Logan
33700448bf
Provisions e2-micro VM (us-east1-b, free tier) with static IP, SSH and web firewall rules, Docker + Caddy startup script, and IAM bindings for Firestore and GCS access via ADC. Imports existing drb-calls bucket and c2-server Firestore database into state. Ansible roles handle first-time setup (swap, docker group) and all subsequent deploys via rsync + docker compose, with secrets managed via Ansible Vault. DNS stays on AWS Route 53.
25 lines
1.0 KiB
Plaintext
25 lines
1.0 KiB
Plaintext
# Copy to terraform.tfvars and fill in values.
|
|
# terraform.tfvars is gitignored — never commit it.
|
|
|
|
project_id = "your-gcp-project-id" # gcloud config get-value project
|
|
region = "us-central1"
|
|
zone = "us-central1-a"
|
|
|
|
domain = "drb.cusano.net" # DNS is on AWS Route 53 — add A records manually after apply
|
|
|
|
machine_type = "e2-standard-2" # 2 vCPU / 8 GB — adjust if needed
|
|
|
|
ssh_user = "drb"
|
|
ssh_public_key = "ssh-ed25519 AAAA... user@host" # cat ~/.ssh/id_ed25519.pub
|
|
|
|
# Your IP + any CI runner IPs that need SSH access
|
|
allowed_ssh_cidrs = ["YOUR_IP/32"]
|
|
|
|
# Existing GCS bucket for audio recordings (bucket must already exist — imported into state)
|
|
audio_bucket_name = "your-audio-bucket-name"
|
|
audio_bucket_location = "US-CENTRAL1" # must match existing bucket location exactly — check GCP console
|
|
|
|
# Existing Firestore database ID and location (imported into state)
|
|
firestore_database = "c2-server"
|
|
firestore_location = "nam5" # nam5 = us-central, eur3 = europe, us-east1 = us-east
|