114 lines
2.6 KiB
HCL
114 lines
2.6 KiB
HCL
resource "hcloud_network" "network" {
|
|
name = "network"
|
|
ip_range = "10.0.0.0/16"
|
|
}
|
|
|
|
resource "hcloud_network_subnet" "subnet" {
|
|
type = "cloud"
|
|
network_id = hcloud_network.network.id
|
|
network_zone = "eu-central"
|
|
ip_range = "10.0.10.0/24"
|
|
}
|
|
|
|
/* -------------------------------------------------------------------------- */
|
|
|
|
resource "hcloud_primary_ip" "public_ip" {
|
|
name = "repository-public-ip"
|
|
datacenter = local.datacenter
|
|
type = "ipv4"
|
|
assignee_type = "server"
|
|
auto_delete = false
|
|
}
|
|
|
|
resource "hcloud_ssh_key" "gitea_ssh_key" {
|
|
name = "repository-ssh-key"
|
|
public_key = file(var.public_gitea_ssh_key_path)
|
|
}
|
|
|
|
resource "hcloud_server" "gitea_server_instance" {
|
|
name = "repository-gitea-server"
|
|
image = local.server_image
|
|
server_type = local.server_type
|
|
datacenter = local.datacenter
|
|
ssh_keys = [hcloud_ssh_key.gitea_ssh_key.id]
|
|
|
|
public_net {
|
|
ipv4_enabled = true
|
|
ipv4 = hcloud_primary_ip.public_ip.id
|
|
ipv6_enabled = false
|
|
}
|
|
|
|
network {
|
|
network_id = hcloud_network.network.id
|
|
ip = local.gitea_ip
|
|
alias_ips = [ ]
|
|
}
|
|
|
|
depends_on = [ hcloud_network_subnet.subnet ]
|
|
}
|
|
|
|
resource "hcloud_firewall" "server_firewall" {
|
|
name = "repository-server-firewall"
|
|
|
|
# Allow ICMP.
|
|
rule {
|
|
direction = "in"
|
|
protocol = "icmp"
|
|
source_ips = ["0.0.0.0/0", "::/0"]
|
|
}
|
|
|
|
# Allow all out.
|
|
rule {
|
|
direction = "out"
|
|
protocol = "tcp"
|
|
port = "any"
|
|
destination_ips = ["0.0.0.0/0", "::/0"]
|
|
}
|
|
|
|
# Poke holes for applications, and SSH.
|
|
dynamic "rule" {
|
|
for_each = ["80", "443", "22", "2222"]
|
|
|
|
content {
|
|
direction = "in"
|
|
protocol = "tcp"
|
|
port = rule.value
|
|
source_ips = ["0.0.0.0/0", "::/0"]
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "hcloud_firewall_attachment" "server_fw_attachment" {
|
|
firewall_id = hcloud_firewall.server_firewall.id
|
|
server_ids = [hcloud_server.gitea_server_instance.id]
|
|
}
|
|
|
|
/* -------------------------------------------------------------------------- */
|
|
|
|
resource "hcloud_ssh_key" "runner_ssh_key" {
|
|
name = "repository-runner-ssh-key"
|
|
public_key = file(var.public_runner_ssh_key_path)
|
|
}
|
|
|
|
resource "hcloud_server" "runner_instance" {
|
|
name = "repository-runner-server"
|
|
image = local.server_image
|
|
server_type = local.server_type
|
|
datacenter = local.datacenter
|
|
ssh_keys = [hcloud_ssh_key.runner_ssh_key.id]
|
|
|
|
network {
|
|
network_id = hcloud_network.network.id
|
|
ip = local.runner_ip
|
|
alias_ips = [ ]
|
|
}
|
|
|
|
public_net {
|
|
ipv4_enabled = false
|
|
ipv6_enabled = false
|
|
}
|
|
|
|
depends_on = [ hcloud_network_subnet.subnet ]
|
|
}
|
|
|