terraform {
  required_providers {
    hcloud = {
      source = "hetznercloud/hcloud"
    }
  }
  required_version = ">= 0.14"
}

variable "hcloud_token" {
  sensitive = true
}

provider "hcloud" {
  token = var.hcloud_token
}

resource "hcloud_network" "vnet" {
  name     = "cluster-vnet"
  ip_range = "10.0.0.0/16"
}

resource "hcloud_network_subnet" "vnet_subnet" {
  network_id = hcloud_network.vnet.id
  type = "cloud"
  network_zone = "eu-central"
  ip_range = "10.0.0.0/24"
}

resource "hcloud_placement_group" "spread-group" {
  name = "cluster-spread-group"
  type = "spread"
}

resource "hcloud_server" "control" {
  name        = "cluster-control"
  image       = "ubuntu-22.04"
  location    = "nbg1"
  ssh_keys  = ["archomen_cloud1", "deepthought_cloud1"]
  server_type = "cx11"
  firewall_ids = [hcloud_firewall.firewall.id]
  placement_group_id = hcloud_placement_group.spread-group.id

  public_net {
    ipv4_enabled = true
    ipv6_enabled = true
  }
  network {
    network_id = hcloud_network.vnet.id
    ip         = "10.0.0.2"
  }

  depends_on = [
    hcloud_network.vnet    
  ]
}

resource "hcloud_server" "worker-1" {
  name        = "cluster-worker-1"
  image       = "ubuntu-20.04"
  location    = "nbg1"
  ssh_keys  = ["archomen_cloud2", "deepthought_cloud2"]
  server_type = "cx21"
  firewall_ids = [hcloud_firewall.firewall.id]
  placement_group_id = hcloud_placement_group.spread-group.id

  public_net {
    ipv4_enabled = true
    ipv6_enabled = true
  }
  network {
    network_id = hcloud_network.vnet.id
    ip         = "10.0.0.3"
  }

  depends_on = [
    hcloud_network.vnet    
  ]
}

resource "hcloud_firewall" "firewall" {
  name = "cluster-firewall"
  ## Inbound rules
  rule {
    direction = "in"
    protocol  = "icmp"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }

  rule {
    direction = "in"
    protocol  = "tcp"
    port      = "22"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }

  ## Outbound rules
  rule {
    direction = "out"
    protocol  = "tcp"
    port      = "53"
    destination_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }

  rule {
    direction = "out"
    protocol  = "udp"
    port      = "53"
    destination_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }

  rule {
    direction = "out"
    protocol  = "udp"
    port      = "123"
    destination_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }

  rule {
    direction = "out"
    protocol  = "tcp"
    port      = "80"
    destination_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }

  rule {
    direction = "out"
    protocol  = "udp"
    port      = "443"
    destination_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }

  rule {
    direction = "out"
    protocol  = "icmp"
    destination_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }

}