diff --git a/config/README.md b/config/README.md deleted file mode 100644 index 43112add..00000000 --- a/config/README.md +++ /dev/null @@ -1,72 +0,0 @@ -# Configuration Layout - -This repository keeps environment-specific infrastructure configuration under the `config/` directory. The layout follows a consistent project → environment → cloud/provider → resource-module hierarchy so that each stack can be managed independently. - -## Recommended standard layout - -``` -config/ -└── / - └── / - └── / - ├── base.yaml - ├── identity.yaml - ├── network.yaml - ├── security.yaml - ├── storage.yaml - ├── compute.yaml - ├── observability.yaml - └── .yaml -``` - -- **Project**: top-level application or platform (for example `modern-container-app`, `cloudneutral-platform`, or `ai-infra-lab`). -- **Environment**: fully isolated deployment stages such as `dev`, `sit`, `uat`, and `prod`. -- **Cloud/Provider**: clear provider identifiers such as `aws-cloud`, `gcp-cloud`, or `vultr-vps`. -- **Resource modules**: YAML slices for base settings, identity, network, security, storage, compute, observability, and feature-specific needs. - -## Applied layout for this repository - -The current repo uses the `xzerolab` project with a `sit` environment. Provider-specific configurations are organized per cloud alongside shared assets for future environments. - -``` -config/ -├── bootstrap.yaml -└── xzerolab/ - └── sit/ - ├── aws-cloud/ - │ ├── accounts/ - │ │ ├── bootstrap.yaml - │ │ ├── dev-landingzone.yaml - │ │ └── dev.yaml - │ ├── provider_backend.yaml - │ └── resources/ - │ ├── dev-alb/alb.yaml - │ ├── dev-kafka/msk.yaml - │ ├── dev-nlb/nlb.yaml - │ ├── dev-object/bucket.yaml - │ ├── dev-rds/rds.yaml - │ ├── dev-redis/redis.yaml - │ ├── ec2/dev.yaml - │ └── vpc/dev.yaml - ├── gcp-cloud/ - │ ├── accounts/ - │ │ ├── bootstrap.yaml - │ │ ├── dev-landingzone.yaml - │ │ └── dev.yaml - │ └── resources/ - │ ├── dev-alb/alb.yaml - │ ├── dev-kafka/msk.yaml - │ ├── dev-nlb/nlb.yaml - │ ├── dev-object/bucket.yaml - │ ├── dev-rds/rds.yaml - │ ├── dev-redis/redis.yaml - │ ├── ec2/dev.yaml - │ └── vpc/dev.yaml - └── vultr-vps/ - ├── accounts/ - │ └── .gitkeep - └── resources/ - └── .gitkeep -``` - -Use this layout to keep each environment and provider self-contained, making it easy for CI/CD workflows to target the exact configuration needed for a deployment. diff --git a/config/alicloud/audit.yaml b/config/alicloud/audit.yaml deleted file mode 100644 index b4afb693..00000000 --- a/config/alicloud/audit.yaml +++ /dev/null @@ -1,8 +0,0 @@ -audit: - actiontrail: - enabled: true - name: lz-mvp-actiontrail - oss_bucket_ref: lz-mvp-actiontrail-logs - oss_key_prefix: actiontrail - trail_region: cn-hangzhou - event_rw: All diff --git a/config/alicloud/base.yaml b/config/alicloud/base.yaml deleted file mode 100644 index 3bb66891..00000000 --- a/config/alicloud/base.yaml +++ /dev/null @@ -1,5 +0,0 @@ -alicloud: - region: cn-hangzhou - default_tags: - project: landingzone-mvp - owner: your-github-handle diff --git a/config/alicloud/config-service.yaml b/config/alicloud/config-service.yaml deleted file mode 100644 index c1239e98..00000000 --- a/config/alicloud/config-service.yaml +++ /dev/null @@ -1,27 +0,0 @@ -config_service: - recorder: - name: lz-config-recorder - resource_types: - - ACS::ECS::Instance - - ACS::OSS::Bucket - - ACS::VPC::VSwitch - delivery_channel: - name: lz-config-delivery - display_name: LandingZoneBaseline - type: OSS - target_arn: acs:oss:cn-hangzhou:${AliUid}:lz-mvp-actiontrail-logs - assume_role_arn: acs:ram::${AliUid}:role/aliyunconfigdefaultrole - description: Deliver baseline compliance evaluations to OSS - status: 1 - rules: - - name: lz-required-env-tag - description: Ensure env tag exists on core resources - source_identifier: ecs-instance-required-tag - source_owner: ALIYUN - risk_level: 2 - trigger_types: ConfigurationItemChangeNotification - resource_types_scopes: - - ACS::ECS::Instance - input_parameters: - tagKey: env - maximum_execution_frequency: TwentyFour_Hours diff --git a/config/alicloud/identity.yaml b/config/alicloud/identity.yaml deleted file mode 100644 index 5cfb2ff0..00000000 --- a/config/alicloud/identity.yaml +++ /dev/null @@ -1,28 +0,0 @@ -identity: - users: - - name: ops-automation - display_name: Landing Zone Automation - comments: Dedicated RAM user for IaC pipelines - policies: - - name: AliyunOSSFullAccess - type: System - - name: AliyunVPCFullAccess - type: System - - name: AliyunConfigFullAccess - type: System - - name: audit-viewer - display_name: Landing Zone Auditor - comments: Read-only access for monitoring - policies: - - name: ReadOnlyAccess - type: System - groups: - - name: ops-admins - comments: Baseline operations team - policies: - - name: AliyunConfigFullAccess - type: System - - name: AliyunVPCFullAccess - type: System - users: - - ops-automation diff --git a/config/alicloud/network.yaml b/config/alicloud/network.yaml deleted file mode 100644 index 0ede31e4..00000000 --- a/config/alicloud/network.yaml +++ /dev/null @@ -1,18 +0,0 @@ -network: - vpcs: - - name: lz-main-vpc - cidr_block: 10.10.0.0/16 - description: Landing zone baseline VPC - tags: - env: shared - vswitches: - - name: lz-prod-subnet - cidr_block: 10.10.1.0/24 - zone_id: cn-hangzhou-h - tags: - env: prod - - name: lz-test-subnet - cidr_block: 10.10.2.0/24 - zone_id: cn-hangzhou-h - tags: - env: test diff --git a/config/alicloud/security.yaml b/config/alicloud/security.yaml deleted file mode 100644 index d05f5e0d..00000000 --- a/config/alicloud/security.yaml +++ /dev/null @@ -1,18 +0,0 @@ -security: - groups: - - name: lz-base-sg - vpc: lz-main-vpc - description: Baseline security group allowing outbound traffic only - tags: - env: shared - ingress: - - protocol: tcp - port_range: "22/22" - cidr_ip: 0.0.0.0/0 - description: Temporary SSH access for break-glass - policy: accept - egress: - - protocol: all - port_range: "-1/-1" - cidr_ip: 0.0.0.0/0 - policy: accept diff --git a/config/alicloud/storage.yaml b/config/alicloud/storage.yaml deleted file mode 100644 index f0b651de..00000000 --- a/config/alicloud/storage.yaml +++ /dev/null @@ -1,17 +0,0 @@ -storage: - oss_buckets: - - name: lz-mvp-actiontrail-logs - bucket: lz-mvp-actiontrail-logs - storage_class: Standard - versioning: - status: Enabled - lifecycle_rules: - - id: archive-audit-logs - enabled: true - transitions: - - storage_class: IA - days: 180 - - storage_class: Archive - days: 365 - tags: - env: prod diff --git a/config/aws-global/base.yaml b/config/aws-global/base.yaml deleted file mode 100644 index 4af6d4f0..00000000 --- a/config/aws-global/base.yaml +++ /dev/null @@ -1,6 +0,0 @@ -aws: - region: us-east-1 - default_tags: - project: landingzone-global - owner: your-github-handle - environment: shared diff --git a/config/aws-global/identity.yaml b/config/aws-global/identity.yaml deleted file mode 100644 index e2891ec0..00000000 --- a/config/aws-global/identity.yaml +++ /dev/null @@ -1,27 +0,0 @@ -identity: - users: - - name: lz-automation - path: /landingzone/ - tags: - role: automation - policies: - - arn: arn:aws:iam::aws:policy/AdministratorAccess - - name: lz-auditor - path: /landingzone/ - tags: - role: audit - policies: - - arn: arn:aws:iam::aws:policy/SecurityAudit - groups: - - name: lz-operations - path: /landingzone/ - policies: - - arn: arn:aws:iam::aws:policy/PowerUserAccess - users: - - lz-automation - - name: lz-audit - path: /landingzone/ - policies: - - arn: arn:aws:iam::aws:policy/SecurityAudit - users: - - lz-auditor diff --git a/config/aws-global/network.yaml b/config/aws-global/network.yaml deleted file mode 100644 index 5aae816d..00000000 --- a/config/aws-global/network.yaml +++ /dev/null @@ -1,29 +0,0 @@ -network: - vpcs: - - name: lz-global-vpc - cidr_block: 10.20.0.0/16 - tags: - env: shared - subnets: - - name: lz-public-a - cidr_block: 10.20.1.0/24 - availability_zone: us-east-1a - type: public - tags: - tier: ingress - - name: lz-private-a - cidr_block: 10.20.11.0/24 - availability_zone: us-east-1a - type: private - tags: - tier: application - - name: lz-private-b - cidr_block: 10.20.21.0/24 - availability_zone: us-east-1b - type: private - tags: - tier: application - routes: - - subnet_type: public - destination_cidr_block: 0.0.0.0/0 - gateway: internet_gateway diff --git a/config/aws-global/security.yaml b/config/aws-global/security.yaml deleted file mode 100644 index 7dc87793..00000000 --- a/config/aws-global/security.yaml +++ /dev/null @@ -1,24 +0,0 @@ -security: - groups: - - name: lz-base-sg - vpc: lz-global-vpc - description: Baseline security group allowing outbound traffic and limited inbound access - tags: - tier: baseline - ingress: - - protocol: tcp - from_port: 22 - to_port: 22 - cidr_blocks: - - 0.0.0.0/0 - description: Temporary SSH access for break-glass - - protocol: tcp - port_range: "443/443" - cidr_blocks: - - 0.0.0.0/0 - description: HTTPS access for shared services - egress: - - protocol: all - port_range: "-1/-1" - cidr_blocks: - - 0.0.0.0/0 diff --git a/config/aws-global/storage.yaml b/config/aws-global/storage.yaml deleted file mode 100644 index 064a2e2a..00000000 --- a/config/aws-global/storage.yaml +++ /dev/null @@ -1,18 +0,0 @@ -storage: - buckets: - - name: lz-global-logs - acl: private - versioning: true - force_destroy: false - block_public_access: true - lifecycle_rules: - - id: expire-old-logs - enabled: true - transitions: - - storage_class: GLACIER - days: 90 - expiration_days: 365 - server_side_encryption: - sse_algorithm: AES256 - tags: - purpose: audit-logs diff --git a/config/bootstrap.yaml b/config/bootstrap.yaml deleted file mode 100644 index ff5f81c8..00000000 --- a/config/bootstrap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -region: ap-northeast-1 -environment: bootstrap - -account_name: xzerolab -account_id: 950604983695 - -state: - bucket_name: aws-cloud-iac-state - dynamodb_table_name: aws-cloud-iac-state-dynamodb-lock - -iam: - role_name: IacDeployRole - terraform_user_name: github-ci-runner - -tags: - Owner: Platform - Project: CloudNeutral diff --git a/config/sit/base.yaml b/config/sit/base.yaml deleted file mode 100644 index f4e2dea4..00000000 --- a/config/sit/base.yaml +++ /dev/null @@ -1,6 +0,0 @@ -aws: - profile: default - region: ap-northeast-1 - key_pairs: - - name: dev_key - key_file: ~/.ssh/id_rsa.pub diff --git a/config/sit/firewall.yaml b/config/sit/firewall.yaml deleted file mode 100644 index 697e429c..00000000 --- a/config/sit/firewall.yaml +++ /dev/null @@ -1,37 +0,0 @@ -firewall_rules: - - name: allow-web-inbound - enabled: true - vpc_name: dev-vpc-1 - source_ranges: ["0.0.0.0/0"] - egress_ranges: ["10.0.0.0/16"] - allow: - - protocol: tcp - ports: ["80", "443"] - - - name: dev-vpc-1-default-inbound - enabled: true - vpc_name: dev-vpc-1 - description: Allow ICMP, SSH, and VXLAN from all sources - source_ranges: ["0.0.0.0/0"] - allow: - - protocol: icmp - - protocol: tcp - ports: ["22"] - - protocol: udp - ports: ["4789"] - - protocol: udp - ports: ["51820"] - - - name: dev-vpc-2-default-inbound - enabled: true - vpc_name: dev-vpc-2 - description: Allow ICMP, SSH, and VXLAN from all sources - source_ranges: ["0.0.0.0/0"] - allow: - - protocol: icmp - - protocol: tcp - ports: ["22"] - - protocol: udp - ports: ["4789"] - - protocol: udp - ports: ["51820"] diff --git a/config/sit/instances.yaml b/config/sit/instances.yaml deleted file mode 100644 index 2ea5d395..00000000 --- a/config/sit/instances.yaml +++ /dev/null @@ -1,48 +0,0 @@ -instances: - - name: master-1 - ami: ubuntu-24.04 # ✅ 可用 ami-xxx 或关键词(如 ubuntu-22.04) - type: t3a.xlarge - disk_size_gb: 20 - sg_names: ["dev-vpc-1-default-inbound"] - subnet: dev-vpc-1-public-subnet-1 - lifecycle: spot # 可选: ondemand(默认)或 spot - ttl: 1h # 可选: 标记生命周期(不会自动销毁) - env: sit # 可选: dev/sit/prod 等环境标签 - owner: devops # 可选: 资源责任人标签 - associate_public_ip: true # ✅ 明确配置是否需要公网 IP - - - name: slave-1 - ami: ubuntu-24.04 - type: t3.small - sg_names: ["dev-vpc-2-default-inbound"] - disk_size_gb: 20 - subnet: dev-vpc-2-public-subnet-1 - lifecycle: spot - ttl: 1h - env: sit - owner: devops - associate_public_ip: true - - - name: agent-1 - ami: ubuntu-24.04 - type: t3.micro - disk_size_gb: 20 - subnet: dev-vpc-1-public-subnet-1 - sg_names: ["dev-vpc-1-default-inbound"] - lifecycle: spot - ttl: 1h - env: sit - owner: devops - associate_public_ip: true - - - name: agent-2 - ami: ubuntu-24.04 - type: t3.micro - disk_size_gb: 20 - subnet: dev-vpc-2-public-subnet-1 - sg_names: ["dev-vpc-2-default-inbound"] - lifecycle: spot - ttl: 1h - env: sit - owner: devops - associate_public_ip: true diff --git a/config/sit/vpc.yaml b/config/sit/vpc.yaml deleted file mode 100644 index 019c0866..00000000 --- a/config/sit/vpc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -vpcs: - - name: dev-vpc-1 - cidr_block: 10.1.0.0/16 - subnets: - - name: dev-vpc-1-public-subnet-1 - cidr_block: 10.1.1.0/24 - availability_zone: ap-northeast-1a - type: public - - name: dev-vpc-1-private-subnet-1 - cidr_block: 10.1.101.0/24 - availability_zone: ap-northeast-1c - type: private - routes: - - name: dev-vpc-1-public-route - destination_cidr_block: 0.0.0.0/0 - subnet_type: public - gateway: internet_gateway - peering: - enabled: false - peer_vpc_id: null - peer_region: null - auto_accept: false - - - name: dev-vpc-2 - cidr_block: 10.2.0.0/16 - subnets: - - name: dev-vpc-2-public-subnet-1 - cidr_block: 10.2.1.0/24 - availability_zone: ap-northeast-1a - type: public - - name: dev-vpc-2-private-subnet-1 - cidr_block: 10.2.101.0/24 - availability_zone: ap-northeast-1c - type: private - routes: - - name: dev-vpc-2-public-route - destination_cidr_block: 0.0.0.0/0 - subnet_type: public - gateway: internet_gateway - peering: - enabled: false - peer_vpc_id: null - peer_region: null - auto_accept: false diff --git a/config/sit/vpn-keys.md b/config/sit/vpn-keys.md deleted file mode 100644 index 2294d756..00000000 --- a/config/sit/vpn-keys.md +++ /dev/null @@ -1,19 +0,0 @@ -只加密 private_key 字段 -1. 原始 vpn-keys.yaml -yaml -keys: - - name: master-1 - private_key: - public_key: -2. 使用 ansible-vault encrypt_string 加密 private_key - -- ansible-vault encrypt_string 'private-key-xxxx' --name 'private_key' -- ansible-vault encrypt_string 'public_key-xxxx' --name 'public_key' - -示例输出(加密后是 YAML 结构): - -yaml -private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62326432376162336462343864333933356363373235623262306463326432363737623732613763 - 3962613662616565393463343030653733623066626137610a313465323462623261303031323337 diff --git a/config/sit/vpn-keys.yaml b/config/sit/vpn-keys.yaml deleted file mode 100644 index 6586bdc0..00000000 --- a/config/sit/vpn-keys.yaml +++ /dev/null @@ -1,145 +0,0 @@ -keys: - - name: cn-hub - private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 33643635306332303761356562383035353333373234393132313162613834323963313635326562 - 3932356235303234356561623762393862666438386565310a376235306238343139386532336162 - 65623164666665353435653432396530303634666438656566656466643866366139613961363631 - 6363306631393038320a613163313338313237383837303966356333303737643331616433396430 - 33316331333766613438356462313130326433363961316162313761616561616466363939613033 - 3837623938376434656434386135333739613939653133373733 - public_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 38336537383061383333643431643261343739323864316235303366623930633366336139386636 - 6162336232336533636134353863386233303631626363360a376533336664636661373933623230 - 34333765346661383335663034393561646436333135613838373438396336633061396533613061 - 3031326364353036630a373862396266653961346334663139626633313362656131663163383563 - 34376231306239636536313830333962323934343035333263643234363363396164626366353061 - 3833613132373666303563623863373735396566666239316536 - - - name: global-hub - private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 63343838666530633031313536616535313936373634396165376132333661616534663937626632 - 3530646463663462383130323930356239636438643035380a343433303064383531663332303839 - 32613733323263623836346266383363336361323036383536313031386435386534646661616463 - 6631346431316334620a643831313033326261333365623037306565663131373664343930623665 - 31346564363635323765336465646466663631376538626237386165326464326632323438663038 - 3937363832363731353834633663646538666232336239353936 - public_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 34666430316566393939656436323231623935316331373264383830653934323261656136373666 - 3630356330396362323763383832376538633163636331650a376339326661363431353532303831 - 37336134303235633334643036326564313163626433613261333062336238316333363165386263 - 3666386330343261340a333662636630356635373938623335656462633039353565383133613935 - 35643661363334313733346430633432353736343463613264393433623135613833376435333661 - 3462643164356563346166656237613334616130386532393565 - - - name: deepflow-demo - private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 36316136663466336564383766626434626338356130626537663163373530326332366335306136 - 3266383533373032623366396139653063626338646237310a353439346238653832646437313663 - 62623239623761326436613833313739386662356263353338666461363438613766663962386162 - 3539343836623936370a313439316335346235306633333333643738333461323963313038313161 - 62376566626335306335623134346361326364346433626234383162616636326265356364313938 - 6534613330643764613733333266313365633635663138636633 - public_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 32326461646138373831356335656664643737313032656134663138323439313164353766363134 - 6232303034663064303235303363663661326433313536660a666133616438316436306463303163 - 64646530633639616266396563383362306235313662373565323963633039653931376431303565 - 6136396164346563660a643235646232353061323463396539383266333133343532396139373035 - 39653262653638363930383861353262303030373332313538383362393633663562303566373737 - 3062336434313031613534393033616330333363613863613464 - - - name: icp-aliyun - private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 34383966663239613361363535616332303432393165643433663461633934363535626137326664 - 6532646433306636393734666164613864636636626630660a636636306435343661366234343661 - 30326362306537633561636265666232373437353034643462656538653835653831303263306662 - 3361323333353935350a316539303863646434336136333862626261363031336232666562326434 - 39303961383563623736383962363330363439313064613632383061313438373330356366323534 - 6533613662373736373131363463663734656261643839383862 - public_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65393861336537646335613534376635343838656233646333386438653766636539333436623665 - 6562396637666365613562373565383263353534343931350a323563346239666534303162353432 - 63646562363362396333333738333664376136303066316135633633323466326233613264623366 - 6166613531623135660a363465636137643337626137386661306237323731353839303734653436 - 32643065663739303161626261393062613764346662633365336162613134633131383062646133 - 6437313463376164386465663365386436633466363633383366 - - - name: tky-proxy - private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 39303737303631303963613131373734373338663232366534303832646664326365353730313665 - 3664643734336466613839663239613433373837633064300a373634343034323739646565326464 - 32343237303731656666323332656138643533323338626631626630316435623564616330333237 - 6339626537376163360a376663653533663332353163303363386564373233666230323735343863 - 66363730653134343037363739353464663834373134656639303932646635336664303537376665 - 3961393930616464343632363039333465633364626433363761 - public_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 61366364303934343039356565643939613032373932356264393739343832366231653335373132 - 3732346666336566396133343836393961336533323530310a636131316266653132346663306461 - 39613036396330376235623765313166303163393264373436316236366234666532343866383235 - 3230366539313162310a323130663530653339623366613336616433666136336463306237326461 - 36363536376230313135336463386566393964613238353134663432353762626166303938323266 - 3963383862363236643361346165373538323332363764633131 - - - name: us-proxy - private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 34373039646561366365363831636438633462633536343834356263396331333864396161363630 - 6631373964666239663064633936333135653663306464320a316463363362313336373437383937 - 38663665323531346536363030333637663631623765373466386664623332616432613334623933 - 6362353736396662300a343430633865363637313732383065613836363231623862616535383033 - 38333861393761633437316435306263356131353133376532323661366465616130616332366436 - 3430663134636430613139333238343265613764616234383362 - public_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62316266633037313333333966646331613830633733616438666533303735613763376632336562 - 3864333538333535323862333230663664306561386534340a343038356565643530323061323034 - 35353663643465616633346363626430623435396263646339373137303830303031326462653966 - 3266313038373466300a643833373063363862643533393838613266666363326363383034653366 - 34633063616361653762323130363832353132613531326131323336353339616166396464303337 - 6338353132333964376163333537363337316438313266623933 - - - name: ca-proxy - private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 39303965663333646238656661376238653732363366653264353234396635313464316563613761 - 3937323936393363373265653864313034343462626633360a303036643838366465623965623365 - 35646332626232356661343966623637613037666336376562323864306630396536646230623664 - 6431636530326362320a383965356336313563336261633030666534613936653037393737356637 - 30323935393662333533373561303661366437626264383837376562323466323531616165643233 - 3233643237303764346130323139613537666132646532643864 - public_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 61343962366534343435356236663132656636313634393563663164323630646363666264626434 - 3439316233626333656362623332613433313130396430610a633839393561326438636533666162 - 63663330313934353462663334643365323766376337363835633439653064386237373531323637 - 6338333364366239350a313636636438653736336563383665366661343066373761333431343933 - 36303062643639613632383565383534306438363461336634343662646435666231343565616333 - 6239326436633462346466393862336332383665313134393738 - - - name: icp-huawei - private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 34356563313165386632656365393865356631663936656337316136343437363538393463363639 - 3562343736663335643230626335346265336365613835370a373361633064356264623932393232 - 63386433643761373634333232393136316333353165336463323736366363313662333863656462 - 3136323033626666340a623730346234396664343863656335303263376562613230373363343938 - 36633838303966303434336165393838346531383362316161366431393765373765396137316466 - 3866643163393061613732623938613035396536333837353363 - public_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 63383631656563313335646566356237333737653232656439336230633037346566626663653333 - 6533663536666464616537376236383734313231393762640a643962666334326261386462653233 - 39386632343965346161623761393034313532633236613430663261366530363638653430383864 - 3535323031663634320a366134323832323034373430383264353066333666323932663230336333 - 65643263363538653033326236623434366631366339313964646263316536643237643535313663 - 3062623634613961636532636438393830613132656266306539 - diff --git a/config/sit/vpn-overlay.yaml b/config/sit/vpn-overlay.yaml deleted file mode 100644 index 3b2657c2..00000000 --- a/config/sit/vpn-overlay.yaml +++ /dev/null @@ -1,155 +0,0 @@ -# 基础网络参数 -wg_network: 172.30.0.0/16 -bridge_network: 10.253.0.0/16 -vxlan_id: 100 -hub_port: 51820 - -# 全局功能开关 -features: - enable_vless: true # 是否通过 VLESS 中转 WG 流量 - enable_multi_hub: true # 是否支持多 Hub 架构(false 则为单 Hub star 架构) - enable_vxlan_between_sits: true # 是否开启 vxlan 桥接(站点接入 Hub) - enable_vxlan_between_hubs: true # 是否开启 Hub 之间的 VXLAN Mesh - only_wireguard: false # 若为 true,仅使用 WireGuard 点对点,忽略 gretap/vxlan - -# WireGuard Hub 节点配置 -hubs: - - name: cn-hub - interface: eth0 - public_ip: 1.15.155.245 - pod_cidr: 10.42.0.0/16 - wireguard_cidr: 172.30.0.0/16 - wg_ip: 172.30.0.1 - br_ip: 10.253.253.1 - local_ip: 172.30.0.1 - remote_ip: 172.31.0.10 - xray: - uuid: "18d270a9-533d-4b13-b3f1-e7f55540a9b2" - relay_address: "global-proxy.onwalk.net" - relay_port: '51820' - remote_domain: "global-proxy.onwalk.net" - cert_path: "/etc/ssl/onwalk.net.pem" - key_path: "/etc/ssl/onwalk.net.key" - wireguard_peer: - - master-1 - - slave-1 - - agent-1 - - agent-1 - - - name: global-hub - interface: ens5 - public_ip: 1.15.155.245 - wg_ip: 172.31.0.1 - br_ip: 10.253.253.2 - local_ip: 172.31.0.1 - remote_ip: 172.30.0.1 - xray: - uuid: "18d270a9-533d-4b13-b3f1-e7f55540a9b2" - cert_path: "/etc/ssl/onwalk.net.pem" - key_path: "/etc/ssl/onwalk.net.key" - relay_address: "cn-proxy.onwalk.net" - relay_port: '51820' - remote_domain: "cn-proxy.onwalk.net" - wireguard_peer: - - master-1 - - slave-1 - - agent-1 - - agent-1 - -sites: - - name: tky-proxy - interface: ens5 - public_ip: 52.196.108.28 - wg_ip: 172.31.0.2 - br_ip: 10.253.254.2 - local_ip: 172.31.0.2 - remote_ip: 172.31.0.1 - wireguard_peer: - - global-hub - allowed_ips: "172.30.0.0/16,172.31.0.0/16" - xray: - uuid: "18d270a9-533d-4b13-b3f1-e7f55540a9b2" - cert_path: "/etc/ssl/onwalk.net.pem" - key_path: "/etc/ssl/onwalk.net.key" - relay_address: "global-proxy.onwalk.net" - relay_port: '51820' - remote_domain: "global-proxy.onwalk.net" - - - name: us-proxy - interface: enX0 - public_ip: 54.183.32.0 - wg_ip: 172.31.0.3 - br_ip: 10.253.254.3 - local_ip: 172.31.0.3 - remote_ip: 172.31.0.1 - wireguard_peer: - - global-hub - allowed_ips: "172.30.0.0/16,172.31.0.0/16" - xray: - uuid: "18d270a9-533d-4b13-b3f1-e7f55540a9b2" - remote_domain: "global-proxy.onwalk.net" - cert_path: "/etc/ssl/onwalk.net.pem" - key_path: "/etc/ssl/onwalk.net.key" - - - name: ca-proxy - interface: ens5 - wg_ip: 172.31.0.4 - br_ip: 10.253.254.4 - local_ip: 172.31.0.4 - remote_ip: 172.31.0.1 - wireguard_peer: - - global-hub - allowed_ips: "172.30.0.0/16,172.31.0.0/16" - xray: - uuid: "18d270a9-533d-4b13-b3f1-e7f55540a9b2" - remote_domain: "global-proxy.onwalk.net" - cert_path: "/etc/ssl/onwalk.net.pem" - key_path: "/etc/ssl/onwalk.net.key" - - - name: deepflow-demo - interface: wlp0s20f3 - public_ip: 172.30.0.10 - wg_ip: 172.30.0.10 - br_ip: 10.253.253.2 - local_ip: 172.30.0.10 - remote_ip: 172.30.0.1 - wireguard_peer: cn-hub - allowed_ips: "172.30.0.0/16" - - - name: icp-aliyun - interface: eth0 - public_ip: 47.120.61.35 - wg_ip: 172.30.0.11 - pod_cidr: 10.42.0.0/16 - wireguard_cidr: 172.30.0.0/16 - br_ip: 10.253.253.11 - local_ip: 172.30.0.11 - remote_ip: 172.30.0.1 - wireguard_peer: cn-hub - allowed_ips: "172.30.0.0/16" - xray: - uuid: "18d270a9-533d-4b13-b3f1-e7f55540a9b2" - cert_path: "/etc/ssl/onwalk.net.pem" - key_path: "/etc/ssl/onwalk.net.key" - relay_address: "cn-proxy.onwalk.net" - relay_port: '51820' - remote_domain: "cn-proxy.onwalk.net" - - - name: icp-huawei - interface: eth0 - public_ip: 139.9.139.22 - pod_cidr: 10.42.0.0/16 - wireguard_cidr: 172.30.0.0/16 - wg_ip: 172.30.0.12 - br_ip: 10.253.253.12 - local_ip: 172.30.0.12 - remote_ip: 172.30.0.1 - wireguard_peer: cn-hub - allowed_ips: "172.30.0.0/16" - xray: - uuid: "18d270a9-533d-4b13-b3f1-e7f55540a9b2" - cert_path: "/etc/ssl/onwalk.net.pem" - key_path: "/etc/ssl/onwalk.net.key" - relay_address: "cn-proxy.onwalk.net" - relay_port: '51820' - remote_domain: "cn-proxy.onwalk.net" diff --git a/config/vultr/base.yaml b/config/vultr/base.yaml deleted file mode 100644 index c29307c2..00000000 --- a/config/vultr/base.yaml +++ /dev/null @@ -1,5 +0,0 @@ -vultr: - region: ewr - default_tags: - environment: baseline - project: modern-container-app diff --git a/config/vultr/compute.yaml b/config/vultr/compute.yaml deleted file mode 100644 index eed1a7cd..00000000 --- a/config/vultr/compute.yaml +++ /dev/null @@ -1,16 +0,0 @@ -compute: - instances: - - name: baseline-bastion - plan: vc2-1c-1gb - region: ewr - os_id: 1743 - hostname: baseline-bastion - label: baseline-bastion - enable_ipv6: false - backups: disabled - firewall_group: baseline-fw - vpcs: - - baseline-vpc - tags: - - bastion - - baseline diff --git a/config/vultr/network.yaml b/config/vultr/network.yaml deleted file mode 100644 index c1415d3f..00000000 --- a/config/vultr/network.yaml +++ /dev/null @@ -1,7 +0,0 @@ -network: - vpcs: - - name: baseline-vpc - description: Baseline landing zone VPC - region: ewr - v4_subnet: 10.50.0.0 - v4_subnet_mask: 16 diff --git a/config/vultr/security.yaml b/config/vultr/security.yaml deleted file mode 100644 index 3627c0d9..00000000 --- a/config/vultr/security.yaml +++ /dev/null @@ -1,16 +0,0 @@ -security: - firewall_groups: - - name: baseline-fw - description: Baseline perimeter firewall rules - rules: - - name: allow-ssh - protocol: tcp - ip_type: v4 - cidr: 0.0.0.0/0 - port: "22" - notes: Allow SSH for operations - - name: allow-icmp - protocol: icmp - ip_type: v4 - cidr: 0.0.0.0/0 - notes: Allow ICMP diagnostics diff --git a/config/xzerolab/sit/aws-cloud/account/accounts.yaml b/config/xzerolab/sit/aws-cloud/account/accounts.yaml deleted file mode 100644 index 9a4d08c2..00000000 --- a/config/xzerolab/sit/aws-cloud/account/accounts.yaml +++ /dev/null @@ -1,19 +0,0 @@ -account_id: 950604983695 -name: dev -environment: dev - -region: ap-northeast-1 - -role_to_assume: "arn:aws:iam::950604983695:role/IacDeployRole" -logging_bucket: org-dev-logs -shared_vpc_account: "950604983695" # 单账号,所以保持一致 - -tags: - Environment: dev - Owner: Platform - CostCenter: "DEV" - Project: CloudNeutral - -backend: - bucket: aws-cloud-iac-state - dynamodb_table: aws-cloud-iac-state-dynamodb-lock diff --git a/config/xzerolab/sit/aws-cloud/account/bootstrap.yaml b/config/xzerolab/sit/aws-cloud/account/bootstrap.yaml deleted file mode 100644 index ff5f81c8..00000000 --- a/config/xzerolab/sit/aws-cloud/account/bootstrap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -region: ap-northeast-1 -environment: bootstrap - -account_name: xzerolab -account_id: 950604983695 - -state: - bucket_name: aws-cloud-iac-state - dynamodb_table_name: aws-cloud-iac-state-dynamodb-lock - -iam: - role_name: IacDeployRole - terraform_user_name: github-ci-runner - -tags: - Owner: Platform - Project: CloudNeutral diff --git a/config/xzerolab/sit/aws-cloud/account/landingzone.yaml b/config/xzerolab/sit/aws-cloud/account/landingzone.yaml deleted file mode 100644 index f87f2e3c..00000000 --- a/config/xzerolab/sit/aws-cloud/account/landingzone.yaml +++ /dev/null @@ -1,9 +0,0 @@ -region: "ap-northeast-1" -account_id: "950604983695" - -landingzone: - console_mode: "readonly" # 可选:deny / readonly - enable_risp_controls: true # 限制 RI/SP 购买 - enable_root_limited: true # 限制 root API - enable_mfa_enforce: true # 强制 MFA - diff --git a/config/xzerolab/sit/aws-cloud/resources/alb.yaml b/config/xzerolab/sit/aws-cloud/resources/alb.yaml deleted file mode 100644 index bcc35f42..00000000 --- a/config/xzerolab/sit/aws-cloud/resources/alb.yaml +++ /dev/null @@ -1,19 +0,0 @@ -name_prefix: "alb" - -vpc_id: "vpc-0d0d8d822fa215104" - -subnet_ids: - - "subnet-0c370f7ff7311388e" - - "subnet-0b609b5773fe957fa" - -listeners: - - port: 80 - protocol: "HTTP" - target_group_port: 80 - target_group_protocol: "HTTP" - - - port: 443 - protocol: "HTTPS" - certificate_arn: "arn:aws:acm:ap-northeast-1:xxxx:certificate/xxxx-xxxx" - target_group_port: 443 - target_group_protocol: "HTTP" diff --git a/config/xzerolab/sit/aws-cloud/resources/ec2.yaml b/config/xzerolab/sit/aws-cloud/resources/ec2.yaml deleted file mode 100644 index 10ec6747..00000000 --- a/config/xzerolab/sit/aws-cloud/resources/ec2.yaml +++ /dev/null @@ -1,26 +0,0 @@ -name_prefix: "dev-ec2" - -vpc_id: "vpc-06e1d6dab47b1d35f" -subnet_id: "subnet-06859ec23046f4556" - -instance: - type: "t3.micro" - ami: "ubuntu-2204" - -keypair: - name: "dev-key" - public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEsuS135lzjVvlH2iNrKz23lDFr7b686xs4d2HINP2glFPmgkgx1D6Dqwisb1UbhWHZmUUzRxXeNlE8fiaO0TXN/C0dsdUxgopnQRyakcA+gfJqqb38Syx8eqdC7mQy9ygOf763dWm6d/SYZ8WgNWLldk4QF9DiZOW9K22DMtY4/1Cqe/YE/WGpOMVr9T9BwvmOjarjWp2OPbx6RVlSOd735Mze5X+cJ9QqdLaisCiSoJ3j9S6dulcxm+7ghPfATvxlJyZWSrRrVqnmV45lPbeuUHlIEyuK1PK2MS6NtUP03ZhdRYJQKZLECpR5xAO/BliOtDdRornvHV1gutYD8/n3IS8sRVzYPvN9DuOhzBnBQUgciu2++R8zMfdVoH7mSbsE8u++vMcBk3UJ1Op0Ct+trl2bsnue96cAnoiII08JKwAaczD5uZIGhdkGV8zKnChNCjzCxP0i4PV/MYW04eWmH+E8G81zq4ZsvrvPYmilBbRrkwHvvbPba3SSb2F2As= shenlan@shenlandeMacBook-Air-2.local" - -security_group: - name: "dev-ec2-sg" - ssh_cidr: "0.0.0.0/0" - additional_ingress: - - port: 80 - protocol: tcp - cidr: "0.0.0.0/0" - - port: 443 - protocol: tcp - cidr: "0.0.0.0/0" - - port: 1443 - protocol: tcp - cidr: "0.0.0.0/0" diff --git a/config/xzerolab/sit/aws-cloud/resources/msk.yaml b/config/xzerolab/sit/aws-cloud/resources/msk.yaml deleted file mode 100644 index 83f7b29d..00000000 --- a/config/xzerolab/sit/aws-cloud/resources/msk.yaml +++ /dev/null @@ -1,16 +0,0 @@ -name_prefix: "dev-kafka" - -kafka_version: "3.6.0" - -brokers: - instance_type: "kafka.t3.small" - number_of_broker_nodes: 2 - -ebs: - volume_size: 50 - -vpc_id: "vpc-0d0d8d822fa215104" - -subnet_ids: - - "subnet-0c370f7ff7311388e" - - "subnet-0b609b5773fe957fa" diff --git a/config/xzerolab/sit/aws-cloud/resources/nlb.yaml b/config/xzerolab/sit/aws-cloud/resources/nlb.yaml deleted file mode 100644 index 8c4732da..00000000 --- a/config/xzerolab/sit/aws-cloud/resources/nlb.yaml +++ /dev/null @@ -1,13 +0,0 @@ -name_prefix: "dev-nlb" - -vpc_id: "vpc-0d0d8d822fa215104" - -subnet_ids: - - "subnet-0c370f7ff7311388e" - - "subnet-0b609b5773fe957fa" - -listeners: - - port: 80 - protocol: "TCP" - target_group_port: 80 - target_group_protocol: "TCP" diff --git a/config/xzerolab/sit/aws-cloud/resources/rds.yaml b/config/xzerolab/sit/aws-cloud/resources/rds.yaml deleted file mode 100644 index c2c6dc67..00000000 --- a/config/xzerolab/sit/aws-cloud/resources/rds.yaml +++ /dev/null @@ -1,33 +0,0 @@ -name_prefix: "dev-rds" - -engine: "postgres" -engine_version: "16.1" -instance_class: "db.t3.micro" - -username: "admin" -password: "StrongPassword123" - -allocated_storage: 20 -max_allocated_storage: 100 - -multi_az: false - -publicly_accessible: false - -subnet_ids: - - "subnet-0996ad2f8e8f96445" - - "subnet-0eaa450d1bb6f65be" - -vpc_security_group_ids: - - "sg-0ebfd69a09f87af4d" - -parameters: - - name: "log_min_duration_statement" - value: "1000" - - name: "log_statement" - value: "ddl" - -tags: - Environment: "dev" - Owner: "Platform" - diff --git a/config/xzerolab/sit/aws-cloud/resources/redis.yaml b/config/xzerolab/sit/aws-cloud/resources/redis.yaml deleted file mode 100644 index 68c5fbbb..00000000 --- a/config/xzerolab/sit/aws-cloud/resources/redis.yaml +++ /dev/null @@ -1,13 +0,0 @@ -name_prefix: "dev-redis" - -engine_version: "7.0" -node_type: "cache.t3.micro" -num_cache_nodes: 1 - -subnet_ids: - - "subnet-xxxxxx" - - "subnet-yyyyyy" - -security_group_ids: - - "sg-xxxxxx" - diff --git a/config/xzerolab/sit/aws-cloud/resources/s3.yaml b/config/xzerolab/sit/aws-cloud/resources/s3.yaml deleted file mode 100644 index 0fde099d..00000000 --- a/config/xzerolab/sit/aws-cloud/resources/s3.yaml +++ /dev/null @@ -1,10 +0,0 @@ -bucket_name: "svc-plus-dev-objects" - -# 是否开启版本管理(默认建议开启) -enable_versioning: true - -# 是否启用加密,之后如果你想加 KMS 可以扩展 -enable_encryption: false - -# Public Access Block(通常建议保持 true) -block_public_access: true diff --git a/config/xzerolab/sit/aws-cloud/resources/vpc.yaml b/config/xzerolab/sit/aws-cloud/resources/vpc.yaml deleted file mode 100644 index 458ec56d..00000000 --- a/config/xzerolab/sit/aws-cloud/resources/vpc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -name_prefix: "dev-vpc" - -vpc_cidr: "10.0.0.0/16" - -public_subnets: - - cidr: "10.0.1.0/24" - az: "ap-northeast-1a" - name: "dev-public-1" - - cidr: "10.0.2.0/24" - az: "ap-northeast-1c" - name: "dev-public-2" - -private_subnets: - - cidr: "10.0.11.0/24" - az: "ap-northeast-1a" - name: "dev-private-1" - - cidr: "10.0.12.0/24" - az: "ap-northeast-1c" - name: "dev-private-2" diff --git a/config/xzerolab/sit/gcp-cloud/accounts/bootstrap.yaml b/config/xzerolab/sit/gcp-cloud/accounts/bootstrap.yaml deleted file mode 100644 index cce7cda0..00000000 --- a/config/xzerolab/sit/gcp-cloud/accounts/bootstrap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -project_id: xzerolab-480008 -environment: bootstrap - -state: - bucket_name: gcp-cloud-iac-state - bucket_location: US - firestore_location: us-central1 - -iam: - deployer_identity: github-ci-runner # 对应 AWS 的 IAM User:github-ci-runner - deploy_role_name: IacDeployRole # 对应 AWS 的 IAM Role:TerraformDeployRole - - deploy_role_bindings: - - roles/resourcemanager.projectIamAdmin - - roles/storage.admin - - roles/compute.admin - -tags: - Owner: Platform - Project: CloudNeutral diff --git a/config/xzerolab/sit/gcp-cloud/accounts/dev-landingzone.yaml b/config/xzerolab/sit/gcp-cloud/accounts/dev-landingzone.yaml deleted file mode 100644 index c0f17db5..00000000 --- a/config/xzerolab/sit/gcp-cloud/accounts/dev-landingzone.yaml +++ /dev/null @@ -1,13 +0,0 @@ -project_id: "modern-app-dev" -region: "us-central1" - -landingzone: - enable_default_network_cleanup: true - enable_oslogin_enforce: true - enable_audit_logging: true - enabled_services: - - compute.googleapis.com - - iam.googleapis.com - - cloudresourcemanager.googleapis.com - - logging.googleapis.com - - servicemanagement.googleapis.com diff --git a/config/xzerolab/sit/gcp-cloud/accounts/dev.yaml b/config/xzerolab/sit/gcp-cloud/accounts/dev.yaml deleted file mode 100644 index e7566e68..00000000 --- a/config/xzerolab/sit/gcp-cloud/accounts/dev.yaml +++ /dev/null @@ -1,18 +0,0 @@ -project_id: "xzerolab-480008" -project_number: "123456789012" -name: dev -environment: dev - -region: "us-central1" -impersonate_service_account: "terraform-deployer@modern-app-dev.iam.gserviceaccount.com" -logging_bucket: "org-dev-logs" -shared_vpc_project: "modern-shared-vpc-dev" - -labels: - environment: dev - owner: Platform - costcenter: "DEV" - Project: CloudNeutral - -backend: - bucket: gcp-cloud-iac-state diff --git a/config/xzerolab/sit/gcp-cloud/resources/dev-alb/alb.yaml b/config/xzerolab/sit/gcp-cloud/resources/dev-alb/alb.yaml deleted file mode 100644 index 2041e7e9..00000000 --- a/config/xzerolab/sit/gcp-cloud/resources/dev-alb/alb.yaml +++ /dev/null @@ -1,7 +0,0 @@ -project_id: "modern-app-dev" -name: "dev-alb" -bucket_name: "dev-alb-static-site" - -backend: - cache_enabled: true - bucket_location: "US" diff --git a/config/xzerolab/sit/gcp-cloud/resources/dev-kafka/msk.yaml b/config/xzerolab/sit/gcp-cloud/resources/dev-kafka/msk.yaml deleted file mode 100644 index 800b10e0..00000000 --- a/config/xzerolab/sit/gcp-cloud/resources/dev-kafka/msk.yaml +++ /dev/null @@ -1,6 +0,0 @@ -project_id: "modern-app-dev" -topic: "dev-orders" -subscription: "dev-orders-sub" - -message_retention_days: 7 -push_endpoint: "https://example.dev.internal/events" diff --git a/config/xzerolab/sit/gcp-cloud/resources/dev-nlb/nlb.yaml b/config/xzerolab/sit/gcp-cloud/resources/dev-nlb/nlb.yaml deleted file mode 100644 index 3b41a609..00000000 --- a/config/xzerolab/sit/gcp-cloud/resources/dev-nlb/nlb.yaml +++ /dev/null @@ -1,7 +0,0 @@ -project_id: "modern-app-dev" -name: "dev-nlb" -network: "projects/modern-app-dev/global/networks/dev-vpc" -subnet: "projects/modern-app-dev/regions/us-central1/subnetworks/dev-public-1" - -port: 443 -zone: "us-central1-a" diff --git a/config/xzerolab/sit/gcp-cloud/resources/dev-object/bucket.yaml b/config/xzerolab/sit/gcp-cloud/resources/dev-object/bucket.yaml deleted file mode 100644 index 305fd9d1..00000000 --- a/config/xzerolab/sit/gcp-cloud/resources/dev-object/bucket.yaml +++ /dev/null @@ -1,7 +0,0 @@ -project_id: "modern-app-dev" -name: "dev-app-artifacts" -location: "US" -storage_class: "STANDARD" - -versioning: true -retention_days: 30 diff --git a/config/xzerolab/sit/gcp-cloud/resources/dev-rds/rds.yaml b/config/xzerolab/sit/gcp-cloud/resources/dev-rds/rds.yaml deleted file mode 100644 index 16b0332d..00000000 --- a/config/xzerolab/sit/gcp-cloud/resources/dev-rds/rds.yaml +++ /dev/null @@ -1,9 +0,0 @@ -project_id: "modern-app-dev" -name: "dev-orders-db" -database_version: "POSTGRES_15" -tier: "db-g1-small" -region: "us-central1" - -backup_configuration: - enabled: true - point_in_time_recovery: true diff --git a/config/xzerolab/sit/gcp-cloud/resources/dev-redis/redis.yaml b/config/xzerolab/sit/gcp-cloud/resources/dev-redis/redis.yaml deleted file mode 100644 index ce83b18e..00000000 --- a/config/xzerolab/sit/gcp-cloud/resources/dev-redis/redis.yaml +++ /dev/null @@ -1,9 +0,0 @@ -project_id: "modern-app-dev" -name: "dev-cache" -region: "us-central1" -tier: "STANDARD_HA" -memory_size_gb: 2 - -persistence_config: - mode: "RDB" - rdb_snapshot_period: "SIX_HOURS" diff --git a/config/xzerolab/sit/gcp-cloud/resources/ec2/dev.yaml b/config/xzerolab/sit/gcp-cloud/resources/ec2/dev.yaml deleted file mode 100644 index 9cfb74d9..00000000 --- a/config/xzerolab/sit/gcp-cloud/resources/ec2/dev.yaml +++ /dev/null @@ -1,35 +0,0 @@ -project_id: "modern-app-dev" -name_prefix: "dev-compute" -zone: "us-central1-a" -machine_type: "e2-medium" -image: "ubuntu-2204-lts" - -network_self_link: "projects/modern-app-dev/global/networks/dev-vpc" -subnet_self_link: "projects/modern-app-dev/regions/us-central1/subnetworks/dev-private-1" - -metadata: - ssh_keys: - - "devops:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCquf7APpVdazv1xC5loENKQyWrOOI+yeP13jsMoPTFr/7A1za2cdHVv75D4f0ZePuvxi+3S4Nf5eCn5xsnzuvnvV3rxJ7bC3SbgsVA4STpdkElWJxz/TcgE7kMWSyGfNa5+07Ljjq2+g7fqFfEGP7x3+NFuTIvdy7OOhHPK29m8OIgHtO+X7NWDzSIe4lmxOfo9hQLU5qkWWmY+FXuDLO06mu5a1ruSlG4/lKQ77lr6E5k6I7dpFIlzPzCYcLOQDZ80GLk6e2ukgIFzOxplnnmnIBm9saKzNhxZ9V0sbOYu4lWuxpkzrQJBSyiR7+A8mE4xboz85vPX5dHRXc5bBLF6oVT/GH1+8eMqNygwdqbSKBzR5V1Z1LvJfHpJQmmH8T0U/ax7Rz1tfJbdSWJ9sFvVOuNKs1oo0WM6E/j1MMmwzZg1JYwl6GDaFpyUp92wjSyFcJTNfn1Fx5t8o0HpcQNVdLMeOHlqlPRkYfED1x4hlEZJu0fD/8IvcaUsdluyMFSxhE= devops@example.com" - -boot_disk_gb: 30 -tags: - - dev-ssh - - dev-web - -firewall_rules: - - name: "dev-ssh" - direction: ingress - ranges: - - "0.0.0.0/0" - protocols: - tcp: [22] - target_tags: - - dev-ssh - - name: "dev-web" - direction: ingress - ranges: - - "0.0.0.0/0" - protocols: - tcp: [80, 443] - target_tags: - - dev-web diff --git a/config/xzerolab/sit/gcp-cloud/resources/vpc/dev.yaml b/config/xzerolab/sit/gcp-cloud/resources/vpc/dev.yaml deleted file mode 100644 index 3516f5b0..00000000 --- a/config/xzerolab/sit/gcp-cloud/resources/vpc/dev.yaml +++ /dev/null @@ -1,14 +0,0 @@ -project_id: "modern-app-dev" -network_name: "dev-vpc" - -subnets: - - name: "dev-public-1" - ip_cidr_range: "10.0.1.0/24" - region: "us-central1" - - name: "dev-private-1" - ip_cidr_range: "10.0.11.0/24" - region: "us-central1" - -firewall_tags: - ssh: "dev-ssh" - web: "dev-web" diff --git a/config/xzerolab/sit/vultr-vps/accounts/.gitkeep b/config/xzerolab/sit/vultr-vps/accounts/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/config/xzerolab/sit/vultr-vps/resources/.gitkeep b/config/xzerolab/sit/vultr-vps/resources/.gitkeep deleted file mode 100644 index e69de29b..00000000