test: try doing the lb separately

terraform/compute.tf

@@ -51,3 +51,18 @@ resource "hcloud_server" "server" {
 
   depends_on = [hcloud_network_subnet.subnet]
 }
+
+resource "hcloud_load_balancer" "lb" {
+  name               = "lb-hetzner"
+  load_balancer_type = "lb11"
+  network_zone       = "eu-central"
+}
+
+resource "hcloud_load_balancer_target" "load_balancer_target" {
+  for_each = hcloud_server.server
+
+  type             = "server"
+  load_balancer_id = hcloud_load_balancer.lb.id
+  use_private_ip   = true
+  server_id        = each.value.id
+}

terraform/network.tf

@@ -20,8 +20,9 @@ resource "hcloud_network_route" "gateway" {
   gateway     = local.nat-private-ip
 }
 
-// A managed certificate for the domain, to be used by the load balancer.
-resource "hcloud_managed_certificate" "managed_cert" {
-  name         = "managed_cert"
-  domain_names = ["*.${local.domain}", "${local.domain}"]
+// Attach the load blaancer to the private network.
+resource "hcloud_load_balancer_network" "attachment" {
+  load_balancer_id = hcloud_load_balancer.lb.id
+  subnet_id        = hcloud_network_subnet.subnet.id
+  ip               = local.lb-private-ip
 }

terraform/routing.tf

@@ -0,0 +1,32 @@
+data "hcloud_zone" "zone" {
+  name = local.domain
+}
+
+// Attach the load balancer to the domain.
+resource "hcloud_zone_rrset" "records" {
+  for_each = toset(["@", "*"])
+  zone     = data.hcloud_zone.zone.name
+  name     = each.value
+  type     = "A"
+  ttl      = 60
+  records  = [{ value = hcloud_load_balancer.lb.ipv4 }]
+
+  change_protection = false
+}
+
+// A managed certificate for the domain, to be used by the load balancer.
+resource "hcloud_managed_certificate" "main" {
+  name         = local.certificate_name
+  domain_names = ["*.${local.domain}", "${local.domain}"]
+}
+
+resource "hcloud_load_balancer_service" "load_balancer_service" {
+  load_balancer_id = hcloud_load_balancer.lb.id
+  protocol         = "https"
+
+  http {
+    sticky_sessions = true
+    certificates    = [hcloud_managed_certificate.main.id]
+    redirect_http   = true
+  }
+}

terraform/variables.tf

@@ -11,6 +11,8 @@ locals {
   }
 
   domain = "maximhutz.com"
+
+  certificate_name = "Main Certificate"
 }
 
 variable "public_key_file" {