serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infrastructure/modules/infrastructure/hcloud.tf

153 lines
4 KiB
HCL
Raw Blame History

resource "hcloud_ssh_key" "default" {
name = var.default_ssh_key.name
public_key = var.default_ssh_key.public_key
}
resource "hcloud_placement_group" "default" {
name = "serguzim.net"
type = "spread"
}
resource "hcloud_primary_ip" "node_ipv4_addresses" {
for_each = local.hetzner_hosts
name = "primary_ipv4_${each.value.hostname}"
datacenter = each.value.datacenter
type = "ipv4"
assignee_type = "server"
auto_delete = false
}
resource "hcloud_primary_ip" "node_ipv6_addresses" {
for_each = local.hetzner_hosts
name = "primary_ipv6_${each.value.hostname}"
datacenter = each.value.datacenter
type = "ipv6"
assignee_type = "server"
auto_delete = false
}
# Create a server
resource "hcloud_server" "nodes" {
for_each = local.hetzner_hosts
name = each.value.hostname
datacenter = each.value.datacenter
image = each.value.image
server_type = each.value.server_type
ssh_keys = [hcloud_ssh_key.default.id]
user_data = templatefile("./templates/cloud-init.yaml.tpl", {
netbird_setup_key = each.value.ephemeral ? netbird_setup_key.cloud_init_ephemeral_key.key : netbird_setup_key.cloud_init_key.key,
default_ssh_key = var.default_ssh_key.public_key
hostname = each.value.hostname
})
placement_group_id = hcloud_placement_group.default.id
public_net {
ipv4 = hcloud_primary_ip.node_ipv4_addresses[each.key].id
ipv6 = hcloud_primary_ip.node_ipv6_addresses[each.key].id
}
lifecycle {
ignore_changes = [
ssh_keys,
user_data
]
prevent_destroy = true
}
}
resource "hcloud_rdns" "nodes_rdns_ipv4" {
for_each = local.hetzner_hosts
server_id = hcloud_server.nodes[each.key].id
ip_address = hcloud_server.nodes[each.key].ipv4_address
dns_ptr = each.value.rdns
}
resource "hcloud_rdns" "nodes_rdns_ipv6" {
for_each = local.hetzner_hosts
server_id = hcloud_server.nodes[each.key].id
ip_address = hcloud_server.nodes[each.key].ipv6_address
dns_ptr = each.value.rdns
}
locals {
default_firewall_source_ips = [ "0.0.0.0/0", "::/0" ]
}
# Create firewalls
resource "hcloud_firewall" "nodes_services" {
for_each = local.hetzner_hosts
name = each.key
apply_to {
server = hcloud_server.nodes[each.key].id
}
rule {
description = "ICMP"
direction = "in"
protocol = "icmp"
source_ips = local.default_firewall_source_ips
}
dynamic "rule" {
for_each = flatten([ for k, v in var.services : v.ports if (v.ports != null && (v.host == each.key || v.host == "*")) ])
content {
description = rule.value.description
direction = "in"
protocol = rule.value.protocol
port = rule.value.port
source_ips = local.default_firewall_source_ips
}
}
}
#########################
### Storage Box Setup ###
#########################
resource "random_password" "hcloud_storage_box_password" {
length = 32
override_special = "-_+="
min_lower = 4
min_numeric = 4
min_special = 4
min_upper = 4
}
resource "hcloud_storage_box" "box01" {
name = "box01"
storage_box_type = "bx11"
location = "fsn1"
password = random_password.hcloud_storage_box_password.result
access_settings = {
reachable_externally = true
samba_enabled = false
ssh_enabled = false
webdav_enabled = false
zfs_enabled = true
}
delete_protection = true
}
resource "random_password" "hcloud_storage_box_sub_passwords" {
for_each = local.services_storage_box
length = 32
override_special = "-_+"
min_lower = 4
min_numeric = 4
min_special = 4
min_upper = 4
}
resource "hcloud_storage_box_subaccount" "service_accounts" {
for_each = local.services_storage_box
storage_box_id = hcloud_storage_box.box01.id
home_directory = "${each.key}/"
password = random_password.hcloud_storage_box_sub_passwords[each.key].result
access_settings = {
reachable_externally = true
webdav_enabled = true
}
description = each.key
}
Reference in a new issue View git blame Copy permalink