Initial terraform module structure (VPC, EKS, RDS)

.gitignore

@@ -0,0 +1,8 @@
+**/.terraform/
+*.tfstate
+*.tfstate.backup
+.terraform.lock.hcl
+*.tfvars
+!*.tfvars.example
+*.log
+.DS_Store

README.md

@@ -0,0 +1,33 @@
+# nexus/platform-infra
+
+Terraform and Helm configurations for the Nexus platform infrastructure.
+
+## Documentation
+
+See the [wiki](../../wiki) for architecture diagrams, runbooks, and ADRs.
+
+## Structure
+
+```
+terraform/
+  modules/   — reusable Terraform modules
+  envs/      — per-environment root modules
+helm/
+  nexus-app/          — application Helm chart
+  nexus-monitoring/   — Prometheus/Grafana stack
+scripts/
+  plan.sh    — terraform plan wrapper
+  apply.sh   — terraform apply wrapper
+```
+
+## Prerequisites
+
+- Terraform >= 1.5
+- Helm >= 3.12
+- AWS CLI v2, configured for eu-central-1
+- kubectl, kubeconfig for target cluster
+
+## Conventions
+
+- All resources tagged: `Project=nexus`, `ManagedBy=terraform`, `Environment=<env>`
+- State stored in S3 (`nexus-tfstate`) with DynamoDB locking

terraform/modules/eks/main.tf

@@ -0,0 +1,16 @@
+variable "cluster_name"    {}
+variable "cluster_version" { default = "1.30" }
+variable "subnet_ids"      { type = list(string) }
+variable "node_type"       { default = "m6i.xlarge" }
+variable "min_nodes"       { default = 2 }
+variable "max_nodes"       { default = 8 }
+
+resource "aws_eks_cluster" "main" {
+  name     = var.cluster_name
+  version  = var.cluster_version
+  role_arn = aws_iam_role.cluster.arn
+
+  vpc_config {
+    subnet_ids = var.subnet_ids
+  }
+}

terraform/modules/rds/main.tf

@@ -0,0 +1,28 @@
+variable "identifier"    {}
+variable "engine"        { default = "postgres" }
+variable "engine_version" { default = "16.1" }
+variable "instance_class" { default = "db.t4g.medium" }
+variable "db_name"       {}
+variable "username"      {}
+variable "subnet_ids"    { type = list(string) }
+variable "multi_az"      { default = true }
+
+resource "aws_db_instance" "main" {
+  identifier           = var.identifier
+  engine               = var.engine
+  engine_version       = var.engine_version
+  instance_class       = var.instance_class
+  db_name              = var.db_name
+  username             = var.username
+  multi_az             = var.multi_az
+  skip_final_snapshot  = false
+  deletion_protection  = true
+  storage_encrypted    = true
+
+  db_subnet_group_name = aws_db_subnet_group.main.name
+}
+
+resource "aws_db_subnet_group" "main" {
+  name       = "${var.identifier}-subnet-group"
+  subnet_ids = var.subnet_ids
+}

terraform/modules/vpc/main.tf

@@ -0,0 +1,18 @@
+variable "cidr"        { default = "10.0.0.0/16" }
+variable "environment" {}
+variable "az_count"    { default = 3 }
+
+locals {
+  azs             = slice(data.aws_availability_zones.available.names, 0, var.az_count)
+  public_subnets  = [for i, az in local.azs : cidrsubnet(var.cidr, 8, i)]
+  private_subnets = [for i, az in local.azs : cidrsubnet(var.cidr, 8, i + 10)]
+}
+
+data "aws_availability_zones" "available" { state = "available" }
+
+resource "aws_vpc" "main" {
+  cidr_block           = var.cidr
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+  tags = { Name = "nexus-${var.environment}", Environment = var.environment }
+}