Compare commits
1 Commits
Author | SHA1 | Date |
---|---|---|
Kiara Grouwstra | b0a9d4866a |
223
config.nix
223
config.nix
|
@ -23,12 +23,73 @@ let
|
|||
# "foo" -> "\${data.sops_file.secrets.data[\"foo\"]}"
|
||||
secret = str: lib.tfRef "data.sops_file.secrets.data[\"${str}\"]";
|
||||
|
||||
environment = lib.tfRef "var.environment";
|
||||
|
||||
hetzner = let
|
||||
|
||||
# https://docs.hetzner.com/cloud/api/getting-started/generating-api-token
|
||||
token = secret "hcloud_api_token";
|
||||
|
||||
in { inherit token; };
|
||||
# hetzner cloud zones, as attrset cuz less fragile than strings
|
||||
# { eu-central = "eu-central"; ... }
|
||||
zones = lib.listToAttrs (lib.lists.map (k: { name = k; value = k; })) [
|
||||
"eu-central"
|
||||
"us-east"
|
||||
"us-west"
|
||||
];
|
||||
|
||||
# https://docs.hetzner.com/cloud/general/locations/
|
||||
# { nbg1 = "eu-central"; ... }
|
||||
locationZone = with zones; {
|
||||
fsn1 = eu-central; # DE Falkenstein
|
||||
nbg1 = eu-central; # DE Nuremberg
|
||||
hel1 = eu-central; # FI Helsinki
|
||||
ash = us-east; # US Ashburn, VA
|
||||
hil = us-west; # US Hillsboro, OR
|
||||
};
|
||||
|
||||
# https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs#delete-protection
|
||||
# The Hetzner Cloud API allows to protect resources from deletion by putting a "lock" on them.
|
||||
# This can also be configured through OpenTofu through the `delete_protection` argument on resources that support it.
|
||||
# Please note, that this does not protect deletion from OpenTofu itself,
|
||||
# as the Provider will lift the lock in that case.
|
||||
# If you also want to protect your resources from deletion by OpenTofu,
|
||||
# you can use the [`prevent_destroy` lifecycle attribute](https://opentofu.org/docs/language/meta-arguments/lifecycle#syntax-and-arguments).
|
||||
delete_protection = true;
|
||||
|
||||
# Whether auto delete is enabled.
|
||||
# `Important note:` It is recommended to set `auto_delete` to `false`,
|
||||
# because if a server assigned to a managed ip is getting deleted,
|
||||
# it will also delete the primary IP which will break the TF state.
|
||||
auto_delete = false;
|
||||
|
||||
# https://docs.hetzner.com/cloud/servers/overview/#pricing
|
||||
# cheapest shared-vcpu arm type
|
||||
serverType = "cax11";
|
||||
|
||||
# https://docs.hetzner.com/cloud/general/locations/
|
||||
location = lib.tfRef "var.hcloud_location";
|
||||
network_zone = locationZone.${location};
|
||||
|
||||
labels = {
|
||||
inherit environment;
|
||||
};
|
||||
|
||||
in { inherit token delete_protection auto_delete location network_zone serverType labels; };
|
||||
|
||||
backend = {
|
||||
|
||||
local = {};
|
||||
|
||||
# cloud = {
|
||||
# hostname = "app.terraform.io";
|
||||
# organization = "bij1";
|
||||
# workspaces = {
|
||||
# name = "hcloud";
|
||||
# };
|
||||
# };
|
||||
|
||||
};
|
||||
|
||||
in rec {
|
||||
|
||||
|
@ -63,14 +124,139 @@ in rec {
|
|||
|
||||
ssh_key = setNames (lib.mapAttrs (_: v: { public_key = v; }) my-lib.ssh-keys);
|
||||
|
||||
});
|
||||
# network = setNames {
|
||||
|
||||
# production-net = {
|
||||
# ip_range = "10.0.0.0/24";
|
||||
# };
|
||||
|
||||
# };
|
||||
|
||||
# network_route = {
|
||||
|
||||
# production-route = {
|
||||
# network_id = lib.tfRef "hcloud_network.production-net.id";
|
||||
# destination = "10.100.1.0/24";
|
||||
# gateway = "10.0.1.1";
|
||||
# };
|
||||
|
||||
# };
|
||||
|
||||
# network_subnet = mapVals (default { inherit (hetzner) network_zone; }) {
|
||||
|
||||
# production-subnet = {
|
||||
# network_id = lib.tfRef "hcloud_network.production-net.id";
|
||||
# type = "cloud";
|
||||
# ip_range = "10.0.1.0/24";
|
||||
# };
|
||||
|
||||
# };
|
||||
|
||||
# placement_group = setNames (mapVals (default { type = "spread"; }) {
|
||||
|
||||
# production-dbs = {
|
||||
# labels = {
|
||||
# environment = "production";
|
||||
# };
|
||||
# };
|
||||
|
||||
# });
|
||||
|
||||
# firewall = setNames {
|
||||
|
||||
# production-firewall = {
|
||||
|
||||
# rule = {
|
||||
# # direction = "in";
|
||||
# # protocol = "icmp";
|
||||
# # source_ips = [
|
||||
# # "0.0.0.0/0"
|
||||
# # "::/0"
|
||||
# # ];
|
||||
# };
|
||||
|
||||
# rule = {
|
||||
# # direction = "in";
|
||||
# # protocol = "tcp";
|
||||
# # port = "80-85";
|
||||
# # source_ips = [
|
||||
# # "0.0.0.0/0"
|
||||
# # "::/0"
|
||||
# # ];
|
||||
# };
|
||||
|
||||
# };
|
||||
|
||||
# };
|
||||
|
||||
# managed_certificate = setNames (mapVals (default { inherit (hetzner) labels; }) {
|
||||
|
||||
# production-cert-wordpress-main = {
|
||||
# domain_names = ["*.bij1.org" "bij1.org"];
|
||||
# };
|
||||
|
||||
# });
|
||||
|
||||
# primary_ip = setNames (mapVals (default { inherit (hetzner) delete_protection auto_delete labels; }) {
|
||||
|
||||
# production-ip-nextcloud = {
|
||||
# datacenter = "nbg1-dc6"; # https://docs.hetzner.com/general/others/data-centers-and-connection/
|
||||
# type = "ipv6";
|
||||
# assignee_type = "server";
|
||||
# };
|
||||
|
||||
# });
|
||||
|
||||
# floating_ip = setNames (mapVals (default { home_location = hetzner.location; }) {
|
||||
|
||||
# production-ip-nextcloud = {
|
||||
# type = "ipv6";
|
||||
# };
|
||||
|
||||
# });
|
||||
|
||||
}) // {
|
||||
|
||||
local_file.test_import = {
|
||||
filename = "test_import.txt";
|
||||
content = config.sops.secrets.tf_cloud_token.path;
|
||||
# content = "lol";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
# Set the variable value in *.tfvars file
|
||||
# or using -var="hcloud_api_token=..." CLI option
|
||||
# given e.g. variable.foo, use as `lib.tfRef "var.foo"`
|
||||
variable = {
|
||||
|
||||
hcloud_api_token = {
|
||||
type = "string";
|
||||
description = "[Hetzner Cloud API Token](https://docs.hetzner.com/cloud/api/getting-started/generating-api-token)";
|
||||
default = hetzner.token;
|
||||
sensitive = true;
|
||||
};
|
||||
|
||||
environment = {
|
||||
type = "string";
|
||||
description = "the environment to deploy to, e.g. production, staging";
|
||||
default = "production";
|
||||
};
|
||||
|
||||
hcloud_location = {
|
||||
type = "string";
|
||||
description = "[Hetzner Cloud Location](https://docs.hetzner.com/cloud/general/locations/)";
|
||||
default = "nbg1";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
# !!! `provisioner` is impure
|
||||
# configure provisioning private Key to be used when running provisioning on the machines
|
||||
# `file` and `remote-exec` steps of `provisioners` automatically get the connection part setup,
|
||||
# if you configure the `provisioner.privateKeyFile` parameter.
|
||||
# provisioner.privateKeyFile = toString ./sshkey;
|
||||
|
||||
# https://github.com/terranix/terranix-hcloud/blob/main/options.md
|
||||
hcloud = {
|
||||
enable = true;
|
||||
|
@ -78,6 +264,39 @@ in rec {
|
|||
provider = { inherit (hetzner) token; };
|
||||
export.nix = "hetzner.nix";
|
||||
|
||||
# https://github.com/terranix/terranix-examples/blob/main/hcloud-nixos-server/config.nix#L18
|
||||
# https://nix-community.github.io/srvos/getting_started/
|
||||
server = setNames (mapVals (default { inherit (hetzner) location serverType; enable = true; }) {
|
||||
# ssh root@$( tofu output nixserver-server1_ipv4_address ) -i ./sshkey
|
||||
# server1 = {
|
||||
# # common options
|
||||
# backups = false; # billed +20%
|
||||
# extraConfig = {};
|
||||
# # provisioners = [];
|
||||
# # provisioners = [{"file":{"destination":"/root/.zshrc","source":"~/.zshrc"}},{"remote-exec":{"inline":["shutdown -r +1"]}}];
|
||||
|
||||
# # # container-specific config
|
||||
# # image = "ubuntu-22.04";
|
||||
# };
|
||||
});
|
||||
|
||||
nixserver = setNames (mapVals (default { inherit (hetzner) location serverType; enable = true; channel = "nixos-23.11"; }) {
|
||||
# server1 = {
|
||||
# # common options
|
||||
# backups = false; # billed +20%
|
||||
# extraConfig = {};
|
||||
# # provisioners = [];
|
||||
|
||||
# # # nix-specific config
|
||||
# # configurationFile = ./my-cfg.nix;
|
||||
# # configurationFile = pkgs.writeText "configuration.nix" ''
|
||||
# # { pkgs, lib, config, ... }:
|
||||
# # {
|
||||
# # environment.systemPackages = [ pkgs.git ];
|
||||
# # }
|
||||
# # '';
|
||||
# };
|
||||
});
|
||||
};
|
||||
|
||||
data = {
|
||||
|
|
|
@ -0,0 +1,748 @@
|
|||
{
|
||||
|
||||
# data sources
|
||||
|
||||
data."hcloud_certificate"."sample_certificate_1" = {
|
||||
name = "sample-certificate-1";
|
||||
};
|
||||
|
||||
data."hcloud_certificate"."sample_certificate_2" = {
|
||||
id = "4711";
|
||||
};
|
||||
|
||||
data."hcloud_certificates"."sample_certificate_1" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
|
||||
data."hcloud_datacenter"."ds_1" = {
|
||||
name = "fsn1-dc8";
|
||||
};
|
||||
data."hcloud_datacenter"."ds_2" = {
|
||||
id = 4;
|
||||
};
|
||||
|
||||
data."hcloud_datacenters"."ds" = {
|
||||
};
|
||||
|
||||
# https://docs.hetzner.com/cloud/servers/overview/#pricing
|
||||
resource."hcloud_server"."workers" = {
|
||||
count = 5;
|
||||
|
||||
name = "node\${count.index};";
|
||||
image = "debian-11";
|
||||
server_type = "cx31";
|
||||
datacenter = element(data.hcloud_datacenters.ds.datacenters, count.index).name;
|
||||
};
|
||||
|
||||
# https://docs.hetzner.com/cloud/firewalls/overview/#pricing
|
||||
# firewalls not charged
|
||||
data."hcloud_firewall"."sample_firewall_1" = {
|
||||
name = "sample-firewall-1";
|
||||
};
|
||||
|
||||
data."hcloud_firewall"."sample_firewall_2" = {
|
||||
id = "4711";
|
||||
};
|
||||
|
||||
data."hcloud_firewalls"."sample_firewall_1" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
|
||||
# billed monthly. same for ipv6?
|
||||
data."hcloud_floating_ip"."ip_1" = {
|
||||
ip_address = "1.2.3.4";
|
||||
};
|
||||
data."hcloud_floating_ip"."ip_2" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
resource."hcloud_floating_ip_assignment"."main" = {
|
||||
count = var.counter;
|
||||
floating_ip_id = data.hcloud_floating_ip.ip_1.id;
|
||||
server_id = hcloud_server.main.id;
|
||||
};
|
||||
|
||||
data."hcloud_floating_ips"."ip_2" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
|
||||
data."hcloud_image"."image_1" = {
|
||||
id = "1234";
|
||||
};
|
||||
data."hcloud_image"."image_2" = {
|
||||
name = "ubuntu-18.04";
|
||||
with_architecture = "x86";
|
||||
};
|
||||
data."hcloud_image"."image_3" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
|
||||
resource."hcloud_server"."main" = {
|
||||
image = data.hcloud_image.image_1.id;
|
||||
};
|
||||
|
||||
data."hcloud_images"."image_2" = {
|
||||
with_architecture = ["x86"];
|
||||
};
|
||||
|
||||
data."hcloud_images"."image_3" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
|
||||
data."hcloud_load_balancer"."lb_1" = {
|
||||
name = "my-load-balancer";
|
||||
};
|
||||
data."hcloud_load_balancer"."lb_2" = {
|
||||
id = "123";
|
||||
};
|
||||
data."hcloud_load_balancer"."lb_3" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
|
||||
data."hcloud_load_balancers"."lb_2" = {
|
||||
|
||||
};
|
||||
data."hcloud_load_balancers"."lb_3" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
|
||||
data."hcloud_location"."l_1" = {
|
||||
name = "fsn1";
|
||||
};
|
||||
data."hcloud_location"."l_2" = {
|
||||
id = 1;
|
||||
};
|
||||
|
||||
data."hcloud_locations"."ds" = {
|
||||
};
|
||||
|
||||
resource."hcloud_server"."workers" = {
|
||||
count = 5;
|
||||
|
||||
name = "node\${count.index};";
|
||||
image = "debian-11";
|
||||
server_type = "cx31";
|
||||
location = element(data.hcloud_locations.ds.locations, count.index).name;
|
||||
};
|
||||
|
||||
# https://docs.hetzner.com/cloud/networks/overview/#pricing
|
||||
# we do not charge for cloud networks
|
||||
data."hcloud_network"."network_1" = {
|
||||
id = "1234";
|
||||
};
|
||||
data."hcloud_network"."network_2" = {
|
||||
name = "my-network";
|
||||
};
|
||||
data."hcloud_network"."network_3" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
|
||||
data."hcloud_network"."network_2" = {
|
||||
|
||||
};
|
||||
data."hcloud_network"."network_3" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
|
||||
# https://docs.hetzner.com/cloud/placement-groups/overview/#pricing
|
||||
# placement groups not billed
|
||||
data."hcloud_placement_group"."sample_placement_group_1" = {
|
||||
name = "sample-placement-group-1";
|
||||
};
|
||||
|
||||
data."hcloud_placement_group"."sample_placement_group_2" = {
|
||||
id = "4711";
|
||||
};
|
||||
|
||||
data."hcloud_placement_groups"."sample_placement_group_1" = {
|
||||
|
||||
};
|
||||
|
||||
data."hcloud_placement_groups"."sample_placement_group_2" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
|
||||
# primary_ip v4 billed
|
||||
data."hcloud_primary_ip"."ip_1" = {
|
||||
ip_address = "1.2.3.4";
|
||||
};
|
||||
data."hcloud_primary_ip"."ip_2" = {
|
||||
name = "primary_ip_1";
|
||||
};
|
||||
data."hcloud_primary_ip"."ip_3" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
|
||||
# Link a server to an existing primary IP
|
||||
resource."hcloud_server"."server_test" = {
|
||||
name = "test-server";
|
||||
image = "ubuntu-20.04";
|
||||
server_type = "cx11";
|
||||
datacenter = "fsn1-dc14";
|
||||
labels = {
|
||||
"test" : "tessst1"
|
||||
};
|
||||
public_net = {
|
||||
ipv4 = hcloud_primary_ip.ip_1.id;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
data."hcloud_primary_ips"."ip_2" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
|
||||
# data."hcloud_server"."s_1" = {
|
||||
# name = "my-server";
|
||||
# };
|
||||
# data."hcloud_server"."s_2" = {
|
||||
# id = "123";
|
||||
# };
|
||||
# data."hcloud_server"."s_3" = {
|
||||
# with_selector = "key=value";
|
||||
# };
|
||||
|
||||
data."hcloud_server_type"."ds_1" = {
|
||||
name = "cx11";
|
||||
};
|
||||
data."hcloud_server_type"."ds_2" = {
|
||||
id = 1;
|
||||
};
|
||||
|
||||
data."hcloud_server_types"."ds" = {
|
||||
};
|
||||
|
||||
resource."hcloud_server"."workers" = {
|
||||
count = 3;
|
||||
|
||||
name = "node1";
|
||||
image = "debian-11";
|
||||
server_type = element(data.hcloud_server_types.ds.names, count.index);
|
||||
};
|
||||
|
||||
data."hcloud_servers"."s_3" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
|
||||
data."hcloud_ssh_key"."ssh_key_1" = {
|
||||
id = "1234";
|
||||
};
|
||||
data."hcloud_ssh_key"."ssh_key_2" = {
|
||||
name = "my-ssh-key";
|
||||
};
|
||||
data."hcloud_ssh_key"."ssh_key_3" = {
|
||||
fingerprint = "43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8";
|
||||
};
|
||||
data."hcloud_ssh_key"."ssh_key_4" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
resource."hcloud_server"."main" = {
|
||||
ssh_keys = [data.hcloud_ssh_key.ssh_key_1.id,data.hcloud_ssh_key.ssh_key_2.id,data.hcloud_ssh_key.ssh_key_3.id];
|
||||
};
|
||||
|
||||
data."hcloud_ssh_keys"."all_keys" = {
|
||||
};
|
||||
data."hcloud_ssh_keys"."keys_by_selector" = {
|
||||
with_selector = "foo=bar";
|
||||
};
|
||||
resource."hcloud_server"."main" = {
|
||||
ssh_keys = data.hcloud_ssh_keys.all_keys.ssh_keys.*.name;
|
||||
};
|
||||
|
||||
data."hcloud_volume"."volume_1" = {
|
||||
id = "1234";
|
||||
};
|
||||
data."hcloud_volume"."volume_2" = {
|
||||
name = "my-volume";
|
||||
};
|
||||
data."hcloud_volume"."volume_3" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
|
||||
data."hcloud_volumes"."volume_" = {
|
||||
|
||||
};
|
||||
data."hcloud_volumes"."volume_3" = {
|
||||
with_selector = "key=value";
|
||||
};
|
||||
|
||||
# resources
|
||||
|
||||
resource."hcloud_server"."node1" = {
|
||||
name = "node1";
|
||||
image = "debian-11";
|
||||
server_type = "cx11";
|
||||
|
||||
firewall_ids = [hcloud_firewall.myfirewall.id];
|
||||
# or:
|
||||
labels = {
|
||||
firewall-attachment = "test-server";
|
||||
};
|
||||
};
|
||||
|
||||
resource."hcloud_firewall"."myfirewall" = {
|
||||
name = "my-firewall";
|
||||
rule = {
|
||||
direction = "in";
|
||||
protocol = "icmp";
|
||||
source_ips = [
|
||||
"0.0.0.0/0"
|
||||
"::/0"
|
||||
];
|
||||
};
|
||||
|
||||
rule = {
|
||||
direction = "in";
|
||||
protocol = "tcp";
|
||||
port = "80-85";
|
||||
source_ips = [
|
||||
"0.0.0.0/0"
|
||||
"::/0"
|
||||
];
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
resource."hcloud_firewall"."deny_all" = {
|
||||
name = "deny_all";
|
||||
};
|
||||
|
||||
# # Attaches resource to a Hetzner Cloud Firewall; one per firewall
|
||||
# # not attached before boot without more workarounds
|
||||
# resource "hcloud_firewall_attachment"."fw_ref" = {
|
||||
# firewall_id = hcloud_firewall.basic_firewall.id;
|
||||
|
||||
# server_ids = [hcloud_server.test_server.id];
|
||||
# # or:
|
||||
# label_selectors = ["firewall-attachment=test-server"];
|
||||
# };
|
||||
|
||||
# resource."hcloud_server"."node1" = {
|
||||
# name = "node1";
|
||||
# image = "debian-11";
|
||||
# server_type = "cx11";
|
||||
# };
|
||||
|
||||
resource."hcloud_floating_ip"."master" = {
|
||||
type = "ipv4";
|
||||
server_id = hcloud_server.node1.id;
|
||||
};
|
||||
|
||||
resource."hcloud_floating_ip_assignment"."main" = {
|
||||
floating_ip_id = hcloud_floating_ip.master.id;
|
||||
server_id = hcloud_server.node1.id;
|
||||
};
|
||||
|
||||
resource."hcloud_server"."node1" = {
|
||||
name = "node1";
|
||||
image = "debian-11";
|
||||
server_type = "cx11";
|
||||
datacenter = "fsn1-dc8";
|
||||
};
|
||||
|
||||
resource."hcloud_floating_ip"."master" = {
|
||||
type = "ipv4";
|
||||
home_location = "nbg1";
|
||||
};
|
||||
|
||||
resource."hcloud_server"."myserver" = {
|
||||
name = "server-%d";
|
||||
server_type = "cx11";
|
||||
image = "ubuntu-18.04";
|
||||
};
|
||||
|
||||
resource."hcloud_load_balancer"."load_balancer" = {
|
||||
name = "my-load-balancer";
|
||||
load_balancer_type = "lb11"; # https://docs.hetzner.com/cloud/load-balancers/overview#pricing
|
||||
location = "nbg1";
|
||||
target = {
|
||||
type = "server";
|
||||
server_id = hcloud_server.myserver.id;
|
||||
};
|
||||
};
|
||||
|
||||
resource."hcloud_load_balancer"."lb1" = {
|
||||
name = "lb1";
|
||||
load_balancer_type = "lb11";
|
||||
network_zone = "eu-central";
|
||||
};
|
||||
|
||||
resource."hcloud_network"."mynet" = {
|
||||
name = "my-net";
|
||||
ip_range = "10.0.0.0/8";
|
||||
};
|
||||
|
||||
# https://docs.hetzner.com/cloud/networks/overview/#pricing
|
||||
# we do not charge for cloud networks
|
||||
resource."hcloud_network_subnet"."foonet" = {
|
||||
network_id = hcloud_network.mynet.id;
|
||||
type = "cloud";
|
||||
network_zone = "eu-central";
|
||||
ip_range = "10.0.1.0/24";
|
||||
};
|
||||
|
||||
resource."hcloud_load_balancer_network"."srvnetwork" = {
|
||||
load_balancer_id = hcloud_load_balancer.lb1.id;
|
||||
network_id = hcloud_network.mynet.id;
|
||||
ip = "10.0.1.5";
|
||||
};
|
||||
|
||||
resource."hcloud_load_balancer"."load_balancer" = {
|
||||
name = "my-load-balancer";
|
||||
load_balancer_type = "lb11";
|
||||
location = "nbg1";
|
||||
};
|
||||
|
||||
resource."hcloud_load_balancer_service"."load_balancer_service" = {
|
||||
load_balancer_id = hcloud_load_balancer.load_balancer.id;
|
||||
protocol = "http";
|
||||
|
||||
http = {
|
||||
sticky_sessions = true;
|
||||
cookie_name = "EXAMPLE_STICKY";
|
||||
};
|
||||
|
||||
health_check = {
|
||||
protocol = "http";
|
||||
port = 80;
|
||||
interval = 10;
|
||||
timeout = 5;
|
||||
|
||||
http = {
|
||||
domain = "example.com";
|
||||
path = "/healthz";
|
||||
response = "OK";
|
||||
tls = true;
|
||||
status_codes = ["200"];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
resource."hcloud_server"."my_server" = {
|
||||
name = "my-server";
|
||||
server_type = "cx11";
|
||||
image = "ubuntu-18.04";
|
||||
};
|
||||
|
||||
resource."hcloud_load_balancer"."load_balancer" = {
|
||||
name = "my-load-balancer";
|
||||
load_balancer_type = "lb11";
|
||||
location = "nbg1";
|
||||
};
|
||||
|
||||
resource."hcloud_load_balancer_target"."load_balancer_target" = {
|
||||
type = "server";
|
||||
load_balancer_id = hcloud_load_balancer.load_balancer.id;
|
||||
server_id = hcloud_server.my_server.id;
|
||||
};
|
||||
|
||||
resource."hcloud_managed_certificate"."managed_cert" = {
|
||||
name = "managed_cert";
|
||||
domain_names = ["*.example.com" "example.com"];
|
||||
labels = {
|
||||
label_1 = "value_1";
|
||||
label_2 = "value_2";
|
||||
# ...
|
||||
};
|
||||
};
|
||||
|
||||
resource."hcloud_network"."privNet" = {
|
||||
name = "my-net";
|
||||
ip_range = "10.0.1.0/24";
|
||||
};
|
||||
|
||||
resource."hcloud_network"."mynet" = {
|
||||
name = "my-net";
|
||||
ip_range = "10.0.0.0/8";
|
||||
};
|
||||
|
||||
# https://docs.hetzner.com/cloud/networks/overview/#pricing
|
||||
# we do not charge for cloud networks
|
||||
resource."hcloud_network_route"."privNet" = {
|
||||
network_id = hcloud_network.mynet.id;
|
||||
destination = "10.100.1.0/24";
|
||||
gateway = "10.0.1.1";
|
||||
};
|
||||
|
||||
resource."hcloud_network"."mynet" = {
|
||||
name = "my-net";
|
||||
ip_range = "10.0.0.0/8";
|
||||
};
|
||||
resource."hcloud_network_subnet"."foonet" = {
|
||||
network_id = hcloud_network.mynet.id;
|
||||
type = "cloud";
|
||||
network_zone = "eu-central";
|
||||
ip_range = "10.0.1.0/24";
|
||||
};
|
||||
|
||||
resource."hcloud_placement_group"."my-placement-group" = {
|
||||
name = "my-placement-group";
|
||||
type = "spread";
|
||||
labels = {
|
||||
key = "value";
|
||||
};
|
||||
};
|
||||
|
||||
resource."hcloud_server"."node1" = {
|
||||
name = "node1";
|
||||
image = "debian-11";
|
||||
server_type = "cx11";
|
||||
placement_group_id = hcloud_placement_group.my-placement-group.id;
|
||||
};
|
||||
|
||||
resource."hcloud_primary_ip"."main" = {
|
||||
name = "primary_ip_test";
|
||||
datacenter = "fsn1-dc14";
|
||||
type = "ipv4";
|
||||
assignee_type = "server";
|
||||
auto_delete = true;
|
||||
labels = {
|
||||
"hallo" = "welt";
|
||||
};
|
||||
};
|
||||
# Link a server to a primary IP
|
||||
resource."hcloud_server"."server_test" = {
|
||||
name = "test-server";
|
||||
image = "ubuntu-20.04";
|
||||
server_type = "cx11";
|
||||
datacenter = "fsn1-dc14";
|
||||
labels = {
|
||||
"test" : "tessst1"
|
||||
};
|
||||
public_net = {
|
||||
ipv4 = hcloud_primary_ip.main.id;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
resource."hcloud_server"."node1" = {
|
||||
name = "node1";
|
||||
image = "debian-11";
|
||||
server_type = "cx11";
|
||||
};
|
||||
|
||||
resource."hcloud_rdns"."master" = {
|
||||
server_id = hcloud_server.node1.id;
|
||||
ip_address = hcloud_server.node1.ipv4_address;
|
||||
dns_ptr = "example.com";
|
||||
};
|
||||
|
||||
resource."hcloud_server"."node1" = {
|
||||
name = "node1";
|
||||
image = "debian-11";
|
||||
server_type = "cx11";
|
||||
};
|
||||
resource."hcloud_network"."mynet" = {
|
||||
name = "my-net";
|
||||
ip_range = "10.0.0.0/8";
|
||||
};
|
||||
resource."hcloud_network_subnet"."foonet" = {
|
||||
network_id = hcloud_network.mynet.id;
|
||||
type = "cloud";
|
||||
network_zone = "eu-central";
|
||||
ip_range = "10.0.1.0/24";
|
||||
};
|
||||
|
||||
resource."hcloud_server_network"."srvnetwork" = {
|
||||
server_id = hcloud_server.node1.id;
|
||||
network_id = hcloud_network.mynet.id;
|
||||
ip = "10.0.1.5";
|
||||
};
|
||||
|
||||
resource."hcloud_server"."node1" = {
|
||||
name = "node1";
|
||||
image = "debian-11";
|
||||
server_type = "cx11";
|
||||
};
|
||||
|
||||
# billed per gigabyte per month
|
||||
resource."hcloud_snapshot"."my-snapshot" = {
|
||||
server_id = hcloud_server.node1.id;
|
||||
};
|
||||
|
||||
# Create a new SSH key
|
||||
resource."hcloud_ssh_key"."default" = {
|
||||
name = "Terraform Example";
|
||||
public_key = file("~/.ssh/id_rsa.pub");
|
||||
};
|
||||
|
||||
resource."hcloud_uploaded_certificate"."sample_certificate" = {
|
||||
name = "test-certificate-%d";
|
||||
|
||||
private_key =<<-EOT
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpQIBAAKCAQEAorPccsHibgGLJIub5Sb1yvDvARifoKzg7MIhyAYLnJkGn9B1
|
||||
...
|
||||
AHcjLFCNvobInLHTTmCoAxYBmEv2eakas0+n4g/LM2Ukaw1Bz+3VrVo=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
EOT
|
||||
|
||||
certificate =<<-EOT
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDMDCCAhigAwIBAgIIJgROscP8RRUwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
...
|
||||
TKS8gQ==
|
||||
-----END CERTIFICATE-----
|
||||
EOT
|
||||
|
||||
labels = {
|
||||
label_1 = "value_1";
|
||||
label_2 = "value_2";
|
||||
...
|
||||
};
|
||||
};
|
||||
|
||||
resource."hcloud_server"."node1" = {
|
||||
name = "node1";
|
||||
image = "debian-11";
|
||||
server_type = "cx11";
|
||||
};
|
||||
|
||||
# https://docs.hetzner.com/cloud/volumes/overview/#pricing
|
||||
resource."hcloud_volume"."master" = {
|
||||
name = "volume1";
|
||||
size = 50;
|
||||
server_id = hcloud_server.node1.id;
|
||||
automount = true;
|
||||
format = "ext4";
|
||||
};
|
||||
|
||||
resource."hcloud_volume_attachment"."main" = {
|
||||
volume_id = hcloud_volume.master.id;
|
||||
server_id = hcloud_server.node1.id;
|
||||
automount = true;
|
||||
};
|
||||
|
||||
resource."hcloud_server"."node1" = {
|
||||
name = "node1";
|
||||
image = "debian-11";
|
||||
server_type = "cx11";
|
||||
datacenter = "nbg1-dc6";
|
||||
};
|
||||
|
||||
resource."hcloud_volume"."master" = {
|
||||
location = "nbg1";
|
||||
size = 10;
|
||||
};
|
||||
|
||||
# Create a new server running debian
|
||||
resource."hcloud_server"."node1" = {
|
||||
name = "node1";
|
||||
image = "debian-11";
|
||||
server_type = "cx11";
|
||||
public_net = {
|
||||
ipv4_enabled = true;
|
||||
ipv6_enabled = true;
|
||||
};
|
||||
};
|
||||
|
||||
### Server creation with one linked primary ip (ipv4)
|
||||
resource."hcloud_primary_ip"."primary_ip_1" = {
|
||||
name = "primary_ip_test";
|
||||
datacenter = "fsn1-dc14";
|
||||
type = "ipv4";
|
||||
assignee_type = "server";
|
||||
auto_delete = true;
|
||||
labels = {
|
||||
"hallo" : "welt"
|
||||
};
|
||||
};
|
||||
|
||||
resource."hcloud_server"."server_test" = {
|
||||
name = "test-server";
|
||||
image = "ubuntu-20.04";
|
||||
server_type = "cx11";
|
||||
datacenter = "fsn1-dc14";
|
||||
labels = {
|
||||
"test" : "tessst1"
|
||||
};
|
||||
public_net = {
|
||||
ipv4_enabled = true;
|
||||
ipv4 = hcloud_primary_ip.primary_ip_1.id;
|
||||
ipv6_enabled = false;
|
||||
};
|
||||
};
|
||||
|
||||
resource."hcloud_network"."network" = {
|
||||
name = "network";
|
||||
ip_range = "10.0.0.0/16";
|
||||
};
|
||||
|
||||
resource."hcloud_network_subnet"."network-subnet" = {
|
||||
type = "cloud";
|
||||
network_id = hcloud_network.network.id;
|
||||
network_zone = "eu-central";
|
||||
ip_range = "10.0.1.0/24";
|
||||
};
|
||||
|
||||
resource."hcloud_server"."server" = {
|
||||
name = "server";
|
||||
server_type = "cx11";
|
||||
image = "ubuntu-20.04";
|
||||
location = "nbg1";
|
||||
|
||||
network = {
|
||||
network_id = hcloud_network.network.id;
|
||||
ip = "10.0.1.5";
|
||||
alias_ips = [
|
||||
"10.0.1.6"
|
||||
"10.0.1.7"
|
||||
];
|
||||
};
|
||||
|
||||
# **Note**: the depends_on is important when directly attaching the
|
||||
# server to a network. Otherwise Terraform will attempt to create
|
||||
# server and sub-network in parallel. This may result in the server
|
||||
# creation failing randomly.
|
||||
depends_on = [
|
||||
hcloud_network_subnet.network-subnet
|
||||
];
|
||||
};
|
||||
|
||||
# Get image infos because we need the ID
|
||||
data."hcloud_image"."packer_snapshot" = {
|
||||
with_selector = "app=foobar";
|
||||
most_recent = true;
|
||||
};
|
||||
|
||||
# Create a new server from the snapshot
|
||||
resource."hcloud_server"."from_snapshot" = {
|
||||
name = "from-snapshot";
|
||||
image = data.hcloud_image.packer_snapshot.id;
|
||||
server_type = "cx11";
|
||||
public_net = {
|
||||
ipv4_enabled = true;
|
||||
ipv6_enabled = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Assign existing ipv4 only
|
||||
resource."hcloud_server"."server_test" = {
|
||||
#...
|
||||
public_net = {
|
||||
ipv4_enabled = true;
|
||||
ipv4 = hcloud_primary_ip.primary_ip_1.id;
|
||||
ipv6_enabled = false;
|
||||
};
|
||||
#...
|
||||
};
|
||||
# Link a managed ipv4 but autogenerate ipv6
|
||||
resource."hcloud_server"."server_test" = {
|
||||
#...
|
||||
public_net = {
|
||||
ipv4_enabled = true;
|
||||
ipv4 = hcloud_primary_ip.primary_ip_1.id;
|
||||
ipv6_enabled = true;
|
||||
};
|
||||
#...
|
||||
};
|
||||
# Assign & create auto-generated ipv4 & ipv6
|
||||
resource."hcloud_server"."server_test" = {
|
||||
#...
|
||||
public_net = {
|
||||
ipv4_enabled = true;
|
||||
ipv6_enabled = true;
|
||||
};
|
||||
#...
|
||||
};
|
||||
|
||||
}
|
|
@ -0,0 +1,19 @@
|
|||
# free
|
||||
|
||||
## ip
|
||||
- hcloud_primary_ip
|
||||
- hcloud_floating_ip # ipv4 billed monthly. same for ipv6?
|
||||
- hcloud_floating_ip_assignment
|
||||
|
||||
# paid
|
||||
|
||||
## hcloud_server
|
||||
## hcloud_rdns
|
||||
## vol # https://docs.hetzner.com/cloud/volumes/overview/#pricing
|
||||
- hcloud_volume
|
||||
- hcloud_volume_attachment
|
||||
## load # https://docs.hetzner.com/cloud/load-balancers/overview#pricing
|
||||
- hcloud_load_balancer
|
||||
- hcloud_load_balancer_network
|
||||
- hcloud_load_balancer_service
|
||||
- hcloud_load_balancer_target
|
Loading…
Reference in New Issue