feat: 集成 OpenTofu + Ansible + Gitea CI/CD

- 重构项目目录结构
- 添加 OpenTofu 多云支持
- 配置 Ansible 自动化部署
- 集成 Gitea Actions CI/CD 流水线
- 添加 Docker Swarm 管理
- 完善监控和安全配置

infrastructure/providers/huawei-cloud/main.tf

@@ -0,0 +1,144 @@
+# 华为云提供商配置
+
+terraform {
+  required_providers {
+    huaweicloud = {
+      source  = "huaweicloud/huaweicloud"
+      version = "~> 1.60"
+    }
+  }
+}
+
+# 华为云提供商配置
+provider "huaweicloud" {
+  access_key = var.huawei_config.access_key
+  secret_key = var.huawei_config.secret_key
+  region     = var.huawei_config.region
+}
+
+# 获取可用区
+data "huaweicloud_availability_zones" "zones" {}
+
+# 获取镜像
+data "huaweicloud_images_image" "ubuntu" {
+  name        = "Ubuntu 22.04 server 64bit"
+  most_recent = true
+}
+
+# VPC
+resource "huaweicloud_vpc" "main" {
+  name = "${var.project_name}-${var.environment}-vpc"
+  cidr = var.vpc_cidr
+
+  tags = merge(var.common_tags, {
+    Name = "${var.project_name}-${var.environment}-vpc"
+  })
+}
+
+# 子网
+resource "huaweicloud_vpc_subnet" "public" {
+  count      = length(var.availability_zones)
+  name       = "${var.project_name}-${var.environment}-public-${var.availability_zones[count.index]}"
+  cidr       = cidrsubnet(var.vpc_cidr, 8, count.index)
+  gateway_ip = cidrhost(cidrsubnet(var.vpc_cidr, 8, count.index), 1)
+  vpc_id     = huaweicloud_vpc.main.id
+
+  tags = merge(var.common_tags, {
+    Name = "${var.project_name}-${var.environment}-public-${var.availability_zones[count.index]}"
+    Type = "public"
+  })
+}
+
+# 安全组
+resource "huaweicloud_networking_secgroup" "main" {
+  name        = "${var.project_name}-${var.environment}-sg"
+  description = "Security group for ${var.project_name} ${var.environment}"
+
+  tags = merge(var.common_tags, {
+    Name = "${var.project_name}-${var.environment}-sg"
+  })
+}
+
+# 安全组规则 - SSH
+resource "huaweicloud_networking_secgroup_rule" "ssh" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = huaweicloud_networking_secgroup.main.id
+}
+
+# 安全组规则 - HTTP
+resource "huaweicloud_networking_secgroup_rule" "http" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 80
+  port_range_max    = 80
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = huaweicloud_networking_secgroup.main.id
+}
+
+# 安全组规则 - HTTPS
+resource "huaweicloud_networking_secgroup_rule" "https" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 443
+  port_range_max    = 443
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = huaweicloud_networking_secgroup.main.id
+}
+
+# 弹性IP
+resource "huaweicloud_vpc_eip" "main" {
+  count = var.environment == "production" ? 2 : 1
+  
+  publicip {
+    type = "5_bgp"
+  }
+  
+  bandwidth {
+    name        = "${var.project_name}-${var.environment}-bandwidth-${count.index}"
+    size        = var.environment == "production" ? 10 : 5
+    share_type  = "PER"
+    charge_mode = "traffic"
+  }
+
+  tags = merge(var.common_tags, {
+    Name = "${var.project_name}-${var.environment}-eip-${count.index}"
+  })
+}
+
+# 输出
+output "vpc_id" {
+  description = "VPC ID"
+  value       = huaweicloud_vpc.main.id
+}
+
+output "subnet_ids" {
+  description = "子网 ID 列表"
+  value       = huaweicloud_vpc_subnet.public[*].id
+}
+
+output "security_group_id" {
+  description = "安全组 ID"
+  value       = huaweicloud_networking_secgroup.main.id
+}
+
+output "availability_zones" {
+  description = "可用区列表"
+  value       = data.huaweicloud_availability_zones.zones.names
+}
+
+output "ubuntu_image_id" {
+  description = "Ubuntu 镜像 ID"
+  value       = data.huaweicloud_images_image.ubuntu.id
+}
+
+output "eip_addresses" {
+  description = "弹性IP地址列表"
+  value       = huaweicloud_vpc_eip.main[*].address
+}