diff --git a/terraform/hetzner/firewall.tf b/terraform/hetzner/firewall.tf index 2e5a9a3..81d5b6a 100644 --- a/terraform/hetzner/firewall.tf +++ b/terraform/hetzner/firewall.tf @@ -97,4 +97,12 @@ resource "hcloud_firewall" "opnsense" { "::/0" ] } +} + +resource "hcloud_firewall_attachment" "opnsense" { + firewall_id = hcloud_firewall.opnsense.id + server_ids = [ + hcloud_server.opnsense_a.id, + hcloud_server.opnsense_b.id + ] } \ No newline at end of file diff --git a/terraform/hetzner/network.tf b/terraform/hetzner/network.tf index eff848a..b5f0aa1 100644 --- a/terraform/hetzner/network.tf +++ b/terraform/hetzner/network.tf @@ -87,19 +87,35 @@ resource "hcloud_floating_ip" "opnsense_float_v6" { resource "hcloud_floating_ip_assignment" "opnsense-a-v4" { floating_ip_id = hcloud_floating_ip.opnsense_float_v4.id server_id = hcloud_server.opnsense_a.id + depends_on = [ + hcloud_floating_ip.opnsense_float_v4, + hcloud_server.opnsense_a + ] } resource "hcloud_floating_ip_assignment" "opnsense-a-v6" { floating_ip_id = hcloud_floating_ip.opnsense_float_v6.id server_id = hcloud_server.opnsense_a.id + depends_on = [ + hcloud_floating_ip.opnsense_float_v6, + hcloud_server.opnsense_a + ] } -# resource "hcloud_floating_ip_assignment" "opnsense-b-v4" { -# floating_ip_id = hcloud_floating_ip.opnsense_float_v4.id -# server_id = hcloud_server.opnsense_b.id -# } +resource "hcloud_floating_ip_assignment" "opnsense-b-v4" { + floating_ip_id = hcloud_floating_ip.opnsense_float_v4.id + server_id = hcloud_server.opnsense_b.id + depends_on = [ + hcloud_floating_ip.opnsense_float_v4, + hcloud_server.opnsense_b + ] +} -# resource "hcloud_floating_ip_assignment" "opnsense-b-v6" { -# floating_ip_id = hcloud_floating_ip.opnsense_float_v6.id -# server_id = hcloud_server.opnsense_b.id -# } +resource "hcloud_floating_ip_assignment" "opnsense-b-v6" { + floating_ip_id = hcloud_floating_ip.opnsense_float_v6.id + server_id = hcloud_server.opnsense_b.id + depends_on = [ + hcloud_floating_ip.opnsense_float_v6, + hcloud_server.opnsense_b + ] +} diff --git a/terraform/hetzner/servers.tf b/terraform/hetzner/servers.tf index 0c1e556..9563e95 100644 --- a/terraform/hetzner/servers.tf +++ b/terraform/hetzner/servers.tf @@ -12,22 +12,15 @@ resource "hcloud_server" "opnsense_a" { name = "opnsense-a" server_type = "cpx11" image = "ubuntu-22.04" - location = "ash" datacenter = "ash-dc1" keep_disk = true backups = false -# ssh_keys = [ -# hcloud_ssh_key.default.id -# ] public_net { ipv4_enabled = true ipv4 = hcloud_primary_ip.opnsense_a_v4.id ipv6_enabled = true ipv6 = hcloud_primary_ip.opnsense_a_v6.id } - firewall_ids = [ - hcloud_firewall.opnsense.id - ] network { network_id = hcloud_network.us_east_lan.id ip = "10.128.1.250" @@ -43,4 +36,35 @@ resource "hcloud_server" "opnsense_a" { delete_protection = true rebuild_protection = true placement_group_id = hcloud_placement_group.firewalls.id -} \ No newline at end of file +} + +resource "hcloud_server" "opnsense_b" { + name = "opnsense-b" + server_type = "cpx11" + image = "ubuntu-22.04" + # iso = "OPNsense-23.7-dvd-amd64.iso" + datacenter = "ash-dc1" + keep_disk = true + backups = false + public_net { + ipv4_enabled = true + ipv4 = hcloud_primary_ip.opnsense_b_v4.id + ipv6_enabled = true + ipv6 = hcloud_primary_ip.opnsense_b_v6.id + } + network { + network_id = hcloud_network.us_east_lan.id + ip = "10.128.1.240" + } + network { + network_id = hcloud_network.us_east_sync.id + ip = "10.128.2.20" + } + depends_on = [ + hcloud_network_subnet.lan, + hcloud_network_subnet.sync + ] + delete_protection = true + rebuild_protection = true + placement_group_id = hcloud_placement_group.firewalls.id +}