feat: 集成 OpenTofu + Ansible + Gitea CI/CD

- 重构项目目录结构
- 添加 OpenTofu 多云支持
- 配置 Ansible 自动化部署
- 集成 Gitea Actions CI/CD 流水线
- 添加 Docker Swarm 管理
- 完善监控和安全配置

infrastructure/environments/dev/main.tf

@@ -0,0 +1,49 @@
+# 开发环境主配置文件
+
+# 引用共享配置
+module "shared" {
+  source = "../../shared"
+}
+
+# Oracle Cloud 基础设施
+module "oracle_cloud" {
+  source = "../../providers/oracle-cloud"
+  
+  # 传递变量
+  environment    = var.environment
+  project_name   = var.project_name
+  owner          = var.owner
+  vpc_cidr       = var.vpc_cidr
+  availability_zones = var.availability_zones
+  common_tags    = var.common_tags
+  oci_config     = var.oci_config
+  
+  # 开发环境特定配置
+  instance_count = 1
+  instance_size  = "VM.Standard.E2.1.Micro"  # 免费层
+}
+
+# 华为云基础设施 (可选)
+module "huawei_cloud" {
+  source = "../../providers/huawei-cloud"
+  count  = contains(var.cloud_providers, "huawei") ? 1 : 0
+  
+  environment    = var.environment
+  project_name   = var.project_name
+  owner          = var.owner
+  vpc_cidr       = "10.1.0.0/16"  # 不同的 CIDR 避免冲突
+  availability_zones = var.availability_zones
+  common_tags    = var.common_tags
+  huawei_config  = var.huawei_config
+}
+
+# 输出
+output "oracle_cloud_outputs" {
+  description = "Oracle Cloud 基础设施输出"
+  value       = module.oracle_cloud
+}
+
+output "huawei_cloud_outputs" {
+  description = "华为云基础设施输出"
+  value       = length(module.huawei_cloud) > 0 ? module.huawei_cloud[0] : null
+}

infrastructure/environments/dev/terraform.tfvars.example

@@ -0,0 +1,61 @@
+# 开发环境配置示例
+# 复制此文件为 terraform.tfvars 并填入实际值
+
+# 基本配置
+environment = "dev"
+project_name = "mgmt"
+owner = "ben"
+
+# 要启用的云服务商
+cloud_providers = ["oracle", "huawei"]
+
+# 网络配置
+vpc_cidr = "10.0.0.0/16"
+availability_zones = ["a", "b"]
+
+# 通用标签
+common_tags = {
+  Environment = "dev"
+  Project     = "mgmt"
+  Owner       = "ben"
+  ManagedBy   = "opentofu"
+}
+
+# Oracle Cloud 配置
+oci_config = {
+  tenancy_ocid     = "ocid1.tenancy.oc1..your-tenancy-id"
+  user_ocid        = "ocid1.user.oc1..your-user-id"
+  fingerprint      = "your-key-fingerprint"
+  private_key_path = "~/.oci/oci_api_key.pem"
+  region           = "ap-seoul-1"
+  compartment_ocid = "ocid1.compartment.oc1..your-compartment-id"
+}
+
+# 华为云配置
+huawei_config = {
+  access_key = "your-access-key"
+  secret_key = "your-secret-key"
+  region     = "cn-north-4"
+  project_id = "your-project-id"
+}
+
+# Google Cloud 配置 (可选)
+gcp_config = {
+  project_id = "your-project-id"
+  region     = "asia-northeast3"
+  zone       = "asia-northeast3-a"
+  credentials_file = "~/.gcp/service-account.json"
+}
+
+# AWS 配置 (可选)
+aws_config = {
+  region     = "ap-northeast-2"
+  access_key = "your-access-key"
+  secret_key = "your-secret-key"
+}
+
+# DigitalOcean 配置 (可选)
+do_config = {
+  token  = "your-do-token"
+  region = "sgp1"
+}

infrastructure/environments/dev/variables.tf

@@ -0,0 +1,133 @@
+# 开发环境变量定义
+
+variable "environment" {
+  description = "环境名称"
+  type        = string
+  default     = "dev"
+}
+
+variable "project_name" {
+  description = "项目名称"
+  type        = string
+  default     = "mgmt"
+}
+
+variable "owner" {
+  description = "项目所有者"
+  type        = string
+  default     = "ben"
+}
+
+variable "cloud_providers" {
+  description = "要启用的云服务商列表"
+  type        = list(string)
+  default     = ["oracle"]
+}
+
+variable "vpc_cidr" {
+  description = "VPC CIDR 块"
+  type        = string
+  default     = "10.0.0.0/16"
+}
+
+variable "availability_zones" {
+  description = "可用区列表"
+  type        = list(string)
+  default     = ["a", "b"]
+}
+
+variable "common_tags" {
+  description = "通用标签"
+  type        = map(string)
+  default = {
+    Environment = "dev"
+    Project     = "mgmt"
+    ManagedBy   = "opentofu"
+  }
+}
+
+# Oracle Cloud 配置
+variable "oci_config" {
+  description = "Oracle Cloud 配置"
+  type = object({
+    tenancy_ocid     = string
+    user_ocid        = string
+    fingerprint      = string
+    private_key_path = string
+    region           = string
+    compartment_ocid = optional(string)
+  })
+  default = {
+    tenancy_ocid     = ""
+    user_ocid        = ""
+    fingerprint      = ""
+    private_key_path = ""
+    region           = "ap-seoul-1"
+    compartment_ocid = ""
+  }
+}
+
+# 华为云配置
+variable "huawei_config" {
+  description = "华为云配置"
+  type = object({
+    access_key = string
+    secret_key = string
+    region     = string
+    project_id = optional(string)
+  })
+  default = {
+    access_key = ""
+    secret_key = ""
+    region     = "cn-north-4"
+    project_id = ""
+  }
+  sensitive = true
+}
+
+# Google Cloud 配置
+variable "gcp_config" {
+  description = "Google Cloud 配置"
+  type = object({
+    project_id       = string
+    region           = string
+    zone             = string
+    credentials_file = string
+  })
+  default = {
+    project_id       = ""
+    region           = "asia-northeast3"
+    zone             = "asia-northeast3-a"
+    credentials_file = ""
+  }
+}
+
+# AWS 配置
+variable "aws_config" {
+  description = "AWS 配置"
+  type = object({
+    region     = string
+    access_key = string
+    secret_key = string
+  })
+  default = {
+    region     = "ap-northeast-2"
+    access_key = ""
+    secret_key = ""
+  }
+  sensitive = true
+}
+
+# DigitalOcean 配置
+variable "do_config" {
+  description = "DigitalOcean 配置"
+  type = object({
+    token  = string
+    region = string
+  })
+  default = {
+    token  = ""
+    region = "sgp1"
+  }
+  sensitive = true
+}

infrastructure/providers/huawei-cloud/main.tf

@@ -0,0 +1,144 @@
+# 华为云提供商配置
+
+terraform {
+  required_providers {
+    huaweicloud = {
+      source  = "huaweicloud/huaweicloud"
+      version = "~> 1.60"
+    }
+  }
+}
+
+# 华为云提供商配置
+provider "huaweicloud" {
+  access_key = var.huawei_config.access_key
+  secret_key = var.huawei_config.secret_key
+  region     = var.huawei_config.region
+}
+
+# 获取可用区
+data "huaweicloud_availability_zones" "zones" {}
+
+# 获取镜像
+data "huaweicloud_images_image" "ubuntu" {
+  name        = "Ubuntu 22.04 server 64bit"
+  most_recent = true
+}
+
+# VPC
+resource "huaweicloud_vpc" "main" {
+  name = "${var.project_name}-${var.environment}-vpc"
+  cidr = var.vpc_cidr
+
+  tags = merge(var.common_tags, {
+    Name = "${var.project_name}-${var.environment}-vpc"
+  })
+}
+
+# 子网
+resource "huaweicloud_vpc_subnet" "public" {
+  count      = length(var.availability_zones)
+  name       = "${var.project_name}-${var.environment}-public-${var.availability_zones[count.index]}"
+  cidr       = cidrsubnet(var.vpc_cidr, 8, count.index)
+  gateway_ip = cidrhost(cidrsubnet(var.vpc_cidr, 8, count.index), 1)
+  vpc_id     = huaweicloud_vpc.main.id
+
+  tags = merge(var.common_tags, {
+    Name = "${var.project_name}-${var.environment}-public-${var.availability_zones[count.index]}"
+    Type = "public"
+  })
+}
+
+# 安全组
+resource "huaweicloud_networking_secgroup" "main" {
+  name        = "${var.project_name}-${var.environment}-sg"
+  description = "Security group for ${var.project_name} ${var.environment}"
+
+  tags = merge(var.common_tags, {
+    Name = "${var.project_name}-${var.environment}-sg"
+  })
+}
+
+# 安全组规则 - SSH
+resource "huaweicloud_networking_secgroup_rule" "ssh" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = huaweicloud_networking_secgroup.main.id
+}
+
+# 安全组规则 - HTTP
+resource "huaweicloud_networking_secgroup_rule" "http" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 80
+  port_range_max    = 80
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = huaweicloud_networking_secgroup.main.id
+}
+
+# 安全组规则 - HTTPS
+resource "huaweicloud_networking_secgroup_rule" "https" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 443
+  port_range_max    = 443
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = huaweicloud_networking_secgroup.main.id
+}
+
+# 弹性IP
+resource "huaweicloud_vpc_eip" "main" {
+  count = var.environment == "production" ? 2 : 1
+  
+  publicip {
+    type = "5_bgp"
+  }
+  
+  bandwidth {
+    name        = "${var.project_name}-${var.environment}-bandwidth-${count.index}"
+    size        = var.environment == "production" ? 10 : 5
+    share_type  = "PER"
+    charge_mode = "traffic"
+  }
+
+  tags = merge(var.common_tags, {
+    Name = "${var.project_name}-${var.environment}-eip-${count.index}"
+  })
+}
+
+# 输出
+output "vpc_id" {
+  description = "VPC ID"
+  value       = huaweicloud_vpc.main.id
+}
+
+output "subnet_ids" {
+  description = "子网 ID 列表"
+  value       = huaweicloud_vpc_subnet.public[*].id
+}
+
+output "security_group_id" {
+  description = "安全组 ID"
+  value       = huaweicloud_networking_secgroup.main.id
+}
+
+output "availability_zones" {
+  description = "可用区列表"
+  value       = data.huaweicloud_availability_zones.zones.names
+}
+
+output "ubuntu_image_id" {
+  description = "Ubuntu 镜像 ID"
+  value       = data.huaweicloud_images_image.ubuntu.id
+}
+
+output "eip_addresses" {
+  description = "弹性IP地址列表"
+  value       = huaweicloud_vpc_eip.main[*].address
+}

infrastructure/providers/oracle-cloud/main.tf

@@ -0,0 +1,160 @@
+# Oracle Cloud Infrastructure 提供商配置
+
+terraform {
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = "~> 5.0"
+    }
+  }
+}
+
+# OCI 提供商配置
+provider "oci" {
+  tenancy_ocid     = var.oci_config.tenancy_ocid
+  user_ocid        = var.oci_config.user_ocid
+  fingerprint      = var.oci_config.fingerprint
+  private_key_path = var.oci_config.private_key_path
+  region           = var.oci_config.region
+}
+
+# 获取可用域
+data "oci_identity_availability_domains" "ads" {
+  compartment_id = var.oci_config.tenancy_ocid
+}
+
+# 获取镜像
+data "oci_core_images" "ubuntu_images" {
+  compartment_id           = var.oci_config.tenancy_ocid
+  operating_system         = "Canonical Ubuntu"
+  operating_system_version = "22.04"
+  shape                    = "VM.Standard.E2.1.Micro"
+  sort_by                  = "TIMECREATED"
+  sort_order               = "DESC"
+}
+
+# VCN (虚拟云网络)
+resource "oci_core_vcn" "main" {
+  compartment_id = var.oci_config.tenancy_ocid
+  cidr_blocks    = [var.vpc_cidr]
+  display_name   = "${var.project_name}-${var.environment}-vcn"
+  dns_label      = "${var.project_name}${var.environment}"
+
+  freeform_tags = merge(var.common_tags, {
+    Name = "${var.project_name}-${var.environment}-vcn"
+  })
+}
+
+# 互联网网关
+resource "oci_core_internet_gateway" "main" {
+  compartment_id = var.oci_config.tenancy_ocid
+  vcn_id         = oci_core_vcn.main.id
+  display_name   = "${var.project_name}-${var.environment}-igw"
+  enabled        = true
+
+  freeform_tags = merge(var.common_tags, {
+    Name = "${var.project_name}-${var.environment}-igw"
+  })
+}
+
+# 路由表
+resource "oci_core_route_table" "main" {
+  compartment_id = var.oci_config.tenancy_ocid
+  vcn_id         = oci_core_vcn.main.id
+  display_name   = "${var.project_name}-${var.environment}-rt"
+
+  route_rules {
+    destination       = "0.0.0.0/0"
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = oci_core_internet_gateway.main.id
+  }
+
+  freeform_tags = merge(var.common_tags, {
+    Name = "${var.project_name}-${var.environment}-rt"
+  })
+}
+
+# 安全列表
+resource "oci_core_security_list" "main" {
+  compartment_id = var.oci_config.tenancy_ocid
+  vcn_id         = oci_core_vcn.main.id
+  display_name   = "${var.project_name}-${var.environment}-sl"
+
+  # 出站规则
+  egress_security_rules {
+    destination = "0.0.0.0/0"
+    protocol    = "all"
+  }
+
+  # 入站规则 - SSH
+  ingress_security_rules {
+    protocol = "6" # TCP
+    source   = "0.0.0.0/0"
+    tcp_options {
+      min = 22
+      max = 22
+    }
+  }
+
+  # 入站规则 - HTTP
+  ingress_security_rules {
+    protocol = "6" # TCP
+    source   = "0.0.0.0/0"
+    tcp_options {
+      min = 80
+      max = 80
+    }
+  }
+
+  # 入站规则 - HTTPS
+  ingress_security_rules {
+    protocol = "6" # TCP
+    source   = "0.0.0.0/0"
+    tcp_options {
+      min = 443
+      max = 443
+    }
+  }
+
+  freeform_tags = merge(var.common_tags, {
+    Name = "${var.project_name}-${var.environment}-sl"
+  })
+}
+
+# 子网
+resource "oci_core_subnet" "public" {
+  count           = length(var.availability_zones)
+  compartment_id  = var.oci_config.tenancy_ocid
+  vcn_id          = oci_core_vcn.main.id
+  cidr_block      = cidrsubnet(var.vpc_cidr, 8, count.index)
+  display_name    = "${var.project_name}-${var.environment}-public-${var.availability_zones[count.index]}"
+  dns_label       = "public${var.availability_zones[count.index]}"
+  route_table_id  = oci_core_route_table.main.id
+  security_list_ids = [oci_core_security_list.main.id]
+
+  freeform_tags = merge(var.common_tags, {
+    Name = "${var.project_name}-${var.environment}-public-${var.availability_zones[count.index]}"
+    Type = "public"
+  })
+}
+
+# 输出
+output "vcn_id" {
+  description = "VCN ID"
+  value       = oci_core_vcn.main.id
+}
+
+output "subnet_ids" {
+  description = "子网 ID 列表"
+  value       = oci_core_subnet.public[*].id
+}
+
+output "availability_domains" {
+  description = "可用域列表"
+  value       = data.oci_identity_availability_domains.ads.availability_domains[*].name
+}
+
+output "ubuntu_image_id" {
+  description = "Ubuntu 镜像 ID"
+  value       = data.oci_core_images.ubuntu_images.images[0].id
+}

infrastructure/shared/outputs.tf

@@ -0,0 +1,39 @@
+# 全局输出定义
+
+# 环境信息
+output "environment" {
+  description = "当前部署环境"
+  value       = var.environment
+}
+
+output "project_name" {
+  description = "项目名称"
+  value       = var.project_name
+}
+
+# 网络信息
+output "vpc_cidr" {
+  description = "VPC CIDR 块"
+  value       = var.vpc_cidr
+}
+
+# 通用标签
+output "common_tags" {
+  description = "通用资源标签"
+  value       = merge(var.common_tags, {
+    Environment = var.environment
+    Timestamp   = timestamp()
+  })
+}
+
+# 云服务商配置状态
+output "enabled_providers" {
+  description = "启用的云服务商列表"
+  value       = var.cloud_providers
+}
+
+# 实例类型配置
+output "instance_types" {
+  description = "当前环境的实例类型配置"
+  value       = var.instance_types[var.environment]
+}

infrastructure/shared/variables.tf

@@ -0,0 +1,169 @@
+# 全局变量定义
+
+# 环境配置
+variable "environment" {
+  description = "部署环境 (dev, staging, production)"
+  type        = string
+  validation {
+    condition     = contains(["dev", "staging", "production"], var.environment)
+    error_message = "环境必须是 dev, staging, 或 production 之一。"
+  }
+}
+
+variable "project_name" {
+  description = "项目名称"
+  type        = string
+  default     = "mgmt"
+}
+
+variable "owner" {
+  description = "资源所有者"
+  type        = string
+  default     = "ben"
+}
+
+# 网络配置
+variable "vpc_cidr" {
+  description = "VPC CIDR 块"
+  type        = string
+  default     = "10.0.0.0/16"
+}
+
+variable "availability_zones" {
+  description = "可用区列表"
+  type        = list(string)
+  default     = ["a", "b", "c"]
+}
+
+# 计算资源配置
+variable "instance_types" {
+  description = "不同环境的实例类型"
+  type = map(object({
+    web    = string
+    app    = string
+    db     = string
+    cache  = string
+  }))
+  default = {
+    dev = {
+      web   = "t3.micro"
+      app   = "t3.small"
+      db    = "t3.micro"
+      cache = "t3.micro"
+    }
+    staging = {
+      web   = "t3.small"
+      app   = "t3.medium"
+      db    = "t3.small"
+      cache = "t3.small"
+    }
+    production = {
+      web   = "t3.medium"
+      app   = "t3.large"
+      db    = "t3.medium"
+      cache = "t3.medium"
+    }
+  }
+}
+
+# 标签配置
+variable "common_tags" {
+  description = "通用标签"
+  type        = map(string)
+  default = {
+    Project     = "mgmt"
+    ManagedBy   = "opentofu"
+    Owner       = "ben"
+  }
+}
+
+# 云服务商特定配置
+variable "cloud_providers" {
+  description = "启用的云服务商"
+  type        = list(string)
+  default     = ["oracle", "huawei", "google", "digitalocean", "aws"]
+}
+
+# Oracle Cloud 配置
+variable "oci_config" {
+  description = "Oracle Cloud 配置"
+  type = object({
+    tenancy_ocid     = string
+    user_ocid        = string
+    fingerprint      = string
+    private_key_path = string
+    region           = string
+  })
+  default = {
+    tenancy_ocid     = ""
+    user_ocid        = ""
+    fingerprint      = ""
+    private_key_path = "~/.oci/oci_api_key.pem"
+    region           = "ap-seoul-1"
+  }
+  sensitive = true
+}
+
+# 华为云配置
+variable "huawei_config" {
+  description = "华为云配置"
+  type = object({
+    access_key = string
+    secret_key = string
+    region     = string
+  })
+  default = {
+    access_key = ""
+    secret_key = ""
+    region     = "cn-north-4"
+  }
+  sensitive = true
+}
+
+# Google Cloud 配置
+variable "gcp_config" {
+  description = "Google Cloud 配置"
+  type = object({
+    project_id   = string
+    region       = string
+    zone         = string
+    credentials  = string
+  })
+  default = {
+    project_id   = ""
+    region       = "asia-northeast3"
+    zone         = "asia-northeast3-a"
+    credentials  = ""
+  }
+  sensitive = true
+}
+
+# DigitalOcean 配置
+variable "do_config" {
+  description = "DigitalOcean 配置"
+  type = object({
+    token  = string
+    region = string
+  })
+  default = {
+    token  = ""
+    region = "sgp1"
+  }
+  sensitive = true
+}
+
+# AWS 配置
+variable "aws_config" {
+  description = "AWS 配置"
+  type = object({
+    access_key = string
+    secret_key = string
+    region     = string
+  })
+  default = {
+    access_key = ""
+    secret_key = ""
+    region     = "ap-northeast-1"
+  }
+  sensitive = true
+}

infrastructure/shared/versions.tf

@@ -0,0 +1,57 @@
+# OpenTofu 版本和提供商配置
+terraform {
+  required_version = ">= 1.6"
+  
+  required_providers {
+    # Oracle Cloud Infrastructure
+    oci = {
+      source  = "oracle/oci"
+      version = "~> 5.0"
+    }
+    
+    # 华为云
+    huaweicloud = {
+      source  = "huaweicloud/huaweicloud"
+      version = "~> 1.60"
+    }
+    
+    # Google Cloud Platform
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 5.0"
+    }
+    
+    # DigitalOcean
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "~> 2.0"
+    }
+    
+    # Amazon Web Services
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+    
+    # 其他常用提供商
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.1"
+    }
+    
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~> 4.0"
+    }
+    
+    local = {
+      source  = "hashicorp/local"
+      version = "~> 2.1"
+    }
+  }
+  
+  # 后端配置 - 可以使用 S3, GCS, 或本地
+  backend "local" {
+    path = "terraform.tfstate"
+  }
+}