Add hcloud infrastructure

8 months ago · 981ed41a3b
commit 981ed41a3b
3 changed files with 190 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,4 @@
+**/*.tfvars
+**/.terraform/*
+**/*.tfstate.*
+**/*.tfstate
--- a/infra/.terraform.lock.hcl
+++ b/infra/.terraform.lock.hcl
@ -0,0 +1,23 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hetznercloud/hcloud" {
+  version = "1.43.0"
+  hashes = [
+    "h1:sz3EJDy3a27acP59b5s0qUzonXTPxrPWi/LzPh7m2Do=",
+    "zh:0286b6af01849a2661cd6d9d54ee23a0840191681121e2fffb8ec44c96c54aae",
+    "zh:03b1bc5e9c30b1a0d2d5233053e129c49b84bbc9a223820a6cd70207088c2991",
+    "zh:0a34a2b9841551b73427ea1c9f53df2754698825b31ebdeb4d0e7923a9e4c20a",
+    "zh:13a1b17a4e01275e0cfcc0fc5df72a25b2cc739f4b8b0d4eac7f8b0256f974cb",
+    "zh:29e2d646f6b9870176c5b7f5adda98409b87129c96b37d0ed77882f1b8b083fc",
+    "zh:5188e8ce66d0f183c9f341ca86c1b61b58518df93592d4923d871eaab7304824",
+    "zh:870516460cbc7216e3f0c76df6d7ac3e06c1fb6378b8938378da8376eb371224",
+    "zh:8c360eb7af5bc9151d2c31042b76433bc674c219955a2f698ee52b9b3446069d",
+    "zh:a7b7c6779c8a49e9487cc7d6c91251e11d9d4f261c53dfa3ffaf4c85ac5d3218",
+    "zh:b4ce6a41ae156f57d61ea55c7634f33cb11118bdb1b5a911d91ba7246ae5c8d2",
+    "zh:c2273075a6e40962aa695afdbb394b5e0914356cc9aa43b6171991f2218aa21e",
+    "zh:eb31c3fe3224d45365b6328a902928a67eb3e0db3b1e4820b4f3f6f601409b0d",
+    "zh:f7db8627ab00ca5ba2696eb05c7f84a6ef3ac425c402432d0acb2b6992813515",
+    "zh:ff4a8ae9dd668b0b6624b476b2ee0906e125e06a526110f1de7179f3fbdf311d",
+  ]
+}
--- a/infra/init.tf
+++ b/infra/init.tf
@ -0,0 +1,163 @@
+terraform {
+  required_providers {
+    hcloud = {
+      source = "hetznercloud/hcloud"
+    }
+  }
+  required_version = ">= 0.14"
+}
+
+variable "hcloud_token" {
+  sensitive = true
+}
+
+provider "hcloud" {
+  token = var.hcloud_token
+}
+
+resource "hcloud_network" "vnet" {
+  name     = "cluster-vnet"
+  ip_range = "10.0.0.0/16"
+}
+
+resource "hcloud_network_subnet" "vnet_subnet" {
+  network_id = hcloud_network.vnet.id
+  type = "cloud"
+  network_zone = "eu-central"
+  ip_range = "10.0.0.0/24"
+}
+
+resource "hcloud_placement_group" "spread-group" {
+  name = "cluster-spread-group"
+  type = "spread"
+}
+
+resource "hcloud_server" "control" {
+  name        = "cluster-control"
+  image       = "ubuntu-22.04"
+  location    = "nbg1"
+  ssh_keys  = ["archomen_cloud1", "deepthought_cloud1"]
+  server_type = "cx11"
+  firewall_ids = [hcloud_firewall.firewall.id]
+  placement_group_id = hcloud_placement_group.spread-group.id
+
+  public_net {
+    ipv4_enabled = true
+    ipv6_enabled = true
+  }
+  network {
+    network_id = hcloud_network.vnet.id
+    ip         = "10.0.0.2"
+  }
+
+  depends_on = [
+    hcloud_network.vnet    
+  ]
+}
+
+resource "hcloud_server" "worker-1" {
+  name        = "cluster-worker-1"
+  image       = "ubuntu-20.04"
+  location    = "nbg1"
+  ssh_keys  = ["archomen_cloud2", "deepthought_cloud2"]
+  server_type = "cx21"
+  firewall_ids = [hcloud_firewall.firewall.id]
+  placement_group_id = hcloud_placement_group.spread-group.id
+
+  public_net {
+    ipv4_enabled = true
+    ipv6_enabled = true
+  }
+  network {
+    network_id = hcloud_network.vnet.id
+    ip         = "10.0.0.3"
+  }
+
+  depends_on = [
+    hcloud_network.vnet    
+  ]
+}
+
+resource "hcloud_firewall" "firewall" {
+  name = "cluster-firewall"
+  ## Inbound rules
+  rule {
+    direction = "in"
+    protocol  = "icmp"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "22"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  ## Outbound rules
+  rule {
+    direction = "out"
+    protocol  = "tcp"
+    port      = "53"
+    destination_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    direction = "out"
+    protocol  = "udp"
+    port      = "53"
+    destination_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    direction = "out"
+    protocol  = "udp"
+    port      = "123"
+    destination_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    direction = "out"
+    protocol  = "tcp"
+    port      = "80"
+    destination_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    direction = "out"
+    protocol  = "udp"
+    port      = "443"
+    destination_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    direction = "out"
+    protocol  = "icmp"
+    destination_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+}