- Vendor hetzner module (Stage-1, trimmed to @pulumi/hcloud+js-yaml; dropped unused types.ts + bcrypt/axios/tls/vault deps). GOTCHA documented: cloud-init moves SSH to port 222. - provision/: isolated stack (platformName foundation-test, no collision with olsicloud4-*) — one cx23 in nbg1-dc3 + firewall (222/80/443/2222) + Docker cloud-init. Dedicated throwaway ed25519 key (operator id_rsa already registered → uniqueness_error). - Provisioned + verified: foundation-test @ 91.98.117.152, Docker 29.6.1, docker-over-SSH OK. Token via ENV (pass), never committed; provision/state gitignored. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
12 lines
847 B
Markdown
12 lines
847 B
Markdown
# VENDORED — @olsitec/pulumi-hetzner
|
|
|
|
Stage-1 vendor (000_TOPOLOGY.md §5; ADR-005), 2026-06-30.
|
|
|
|
- **Source**: `/Users/andiolsi/work/olsicloud4/pulumi/modules/hetzner/` (index.ts, cloudinit-config.ts, tsconfig.json).
|
|
- **Trimmed**: dropped `types.ts` (standalone, unused by `HetznerDeployment`) and the unused deps it pulled
|
|
(`bcrypt`, `axios`, `@pulumi/{tls,vault,random}`, `deepmerge`, `yaml`). Real import surface is only
|
|
`@pulumi/hcloud`, `@pulumi/pulumi`, `fs`, `js-yaml`. Logic unchanged.
|
|
- **GOTCHA — SSH port 222**: `getCloudInitConfig` writes an sshd drop-in that moves SSH to **port 222**
|
|
and creates `root` + `andiolsi` users. Consumers (the Docker-over-SSH provider, ssh checks) MUST use
|
|
`:222`. The module creates **no firewall** — the consumer adds one.
|
|
- Stage-2 (publish to the foundation registry) is a later task.
|