opencode-remote/Pulumi.{stack}.yaml.example at main · itsfoxstudio/opencode-remote · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# Example stack configuration for opencode-remote.
# Copy this to Pulumi.dev.yaml and fill in your values.
#
# To set secrets:
#   pulumi config set --secret opencode-remote:opencodePassword "your-password"
#   pulumi config set --secret opencode-remote:tailscaleAuthKey "tskey-auth-..."
#   pulumi config set --secret opencode-remote:githubToken "ghp_..."

config:
  # --- Required ---
  opencode-remote:provider: hetzner              # hetzner | aws
  opencode-remote:opencodePassword:
    secure: v1:REPLACE_ME                        # Set via: pulumi config set --secret

  # --- Tailscale (pick one method) ---
  opencode-remote:tailscaleAuthMethod: authkey    # authkey | oauth
  opencode-remote:tailscaleAuthKey:
    secure: v1:REPLACE_ME                        # Set via: pulumi config set --secret

  # For OAuth method instead:
  # opencode-remote:tailscaleAuthMethod: oauth
  # opencode-remote:tailscaleOAuthClientId: "your-client-id"
  # opencode-remote:tailscaleOAuthClientSecret:
  #   secure: v1:REPLACE_ME

  # --- Optional VM config ---
  # opencode-remote:region: nbg1                 # Hetzner: nbg1, fsn1, hel1 | AWS: us-east-1, etc.
  # opencode-remote:size: cx23                   # Hetzner: cx23, cx33 | AWS: t3.micro, t3.small
  # opencode-remote:tailscaleHostname: my-opencode
  # opencode-remote:tailscaleTags: "tag:server,tag:opencode"
  # opencode-remote:sshPublicKey: "ssh-ed25519 AAAA..."
  # opencode-remote:sshKeyName: my-aws-key       # AWS only: existing key pair name
  # opencode-remote:skipAptUpgrade: true         # faster boot, skip apt upgrade
  # opencode-remote:tailscaleSshOnly: true       # disable public SSH port 22
  # opencode-remote:healthCheckWaiter: true      # poll /global/health after deploy

  # --- V1 single-server mode (omit `projects` to use this) ---
  # opencode-remote:opencodePort: 4096
  # Raw JSON string — merged on top of opencodeConfig when both are set:
  # opencode-remote:opencodeConfigJson: '{"provider":{"anthropic":{"model":"claude-sonnet-4-20250514"}}}'
  # Typed object config (preferred over raw JSON):
  # opencode-remote:opencodeConfig: |
  #   { "provider": { "anthropic": { "model": "claude-sonnet-4-20250514" } } }

  # --- Multi-project mode ---
  # opencode-remote:projects:
  #   - name: api
  #     repo: https://github.com/myorg/api.git
  #     port: 4096
  #     branch: main
  #   - name: frontend
  #     repo: https://github.com/myorg/frontend.git
  #     port: 4097
  #   - name: scripts
  #     path: /opt/shared/scripts
  #     port: 4098

  # --- Git authentication (required if any project uses `repo`) ---
  # opencode-remote:gitAuth: github-token        # github-token | none
  # opencode-remote:githubToken:
  #   secure: v1:REPLACE_ME                      # Set via: pulumi config set --secret
  # opencode-remote:gitUserName: "Alice Smith"
  # opencode-remote:gitUserEmail: "alice@example.com"

  # --- LLM provider API keys ---
  # Comma-separated list of Pulumi secret config keys to inject as env vars.
  # Each name must also be set as a secret: pulumi config set --secret ANTHROPIC_API_KEY "sk-ant-..."
  # opencode-remote:llmApiKeyNames: "ANTHROPIC_API_KEY,OPENAI_API_KEY"
  # opencode-remote:ANTHROPIC_API_KEY:
  #   secure: v1:REPLACE_ME
  # opencode-remote:OPENAI_API_KEY:
  #   secure: v1:REPLACE_ME

  # --- MCP servers ---
  # opencode-remote:mcpServers: |
  #   {
  #     "filesystem": { "command": "npx", "args": ["-y", "@modelcontextprotocol/server-filesystem", "/home/opencode"] },
  #     "github":     { "command": "npx", "args": ["-y", "@modelcontextprotocol/server-github"],
  #                     "env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "$GITHUB_TOKEN" } }
  #   }

  # --- Custom systemd overrides ---
  # opencode-remote:extraSystemdOptions: '["MemoryLimit=2G", "CPUQuota=80%"]'

  # --- Stack tags (applied to all cloud resources) ---
  # opencode-remote:stackTags: '{"team": "platform", "env": "dev", "cost-center": "eng"}'

  # --- Persistent storage ---
  # Attach a dedicated block volume at /home/opencode so data survives VM replacement.
  # Hetzner: hcloud.Volume (min 10 GB) | AWS: EBS gp3 (min 1 GB)
  # opencode-remote:persistentStorage: true   # default: false
  # opencode-remote:storageSize: 30           # GB, default: 30
  # opencode-remote:storageRetainOnDestroy: true  # default: true — volume survives `pulumi destroy`

  # --- Provider-specific config (set by Pulumi provider) ---
  # hcloud:token:
  #   secure: v1:REPLACE_ME                      # Set via: pulumi config set --secret hcloud:token
  # aws:region: us-east-1