feat: Create skeleton for terraform provisioning role

The terraform module does not expect its file contents (project_path) in
the 'files/' folder like the core roles, instead looking for it relative
to the _invocation_ pwd.
So, for now it just resides in the root level of the repository and may
be moved from there to wherever it is more pertinent.

Additionally, we check for the existence of the OpenTofu binary (tofu),
and prefer that if it exists. Otherwise we fall back to the Terraform
binary.

roles/infrastructure/tasks/main.yaml

@@ -0,0 +1,26 @@
+---
+# role currently only works with opentofu
+# Either manually extend to both or just leave out test?
+- name: Check if tofu is installed
+  vars:
+    terraform_bin: tofu
+  ansible.builtin.command:
+    argv:
+      - which
+      - "{{ terraform_bin|quote }}"
+  check_mode: false # run even in check mode
+  tags: debug
+  register: tofu_installed
+  failed_when: false
+  changed_when: false
+
+- name: Run terraform
+  community.general.terraform:
+    binary_path: "{{ (tofu_installed.rc in [ 0 ]) | ternary('tofu', 'terraform') }}"
+    project_path: "tofu/"
+    state: present
+  register: output
+
+- name: Debug output
+  debug:
+    var: output

site.yaml

@@ -5,7 +5,6 @@
   gather_facts: False
   become: true
   tags:
-    - system
     - bootstrap
   tasks:
     - name: check for python
@@ -50,6 +49,13 @@
     #     name: incus-install
     #   tags: incus
 
+- name: Raise infrastructure
+  hosts: localhost
+  tags: infrastructure
+  tasks:
+    - ansible.builtin.import_role:
+        name: infrastructure
+
   # ansible-galaxy install geerlingguy.docker
 - name: Install docker
   hosts: instance_system

tofu/main.tf

@@ -0,0 +1,5 @@
+
+output "my_debug_output" {
+    description = "just debuggin"
+    value = 42
+}