfvars
+
+# Secrets (never commit unencrypted)
+*.dec
+*.cleartext

atlantis.yaml

@@ -0,0 +1,14 @@
+# Atlantis repo-level config
+# Defines how Atlantis should plan/apply for this repository
+version: 3
+projects:
+  - name: production
+    dir: environments/production
+    workspace: default
+    autoplan:
+      when_modified:
+        - "**/*.tf"
+        - "**/*.tfvars"
+      enabled: true
+    apply_requirements:
+      - approved

environments/production/main.tf

@@ -0,0 +1,33 @@
+# Production environment — managed by Claude AI via Atlantis
+# Changes to this file go through PR → plan → approve → apply
+
+terraform {
+  required_version = ">= 1.6.0"
+
+  backend "s3" {
+    bucket     = "tofu-state"
+    key        = "production/terraform.tfstate"
+    endpoints  = { s3 = "http://minio:9000" }
+    region     = "us-east-1"
+
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_requesting_account_id  = true
+    use_path_style              = true
+  }
+
+  # Proxmox provider will be added when bare-metal is connected
+  # required_providers {
+  #   proxmox = {
+  #     source  = "bpg/proxmox"
+  #     version = "~> 0.66"
+  #   }
+  # }
+}
+
+# Proxmox provider configuration (uncomment when ready)
+# provider "proxmox" {
+#   endpoint = var.proxmox_endpoint
+#   api_token = var.proxmox_api_token
+#   insecure = true
+# }

environments/production/variables.tf

@@ -0,0 +1,13 @@
+# Variables for production environment
+# Secrets are injected via SOPS or environment variables in Atlantis
+
+# variable "proxmox_endpoint" {
+#   description = "Proxmox API endpoint URL"
+#   type        = string
+# }
+
+# variable "proxmox_api_token" {
+#   description = "Proxmox API token (user@realm!token=secret)"
+#   type        = string
+#   sensitive   = true
+# }