opnsense b created

2024-04-17 04:06:14 +12:00 · 2024-04-17 04:06:14 +12:00 · 8d049f3056
commit 8d049f3056
parent a0997ee8ec
3 changed files with 64 additions and 16 deletions
--- a/terraform/hetzner/firewall.tf
+++ b/terraform/hetzner/firewall.tf
@ -98,3 +98,11 @@ resource "hcloud_firewall" "opnsense" {
    ]
  }   
 }
+
+resource "hcloud_firewall_attachment" "opnsense" {
+  firewall_id = hcloud_firewall.opnsense.id
+  server_ids  = [
+    hcloud_server.opnsense_a.id,
+    hcloud_server.opnsense_b.id
+  ]
+}
--- a/terraform/hetzner/network.tf
+++ b/terraform/hetzner/network.tf
@ -87,19 +87,35 @@ resource "hcloud_floating_ip" "opnsense_float_v6" {
 resource "hcloud_floating_ip_assignment" "opnsense-a-v4" {
  floating_ip_id = hcloud_floating_ip.opnsense_float_v4.id
  server_id      = hcloud_server.opnsense_a.id
+  depends_on = [
+    hcloud_floating_ip.opnsense_float_v4,
+    hcloud_server.opnsense_a
+  ]
 }

 resource "hcloud_floating_ip_assignment" "opnsense-a-v6" {
  floating_ip_id = hcloud_floating_ip.opnsense_float_v6.id
  server_id      = hcloud_server.opnsense_a.id
+  depends_on = [
+    hcloud_floating_ip.opnsense_float_v6,
+    hcloud_server.opnsense_a
+  ]
 }

-# resource "hcloud_floating_ip_assignment" "opnsense-b-v4" {
-#   floating_ip_id = hcloud_floating_ip.opnsense_float_v4.id
-#   server_id      = hcloud_server.opnsense_b.id
-# }
+resource "hcloud_floating_ip_assignment" "opnsense-b-v4" {
+  floating_ip_id = hcloud_floating_ip.opnsense_float_v4.id
+  server_id      = hcloud_server.opnsense_b.id
+  depends_on = [
+    hcloud_floating_ip.opnsense_float_v4,
+    hcloud_server.opnsense_b
+  ]
+}

-# resource "hcloud_floating_ip_assignment" "opnsense-b-v6" {
-#   floating_ip_id = hcloud_floating_ip.opnsense_float_v6.id
-#   server_id      = hcloud_server.opnsense_b.id
-# }
+resource "hcloud_floating_ip_assignment" "opnsense-b-v6" {
+  floating_ip_id = hcloud_floating_ip.opnsense_float_v6.id
+  server_id      = hcloud_server.opnsense_b.id
+  depends_on = [
+    hcloud_floating_ip.opnsense_float_v6,
+    hcloud_server.opnsense_b
+  ]
+}
--- a/terraform/hetzner/servers.tf
+++ b/terraform/hetzner/servers.tf
@ -12,22 +12,15 @@ resource "hcloud_server" "opnsense_a" {
  name        = "opnsense-a"
  server_type = "cpx11"
  image       = "ubuntu-22.04"
-  location    = "ash"
  datacenter  = "ash-dc1"
  keep_disk   = true
  backups     = false
-#   ssh_keys    = [
-#     hcloud_ssh_key.default.id
-#   ]
  public_net {
    ipv4_enabled = true
    ipv4 = hcloud_primary_ip.opnsense_a_v4.id
    ipv6_enabled = true
    ipv6 = hcloud_primary_ip.opnsense_a_v6.id
  }
-  firewall_ids = [
-    hcloud_firewall.opnsense.id
-  ]
  network {
    network_id = hcloud_network.us_east_lan.id
    ip = "10.128.1.250"
@ -44,3 +37,34 @@ resource "hcloud_server" "opnsense_a" {
  rebuild_protection  = true
  placement_group_id  = hcloud_placement_group.firewalls.id
 }
+
+resource "hcloud_server" "opnsense_b" {
+  name        = "opnsense-b"
+  server_type = "cpx11"
+  image       = "ubuntu-22.04"
+  # iso         = "OPNsense-23.7-dvd-amd64.iso" 
+  datacenter  = "ash-dc1"
+  keep_disk   = true
+  backups     = false
+  public_net {
+    ipv4_enabled = true
+    ipv4 = hcloud_primary_ip.opnsense_b_v4.id
+    ipv6_enabled = true
+    ipv6 = hcloud_primary_ip.opnsense_b_v6.id
+  }
+  network {
+    network_id = hcloud_network.us_east_lan.id
+    ip = "10.128.1.240"
+  }
+  network {
+    network_id = hcloud_network.us_east_sync.id
+    ip = "10.128.2.20"
+  }
+  depends_on = [
+    hcloud_network_subnet.lan,
+    hcloud_network_subnet.sync
+  ]
+  delete_protection   = true
+  rebuild_protection  = true
+  placement_group_id  = hcloud_placement_group.firewalls.id
+}