feat(provision): Phase-0 throwaway test VM via vendored @olsitec/pulumi-hetzner

- Vendor hetzner module (Stage-1, trimmed to @pulumi/hcloud+js-yaml; dropped unused
  types.ts + bcrypt/axios/tls/vault deps). GOTCHA documented: cloud-init moves SSH
  to port 222.
- provision/: isolated stack (platformName foundation-test, no collision with
  olsicloud4-*) — one cx23 in nbg1-dc3 + firewall (222/80/443/2222) + Docker cloud-init.
  Dedicated throwaway ed25519 key (operator id_rsa already registered → uniqueness_error).
- Provisioned + verified: foundation-test @ 91.98.117.152, Docker 29.6.1, docker-over-SSH OK.

Token via ENV (pass), never committed; provision/state gitignored.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Andreas Niemann 2026-06-30 18:57:54 +02:00
parent 6a29db386f
commit 80a99c6f7e
13 changed files with 754 additions and 1 deletions

View file

@ -10,3 +10,21 @@ NOTE: T03 precursor live validation — prove Docker-over-SSH provider creates f
CMD: (above) pulumi up/inspect/destroy — foundation-net on crunchy01
EXIT: 0 — created (subnet 172.30.0.0/24, bridge, attachable, verified) then destroyed clean; nothing persisted.
---
--- 2026-06-30T16:51:46Z ---
HOST: mac-studio -> hetzner-api (eu-central/nbg1-dc3)
CWD: /Users/andiolsi/work/olsitec-foundation/foundation/provision PROJECT: foundation-provision STACK: foundation-test
ENVIRONMENT: test(throwaway)
CMD: pulumi up --yes (HetznerDeployment cx22 + firewall + docker cloud-init)
EXIT: RUNNING
NOTE: Phase-0 provision of throwaway foundation TEST VM via vendored @olsitec/pulumi-hetzner. ~14 hcloud resources. Billable (~EUR0.007/hr). Destroyable via 'pulumi destroy' in provision/.
---
--- 2026-06-30T16:51:49Z UPDATE ---
EXIT: 0 — see outputs (publicIp). VM provisioning; docker installs via cloud-init (~1-2 min).
---
--- 2026-06-30T16:54:41Z UPDATE ---
EXIT: 0 — VM created (cx23, nbg1-dc3). publicIp in outputs. Docker installing via cloud-init.
---
--- 2026-06-30T16:57:30Z UPDATE ---
EXIT: 0 — test VM foundation-test @ 91.98.117.152 (cx23, nbg1-dc3), SSH:222, Docker 29.6.1 verified.
NOTE: docker-over-SSH provider path needs SSH_PRIVATE_KEY_PATH=~/.ssh/foundation-test_ed25519 + FOUNDATION_DOCKER_HOST=ssh://root@91.98.117.152:222. DESTROY: cd provision && pulumi destroy (stack foundation-test).
---