foundation/packages/pulumi-hetzner/VENDORED.md
Andreas Niemann 80a99c6f7e feat(provision): Phase-0 throwaway test VM via vendored @olsitec/pulumi-hetzner
- Vendor hetzner module (Stage-1, trimmed to @pulumi/hcloud+js-yaml; dropped unused
  types.ts + bcrypt/axios/tls/vault deps). GOTCHA documented: cloud-init moves SSH
  to port 222.
- provision/: isolated stack (platformName foundation-test, no collision with
  olsicloud4-*) — one cx23 in nbg1-dc3 + firewall (222/80/443/2222) + Docker cloud-init.
  Dedicated throwaway ed25519 key (operator id_rsa already registered → uniqueness_error).
- Provisioned + verified: foundation-test @ 91.98.117.152, Docker 29.6.1, docker-over-SSH OK.

Token via ENV (pass), never committed; provision/state gitignored.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-30 18:57:54 +02:00

847 B

VENDORED — @olsitec/pulumi-hetzner

Stage-1 vendor (000_TOPOLOGY.md §5; ADR-005), 2026-06-30.

  • Source: /Users/andiolsi/work/olsicloud4/pulumi/modules/hetzner/ (index.ts, cloudinit-config.ts, tsconfig.json).
  • Trimmed: dropped types.ts (standalone, unused by HetznerDeployment) and the unused deps it pulled (bcrypt, axios, @pulumi/{tls,vault,random}, deepmerge, yaml). Real import surface is only @pulumi/hcloud, @pulumi/pulumi, fs, js-yaml. Logic unchanged.
  • GOTCHA — SSH port 222: getCloudInitConfig writes an sshd drop-in that moves SSH to port 222 and creates root + andiolsi users. Consumers (the Docker-over-SSH provider, ssh checks) MUST use :222. The module creates no firewall — the consumer adds one.
  • Stage-2 (publish to the foundation registry) is a later task.