feat: networking

2025-12-30 12:22:41 -05:00
parent 68ecdfa766
commit 8d9d04810c
5 changed files with 90 additions and 29 deletions
--- a/terraform/compute.tf
+++ b/terraform/compute.tf
@@ -0,0 +1,22 @@
+// Add the servers to a placement group.
+resource "hcloud_placement_group" "group" {
+  name = "Cluster Group"
+  type = "spread"
+}
+
+// Secure NAT via SSH key.
+resource "hcloud_ssh_key" "main" {
+  name       = "my-ssh-key"
+  public_key = file(var.public_key_file)
+}
+
+// The Jumphost/NAT, to interact and provide internet access to the cluster.
+resource "hcloud_server" "nat" {
+  name               = "Cluster NAT"
+  image              = "debian-12"
+  server_type        = "cx23"
+  placement_group_id = hcloud_placement_group.group.id
+  ssh_keys           = [hcloud_ssh_key.main.id]
+}
+
+
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -0,0 +1,26 @@
+// Set up network for compute to live.
+resource "hcloud_network" "net" {
+  name     = "Private Network"
+  ip_range = local.net-cidr
+}
+
+// Attach the NAT to the network.
+resource "hcloud_server_network" "nat-to-net" {
+  server_id  = hcloud_server.nat.id
+  network_id = hcloud_network.net.id
+  ip         = local.nat-private-ip
+}
+
+// Provide internet to the private servers, by sending all internet traffic to
+// the NAT.
+resource "hcloud_network_route" "gateway" {
+  network_id  = hcloud_network.net.id
+  destination = "0.0.0.0/0"
+  gateway     = local.nat-private-ip
+}
+
+// Give the NAT a public IP.
+resource "hcloud_floating_ip" "master" {
+  type      = "ipv4"
+  server_id = hcloud_server.nat.id
+}
--- a/terraform/providers.tf
+++ b/terraform/providers.tf
@@ -1,8 +1,8 @@
 terraform {
  backend "s3" {
    skip_credentials_validation = true
-    skip_region_validation = true
-    skip_requesting_account_id = true
+    skip_region_validation      = true
+    skip_requesting_account_id  = true
  }

  required_providers {
@@ -15,4 +15,4 @@ terraform {

 provider "hcloud" {
  token = var.hcloud_token
-}
+}
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -1,4 +1,15 @@
-variable "hcloud_token" {
-  type = string
+locals {
+  net-cidr = "10.0.0.0/8"
+
+  nat-private-ip = "10.0.1.5"
+}
+
+variable "public_key_file" {
+  type      = string
  sensitive = true
-}
+}
+
+variable "hcloud_token" {
+  type      = string
+  sensitive = true
+}