tf-ct-prod/cloud-init.yaml
quinn 30470d47e8 feat(tf-ct-prod): com.uvlava.ct.prod DMZ droplet (droplet+reserved-ip+fw)
Standalone module (uvlava state is tangled). Public edge host: reserved IP
134.199.244.34, firewall 22/80/443, cloud-init swap+caddy+node20. Hosts prospector
behind Caddy (apps.ct.uvlava.com / apps.ftw.pw -> 127.0.0.1:3210, 403 /internal/*).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-01 06:54:17 -04:00

20 lines
1.1 KiB
YAML

#cloud-config
# ct.prod base: swap + Caddy (public edge) + node20 (prospector runtime).
# Prospector itself is shipped by deploy/deploy-server.sh; Caddy config by the
# repo's apps.ftw.pw.Caddyfile.
package_update: true
packages:
- debian-keyring
- debian-archive-keyring
- apt-transport-https
- curl
runcmd:
- [ bash, -c, "fallocate -l 2G /swapfile && chmod 600 /swapfile && mkswap /swapfile && swapon /swapfile && echo '/swapfile none swap sw 0 0' >> /etc/fstab" ]
- [ bash, -c, "curl -1sLf https://dl.cloudsmith.io/public/caddy/stable/gpg.key | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg" ]
- [ bash, -c, "curl -1sLf https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt | tee /etc/apt/sources.list.d/caddy-stable.list" ]
- [ bash, -c, "curl -fsSL https://deb.nodesource.com/setup_20.x | bash -" ]
- [ bash, -c, "apt-get update && apt-get install -y caddy nodejs postgresql-client-16" ]
- [ bash, -c, "mkdir -p /opt/prospector" ]
final_message: "com.uvlava.ct.prod base ready (swap + caddy + node20). Deploy prospector + install Caddyfile."