You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

268 lines
5.0 KiB

variable "h_network_cidr" {
default = "10.101.0.0/24"
}
variable "h_subnet_euc_cidr" {
default = "10.101.0.0/24"
}
resource "hcloud_network" "net0" {
name = "net0"
ip_range = var.h_network_cidr
}
resource "hcloud_network_subnet" "subnet0" {
network_id = hcloud_network.net0.id
type = "cloud"
network_zone = "eu-central"
ip_range = var.h_subnet_euc_cidr
}
resource "hcloud_ssh_key" "default" {
name = "mathom"
public_key = var.ssh_public_key
}
resource "hcloud_firewall" "fw0" {
name = "fw0"
rule {
direction = "in"
protocol = "tcp"
port = "22"
source_ips = [
"${local.mainframe_ip}/32",
"${local.mainframe_ip6}/128",
"${local.freespace_ip}/32",
"${local.freespace_ip6}/128",
"${local.fsn_g0_ip}/32",
#"${local.ora1_ip6}/128",
]
}
}
resource "hcloud_firewall" "fw-lb" {
name = "fw-lb"
rule {
direction = "in"
protocol = "tcp"
port = "22"
source_ips = [
"${local.mainframe_ip}/32",
"${local.mainframe_ip6}/128",
"${local.freespace_ip}/32",
"${local.freespace_ip6}/128",
"${local.fsn_g0_ip}/32",
#"${local.ora1_ip6}/128",
]
}
rule {
direction = "in"
protocol = "tcp"
port = "80"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "in"
protocol = "tcp"
port = "443"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
}
resource "hcloud_firewall" "fw-open" {
name = "fw-open"
rule {
direction = "in"
protocol = "tcp"
port = "22"
source_ips = [
"0.0.0.0/0",
]
}
}
# AUTH
resource "hcloud_server" "fra1-auth-g0" {
name = "fra1-auth-g0"
image = "ubuntu-20.04"
server_type = "cx11"
ssh_keys = [hcloud_ssh_key.default.id]
location = "fsn1"
firewall_ids = [hcloud_firewall.fw0.id]
network {
network_id = hcloud_network.net0.id
ip = "10.101.0.11"
}
depends_on = [
hcloud_network_subnet.subnet0
]
}
resource "hcloud_rdns" "fra1-auth-g0" {
server_id = hcloud_server.fra1-auth-g0.id
ip_address = hcloud_server.fra1-auth-g0.ipv4_address
dns_ptr = "fra1-auth-g0.sudo.is"
}
# resource "hcloud_server" "fra1-auth-g1" {
# name = "fra1-auth-g1"
# image = "ubuntu-20.04"
# server_type = "cx11"
# ssh_keys = [hcloud_ssh_key.default.id]
# location = "fsn1"
# firewall_ids = [hcloud_firewall.fw0.id]
# network {
# network_id = hcloud_network.net0.id
# ip = "10.101.0.12"
# }
# depends_on = [
# hcloud_network_subnet.subnet0
# ]
# }
# resource "hcloud_rdns" "fra1-auth-g1" {
# server_id = hcloud_server.fra1-auth-g1.id
# ip_address = hcloud_server.fra1-auth-g1.ipv4_address
# dns_ptr = "fra1-auth-g1.sudo.is"
# }
## WEBLATE
resource "hcloud_server" "fra3-weblate-g0" {
name = "fra3-weblate-g0"
image = "ubuntu-20.04"
server_type = "cx11"
ssh_keys = [hcloud_ssh_key.default.id]
location = "fsn1"
firewall_ids = [hcloud_firewall.fw0.id]
network {
network_id = hcloud_network.net0.id
ip = "10.101.0.3"
}
depends_on = [
hcloud_network_subnet.subnet0
]
}
resource "hcloud_rdns" "fra3-weblate-g0" {
server_id = hcloud_server.fra3-weblate-g0.id
ip_address = hcloud_server.fra3-weblate-g0.ipv4_address
dns_ptr = "fra3-weblate-g0.sudo.is"
}
# # LB
resource "hcloud_server" "fsn-lb-g0" {
name = "fsn-lb-g0"
image = "ubuntu-20.04"
server_type = "cx11"
ssh_keys = [hcloud_ssh_key.default.id]
location = "fsn1"
firewall_ids = [hcloud_firewall.fw-lb.id]
labels = {
group = "fsn-lb"
systype = "lb"
}
network {
network_id = hcloud_network.net0.id
ip = "10.101.0.4"
}
depends_on = [
hcloud_network_subnet.subnet0
]
}
resource "hcloud_rdns" "fsn-lb-g0" {
server_id = hcloud_server.fsn-lb-g0.id
ip_address = hcloud_server.fsn-lb-g0.ipv4_address
dns_ptr = "fsn-lb-g0.sudo.is"
}
resource "hcloud_server" "fsn-lb-g1" {
name = "fsn-lb-g1"
image = "ubuntu-20.04"
server_type = "cx11"
ssh_keys = [hcloud_ssh_key.default.id]
location = "fsn1"
firewall_ids = [hcloud_firewall.fw-lb.id]
labels = {
group = "fsn-lb"
systype = "lb"
}
network {
network_id = hcloud_network.net0.id
ip = "10.101.0.5"
}
depends_on = [
hcloud_network_subnet.subnet0
]
}
resource "hcloud_rdns" "fsn-lb-g1" {
server_id = hcloud_server.fsn-lb-g1.id
ip_address = hcloud_server.fsn-lb-g1.ipv4_address
dns_ptr = "fsn-lb-g1.sudo.is"
}
resource "hcloud_floating_ip" "fsn-lb" {
type = "ipv4"
name = "fsn-lb"
description = "fsn-lb.sudo.is"
home_location = "fsn1"
delete_protection = true
}
# resource "hcloud_floating_ip_assignment" "fsn-lb" {
# floating_ip_id = hcloud_floating_ip.fsn-lb.id
# server_id = hcloud_server.fsn-lb-g0.id
# }
resource "hcloud_rdns" "floating_master" {
floating_ip_id = hcloud_floating_ip.fsn-lb.id
ip_address = hcloud_floating_ip.fsn-lb.ip_address
dns_ptr = "fsn-lb.sudo.is"
}
output "fsn-lb_ip" {
value = hcloud_floating_ip.fsn-lb.ip_address
}
output "fsn-lb_id" {
value = hcloud_floating_ip.fsn-lb.id
}