2026-05-18 16:55:51 +02:00
|
|
|
## Stack
|
|
|
|
|
|
2026-07-02 00:21:48 +02:00
|
|
|
- **Language:** Terraform (HCL), cloud-init, Ansible, Bash
|
|
|
|
|
- **Key deps:** Hetzner/HostEurope provisioning, SOPS + age for secrets, repo-local git hooks (`.githooks`)
|
2026-05-18 16:55:51 +02:00
|
|
|
|
|
|
|
|
## Dev Commands
|
|
|
|
|
|
|
|
|
|
```bash
|
2026-07-02 00:21:48 +02:00
|
|
|
make help # list all targets
|
|
|
|
|
make hooks # configure repo-local git hooks (secrets guard)
|
|
|
|
|
make check-secrets # fail if anything in secrets/ is not SOPS-encrypted
|
|
|
|
|
make sops-edit # edit global secrets with SOPS
|
|
|
|
|
make sops-encrypt FILE=secrets/foo.yaml
|
|
|
|
|
make tf-fmt # terraform fmt
|
|
|
|
|
make tf-init && make tf-plan # plan (needs decrypted HCLOUD_TOKEN)
|
|
|
|
|
make tf-apply # provision — production-touching
|
|
|
|
|
make tf-destroy # tear down — destructive, operator only
|
2026-05-18 16:55:51 +02:00
|
|
|
```
|
2026-07-02 00:21:48 +02:00
|
|
|
|
|
|
|
|
`tf-apply`/`tf-destroy` change production infrastructure — operator approval
|
|
|
|
|
required. No unit test suite; validation is `tf-plan` + the server test suite
|
|
|
|
|
workplans.
|