From 05b967f517d390a6efcda29367a96258d1df1ed4 Mon Sep 17 00:00:00 2001
From: Valentin Haudiquet <valentin.haudiquet@canonical.com>
Date: Thu, 22 Jan 2026 18:40:38 +0100
Subject: [PATCH] infra/r740: docker infrastructure

---
 infra/r740/docker/main.tf      | 49 ++++++++++++++++++++++++++++++++++
 infra/r740/docker/variables.tf |  8 ++++++
 2 files changed, 57 insertions(+)
 create mode 100644 infra/r740/docker/main.tf
 create mode 100644 infra/r740/docker/variables.tf

diff --git a/infra/r740/docker/main.tf b/infra/r740/docker/main.tf
new file mode 100644
index 0000000..36912f1
--- /dev/null
+++ b/infra/r740/docker/main.tf
@@ -0,0 +1,49 @@
+terraform {
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "3.6.2"
+    }
+  }
+}
+
+# Docker configuration
+provider "docker" {
+  host = "ssh://root@${var.docker_host}"
+}
+
+resource "docker_image" "swarm-cd" {
+  name = "swarm-cd:latest"
+  # For now, custom-built image based on custom development branch
+  # Once this reaches upstream, back to upstream tag, like:
+  # ghcr.io/m-adawi/swarm-cd:1.9.0
+}
+
+resource "docker_container" "swarm-cd" {
+  name  = "swarm-cd"
+  image = docker_image.swarm-cd.image_id
+  volumes {
+      host_path = "/var/run/docker.sock"
+      container_path = "/var/run/docker.sock"
+      read_only = true
+  }
+  volumes {
+    host_path = "/root/homeprod/.swarmcd/repos.yaml"
+    container_path = "/app/repos.yaml"
+    read_only = true
+  }
+  volumes {
+    host_path = "/root/homeprod/.swarmcd/stacks.yaml"
+    container_path = "/app/stacks.yaml"
+    read_only = true
+  }
+  volumes {
+    host_path = "/app/swarm-cd/data"
+    container_path = "/data"
+  }
+  env = [
+    "SOPS_GPG_PRIVATE_KEY=${var.sops_private_key}"
+  ]
+
+  depends_on = [ docker_image.swarm-cd ]
+}
diff --git a/infra/r740/docker/variables.tf b/infra/r740/docker/variables.tf
new file mode 100644
index 0000000..46c2cf8
--- /dev/null
+++ b/infra/r740/docker/variables.tf
@@ -0,0 +1,8 @@
+variable "sops_private_key" {
+  description = "Private SOPS GPG key for SwarmCD to decrypt secrets"
+  type = string
+}
+variable "docker_host" {
+  description = "Docker machine hostname"
+  type = string
+}
\ No newline at end of file