add floating ip assignments

terraform/hetzner/network.tf

@@ -1,24 +1,34 @@
-resource "hcloud_network" "us_east" {
+resource "hcloud_network" "us_east_lan" {
-  name     = "us-east"
+  name     = "us-east-lan"
-  ip_range = "10.128.0.0/10"
+  ip_range = "10.128.1.0/24"
 }
 
 resource "hcloud_network_subnet" "lan" {
-  network_id   = hcloud_network.us_east.id
+  network_id   = hcloud_network.us_east_lan.id
   type         = "cloud"
   network_zone = "us-east"
   ip_range     = "10.128.1.0/24"
 }
 
+resource "hcloud_network" "us_east_sync" {
+  name     = "us-east-sync"
+  ip_range = "10.128.2.0/24"
+}
+
 resource "hcloud_network_subnet" "sync" {
-  network_id   = hcloud_network.us_east.id
+  network_id   = hcloud_network.us_east_sync.id
   type         = "cloud"
   network_zone = "us-east"
   ip_range     = "10.128.2.0/24"
 }
 
+resource "hcloud_network" "us_east_cluster" {
+  name     = "us-east-cluster"
+  ip_range = "10.128.3.0/24"
+}
+
 resource "hcloud_network_subnet" "cluster" {
-  network_id   = hcloud_network.us_east.id
+  network_id   = hcloud_network.us_east_cluster.id
   type         = "cloud"
   network_zone = "us-east"
   ip_range     = "10.128.3.0/24"
@@ -72,4 +82,24 @@ resource "hcloud_floating_ip" "opnsense_float_v6" {
   type = "ipv6"
   home_location = "ash"
   delete_protection = true
-}
+}
+
+resource "hcloud_floating_ip_assignment" "opnsense-a-v4" {
+  floating_ip_id = hcloud_floating_ip.opnsense_float_v4.id
+  server_id      = hcloud_server.opnsense_a.id
+}
+
+resource "hcloud_floating_ip_assignment" "opnsense-a-v6" {
+  floating_ip_id = hcloud_floating_ip.opnsense_float_v6.id
+  server_id      = hcloud_server.opnsense_a.id
+}
+
+# resource "hcloud_floating_ip_assignment" "opnsense-b-v4" {
+#   floating_ip_id = hcloud_floating_ip.opnsense_float_v4.id
+#   server_id      = hcloud_server.opnsense_b.id
+# }
+
+# resource "hcloud_floating_ip_assignment" "opnsense-b-v6" {
+#   floating_ip_id = hcloud_floating_ip.opnsense_float_v6.id
+#   server_id      = hcloud_server.opnsense_b.id
+# }

terraform/hetzner/servers.tf

@@ -8,32 +8,39 @@ resource "hcloud_placement_group" "nodes" {
   type = "spread"
 }
 
-# resource "hcloud_server" "opnsense_b" {
+resource "hcloud_server" "opnsense_a" {
-#   name        = "opnsense-b"
+  name        = "opnsense-a"
-#   server_type = "cpx11"
+  server_type = "cpx11"
-#   image       = "ubuntu-22.04"
+  image       = "ubuntu-22.04"
-#   location    = "ash"
+  location    = "ash"
-#   datacenter  = "ash-dc1"
+  datacenter  = "ash-dc1"
-#   keep_disk   = true
+  keep_disk   = true
-#   backups     = false
+  backups     = false
 #   ssh_keys    = [
 #     hcloud_ssh_key.default.id
 #   ]
-#   public_net {
+  public_net {
-#     ipv4_enabled = true
+    ipv4_enabled = true
-#     ipv4 = hcloud_primary_ip.opnsense_b_v4.id
+    ipv4 = hcloud_primary_ip.opnsense_a_v4.id
-#     ipv6_enabled = true
+    ipv6_enabled = true
-#     ipv6 = hcloud_primary_ip.opnsense_b_v6.id
+    ipv6 = hcloud_primary_ip.opnsense_a_v6.id
-#   }
+  }
-#   network {
+  firewall_ids = [
-#     network_id = hcloud_network_subnet.lan.id
+    hcloud_firewall.opnsense.id
-#     ip = "10.128.1.240"
+  ]
-#   }
+  network {
-#   network {
+    network_id = hcloud_network.us_east_lan.id
-#     network_id = hcloud_network_subnet.sync.id
+    ip = "10.128.1.250"
-#     ip = "10.128.2.20"
+  }
-#   }
+  network {
-#   delete_protection   = true
+    network_id = hcloud_network.us_east_sync.id
-#   rebuild_protection  = true
+    ip = "10.128.2.10"
-#   placement_group_id  = hcloud_placement_group.firewalls.id
+  }
-# }
+  depends_on = [
+    hcloud_network_subnet.lan,
+    hcloud_network_subnet.sync
+  ]
+  delete_protection   = true
+  rebuild_protection  = true
+  placement_group_id  = hcloud_placement_group.firewalls.id
+}