hetzner-cluster/terraform/network.tf

// Set up network for compute to live.
resource "hcloud_network" "net" {
  name     = "Private Network"
  ip_range = local.net-cidr
}

// Set up private subnet, for compute.
resource "hcloud_network_subnet" "subnet" {
  network_id   = hcloud_network.net.id
  type         = "cloud"
  network_zone = "eu-central"
  ip_range     = local.subnet-cidr
}

// Provide internet to the private servers, by sending all internet traffic to
// the NAT.
resource "hcloud_network_route" "gateway" {
  network_id  = hcloud_network.net.id
  destination = "0.0.0.0/0"
  gateway     = local.nat-private-ip
}

// A managed certificate for the domain, to be used by the load balancer.
resource "hcloud_managed_certificate" "managed_cert" {
  name         = "Main Certificate"
  domain_names = ["*.${local.domain}", "${local.domain}"]
}