Moved templates

hetzner/template/.terraform.lock.hcl

@@ -1,22 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hetznercloud/hcloud" {
-  version     = "1.26.0"
-  constraints = "~> 1.26.0"
-  hashes = [
-    "h1:2LLe4UKLS7R+t+tQL1oOFLA8c8/rs3iCfT26LyiQcsk=",
-    "zh:03d7eb722a4ee25774949baace0125392060d0369d4cb9257d7d298ab6ece3ff",
-    "zh:0fed2e63ac4cb6fe6b2a5b6891abf973cb7c1716e487fbabc09216e0ec05e866",
-    "zh:1a84c8c1c8e2d6607de5aa09aa3f9254183cde75a5acc666cca5f4b02a1d290e",
-    "zh:23ac426aa3a0001fb20045dc35569978864f139732f45ab671c64e80123c91a1",
-    "zh:23b78348b24ae3e4679bd90989c999346efd71ee228d17368d5f556f63e5fd06",
-    "zh:2503fe28ac87661af96e7755a7404307000822104ac1abc571271eee46c95ab5",
-    "zh:3fe859b2611d20ed5cd65cc2ec812acf73c7dfb39f2fee45ef99a3896c2662a8",
-    "zh:51ef869ed35d0d8aada35f587c4a64802f1140dc93c40a4e7c9800560143bb1a",
-    "zh:69b93cf4adca465b89da08e4e3b4aaf831821f1fbae68e526c0a292b3cfa463d",
-    "zh:6a4e23c6aa86e3d30240e6e4c97daef3af9ad217be2c6f35300fe1839fdbf8b2",
-    "zh:97a513459692a981a62b4a566c1d736c4a67622d2fbbee3771ec3ea8d576d484",
-    "zh:fec6c07731e23d1dd45015b44747b89c4fee58b5b2560f96d24c7da5a8ecb2ad",
-  ]
-}

hetzner/template/firewall.tf

@@ -1,41 +0,0 @@
-resource "hcloud_firewall" "firewall" {
-  name = "${var.project_name}-fw"
-  rule {
-   direction = "in"
-   protocol = "icmp"
-   source_ips = [
-      "0.0.0.0/0",
-      "::/0"
-   ]
-  }
-  # SSH
-  rule {
-   direction = "in"
-   protocol = "tcp"
-   port = 22
-   source_ips = [
-      "0.0.0.0/0",
-      "::/0"
-   ]
-  }
-  # HTTP
-  rule {
-   direction = "in"
-   protocol = "tcp"
-   port = 80
-   source_ips = [
-      "0.0.0.0/0",
-      "::/0"
-   ]
-  }
- # HTTPS
- rule {
-   direction = "in"
-   protocol = "tcp"
-   port = 443
-   source_ips = [
-      "0.0.0.0/0",
-      "::/0"
-   ]
-  }
-}

hetzner/template/network.tf

@@ -1,4 +0,0 @@
-resource "hcloud_network" "network" {
-  name     = "${var.project_name}-vnet"
-  ip_range = "10.0.0.0/16"
-}

hetzner/template/outputs.tf

@@ -1,7 +0,0 @@
-output "public_ip" {
-  value = hcloud_server.server.ipv4_address
-}
-
-output "private_ip" {
-  value = hcloud_server_network.server_network.ip
-}

hetzner/template/provider.tf

@@ -1,8 +0,0 @@
-# Set the variable value in *.tfvars file
-# or using the -var="hcloud_token=..." CLI option
-variable "hcloud_token" {}
-
-# Configure the Hetzner Cloud Provider
-provider "hcloud" {
-  token = var.hcloud_token
-}

hetzner/template/server.tf

@@ -1,13 +0,0 @@
-resource "hcloud_server" "server" {
-  name         = "${var.project_name}-vm"
-  server_type  = var.server_type
-  image        = var.image
-  location     = var.location
-  backups      = var.backups
-  firewall_ids = [hcloud_firewall.firewall.id]
-  labels       = local.labels
-
-  depends_on = [
-    hcloud_network_subnet.network-subnet
-  ]
-}

hetzner/template/server_network.tf

@@ -1,5 +0,0 @@
-resource "hcloud_server_network" "server_network" {
-  server_id = hcloud_server.server.id
-  network_id = hcloud_network.network.id
-  ip = "10.0.1.5"
-}

hetzner/template/subnet.tf

@@ -1,6 +0,0 @@
-resource "hcloud_network_subnet" "network-subnet" {
-  type         = "cloud"
-  network_id   = hcloud_network.network.id
-  network_zone = "eu-central"
-  ip_range     = "10.0.1.0/24"
-}

hetzner/template/variables.tf

@@ -1,32 +0,0 @@
-variable "project_name" {
-  type = string
-  default = "project"
-}
-
-variable "server_type" {
-  type = string
-  default = "cx11"
-}
-
-variable "image" {
-  type = string
-  default = "debian-10"
-}
-
-variable "location" {
-  type = string
-  default = "nbg1"
-}
-
-variable "backups" {
-  type = bool
-  default = true
-}
-
-locals {
-  labels = {
-    "Project"     = "${var.project_name}"
-    "Owner"   	  = "Oscar"
-    "Environment" = "Development"
-  }
-}

template/hetzner-infra/backend.tf

@@ -0,0 +1,9 @@
+terraform {
+  backend "s3" {
+    region                      = "main"
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_region_validation      = true
+    force_path_style            = true
+  }
+}

template/hetzner-infra/firewall.tf

@@ -0,0 +1,6 @@
+module "firewall" {
+  source                = "./modules/firewall"
+  firewall_name         = "fw-${var.project_name}"
+  firewall_service_type = "Basic"
+  firewall_labels       = local.common_labels
+}

template/hetzner-infra/modules/firewall/firewall.tf

@@ -0,0 +1,21 @@
+resource "hcloud_firewall" "firewall" {
+  name = var.firewall_name
+  labels = merge(
+    var.firewall_labels,
+    {
+      "Resource_Type" = "Firewall"
+      "Service_Type"  = var.firewall_service_type
+    }
+  )
+
+  dynamic "rule" {
+    for_each = local.rule_set
+    content {
+      description = rule.value["description"]
+      direction   = rule.value["direction"]
+      port        = rule.value["port"]
+      protocol    = rule.value["protocol"]
+      source_ips  = rule.value["source_ips"]
+    }
+  }
+}

template/hetzner-infra/modules/firewall/firewall_attachment.tf

@@ -0,0 +1,4 @@
+resource "hcloud_firewall_attachment" "firewall_attachment" {
+  firewall_id     = hcloud_firewall.firewall.id
+  label_selectors = ["Service_Type = ${var.firewall_service_type}"]
+}

template/hetzner-infra/modules/firewall/outputs.tf

@@ -0,0 +1,3 @@
+output "firewall_id" {
+  value = hcloud_firewall.firewall.id
+}

template/hetzner-infra/modules/firewall/variables.tf

@@ -0,0 +1,70 @@
+variable "firewall_labels" {
+  description = "Labels to be associated to resource"
+  type        = map(string)
+}
+
+variable "firewall_name" {
+  description = "Name of resource"
+  type        = string
+}
+
+variable "firewall_service_type" {
+  description = "The 'Service_Type label the firewall targets"
+  type        = string
+
+}
+
+# Define individual rules
+locals {
+  ssh_firewall_rule = {
+    description = "SSH IN"
+    direction   = "in"
+    protocol    = "tcp"
+    port        = 22
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  http_firewall_rule = {
+    description = "HTTP IN"
+    direction   = "in"
+    protocol    = "tcp"
+    port        = 80
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  https_firewall_rule = {
+    description = "HTTPS IN"
+    direction   = "in"
+    protocol    = "tcp"
+    port        = 443
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+}
+
+# Define rule groups
+locals {
+  basic_firewall_rules = [local.ssh_firewall_rule]
+  web_firewall_rules = [
+    local.basic_firewall_rules,
+    local.http_firewall_rule,
+  local.https_firewall_rule]
+}
+
+# Select rule group based on passed variable
+locals {
+  rule_set = lookup(
+    {
+      Web   = local.web_firewall_rules,
+      Basic = local.basic_firewall_rules
+    },
+    var.firewall_service_type,
+    local.basic_firewall_rules
+  )
+}

template/hetzner-infra/modules/firewall/versions.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     hcloud = {
       source  = "hetznercloud/hcloud"
-      version = "~> 1.26.0"
+      version = "~> 1.41.0"
     }
   }
-}
+}

template/hetzner-infra/modules/server/data.tf

@@ -0,0 +1,3 @@
+data "hcloud_ssh_key" "ansible_provision_key" {
+  name = "Ansible Provisioner"
+}

template/hetzner-infra/modules/server/outputs.tf

@@ -0,0 +1,15 @@
+output "server_public_ipv4" {
+  value = hcloud_server.server.ipv4_address
+}
+
+output "server_public_ipv6" {
+  value = hcloud_server.server.ipv6_address
+}
+
+output "server_private_ipv4" {
+  value = hcloud_server_network.server_network.ip
+}
+
+output "server_name" {
+  value = hcloud_server.server.name
+}

template/hetzner-infra/modules/server/primary_ip.tf

@@ -0,0 +1,23 @@
+# resource "hcloud_primary_ip" "main_ipv4" {
+#   name          = "pip-${var.server_name}-ipv4"
+#   type          = "ipv4"
+#   assignee_type = "server"
+#   auto_delete   = false
+#   assignee_id   = hcloud_server.server.id
+#   labels = merge(
+#     var.labels,
+#     { "Resource_Type" = "Primary_IP" }
+#   )
+# }
+
+# resource "hcloud_primary_ip" "main_ipv6" {
+#   name          = "pip-${var.server_name}-ipv6"
+#   type          = "ipv6"
+#   assignee_type = "server"
+#   assignee_id   = hcloud_server.server.id
+#   auto_delete   = false
+#   labels = merge(
+#     var.labels,
+#     { "Resource_Type" = "Primary_IP" }
+#   )
+# }

template/hetzner-infra/modules/server/server.tf

@@ -0,0 +1,19 @@
+resource "hcloud_server" "server" {
+  name        = "vm-${var.server_name}"
+  server_type = var.server_type
+  image       = var.server_image
+  location    = var.server_location
+  backups     = var.server_backups
+  ssh_keys    = [data.hcloud_ssh_key.ansible_provision_key.id]
+  labels = merge(
+    var.labels,
+    {
+      "Resource_Type" = "Virtual_Machine"
+      "Service_Type"  = var.service_type
+    }
+  )
+  public_net {
+    ipv4_enabled = true
+    ipv6_enabled = true
+  }
+}

template/hetzner-infra/modules/server/server_network.tf

@@ -0,0 +1,5 @@
+resource "hcloud_server_network" "server_network" {
+  server_id  = hcloud_server.server.id
+  network_id = var.server_network_id
+  ip         = var.server_private_ipv4
+}

template/hetzner-infra/modules/server/variables.tf

@@ -0,0 +1,35 @@
+variable "server_name" {
+  type = string
+}
+
+variable "server_type" {
+  type = string
+}
+
+variable "server_image" {
+  type = string
+}
+
+variable "server_location" {
+  type = string
+}
+
+variable "server_backups" {
+  type = string
+}
+
+variable "labels" {
+  type = map(string)
+}
+
+variable "server_private_ipv4" {
+  type = string
+}
+
+variable "server_network_id" {
+  type = string
+}
+
+variable "service_type" {
+  type = string
+}

template/hetzner-infra/modules/server/versions.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = "~> 1.41.0"
+    }
+  }
+}

template/hetzner-infra/network.tf

@@ -0,0 +1,15 @@
+resource "hcloud_network" "network" {
+  name     = "vnet-${var.project_name}"
+  ip_range = "10.0.0.0/16"
+  labels = merge(
+    local.common_labels,
+    { "Resource_Type" = "Virtual_Network" }
+  )
+}
+
+resource "hcloud_network_subnet" "subnet" {
+  network_id   = hcloud_network.network.id
+  type         = "cloud"
+  ip_range     = "10.0.1.0/24"
+  network_zone = "eu-central"
+}

template/hetzner-infra/outputs.tf

@@ -0,0 +1,7 @@
+output "public_ip" {
+  value = module.server.server_public_ipv4
+}
+
+output "private_ip" {
+  value = module.server.server_private_ipv4
+}

template/hetzner-infra/provider.tf

@@ -0,0 +1,3 @@
+provider "hcloud" {
+  token = var.hcloud_token
+}

template/hetzner-infra/server.tf

@@ -0,0 +1,12 @@
+module "server" {
+  source              = "./modules/server"
+  server_name         = "node-001"
+  server_type         = "cx11"
+  server_image        = "debian-12"
+  server_location     = var.location
+  server_backups      = true
+  server_private_ipv4 = "10.0.1.1"
+  server_network_id   = hcloud_network.network.id
+  service_type        = "Basic"
+  labels              = local.common_labels
+}

template/hetzner-infra/variables.tf

@@ -0,0 +1,36 @@
+variable "hcloud_token" {
+  type = string
+  sensitive = true
+}
+
+variable "environment" {
+  type = string
+}
+
+variable "project_name" {
+  type    = string
+  default = "project"
+}
+
+variable "location" {
+  type    = string
+  default = "nbg1"
+}
+
+locals {
+  environment_long = lookup(
+    {
+      dev = "Development",
+      tst = "Test",
+      prd = "Production"
+    },
+    var.environment,
+    "Development"
+  )
+
+  common_labels = {
+    "Project"     = var.project_name
+    "Owner"       = "Oscar"
+    "Environment" = local.environment_long
+  }
+}

template/hetzner-infra/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.5.2"
+  required_providers {
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = "~> 1.41.0"
+    }
+  }
+}