Changed project structure

README.md

@@ -5,22 +5,18 @@ This repository contains all the Terraform code I use to deploy the infrastructu
 Folder structure:
 ```
 .
-├── hetzner
+├── archive
-│   ├── Projects
+├── dev
-│   │   ├── Development
-│   │   │   └── mailcow
-│   │   └── Pterodactyl
-│   │       ├── node-01
-│   │       ├── panel
-│   │       └── pterodactyl
-│   └── template
 ├── LICENSE
-└── README.md
+├── Makefile
+├── prd
+├── README.md
+└── template
 ```
 
-`./hetzner/` - projects hosted on Hetzner Cloud  
+`./archive/` - legacy projects
-`./*/Projects/` - all my projects in my production environment  
+`./dev/` - development environment
-`./*/Development/` - all my projects in my development environment  
+`./prd/` - production environment
-`./hetzner/Projects/Pterodactyl/` - a game server management panel  
+`./[env]/infra/` - non project-specific infrastructure
-`./hetzner/Development/mailcow/` - a mailserver suite
+`./[env]/projects/` - projects for each environment
 

archive/hetzner/template/backend.tf

@@ -0,0 +1,9 @@
+terraform {
+  backend "s3" {
+    region                      = "main"
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_region_validation      = true
+    force_path_style            = true
+  }
+}

archive/hetzner/template/firewall.tf

@@ -0,0 +1,6 @@
+module "firewall" {
+  source                = "./modules/firewall"
+  firewall_name         = "fw-${var.project_name}"
+  firewall_service_type = "Basic"
+  firewall_labels       = local.common_labels
+}

archive/hetzner/template/modules/firewall/firewall.tf

@@ -0,0 +1,21 @@
+resource "hcloud_firewall" "firewall" {
+  name = var.firewall_name
+  labels = merge(
+    var.firewall_labels,
+    {
+      "Resource_Type" = "Firewall"
+      "Service_Type"  = var.firewall_service_type
+    }
+  )
+
+  dynamic "rule" {
+    for_each = local.rule_set
+    content {
+      description = rule.value["description"]
+      direction   = rule.value["direction"]
+      port        = rule.value["port"]
+      protocol    = rule.value["protocol"]
+      source_ips  = rule.value["source_ips"]
+    }
+  }
+}

archive/hetzner/template/modules/firewall/firewall_attachment.tf

@@ -0,0 +1,4 @@
+resource "hcloud_firewall_attachment" "firewall_attachment" {
+  firewall_id     = hcloud_firewall.firewall.id
+  label_selectors = ["Service_Type = ${var.firewall_service_type}"]
+}

archive/hetzner/template/modules/firewall/outputs.tf

@@ -0,0 +1,3 @@
+output "firewall_id" {
+  value = hcloud_firewall.firewall.id
+}

archive/hetzner/template/modules/firewall/variables.tf

@@ -0,0 +1,70 @@
+variable "firewall_labels" {
+  description = "Labels to be associated to resource"
+  type        = map(string)
+}
+
+variable "firewall_name" {
+  description = "Name of resource"
+  type        = string
+}
+
+variable "firewall_service_type" {
+  description = "The 'Service_Type label the firewall targets"
+  type        = string
+
+}
+
+# Define individual rules
+locals {
+  ssh_firewall_rule = {
+    description = "SSH IN"
+    direction   = "in"
+    protocol    = "tcp"
+    port        = 22
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  http_firewall_rule = {
+    description = "HTTP IN"
+    direction   = "in"
+    protocol    = "tcp"
+    port        = 80
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  https_firewall_rule = {
+    description = "HTTPS IN"
+    direction   = "in"
+    protocol    = "tcp"
+    port        = 443
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+}
+
+# Define rule groups
+locals {
+  basic_firewall_rules = [local.ssh_firewall_rule]
+  web_firewall_rules = [
+    local.basic_firewall_rules,
+    local.http_firewall_rule,
+  local.https_firewall_rule]
+}
+
+# Select rule group based on passed variable
+locals {
+  rule_set = lookup(
+    {
+      Web   = local.web_firewall_rules,
+      Basic = local.basic_firewall_rules
+    },
+    var.firewall_service_type,
+    local.basic_firewall_rules
+  )
+}

archive/hetzner/template/modules/firewall/versions.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = "~> 1.41.0"
+    }
+  }
+}

archive/hetzner/template/modules/server/data.tf

@@ -0,0 +1,3 @@
+data "hcloud_ssh_key" "ansible_provision_key" {
+  name = "Ansible Provisioner"
+}

archive/hetzner/template/modules/server/outputs.tf

@@ -0,0 +1,15 @@
+output "server_public_ipv4" {
+  value = hcloud_server.server.ipv4_address
+}
+
+output "server_public_ipv6" {
+  value = hcloud_server.server.ipv6_address
+}
+
+output "server_private_ipv4" {
+  value = hcloud_server_network.server_network.ip
+}
+
+output "server_name" {
+  value = hcloud_server.server.name
+}

archive/hetzner/template/modules/server/primary_ip.tf

@@ -0,0 +1,23 @@
+# resource "hcloud_primary_ip" "main_ipv4" {
+#   name          = "pip-${var.server_name}-ipv4"
+#   type          = "ipv4"
+#   assignee_type = "server"
+#   auto_delete   = false
+#   assignee_id   = hcloud_server.server.id
+#   labels = merge(
+#     var.labels,
+#     { "Resource_Type" = "Primary_IP" }
+#   )
+# }
+
+# resource "hcloud_primary_ip" "main_ipv6" {
+#   name          = "pip-${var.server_name}-ipv6"
+#   type          = "ipv6"
+#   assignee_type = "server"
+#   assignee_id   = hcloud_server.server.id
+#   auto_delete   = false
+#   labels = merge(
+#     var.labels,
+#     { "Resource_Type" = "Primary_IP" }
+#   )
+# }

archive/hetzner/template/modules/server/server.tf

@@ -0,0 +1,19 @@
+resource "hcloud_server" "server" {
+  name        = "vm-${var.server_name}"
+  server_type = var.server_type
+  image       = var.server_image
+  location    = var.server_location
+  backups     = var.server_backups
+  ssh_keys    = [data.hcloud_ssh_key.ansible_provision_key.id]
+  labels = merge(
+    var.labels,
+    {
+      "Resource_Type" = "Virtual_Machine"
+      "Service_Type"  = var.service_type
+    }
+  )
+  public_net {
+    ipv4_enabled = true
+    ipv6_enabled = true
+  }
+}

archive/hetzner/template/modules/server/server_network.tf

@@ -0,0 +1,5 @@
+resource "hcloud_server_network" "server_network" {
+  server_id  = hcloud_server.server.id
+  network_id = var.server_network_id
+  ip         = var.server_private_ipv4
+}

archive/hetzner/template/modules/server/variables.tf

@@ -0,0 +1,35 @@
+variable "server_name" {
+  type = string
+}
+
+variable "server_type" {
+  type = string
+}
+
+variable "server_image" {
+  type = string
+}
+
+variable "server_location" {
+  type = string
+}
+
+variable "server_backups" {
+  type = string
+}
+
+variable "labels" {
+  type = map(string)
+}
+
+variable "server_private_ipv4" {
+  type = string
+}
+
+variable "server_network_id" {
+  type = string
+}
+
+variable "service_type" {
+  type = string
+}

archive/hetzner/template/modules/server/versions.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = "~> 1.41.0"
+    }
+  }
+}

archive/hetzner/template/network.tf

@@ -0,0 +1,15 @@
+resource "hcloud_network" "network" {
+  name     = "vnet-${var.project_name}"
+  ip_range = "10.0.0.0/16"
+  labels = merge(
+    local.common_labels,
+    { "Resource_Type" = "Virtual_Network" }
+  )
+}
+
+resource "hcloud_network_subnet" "subnet" {
+  network_id   = hcloud_network.network.id
+  type         = "cloud"
+  ip_range     = "10.0.1.0/24"
+  network_zone = "eu-central"
+}

archive/hetzner/template/outputs.tf

@@ -0,0 +1,7 @@
+output "public_ip" {
+  value = module.server.server_public_ipv4
+}
+
+output "private_ip" {
+  value = module.server.server_private_ipv4
+}

archive/hetzner/template/provider.tf

@@ -1,4 +1,3 @@
-# Configure the Hetzner Cloud Provider
 provider "hcloud" {
   token = var.hcloud_token
 }

archive/hetzner/template/server.tf

@@ -0,0 +1,12 @@
+module "server" {
+  source              = "./modules/server"
+  server_name         = "node-001"
+  server_type         = "cx11"
+  server_image        = "debian-12"
+  server_location     = var.location
+  server_backups      = true
+  server_private_ipv4 = "10.0.1.1"
+  server_network_id   = hcloud_network.network.id
+  service_type        = "Basic"
+  labels              = local.common_labels
+}

archive/hetzner/template/variables.tf

@@ -0,0 +1,36 @@
+variable "hcloud_token" {
+  type = string
+  sensitive = true
+}
+
+variable "environment" {
+  type = string
+}
+
+variable "project_name" {
+  type    = string
+  default = "project"
+}
+
+variable "location" {
+  type    = string
+  default = "nbg1"
+}
+
+locals {
+  environment_long = lookup(
+    {
+      dev = "Development",
+      tst = "Test",
+      prd = "Production"
+    },
+    var.environment,
+    "Development"
+  )
+
+  common_labels = {
+    "Project"     = var.project_name
+    "Owner"       = "Oscar"
+    "Environment" = local.environment_long
+  }
+}

archive/hetzner/template/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.5.2"
+  required_providers {
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = "~> 1.41.0"
+    }
+  }
+}

hetzner/Projects/Development/landing-zone/.terraform.lock.hcl

@@ -1,24 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hetznercloud/hcloud" {
-  version     = "1.36.1"
-  constraints = "~> 1.36.0"
-  hashes = [
-    "h1:xZSvxx6aUo0oZp2uqNxi/+wqnCNEBBuu8y7GeXIO9qA=",
-    "zh:16558b25c7f92f187278e94e951b0ab687882b06acff5b1387f3293f27939f8c",
-    "zh:28fc79ac2189ff0f5e6c9535ada8f57552b6e21c978b59dc78e086c27b9e4b23",
-    "zh:373907f9f7f2cefa94e2d5638bf5bef3d3b17e7655dc84dd6089346c6f4f9096",
-    "zh:394716cd877de682a0772d660f1bdb3838c5d751eca2211105d5ede248c48c39",
-    "zh:3c438c6590fcc8ac65a10039b2f5ba9ee379a734cb93a59c6cf74f385d891e87",
-    "zh:3f777a460a62fd23b283c269f1533b3887bf0c5564581e1e96cf294e077f5a8a",
-    "zh:4f62967553d7ce81ec14db7685306b625970ba6640b5764dc0137675ab97af0b",
-    "zh:56da08f8d75f596d6f9da4f0fd16bd60d1733cabcc260e885e1d7a711d6d3d8b",
-    "zh:62776c885bfa8e715dba6662f1744b5251f4cdd523dd4d1e4ccb2e25489593e9",
-    "zh:64cbb68139aa65f95ab3e654d872f9d34ef991fbf667fc30e0f29b96b5e8b4ed",
-    "zh:75a4b7a73ff0a537214d12d820438b7ae7a33d660e5d793f4ae0ebe3152bff00",
-    "zh:7b59d72538772ada7d51eaa50c905285200b1889ab29948b533412ccdf4d18de",
-    "zh:b84eeaa82bf765c6dd945ae83f1a9271fa5fad53b861b18b09cb8deda67dae13",
-    "zh:e81c3ea971e32a6ca3fdb0cd9e644614308ab2cf2a19482dd8a109d67fe3fb6f",
-  ]
-}

hetzner/Projects/Development/landing-zone/backend.tf

@@ -1,17 +0,0 @@
-terraform {
-  backend "s3" {
-    bucket   = "tf-state-oscar"
-    key      = "terraform.tfstate"
-    region   = "us-east-1"
-    endpoint = "s3.eu-central-003.backblazeb2.com"
-    access_key = "xxxx"
-    secret_key = "xxxx"
-
-    skip_requesting_account_id = true
-    skip_credentials_validation = true
-    skip_get_ec2_platforms = true
-    skip_metadata_api_check = true
-    skip_region_validation = true
-
-  }
-}

hetzner/Projects/Development/landing-zone/main.tf

@@ -1,10 +0,0 @@
-# Create a new server running debian
-resource "hcloud_server" "node1" {
-  name        = "node1"
-  image       = "debian-11"
-  server_type = "cx11"
-  public_net {
-    ipv4_enabled = true
-    ipv6_enabled = true
-  }
-}

hetzner/Projects/Development/landing-zone/variables.tf

@@ -1,5 +0,0 @@
-# Set the variable value in *.tfvars file
-# or using the -var="hcloud_token=..." CLI option
-variable "hcloud_token" {
-  sensitive = true # Requires terraform >= 0.14
-}

hetzner/Projects/Development/landing-zone/versions.tf

@@ -1,9 +0,0 @@
-terraform {
-    required_providers {
-      hcloud = {
-        source = "hetznercloud/hcloud"
-        version = "~> 1.36.0"
-      }
-    }
-    required_version = ">= 1.3.6"
-}

hetzner/Projects/Development/neko/.terraform.lock.hcl

@@ -1,24 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hetznercloud/hcloud" {
-  version     = "1.35.1"
-  constraints = "~> 1.35.1"
-  hashes = [
-    "h1:FgSVN8CkqWt+iHhTYPPVQgoltoO8FGI+quB0PZucfj4=",
-    "zh:055161a3bec0b09db32b2488ac9036e46e7867c3319af182329157a1ff72ca00",
-    "zh:08f0d5b31dfac682df21a3f193aac93522a05e83e8eca26c547d2baa2858238b",
-    "zh:16d4c4a194d056947820680a116bf23227d4ee527d33831d7a7df52c5c0c3c4b",
-    "zh:46b528a76968599e1a6c45d8264b86fe9602070a42fd2d2db32899b5161e44dc",
-    "zh:502b16a56bb6780b86913ad3f4f573ae3f29f7a3d99335d7fd120c1b607537e8",
-    "zh:5fa5114d101e9d7c1915b1f136cc2b48a83c9ace7c994545940f11ccabf1f036",
-    "zh:6ac8ff28f145ef20c595faf81ff9c478be4d469cdd5b7aeaf2feefcc80a3dd36",
-    "zh:8ced6aec0546784eea6a9e56082af3af5c9917459351ef2951a9742125d4aab9",
-    "zh:927b0c39de0b368e52c7491859948082aaa84d877f0fed7ef483892c844875bf",
-    "zh:9d9c0fb5e862e47d24cdb007afad0215ccff9da65cf8a6cfa66030e844f5403c",
-    "zh:ae5475cae11806a93bb4adb3c87007ce9c0211d16c9c7a87ae5e9d58a68fcc0b",
-    "zh:d01600e67abc7ce7c59bc8567b7a650bc5ce817723a354f401a803d421610641",
-    "zh:f3487f1c49145b560fd19c8c681cb9eaaa85fc3700ea9b675f649f5f5d8b1e3c",
-    "zh:f5257b83287156effecb0f43fe80b6cbcc02c89f35ceda1b845d4e3dcf757dca",
-  ]
-}