feat(provision): Phase-0 throwaway test VM via vendored @olsitec/pulumi-hetzner

- Vendor hetzner module (Stage-1, trimmed to @pulumi/hcloud+js-yaml; dropped unused
  types.ts + bcrypt/axios/tls/vault deps). GOTCHA documented: cloud-init moves SSH
  to port 222.
- provision/: isolated stack (platformName foundation-test, no collision with
  olsicloud4-*) — one cx23 in nbg1-dc3 + firewall (222/80/443/2222) + Docker cloud-init.
  Dedicated throwaway ed25519 key (operator id_rsa already registered → uniqueness_error).
- Provisioned + verified: foundation-test @ 91.98.117.152, Docker 29.6.1, docker-over-SSH OK.

Token via ENV (pass), never committed; provision/state gitignored.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Andreas Niemann 2026-06-30 18:57:54 +02:00
parent 6a29db386f
commit 80a99c6f7e
13 changed files with 754 additions and 1 deletions

12
provision/package.json Normal file
View file

@ -0,0 +1,12 @@
{
"name": "@olsitec/foundation-provision",
"private": true,
"version": "0.0.0",
"main": "index.ts",
"dependencies": {
"@olsitec/pulumi-hetzner": "workspace:*",
"@pulumi/hcloud": "^1.21.1",
"@pulumi/pulumi": "^3.138.0"
},
"devDependencies": { "@types/node": "^18", "typescript": "^5.0.0" }
}