############################################################################### # com.uvlava.ct.services — standing CT services host: CT + MC MCPs (always-up) # + cocottetech app backends (prospector / finances / marketing / onlyfans / # cocottetech). Each app self-declares onto this host via its own .infra.yaml. # Base image only here (docker + swap); app/MCP deploys land later. ############################################################################### resource "digitalocean_droplet" "ct_services" { name = var.name image = "ubuntu-24-04-x64" size = var.droplet_size region = var.region ssh_keys = var.ssh_key_fingerprints tags = ["ct", "services", "mcp"] user_data = file("${path.module}/cloud-init.yaml") lifecycle { # App/MCP data + state live in /opt volumes; `name` is ForceNew (rename via doctl). ignore_changes = [user_data, name] } } resource "digitalocean_firewall" "ct_services" { name = "ct-services-fw" droplet_ids = [digitalocean_droplet.ct_services.id] inbound_rule { protocol = "tcp" port_range = "22" source_addresses = ["0.0.0.0/0", "::/0"] } inbound_rule { protocol = "tcp" port_range = "80" source_addresses = ["0.0.0.0/0", "::/0"] } inbound_rule { protocol = "tcp" port_range = "443" source_addresses = ["0.0.0.0/0", "::/0"] } outbound_rule { protocol = "tcp" port_range = "1-65535" destination_addresses = ["0.0.0.0/0", "::/0"] } outbound_rule { protocol = "udp" port_range = "1-65535" destination_addresses = ["0.0.0.0/0", "::/0"] } outbound_rule { protocol = "icmp" destination_addresses = ["0.0.0.0/0", "::/0"] } } output "ct_services_ip" { value = digitalocean_droplet.ct_services.ipv4_address }