diff --git a/hetzner/template/.terraform.lock.hcl b/hetzner/template/.terraform.lock.hcl deleted file mode 100644 index 8162aac..0000000 --- a/hetzner/template/.terraform.lock.hcl +++ /dev/null @@ -1,22 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hetznercloud/hcloud" { - version = "1.26.0" - constraints = "~> 1.26.0" - hashes = [ - "h1:2LLe4UKLS7R+t+tQL1oOFLA8c8/rs3iCfT26LyiQcsk=", - "zh:03d7eb722a4ee25774949baace0125392060d0369d4cb9257d7d298ab6ece3ff", - "zh:0fed2e63ac4cb6fe6b2a5b6891abf973cb7c1716e487fbabc09216e0ec05e866", - "zh:1a84c8c1c8e2d6607de5aa09aa3f9254183cde75a5acc666cca5f4b02a1d290e", - "zh:23ac426aa3a0001fb20045dc35569978864f139732f45ab671c64e80123c91a1", - "zh:23b78348b24ae3e4679bd90989c999346efd71ee228d17368d5f556f63e5fd06", - "zh:2503fe28ac87661af96e7755a7404307000822104ac1abc571271eee46c95ab5", - "zh:3fe859b2611d20ed5cd65cc2ec812acf73c7dfb39f2fee45ef99a3896c2662a8", - "zh:51ef869ed35d0d8aada35f587c4a64802f1140dc93c40a4e7c9800560143bb1a", - "zh:69b93cf4adca465b89da08e4e3b4aaf831821f1fbae68e526c0a292b3cfa463d", - "zh:6a4e23c6aa86e3d30240e6e4c97daef3af9ad217be2c6f35300fe1839fdbf8b2", - "zh:97a513459692a981a62b4a566c1d736c4a67622d2fbbee3771ec3ea8d576d484", - "zh:fec6c07731e23d1dd45015b44747b89c4fee58b5b2560f96d24c7da5a8ecb2ad", - ] -} diff --git a/hetzner/template/firewall.tf b/hetzner/template/firewall.tf deleted file mode 100644 index e9dddbd..0000000 --- a/hetzner/template/firewall.tf +++ /dev/null @@ -1,41 +0,0 @@ -resource "hcloud_firewall" "firewall" { - name = "${var.project_name}-fw" - rule { - direction = "in" - protocol = "icmp" - source_ips = [ - "0.0.0.0/0", - "::/0" - ] - } - # SSH - rule { - direction = "in" - protocol = "tcp" - port = 22 - source_ips = [ - "0.0.0.0/0", - "::/0" - ] - } - # HTTP - rule { - direction = "in" - protocol = "tcp" - port = 80 - source_ips = [ - "0.0.0.0/0", - "::/0" - ] - } - # HTTPS - rule { - direction = "in" - protocol = "tcp" - port = 443 - source_ips = [ - "0.0.0.0/0", - "::/0" - ] - } -} diff --git a/hetzner/template/network.tf b/hetzner/template/network.tf deleted file mode 100644 index 400fd41..0000000 --- a/hetzner/template/network.tf +++ /dev/null @@ -1,4 +0,0 @@ -resource "hcloud_network" "network" { - name = "${var.project_name}-vnet" - ip_range = "10.0.0.0/16" -} diff --git a/hetzner/template/outputs.tf b/hetzner/template/outputs.tf deleted file mode 100644 index a471efc..0000000 --- a/hetzner/template/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "public_ip" { - value = hcloud_server.server.ipv4_address -} - -output "private_ip" { - value = hcloud_server_network.server_network.ip -} diff --git a/hetzner/template/provider.tf b/hetzner/template/provider.tf deleted file mode 100644 index a42c014..0000000 --- a/hetzner/template/provider.tf +++ /dev/null @@ -1,8 +0,0 @@ -# Set the variable value in *.tfvars file -# or using the -var="hcloud_token=..." CLI option -variable "hcloud_token" {} - -# Configure the Hetzner Cloud Provider -provider "hcloud" { - token = var.hcloud_token -} diff --git a/hetzner/template/server.tf b/hetzner/template/server.tf deleted file mode 100644 index 2bdb04a..0000000 --- a/hetzner/template/server.tf +++ /dev/null @@ -1,13 +0,0 @@ -resource "hcloud_server" "server" { - name = "${var.project_name}-vm" - server_type = var.server_type - image = var.image - location = var.location - backups = var.backups - firewall_ids = [hcloud_firewall.firewall.id] - labels = local.labels - - depends_on = [ - hcloud_network_subnet.network-subnet - ] -} diff --git a/hetzner/template/server_network.tf b/hetzner/template/server_network.tf deleted file mode 100644 index efd5a8d..0000000 --- a/hetzner/template/server_network.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "hcloud_server_network" "server_network" { - server_id = hcloud_server.server.id - network_id = hcloud_network.network.id - ip = "10.0.1.5" -} diff --git a/hetzner/template/subnet.tf b/hetzner/template/subnet.tf deleted file mode 100644 index 49dbc21..0000000 --- a/hetzner/template/subnet.tf +++ /dev/null @@ -1,6 +0,0 @@ -resource "hcloud_network_subnet" "network-subnet" { - type = "cloud" - network_id = hcloud_network.network.id - network_zone = "eu-central" - ip_range = "10.0.1.0/24" -} diff --git a/hetzner/template/variables.tf b/hetzner/template/variables.tf deleted file mode 100644 index 586c3b4..0000000 --- a/hetzner/template/variables.tf +++ /dev/null @@ -1,32 +0,0 @@ -variable "project_name" { - type = string - default = "project" -} - -variable "server_type" { - type = string - default = "cx11" -} - -variable "image" { - type = string - default = "debian-10" -} - -variable "location" { - type = string - default = "nbg1" -} - -variable "backups" { - type = bool - default = true -} - -locals { - labels = { - "Project" = "${var.project_name}" - "Owner" = "Oscar" - "Environment" = "Development" - } -} diff --git a/template/hetzner-infra/backend.tf b/template/hetzner-infra/backend.tf new file mode 100644 index 0000000..395754d --- /dev/null +++ b/template/hetzner-infra/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + region = "main" + skip_credentials_validation = true + skip_metadata_api_check = true + skip_region_validation = true + force_path_style = true + } +} \ No newline at end of file diff --git a/template/hetzner-infra/firewall.tf b/template/hetzner-infra/firewall.tf new file mode 100644 index 0000000..404cabf --- /dev/null +++ b/template/hetzner-infra/firewall.tf @@ -0,0 +1,6 @@ +module "firewall" { + source = "./modules/firewall" + firewall_name = "fw-${var.project_name}" + firewall_service_type = "Basic" + firewall_labels = local.common_labels +} \ No newline at end of file diff --git a/template/hetzner-infra/modules/firewall/firewall.tf b/template/hetzner-infra/modules/firewall/firewall.tf new file mode 100644 index 0000000..ff8094f --- /dev/null +++ b/template/hetzner-infra/modules/firewall/firewall.tf @@ -0,0 +1,21 @@ +resource "hcloud_firewall" "firewall" { + name = var.firewall_name + labels = merge( + var.firewall_labels, + { + "Resource_Type" = "Firewall" + "Service_Type" = var.firewall_service_type + } + ) + + dynamic "rule" { + for_each = local.rule_set + content { + description = rule.value["description"] + direction = rule.value["direction"] + port = rule.value["port"] + protocol = rule.value["protocol"] + source_ips = rule.value["source_ips"] + } + } +} diff --git a/template/hetzner-infra/modules/firewall/firewall_attachment.tf b/template/hetzner-infra/modules/firewall/firewall_attachment.tf new file mode 100644 index 0000000..8565cb9 --- /dev/null +++ b/template/hetzner-infra/modules/firewall/firewall_attachment.tf @@ -0,0 +1,4 @@ +resource "hcloud_firewall_attachment" "firewall_attachment" { + firewall_id = hcloud_firewall.firewall.id + label_selectors = ["Service_Type = ${var.firewall_service_type}"] +} \ No newline at end of file diff --git a/template/hetzner-infra/modules/firewall/outputs.tf b/template/hetzner-infra/modules/firewall/outputs.tf new file mode 100644 index 0000000..d5cfcef --- /dev/null +++ b/template/hetzner-infra/modules/firewall/outputs.tf @@ -0,0 +1,3 @@ +output "firewall_id" { + value = hcloud_firewall.firewall.id +} \ No newline at end of file diff --git a/template/hetzner-infra/modules/firewall/variables.tf b/template/hetzner-infra/modules/firewall/variables.tf new file mode 100644 index 0000000..bfd2a79 --- /dev/null +++ b/template/hetzner-infra/modules/firewall/variables.tf @@ -0,0 +1,70 @@ +variable "firewall_labels" { + description = "Labels to be associated to resource" + type = map(string) +} + +variable "firewall_name" { + description = "Name of resource" + type = string +} + +variable "firewall_service_type" { + description = "The 'Service_Type label the firewall targets" + type = string + +} + +# Define individual rules +locals { + ssh_firewall_rule = { + description = "SSH IN" + direction = "in" + protocol = "tcp" + port = 22 + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + http_firewall_rule = { + description = "HTTP IN" + direction = "in" + protocol = "tcp" + port = 80 + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + https_firewall_rule = { + description = "HTTPS IN" + direction = "in" + protocol = "tcp" + port = 443 + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } +} + +# Define rule groups +locals { + basic_firewall_rules = [local.ssh_firewall_rule] + web_firewall_rules = [ + local.basic_firewall_rules, + local.http_firewall_rule, + local.https_firewall_rule] +} + +# Select rule group based on passed variable +locals { + rule_set = lookup( + { + Web = local.web_firewall_rules, + Basic = local.basic_firewall_rules + }, + var.firewall_service_type, + local.basic_firewall_rules + ) +} \ No newline at end of file diff --git a/hetzner/template/main.tf b/template/hetzner-infra/modules/firewall/versions.tf similarity index 76% rename from hetzner/template/main.tf rename to template/hetzner-infra/modules/firewall/versions.tf index 739ee8c..9b89ead 100644 --- a/hetzner/template/main.tf +++ b/template/hetzner-infra/modules/firewall/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { hcloud = { source = "hetznercloud/hcloud" - version = "~> 1.26.0" + version = "~> 1.41.0" } } -} +} \ No newline at end of file diff --git a/template/hetzner-infra/modules/server/data.tf b/template/hetzner-infra/modules/server/data.tf new file mode 100644 index 0000000..f7cdf69 --- /dev/null +++ b/template/hetzner-infra/modules/server/data.tf @@ -0,0 +1,3 @@ +data "hcloud_ssh_key" "ansible_provision_key" { + name = "Ansible Provisioner" +} \ No newline at end of file diff --git a/template/hetzner-infra/modules/server/outputs.tf b/template/hetzner-infra/modules/server/outputs.tf new file mode 100644 index 0000000..ab16d49 --- /dev/null +++ b/template/hetzner-infra/modules/server/outputs.tf @@ -0,0 +1,15 @@ +output "server_public_ipv4" { + value = hcloud_server.server.ipv4_address +} + +output "server_public_ipv6" { + value = hcloud_server.server.ipv6_address +} + +output "server_private_ipv4" { + value = hcloud_server_network.server_network.ip +} + +output "server_name" { + value = hcloud_server.server.name +} \ No newline at end of file diff --git a/template/hetzner-infra/modules/server/primary_ip.tf b/template/hetzner-infra/modules/server/primary_ip.tf new file mode 100644 index 0000000..2e6351b --- /dev/null +++ b/template/hetzner-infra/modules/server/primary_ip.tf @@ -0,0 +1,23 @@ +# resource "hcloud_primary_ip" "main_ipv4" { +# name = "pip-${var.server_name}-ipv4" +# type = "ipv4" +# assignee_type = "server" +# auto_delete = false +# assignee_id = hcloud_server.server.id +# labels = merge( +# var.labels, +# { "Resource_Type" = "Primary_IP" } +# ) +# } + +# resource "hcloud_primary_ip" "main_ipv6" { +# name = "pip-${var.server_name}-ipv6" +# type = "ipv6" +# assignee_type = "server" +# assignee_id = hcloud_server.server.id +# auto_delete = false +# labels = merge( +# var.labels, +# { "Resource_Type" = "Primary_IP" } +# ) +# } \ No newline at end of file diff --git a/template/hetzner-infra/modules/server/server.tf b/template/hetzner-infra/modules/server/server.tf new file mode 100644 index 0000000..c0a3c2b --- /dev/null +++ b/template/hetzner-infra/modules/server/server.tf @@ -0,0 +1,19 @@ +resource "hcloud_server" "server" { + name = "vm-${var.server_name}" + server_type = var.server_type + image = var.server_image + location = var.server_location + backups = var.server_backups + ssh_keys = [data.hcloud_ssh_key.ansible_provision_key.id] + labels = merge( + var.labels, + { + "Resource_Type" = "Virtual_Machine" + "Service_Type" = var.service_type + } + ) + public_net { + ipv4_enabled = true + ipv6_enabled = true + } +} \ No newline at end of file diff --git a/template/hetzner-infra/modules/server/server_network.tf b/template/hetzner-infra/modules/server/server_network.tf new file mode 100644 index 0000000..3d56497 --- /dev/null +++ b/template/hetzner-infra/modules/server/server_network.tf @@ -0,0 +1,5 @@ +resource "hcloud_server_network" "server_network" { + server_id = hcloud_server.server.id + network_id = var.server_network_id + ip = var.server_private_ipv4 +} diff --git a/template/hetzner-infra/modules/server/variables.tf b/template/hetzner-infra/modules/server/variables.tf new file mode 100644 index 0000000..2094060 --- /dev/null +++ b/template/hetzner-infra/modules/server/variables.tf @@ -0,0 +1,35 @@ +variable "server_name" { + type = string +} + +variable "server_type" { + type = string +} + +variable "server_image" { + type = string +} + +variable "server_location" { + type = string +} + +variable "server_backups" { + type = string +} + +variable "labels" { + type = map(string) +} + +variable "server_private_ipv4" { + type = string +} + +variable "server_network_id" { + type = string +} + +variable "service_type" { + type = string +} \ No newline at end of file diff --git a/template/hetzner-infra/modules/server/versions.tf b/template/hetzner-infra/modules/server/versions.tf new file mode 100644 index 0000000..9b89ead --- /dev/null +++ b/template/hetzner-infra/modules/server/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + hcloud = { + source = "hetznercloud/hcloud" + version = "~> 1.41.0" + } + } +} \ No newline at end of file diff --git a/template/hetzner-infra/network.tf b/template/hetzner-infra/network.tf new file mode 100644 index 0000000..257f9a3 --- /dev/null +++ b/template/hetzner-infra/network.tf @@ -0,0 +1,15 @@ +resource "hcloud_network" "network" { + name = "vnet-${var.project_name}" + ip_range = "10.0.0.0/16" + labels = merge( + local.common_labels, + { "Resource_Type" = "Virtual_Network" } + ) +} + +resource "hcloud_network_subnet" "subnet" { + network_id = hcloud_network.network.id + type = "cloud" + ip_range = "10.0.1.0/24" + network_zone = "eu-central" +} \ No newline at end of file diff --git a/template/hetzner-infra/outputs.tf b/template/hetzner-infra/outputs.tf new file mode 100644 index 0000000..bb83a9b --- /dev/null +++ b/template/hetzner-infra/outputs.tf @@ -0,0 +1,7 @@ +output "public_ip" { + value = module.server.server_public_ipv4 +} + +output "private_ip" { + value = module.server.server_private_ipv4 +} diff --git a/template/hetzner-infra/provider.tf b/template/hetzner-infra/provider.tf new file mode 100644 index 0000000..706ed68 --- /dev/null +++ b/template/hetzner-infra/provider.tf @@ -0,0 +1,3 @@ +provider "hcloud" { + token = var.hcloud_token +} diff --git a/template/hetzner-infra/server.tf b/template/hetzner-infra/server.tf new file mode 100644 index 0000000..67be5ab --- /dev/null +++ b/template/hetzner-infra/server.tf @@ -0,0 +1,12 @@ +module "server" { + source = "./modules/server" + server_name = "node-001" + server_type = "cx11" + server_image = "debian-12" + server_location = var.location + server_backups = true + server_private_ipv4 = "10.0.1.1" + server_network_id = hcloud_network.network.id + service_type = "Basic" + labels = local.common_labels +} \ No newline at end of file diff --git a/template/hetzner-infra/variables.tf b/template/hetzner-infra/variables.tf new file mode 100644 index 0000000..98a3a7b --- /dev/null +++ b/template/hetzner-infra/variables.tf @@ -0,0 +1,36 @@ +variable "hcloud_token" { + type = string + sensitive = true +} + +variable "environment" { + type = string +} + +variable "project_name" { + type = string + default = "project" +} + +variable "location" { + type = string + default = "nbg1" +} + +locals { + environment_long = lookup( + { + dev = "Development", + tst = "Test", + prd = "Production" + }, + var.environment, + "Development" + ) + + common_labels = { + "Project" = var.project_name + "Owner" = "Oscar" + "Environment" = local.environment_long + } +} \ No newline at end of file diff --git a/template/hetzner-infra/versions.tf b/template/hetzner-infra/versions.tf new file mode 100644 index 0000000..538965d --- /dev/null +++ b/template/hetzner-infra/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.5.2" + required_providers { + hcloud = { + source = "hetznercloud/hcloud" + version = "~> 1.41.0" + } + } +} \ No newline at end of file