build: first successfull plan, apply, destroy of server

Makefile

@@ -8,14 +8,14 @@ OWNER ?= coulomb
 REPO  ?= railiance-hosts
 
 # New-host defaults (can be overridden: make new-host NAME=... TYPE=...)
-TYPE  ?= cpx21
+TYPE  ?= cpx11
 REGION ?= nbg1
-ROLE  ?= generic
+ROLE  ?= core
 IMG   ?= ubuntu-24.04
 USER  ?= admin
 
 # Decrypt Hetzner token at runtime (requires SOPS_AGE_KEY or keys.txt locally)
-HCLOUD_TOKEN := $(shell sops -d --extract '["hetzner"]["token"]' secrets/hetzner-token.sops.yaml 2>/dev/null)
+HCLOUD_TOKEN := $(shell sops -d --extract '["hetzner"]["token"]' secrets/hetzner-token.yaml 2>/dev/null)
 
 # ---- Help ----
 help: ## Show this help
@@ -77,19 +77,20 @@ tf-fmt: ## Terraform fmt
 
 tf-init: ## Terraform init
 	@[ -n "$(HCLOUD_TOKEN)" ] || (echo "HCLOUD_TOKEN empty; export SOPS_AGE_KEY or set keys.txt & fill secrets.sops.yaml" && exit 1)
-	@export HCLOUD_TOKEN=$(HCLOUD_TOKEN); @terraform -chdir=terraform/hetzner init
+	@export HCLOUD_TOKEN=$(HCLOUD_TOKEN); terraform -chdir=terraform/hetzner init
 
 tf-plan: tf-init ## Terraform plan (requires decrypted HCLOUD_TOKEN)
+	@echo "🔍 Running terraform plan..."
 	@[ -n "$(HCLOUD_TOKEN)" ] || (echo "HCLOUD_TOKEN empty; export SOPS_AGE_KEY or set keys.txt & fill secrets.sops.yaml" && exit 1)
-	@export HCLOUD_TOKEN=$(HCLOUD_TOKEN); terraform -chdir=terraform/hetzner plan
+	@export HCLOUD_TOKEN=$(HCLOUD_TOKEN); terraform -chdir=terraform/hetzner plan -var="hcloud_token=$(HCLOUD_TOKEN)"
 
 tf-apply: tf-init ## Terraform apply (provision)
 	@[ -n "$(HCLOUD_TOKEN)" ] || (echo "HCLOUD_TOKEN empty; export SOPS_AGE_KEY or set keys.txt & fill secrets.sops.yaml" && exit 1)
-	@export HCLOUD_TOKEN=$(HCLOUD_TOKEN); terraform -chdir=terraform/hetzner apply -auto-approve
+	@export HCLOUD_TOKEN=$(HCLOUD_TOKEN); terraform -chdir=terraform/hetzner apply -auto-approve -var="hcloud_token=$(HCLOUD_TOKEN)"
 
 tf-destroy: tf-init ## Terraform destroy (tear down)
 	@[ -n "$(HCLOUD_TOKEN)" ] || (echo "HCLOUD_TOKEN empty; export SOPS_AGE_KEY or set keys.txt & fill secrets.sops.yaml" && exit 1)
-	@export HCLOUD_TOKEN=$(HCLOUD_TOKEN); terraform -chdir=terraform/hetzner destroy -auto-approve
+	@export HCLOUD_TOKEN=$(HCLOUD_TOKEN); terraform -chdir=terraform/hetzner destroy -auto-approve -var="hcloud_token=$(HCLOUD_TOKEN)"
 
 # ---- Ansible ----
 ansible-bootstrap: ## Run base bootstrap play (users, ssh, ufw, sops-agent)
@@ -117,7 +118,7 @@ doctor: ## Check tools and basic repo setup
 	'
 
 # ---- Inventory convenience ----
-new-host: ## Add a new host quickly: make new-host NAME=web-01 TYPE=cpx21 REGION=nbg1 ROLE=web
+new-host: ## Add a new host quickly: make new-host NAME=core1 TYPE=cpx11 REGION=nbg1 ROLE=core
 	@[ -n "$(NAME)" ] || (echo "Usage: make new-host NAME=... [TYPE=...] [REGION=...] [ROLE=...] [IMG=...] [USER=...]" && exit 1)
 	@python3 scripts/new_host.py --name "$(NAME)" --type "$(TYPE)" --region "$(REGION)" --role "$(ROLE)" --image "$(IMG)" --user "$(USER)"
 	@echo "✔ Added host $(NAME) to inventory/servers.yaml"

inventory/servers.yaml

@@ -1,9 +0,0 @@
-# Minimal server registry: add your desired hosts here.
-servers:
-  - name: core-01
-    labels: [core, wireguard, git]
-    role: "core"
-    region: "nbg1"
-    type: "cpx21"
-    image: "ubuntu-24.04"
-    ssh_user: "admin"

scripts/new_host.py

@@ -9,9 +9,9 @@ except Exception as e:
 def main():
     p = argparse.ArgumentParser(description="Add a host to inventory/servers.yaml")
     p.add_argument("--name", required=True)
-    p.add_argument("--type", default="cpx21")
+    p.add_argument("--type", default="cpx11")
     p.add_argument("--region", default="nbg1")
-    p.add_argument("--role", default="generic")
+    p.add_argument("--role", default="test")
     p.add_argument("--image", default="ubuntu-24.04")
     p.add_argument("--user", default="admin")
     args = p.parse_args()