add floating ip assignments

2024-04-17 03:36:58 +12:00 · 2024-04-17 03:36:58 +12:00 · a0997ee8ec
commit a0997ee8ec
parent b8c2dae1fa
2 changed files with 70 additions and 33 deletions
--- a/terraform/hetzner/network.tf
+++ b/terraform/hetzner/network.tf
@ -1,24 +1,34 @@
-resource "hcloud_network" "us_east" {
-  name     = "us-east"
-  ip_range = "10.128.0.0/10"
+resource "hcloud_network" "us_east_lan" {
+  name     = "us-east-lan"
+  ip_range = "10.128.1.0/24"
 }

 resource "hcloud_network_subnet" "lan" {
-  network_id   = hcloud_network.us_east.id
+  network_id   = hcloud_network.us_east_lan.id
  type         = "cloud"
  network_zone = "us-east"
  ip_range     = "10.128.1.0/24"
 }

+resource "hcloud_network" "us_east_sync" {
+  name     = "us-east-sync"
+  ip_range = "10.128.2.0/24"
+}
+
 resource "hcloud_network_subnet" "sync" {
-  network_id   = hcloud_network.us_east.id
+  network_id   = hcloud_network.us_east_sync.id
  type         = "cloud"
  network_zone = "us-east"
  ip_range     = "10.128.2.0/24"
 }

+resource "hcloud_network" "us_east_cluster" {
+  name     = "us-east-cluster"
+  ip_range = "10.128.3.0/24"
+}
+
 resource "hcloud_network_subnet" "cluster" {
-  network_id   = hcloud_network.us_east.id
+  network_id   = hcloud_network.us_east_cluster.id
  type         = "cloud"
  network_zone = "us-east"
  ip_range     = "10.128.3.0/24"
@ -72,4 +82,24 @@ resource "hcloud_floating_ip" "opnsense_float_v6" {
  type = "ipv6"
  home_location = "ash"
  delete_protection = true
-}
+}
+
+resource "hcloud_floating_ip_assignment" "opnsense-a-v4" {
+  floating_ip_id = hcloud_floating_ip.opnsense_float_v4.id
+  server_id      = hcloud_server.opnsense_a.id
+}
+
+resource "hcloud_floating_ip_assignment" "opnsense-a-v6" {
+  floating_ip_id = hcloud_floating_ip.opnsense_float_v6.id
+  server_id      = hcloud_server.opnsense_a.id
+}
+
+# resource "hcloud_floating_ip_assignment" "opnsense-b-v4" {
+#   floating_ip_id = hcloud_floating_ip.opnsense_float_v4.id
+#   server_id      = hcloud_server.opnsense_b.id
+# }
+
+# resource "hcloud_floating_ip_assignment" "opnsense-b-v6" {
+#   floating_ip_id = hcloud_floating_ip.opnsense_float_v6.id
+#   server_id      = hcloud_server.opnsense_b.id
+# }
--- a/terraform/hetzner/servers.tf
+++ b/terraform/hetzner/servers.tf
@ -8,32 +8,39 @@ resource "hcloud_placement_group" "nodes" {
  type = "spread"
 }

-# resource "hcloud_server" "opnsense_b" {
-#   name        = "opnsense-b"
-#   server_type = "cpx11"
-#   image       = "ubuntu-22.04"
-#   location    = "ash"
-#   datacenter  = "ash-dc1"
-#   keep_disk   = true
-#   backups     = false
+resource "hcloud_server" "opnsense_a" {
+  name        = "opnsense-a"
+  server_type = "cpx11"
+  image       = "ubuntu-22.04"
+  location    = "ash"
+  datacenter  = "ash-dc1"
+  keep_disk   = true
+  backups     = false
 #   ssh_keys    = [
 #     hcloud_ssh_key.default.id
 #   ]
-#   public_net {
-#     ipv4_enabled = true
-#     ipv4 = hcloud_primary_ip.opnsense_b_v4.id
-#     ipv6_enabled = true
-#     ipv6 = hcloud_primary_ip.opnsense_b_v6.id
-#   }
-#   network {
-#     network_id = hcloud_network_subnet.lan.id
-#     ip = "10.128.1.240"
-#   }
-#   network {
-#     network_id = hcloud_network_subnet.sync.id
-#     ip = "10.128.2.20"
-#   }
-#   delete_protection   = true
-#   rebuild_protection  = true
-#   placement_group_id  = hcloud_placement_group.firewalls.id
-# }
+  public_net {
+    ipv4_enabled = true
+    ipv4 = hcloud_primary_ip.opnsense_a_v4.id
+    ipv6_enabled = true
+    ipv6 = hcloud_primary_ip.opnsense_a_v6.id
+  }
+  firewall_ids = [
+    hcloud_firewall.opnsense.id
+  ]
+  network {
+    network_id = hcloud_network.us_east_lan.id
+    ip = "10.128.1.250"
+  }
+  network {
+    network_id = hcloud_network.us_east_sync.id
+    ip = "10.128.2.10"
+  }
+  depends_on = [
+    hcloud_network_subnet.lan,
+    hcloud_network_subnet.sync
+  ]
+  delete_protection   = true
+  rebuild_protection  = true
+  placement_group_id  = hcloud_placement_group.firewalls.id
+}