pyramidheadshark/.claude/skills/infra-yandex-cloud
.claude/skills/infra-yandex-cloud/SKILL.md
# Infra: Yandex Cloud ## When to Load This Skill Load when working with: Terraform, Packer, Yandex Cloud resources, Docker deployment to VMs, Kubernetes prep, CI/CD deploy steps, VM configuration. ## Stack - **Packer** — builds VM images (pre-baked with Docker, dependencies) - **Terraform** — provisions YC infrastructure (VMs, networking, Object Storage) - **Docker Compose** — runs application on provisioned VM - **Helm** — Kubernetes-ready charts prepared from day one (even if K8s not yet u
$ install --global
skillsauthnpx skillsauth add pyramidheadshark/ml-claude-infra .claude/skills/infra-yandex-cloudInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 8:51 AM418.7s1 file scanned
SKILL.md
Infra: Yandex Cloud
When to Load This Skill
Load when working with: Terraform, Packer, Yandex Cloud resources, Docker deployment to VMs, Kubernetes prep, CI/CD deploy steps, VM configuration.
Stack
- Packer — builds VM images (pre-baked with Docker, dependencies)
- Terraform — provisions YC infrastructure (VMs, networking, Object Storage)
- Docker Compose — runs application on provisioned VM
- Helm — Kubernetes-ready charts prepared from day one (even if K8s not yet used)
Repository Structure
infra/
├── packer/
│ ├── ubuntu-base.pkr.hcl # base image with Docker + system deps
│ └── variables.pkr.hcl
├── terraform/
│ ├── main.tf
│ ├── variables.tf
│ ├── outputs.tf
│ ├── versions.tf
│ └── modules/
│ ├── vm/ # reusable VM module
│ │ ├── main.tf
│ │ ├── variables.tf
│ │ └── outputs.tf
│ └── networking/
│ ├── main.tf
│ ├── variables.tf
│ └── outputs.tf
└── helm/ # K8s-ready, deploy when needed
└── {project-name}/
├── Chart.yaml
├── values.yaml
└── templates/
├── deployment.yaml
├── service.yaml
└── configmap.yaml
Terraform: versions.tf Standard
terraform {
required_version = ">= 1.6.0"
required_providers {
yandex = {
source = "yandex-cloud/yandex"
version = "~> 0.115"
}
}
backend "s3" {
endpoints = {
s3 = "https://storage.yandexcloud.net"
}
bucket = "tf-state-bucket"
region = "ru-central1"
key = "{project-name}/terraform.tfstate"
skip_region_validation = true
skip_credentials_validation = true
skip_requesting_account_id = true
skip_s3_checksum = true
}
}
provider "yandex" {
token = var.yc_token
cloud_id = var.yc_cloud_id
folder_id = var.yc_folder_id
zone = var.yc_zone
}
Terraform: VM Module (CPU)
resource "yandex_compute_instance" "app" {
name = "${var.project_name}-${var.environment}"
platform_id = "standard-v3"
zone = var.zone
resources {
cores = var.cpu_cores
memory = var.memory_gb
core_fraction = 100
}
boot_disk {
initialize_params {
image_id = var.image_id
size = var.disk_gb
type = "network-ssd"
}
}
network_interface {
subnet_id = var.subnet_id
nat = true
}
metadata = {
ssh-keys = "ubuntu:${file(var.ssh_public_key_path)}"
user-data = templatefile("${path.module}/cloud-init.yaml", {
docker_compose_content = base64encode(file(var.docker_compose_path))
env_content = base64encode(file(var.env_file_path))
})
}
}
Terraform: GPU VM Module
resource "yandex_compute_instance" "gpu" {
name = "${var.project_name}-gpu-${var.environment}"
platform_id = "gpu-standard-v3"
zone = "ru-central1-a"
resources {
cores = 8
memory = 96
gpus = 1
}
boot_disk {
initialize_params {
image_id = var.gpu_image_id
size = 200
type = "network-ssd"
}
}
network_interface {
subnet_id = var.subnet_id
nat = true
}
}
Packer: Base Ubuntu Image
packer {
required_plugins {
yandex = {
version = ">= 1.1.2"
source = "github.com/hashicorp/yandex"
}
}
}
source "yandex" "ubuntu-base" {
token = var.yc_token
folder_id = var.yc_folder_id
source_image_family = "ubuntu-2204-lts"
ssh_username = "ubuntu"
image_name = "ml-base-${formatdate("YYYYMMDD-HHmm", timestamp())}"
image_family = "ml-base"
zone = "ru-central1-a"
}
build {
sources = ["source.yandex.ubuntu-base"]
provisioner "shell" {
inline = [
"sudo apt-get update -q",
"sudo apt-get install -y -q docker.io docker-compose-plugin curl git",
"sudo systemctl enable docker",
"sudo usermod -aG docker ubuntu",
"curl -LsSf https://astral.sh/uv/install.sh | sh",
]
}
}
K8s-Ready: Helm Chart Structure
Even when deploying with Docker Compose, prepare the Helm chart early. It documents what K8s will need and makes the migration trivial.
# helm/{project}/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "chart.fullname" . }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ include "chart.name" . }}
template:
spec:
containers:
- name: app
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
ports:
- containerPort: 8000
envFrom:
- secretRef:
name: {{ include "chart.fullname" . }}-secrets
resources:
requests:
cpu: {{ .Values.resources.requests.cpu }}
memory: {{ .Values.resources.requests.memory }}
limits:
cpu: {{ .Values.resources.limits.cpu }}
memory: {{ .Values.resources.limits.memory }}
.tfvars Example (never commit real values)
yc_token = "..."
yc_cloud_id = "b1g..."
yc_folder_id = "b1g..."
yc_zone = "ru-central1-a"
project_name = "my-project"
environment = "staging"
cpu_cores = 2
memory_gb = 4
disk_gb = 50
Required .env / GitHub Secrets
YC_TOKEN=...
YC_CLOUD_ID=...
YC_FOLDER_ID=...
YC_ZONE=ru-central1-a
TF_STATE_BUCKET=tf-state-bucket
YC_ACCESS_KEY_ID=... # for S3 backend
YC_SECRET_ACCESS_KEY=... # for S3 backend
Further Resources
resources/cloud-init.md— cloud-init template for Docker Compose auto-start on VM bootresources/github-actions-deploy.md— full deploy.yml workflow for YC
Related Skills
pyramidheadshark/tests/fixtures/project-with-status/.claude/skills/design-doc-creator
testing
VerifiedTrustedCommunity
# Design Doc Creator ## When to Load This Skill Load when: design documents, requirements, new project start. Short fixture skill for testing (optional/meta skill).
4SKILL.mdUpdated Apr 17, 2026
pyramidheadshark/.claude/skills/windows-developer
development
VerifiedTrustedCommunity
# Windows Developer Guide ## When to Load Automatically loaded on Windows (`platform_trigger: "win32"`). Applies to: `.py`, `.ps1`, `.bat`, `.cmd` files and any Windows-specific workflow. ## Python on Windows ### Encoding (CRITICAL) Windows defaults to `cp1251` / `cp1252` for file I/O. Always specify UTF-8 explicitly: ```python with open("file.txt", "r", encoding="utf-8") as f: content = f.read() Path("file.txt").read_text(encoding="utf-8") Path("file.txt").write_text(content, encodin
4SKILL.mdUpdated Apr 15, 2026
pyramidheadshark/.claude/skills/test-first-patterns
development
VerifiedTrustedCommunity
# Test-First Patterns ## When to Load This Skill Load when writing tests, creating `.feature` files, setting up conftest, discussing test strategy, or reviewing coverage. ## Philosophy Tests are written BEFORE code. Always. No exceptions. The order is: Design Doc → BDD Scenarios → Unit Tests → Implementation. BDD scenarios come from the design document's use cases section — they are a direct translation of business requirements into executable specifications. This makes tests the living do
4SKILL.mdUpdated Apr 15, 2026
pyramidheadshark/.claude/skills/supply-chain-auditor
testing
VerifiedTrustedCommunity
# Skill: Supply Chain Auditor ## When to Load Auto-load when: adding dependencies, reviewing packages, updating versions, or discussing `requirements.txt`, `pyproject.toml`, `package.json`. Triggers on `dependency`, `install`, `package`, `CVE`, `audit`, `vulnerable` (≥2 keywords). ## Core Rules Every new dependency addition must pass this checklist before merging: 1. **Pinned** — exact version in production (`==1.2.3` for pip, `"1.2.3"` for npm, not `^` or `~`). 2. **Maintained** — last com
4SKILL.mdUpdated Apr 15, 2026