feat: implement template-based configuration system

- Add Tera template engine for dynamic configuration rendering
- Migrate config/ → templates/ with template variables ({{ansible_host}}, {{ansible_ssh_private_key_file}})
- Implement 4-stage E2E workflow: static templates → infrastructure → runtime templates → execution
- Add comprehensive template system with type-safe wrappers and early error detection
- Remove direct file modification during E2E tests (preserves git working tree)
- Add build/ directory for generated runtime configs (git-ignored)
- Update documentation and workflows to use new template system
- Add 21 comprehensive tests (17 unit tests + 4 integration tests)

The template system ensures clean separation between templates (git-tracked)
and runtime configurations (git-ignored), preventing git working tree
modifications during E2E tests.

Author: josecelano

.github/copilot-instructions.md

@@ -14,8 +14,9 @@ This is a deployment infrastructure proof-of-concept for the Torrust ecosystem.
 ## 📁 Key Directories
 
 - `src/` - Rust source code and binaries
-- `config/ansible/` - Ansible playbooks and inventory
-- `config/tofu/` - OpenTofu/Terraform configurations
+- `templates/ansible/` - Ansible playbook templates
+- `templates/tofu/` - OpenTofu/Terraform configuration templates
+- `build/` - Generated runtime configurations (git-ignored)
 - `docs/` - Project documentation
 
 ## 🔧 Essential Rules

.github/workflows/test-e2e.yml

@@ -2,7 +2,7 @@ name: E2E Tests
 
 # NOTE: This workflow uses CI-specific approaches like 'sudo chmod 666' on the LXD socket
 # and 'sudo' with LXD commands. These approaches are NOT recommended for local development.
-# For local use, follow the proper group membership approach documented in config/tofu/lxd/README.md
+# For local use, follow the proper group membership approach documented in templates/tofu/lxd/README.md
 
 on:
   push:
@@ -59,7 +59,7 @@ jobs:
 
       - name: Get test outputs (on success)
         if: success()
-        working-directory: config/tofu/lxd
+        working-directory: build/tofu/lxd
         run: |
           echo "=== Infrastructure Outputs ==="
           sudo -E tofu output || echo "No outputs available"
@@ -77,7 +77,7 @@ jobs:
           sudo lxc list || echo "LXC list failed"
 
           echo "=== OpenTofu State ==="
-          cd config/tofu/lxd
+          cd build/tofu/lxd
           sudo -E tofu show || echo "No state to show"
 
           echo "=== System Resources ==="
@@ -89,7 +89,7 @@ jobs:
 
       - name: Cleanup infrastructure (always run)
         if: always()
-        working-directory: config/tofu/lxd
+        working-directory: build/tofu/lxd
         run: |
           echo "Cleaning up test infrastructure..."
           # Use sudo for CI environment cleanup

.github/workflows/test-lxd-provision.yml

@@ -2,7 +2,7 @@ name: Test LXD Container Provisioning
 
 # NOTE: This workflow uses CI-specific approaches like 'sudo chmod 666' on the LXD socket
 # and 'sudo' with LXD commands. These approaches are NOT recommended for local development.
-# For local use, follow the proper group membership approach documented in config/tofu/lxd/README.md
+# For local use, follow the proper group membership approach documented in templates/tofu/lxd/README.md
 
 on:
   push:
@@ -26,6 +26,22 @@ jobs:
       - name: Install OpenTofu
         run: ./scripts/setup/install-opentofu.sh
 
+      - name: Setup Rust toolchain and build template system
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: stable
+
+      - name: Cache Rust dependencies
+        uses: Swatinem/rust-cache@v2
+
+      - name: Render template configurations
+        run: |
+          # Build the template system and render the static templates
+          cargo build --release
+          # For this workflow, we need static templates only (no runtime variables)
+          mkdir -p build
+          cp -r templates/* build/
+
       - name: Verify installations
         run: |
           sudo lxc version
@@ -38,19 +54,19 @@ jobs:
           lxc list
 
       - name: Initialize OpenTofu
-        working-directory: config/tofu/lxd
+        working-directory: build/tofu/lxd
         run: tofu init
 
       - name: Validate OpenTofu configuration
-        working-directory: config/tofu/lxd
+        working-directory: build/tofu/lxd
         run: tofu validate
 
       - name: Plan deployment
-        working-directory: config/tofu/lxd
+        working-directory: build/tofu/lxd
         run: tofu plan
 
       - name: Apply configuration
-        working-directory: config/tofu/lxd
+        working-directory: build/tofu/lxd
         run: |
           # Use tofu without sudo since socket permissions are set up
           # NOTE: For local development, use "sg lxd -c 'tofu apply'" instead
@@ -114,12 +130,12 @@ jobs:
           lxc exec torrust-vm -- systemctl status ssh || echo "ssh service check failed"
 
       - name: Get container outputs
-        working-directory: config/tofu/lxd
+        working-directory: build/tofu/lxd
         run: tofu output
 
       - name: Cleanup
         if: always()
-        working-directory: config/tofu/lxd
+        working-directory: build/tofu/lxd
         run: |
           echo "Cleaning up container..."
           # Use tofu without sudo since socket permissions are set up

.gitignore

@@ -50,6 +50,9 @@ Thumbs.db
 target/
 Cargo.lock
 
+# Template build directory (runtime-generated configs)
+build/
+
 # Meson build directory
 builddir/
 

Cargo.toml

@@ -26,9 +26,11 @@ path = "src/bin/linter.rs"
 
 [dependencies]
 tokio = { version = "1.0", features = [ "full" ] }
-serde_json = "1.0"
 anyhow = "1.0"
 clap = { version = "4.0", features = [ "derive" ] }
 regex = "1.0"
+serde = { version = "1.0", features = [ "derive" ] }
+serde_json = "1.0"
 tempfile = "3.0"
+tera = "1.0"
 torrust-linting = { path = "packages/linting" }

README.md

@@ -18,14 +18,14 @@ creating VMs that support cloud-init both locally (development) and in CI enviro
 
 This repository uses LXD containers for virtualization:
 
-### ☁️ **LXD Containers (`config/tofu/lxd/`)** - **OFFICIAL**
+### ☁️ **LXD Containers (`templates/tofu/lxd/`)** - **OFFICIAL**
 
 - **Technology**: System containers with cloud-init support
 - **Status**: ✅ Official provider - Guaranteed GitHub Actions compatibility
 - **Best for**: CI/CD environments, fast provisioning, local development
 - **Requirements**: No special virtualization needed
 
-**[📖 See detailed documentation →](config/tofu/lxd/README.md)**
+**[📖 See detailed documentation →](templates/tofu/lxd/README.md)**
 
 ## � Provider Comparison
 
@@ -136,7 +136,7 @@ If you prefer manual deployment instead of using the E2E tests:
 
 ```bash
 # Navigate to LXD configuration
-cd config/tofu/lxd
+cd templates/tofu/lxd
 
 # Initialize and deploy
 tofu init && tofu apply
@@ -242,10 +242,13 @@ The repository includes comprehensive GitHub Actions workflows for CI testing:
 │   │   └── meson-removal.md # Decision to remove Meson build system
 │   ├── documentation.md     # Documentation organization guide
 │   └── vm-providers.md      # Provider comparison for this project
-├── config/
-│   ├── tofu/
-│   │   └── lxd/             # LXD container configuration
-│   └── ansible/             # Ansible configuration management
+├── templates/               # 📁 Template configurations (git-tracked)
+│   ├── tofu/                # 🏗️ OpenTofu/Terraform templates
+│   │   └── lxd/             # LXD container template configuration
+│   └── ansible/             # 🤖 Ansible playbook templates
+├── build/                   # 📁 Generated runtime configs (git-ignored)
+│   ├── tofu/                # 🏗️ Runtime OpenTofu configs
+│   └── ansible/             # 🤖 Runtime Ansible configs
 ├── scripts/                  # Development and utility scripts
 │   └── setup/               # Setup scripts for dependencies
 ├── src/                     # Rust source code

docs/documentation.md

@@ -110,7 +110,7 @@ docs/
 - `vm-providers.md` - Comparison of VM providers for this project
 - Project-specific usage patterns and workflows
 
-### 📁 Configuration Documentation (`config/*/README.md`)
+### 📁 Configuration Documentation (`templates/*/README.md`)
 
 **Purpose**: Documentation for specific configurations within the project.
 
@@ -123,8 +123,8 @@ docs/
 
 **Examples**:
 
-- `config/tofu/lxd/README.md` - How to use the LXD OpenTofu configuration
-- `config/ansible/README.md` - How to use the Ansible playbooks
+- `templates/tofu/lxd/README.md` - How to use the LXD OpenTofu configuration
+- `templates/ansible/README.md` - How to use the Ansible playbooks
 
 ## 🎯 Guidelines for Contributors
 
@@ -138,7 +138,7 @@ docs/
 
    - If it's specific to how this project works
 
-3. **Configuration documentation** → `config/*/README.md`
+3. **Configuration documentation** → `templates/*/README.md`
 
    - If it's about a specific configuration or setup
 
@@ -171,7 +171,7 @@ Install OpenTofu following the [OpenTofu setup guide](tech-stack/opentofu.md).
 
 <!-- From tech stack to project usage -->
 
-For project-specific usage, see the [LXD configuration guide](../config/tofu/lxd/README.md).
+For project-specific usage, see the [LXD configuration guide](../templates/tofu/lxd/README.md).
 ```
 
 ## 🔄 Maintaining Documentation

docs/e2e-testing.md

@@ -43,7 +43,7 @@ The E2E tests execute the following steps in production order:
 
 1. **Infrastructure Provisioning**
 
-   - Uses OpenTofu configuration from `config/tofu/lxd/`
+   - Uses OpenTofu configuration from `templates/tofu/lxd/`
    - Creates LXD container with Ubuntu and cloud-init configuration
 
 2. **Cloud-init Completion** (`wait-cloud-init.yml`)
@@ -118,7 +118,7 @@ lxc stop torrust-vm
 lxc delete torrust-vm
 
 # Or use OpenTofu to clean up
-cd config/tofu/lxd
+cd build/tofu/lxd
 tofu destroy -auto-approve
 ```
 

docs/research/ansible-testing-strategy.md

@@ -41,7 +41,7 @@ After extensive research and testing (documented in [docker-vs-lxd-ansible-testi
 
 ```bash
 # Provision LXD container once
-cd config/tofu/lxd
+cd build/tofu/lxd
 tofu apply -auto-approve  # ~17.6s initial setup
 
 # Reuse the same VM for multiple playbook tests
@@ -66,7 +66,7 @@ time ansible-playbook deploy-docker-stack.yml       # ~22.6s
 #### 3. VM Cleanup (When Needed)
 
 ```bash
-cd config/tofu/lxd
+cd build/tofu/lxd
 tofu destroy -auto-approve  # Clean slate for next test cycle
 ```
 
@@ -210,7 +210,7 @@ Based on comprehensive research and performance testing, we have implemented a *
 
 ```bash
 # One-time setup
-cd config/tofu/lxd && tofu apply -auto-approve
+cd build/tofu/lxd && tofu apply -auto-approve
 
 # Sequential playbook testing (reusing same VM)
 cd ../../ansible

docs/research/docker-vs-lxd-ansible-testing.md

@@ -527,7 +527,7 @@ docker run -d --name torrust-test-container -p 2222:22 torrust-ansible-test
 docker run -d --name torrust-enhanced-container -p 2223:22 torrust-ansible-test-enhanced
 
 # Test with LXD
-cd config/tofu/lxd
+cd templates/tofu/lxd
 time tofu apply -auto-approve                    # 17.6s
 cd ../../ansible
 time ansible-playbook install-docker.yml        # 27.7s