commit 981ed41a3b0bd59eff162d452f5577be7f448ed4 Author: trivernis Date: Tue Oct 3 11:49:45 2023 +0200 Add hcloud infrastructure diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6c861ae --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +**/*.tfvars +**/.terraform/* +**/*.tfstate.* +**/*.tfstate \ No newline at end of file diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl new file mode 100644 index 0000000..ecd1f31 --- /dev/null +++ b/infra/.terraform.lock.hcl @@ -0,0 +1,23 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hetznercloud/hcloud" { + version = "1.43.0" + hashes = [ + "h1:sz3EJDy3a27acP59b5s0qUzonXTPxrPWi/LzPh7m2Do=", + "zh:0286b6af01849a2661cd6d9d54ee23a0840191681121e2fffb8ec44c96c54aae", + "zh:03b1bc5e9c30b1a0d2d5233053e129c49b84bbc9a223820a6cd70207088c2991", + "zh:0a34a2b9841551b73427ea1c9f53df2754698825b31ebdeb4d0e7923a9e4c20a", + "zh:13a1b17a4e01275e0cfcc0fc5df72a25b2cc739f4b8b0d4eac7f8b0256f974cb", + "zh:29e2d646f6b9870176c5b7f5adda98409b87129c96b37d0ed77882f1b8b083fc", + "zh:5188e8ce66d0f183c9f341ca86c1b61b58518df93592d4923d871eaab7304824", + "zh:870516460cbc7216e3f0c76df6d7ac3e06c1fb6378b8938378da8376eb371224", + "zh:8c360eb7af5bc9151d2c31042b76433bc674c219955a2f698ee52b9b3446069d", + "zh:a7b7c6779c8a49e9487cc7d6c91251e11d9d4f261c53dfa3ffaf4c85ac5d3218", + "zh:b4ce6a41ae156f57d61ea55c7634f33cb11118bdb1b5a911d91ba7246ae5c8d2", + "zh:c2273075a6e40962aa695afdbb394b5e0914356cc9aa43b6171991f2218aa21e", + "zh:eb31c3fe3224d45365b6328a902928a67eb3e0db3b1e4820b4f3f6f601409b0d", + "zh:f7db8627ab00ca5ba2696eb05c7f84a6ef3ac425c402432d0acb2b6992813515", + "zh:ff4a8ae9dd668b0b6624b476b2ee0906e125e06a526110f1de7179f3fbdf311d", + ] +} diff --git a/infra/init.tf b/infra/init.tf new file mode 100644 index 0000000..c753e02 --- /dev/null +++ b/infra/init.tf @@ -0,0 +1,163 @@ +terraform { + required_providers { + hcloud = { + source = "hetznercloud/hcloud" + } + } + required_version = ">= 0.14" +} + +variable "hcloud_token" { + sensitive = true +} + +provider "hcloud" { + token = var.hcloud_token +} + +resource "hcloud_network" "vnet" { + name = "cluster-vnet" + ip_range = "10.0.0.0/16" +} + +resource "hcloud_network_subnet" "vnet_subnet" { + network_id = hcloud_network.vnet.id + type = "cloud" + network_zone = "eu-central" + ip_range = "10.0.0.0/24" +} + +resource "hcloud_placement_group" "spread-group" { + name = "cluster-spread-group" + type = "spread" +} + +resource "hcloud_server" "control" { + name = "cluster-control" + image = "ubuntu-22.04" + location = "nbg1" + ssh_keys = ["archomen_cloud1", "deepthought_cloud1"] + server_type = "cx11" + firewall_ids = [hcloud_firewall.firewall.id] + placement_group_id = hcloud_placement_group.spread-group.id + + public_net { + ipv4_enabled = true + ipv6_enabled = true + } + network { + network_id = hcloud_network.vnet.id + ip = "10.0.0.2" + } + + depends_on = [ + hcloud_network.vnet + ] +} + +resource "hcloud_server" "worker-1" { + name = "cluster-worker-1" + image = "ubuntu-20.04" + location = "nbg1" + ssh_keys = ["archomen_cloud2", "deepthought_cloud2"] + server_type = "cx21" + firewall_ids = [hcloud_firewall.firewall.id] + placement_group_id = hcloud_placement_group.spread-group.id + + public_net { + ipv4_enabled = true + ipv6_enabled = true + } + network { + network_id = hcloud_network.vnet.id + ip = "10.0.0.3" + } + + depends_on = [ + hcloud_network.vnet + ] +} + +resource "hcloud_firewall" "firewall" { + name = "cluster-firewall" + ## Inbound rules + rule { + direction = "in" + protocol = "icmp" + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + + rule { + direction = "in" + protocol = "tcp" + port = "22" + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + + ## Outbound rules + rule { + direction = "out" + protocol = "tcp" + port = "53" + destination_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + + rule { + direction = "out" + protocol = "udp" + port = "53" + destination_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + + rule { + direction = "out" + protocol = "udp" + port = "123" + destination_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + + rule { + direction = "out" + protocol = "tcp" + port = "80" + destination_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + + rule { + direction = "out" + protocol = "udp" + port = "443" + destination_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + + rule { + direction = "out" + protocol = "icmp" + destination_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + +}