feat(terraform): expand caliban port forwards and document port ranges

- Add proxy devices on caliban for SSH (25512), Postgres (25515), and three web ports (25516-25518) alongside existing RDP forward - Remove HTTP/HTTPS proxy devices from prospero (now handled via HAProxy on titania) - Document Incus port forwarding ranges (25510-25599) per host in ouranos.md and fix a typo
2026-06-07 06:40:42 -04:00
parent f2fb01ddd2
commit 9bfa9a3617
2 changed files with 67 additions and 31 deletions
--- a/terraform/containers.tf
+++ b/terraform/containers.tf
@@ -158,43 +158,68 @@ EOT
        "security.nesting" = true
        "raw.lxc"          = "lxc.apparmor.profile=unconfined"
      }
-      devices = [{
-        name = "caliban"
-        type = "proxy"
-        properties = {
-          listen  = "tcp:0.0.0.0:25519"
-          connect = "tcp:127.0.0.1:3389"
+      devices = [
+        {
+          name = "caliban_rdp"
+          type = "proxy"
+          properties = {
+            listen  = "tcp:0.0.0.0:25519"
+            connect = "tcp:127.0.0.1:3389"
+          }
+        },
+        {
+          name = "caliban_web3"
+          type = "proxy"
+          properties = {
+            listen  = "tcp:0.0.0.0:25518"
+            connect = "tcp:127.0.0.1:8008"
+          }
+        },
+        {
+          name = "caliban_web2"
+          type = "proxy"
+          properties = {
+            listen  = "tcp:0.0.0.0:25517"
+            connect = "tcp:127.0.0.1:8007"
+          }
+        },
+        {
+          name = "caliban_web1"
+          type = "proxy"
+          properties = {
+            listen  = "tcp:0.0.0.0:25516"
+            connect = "tcp:127.0.0.1:8006"
+          }
+        },
+        {
+          name = "caliban_postgres"
+          type = "proxy"
+          properties = {
+            listen  = "tcp:0.0.0.0:25515"
+            connect = "tcp:127.0.0.1:5432"
+          }
+        },
+        {
+          name = "caliban_ssh"
+          type = "proxy"
+          properties = {
+            listen  = "tcp:0.0.0.0:25512"
+            connect = "tcp:127.0.0.1:22"
+          }
+        },
+        {
+          name = "gpu"
+          type = "gpu"
+          properties = {}
        }
-      },
-      {
-        name = "gpu"
-        type = "gpu"
-        properties = {}
-      }]
+      ]
    }
    prospero = {
      description = "Master magician observing events - PPLG observability stack with internal HAProxy"
      role        = "observability"
      image       = "noble"
      config      = {}
-      devices = [
-        {
-          name = "https_internal"
-          type = "proxy"
-          properties = {
-            listen  = "tcp:0.0.0.0:25510"
-            connect = "tcp:127.0.0.1:443"
-          }
-        },
-        {
-          name = "http_redirect"
-          type = "proxy"
-          properties = {
-            listen  = "tcp:0.0.0.0:25511"
-            connect = "tcp:127.0.0.1:80"
-          }
-        }
-      ]
+      devices     = []
    }
    titania = {
      description = "Proxy & SSO Services - Queen of the fairies managing access and authentication"