Production-ready infrastructure for Agentage platform. Hosts agentage.io and development environment on Hetzner Cloud with Docker Swarm.
βΉοΈ Note: This infrastructure is based on the vreshch/infrastructure template.
- π Multi-Domain Support - Main site + dev environment + extensible for docs/api
- π Environment Isolation - Separate dev/prod environments
- π Secure by Default - SSL certificates, firewall rules, SSH key auth
- π Built-in Monitoring - Traefik dashboard, Swarmpit UI, Dozzle logs
- π° Cost-Effective - Affordable Hetzner Cloud infrastructure
- π§ Interactive Setup - Guided configuration with validation
- π οΈ Utility Scripts - SSH keys, password hashing, config validation
Local/CI β Terraform β Hetzner Cloud
β
Docker Swarm Infrastructure
Domains:
agentage.io- Main platform (Next.js web app)dev.agentage.io- Development environment
Future Extensibility:
traefik.agentage.io- Traefik dashboarddocs.agentage.io- Documentation siteapi.agentage.io- API endpoints
Included Services:
- Traefik - Automatic SSL/TLS and reverse proxy for all domains
- Swarmpit - Docker Swarm management UI
- Dozzle - Real-time container log viewer
- Automatic DNS - Managed via Hetzner DNS API
- Hetzner Cloud account with API token
- Hetzner DNS account with API token
- Domain
agentage.ioregistered and configured in Hetzner DNS - Terraform >= 1.12 (for local deployment)
-
Clone this repository
git clone https://github.com/agentage/infrastructure.git cd infrastructure -
Run the interactive setup script
# For development environment ./scripts/setup-fill-tfvars.sh dev # For production environment ./scripts/setup-fill-tfvars.sh prod
The script will prompt for:
- Domain configuration (
agentage.io,dev.agentage.io, etc.) - Hetzner Cloud & DNS API tokens
- DNS Zone ID
- Server configuration (name, type, location)
- SSH key paths
- Admin password (or auto-generate)
It automatically:
- Validates all inputs
- Generates bcrypt password hash
- Base64-encodes credentials
- Creates
terraform/terraform.{env}.tfvarswith secure permissions (600)
- Domain configuration (
-
Deploy infrastructure
cd terraform terraform init terraform plan -var-file="terraform.prod.tfvars" terraform apply -var-file="terraform.prod.tfvars"
-
Access your services (after 5-10 minutes for DNS + SSL)
- Main Platform:
https://agentage.io - Dev Environment:
https://dev.agentage.io - Management Tools: Configured during setup
Note: SSL certificates are issued automatically but require DNS propagation first (5-10 min).
- Main Platform:
.
βββ terraform/ # Terraform infrastructure code
β βββ main.tf # Main infrastructure definition
β βββ variables.tf # Variable definitions with validation
β βββ outputs.tf # Output definitions
β βββ versions.tf # Provider and backend configuration
β βββ modules/ # Reusable modules
β βββ compute/ # Server provisioning module
β β βββ main.tf
β β βββ variables.tf
β β βββ outputs.tf
β β βββ scripts/ # Server initialization scripts
β β βββ init-docker.sh
β β βββ init-docker-swarm.sh
β β βββ deploy-services.sh
β βββ dns/ # DNS management module
β βββ main.tf
β βββ variables.tf
β βββ outputs.tf
βββ configs/ # Environment configuration templates
β βββ template.tfvars # Master configuration template
β βββ dev.example.tfvars # Development environment example
β βββ prod.example.tfvars # Production environment example
βββ scripts/ # Automation scripts
β βββ setup-env.sh # Interactive environment setup
β βββ setup-fill-tfvars.sh # Fill tfvars with validation
β βββ deploy-env.sh # Multi-environment deployment
β βββ utils/ # Utility scripts
β βββ generate-ssh-keys.sh # SSH key generation
β βββ generate-password.sh # Password hash generation
β βββ validate-config.sh # Configuration validation
βββ docs/ # Documentation
β βββ quickstart.md # 5-minute setup guide
β βββ configuration.md # Configuration reference
β βββ deployment.md # Deployment guide
β βββ troubleshooting.md # Common issues and solutions
βββ README.md # This file
The infrastructure supports multiple subdomains for different services. See configs/template.tfvars for complete configuration options.
Choose appropriate Hetzner Cloud server types based on your needs. Start small and scale as needed. See Hetzner Cloud Pricing for current options.
# 1. Setup dev configuration
./scripts/setup-fill-tfvars.sh dev
# 2. Validate configuration
./scripts/utils/validate-config.sh terraform/terraform.dev.tfvars
# 3. Deploy
./scripts/deploy-env.sh dev apply --local# 1. Setup prod configuration
./scripts/setup-fill-tfvars.sh prod
# 2. Validate configuration
./scripts/utils/validate-config.sh terraform/terraform.prod.tfvars
# 3. Preview changes
./scripts/deploy-env.sh prod plan --local
# 4. Apply changes
./scripts/deploy-env.sh prod apply --local# Modify configuration
nano terraform/terraform.prod.tfvars
# Preview changes
./scripts/deploy-env.sh prod plan --local
# Apply changes
./scripts/deploy-env.sh prod apply --localSee INSTRUCTIONS.md for detailed steps on extending the infrastructure.
The infrastructure includes management tools for monitoring and controlling your Docker Swarm infrastructure:
- Traefik Dashboard - Routing rules, SSL status, service health
- Swarmpit - Docker services, logs, resource monitoring
- Dozzle - Real-time container logs with search
All tools use basic authentication with configured admin credentials.
- Firewall: Only ports 80, 443, and 22 exposed
- SSL/TLS: Automatic Let's Encrypt certificates for all domains
- Authentication: Admin tools protected with bcrypt hashing
- SSH: Key-based authentication only (no passwords)
- Secrets: Never committed (.gitignore configured)
- File Permissions: tfvars files set to 600 automatically
- Generate unique SSH keys per environment
- Use strong passwords (16+ characters recommended)
- Rotate credentials regularly
- Enable MFA on Hetzner account
- Review firewall rules periodically
- Keep server software updated
- docs/quickstart.md - 5-minute setup guide
- docs/configuration.md - Complete configuration reference
- docs/deployment.md - Deployment workflows
- docs/troubleshooting.md - Common issues and solutions
# Check DNS records
dig +short agentage.io
dig +short dev.agentage.io
# Verify Hetzner DNS zone ID
# Login to https://dns.hetzner.com/# SSH to server and check Traefik logs
ssh -i ~/.ssh/deploy_ed25519 root@YOUR_SERVER_IP
docker service logs traefik
# Common causes:
# - DNS not propagated (wait 5-10 minutes)
# - Port 80/443 not accessible
# - Invalid email address# Check service status
ssh -i ~/.ssh/deploy_ed25519 root@YOUR_SERVER_IP
docker service ls
docker service ps traefik swarmpit dozzle
# View logs
docker service logs <service-name>For detailed troubleshooting, see docs/troubleshooting.md.
Contributions are welcome! Please feel free to submit a Pull Request.
π‘ Note: For general infrastructure improvements, consider contributing to the upstream vreshch/infrastructure template so all users can benefit.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'feat: add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Documentation: See
docs/directory for detailed guides - Issues: Report bugs or request features via GitHub Issues
- Discussions: Ask questions in GitHub Discussions
- Dockerswarm.rocks - Docker Swarm best practices
- Hetzner Cloud - Affordable cloud infrastructure
- Traefik - Modern reverse proxy and load balancer
- Swarmpit - Docker Swarm management interface
- Dozzle - Real-time log viewer for Docker
MIT Β© 2025 Agentage Contributors
Part of the Agentage ecosystem Β© 2025 Agentage GmbH - agentage.io