1
0
Fork 0

terraform for single host setup

This commit is contained in:
chris 2022-05-23 13:37:13 +02:00
commit 76ab30aa14
11 changed files with 146 additions and 0 deletions

5
.gitignore vendored Normal file
View file

@ -0,0 +1,5 @@
.terraform/
terraform.tfstate*
api-token*
ssh-terraform-hetzner*
secret.auto.tfvars

11
README.md Normal file
View file

@ -0,0 +1,11 @@
# terraformed hetzner
## preparation
* sign up for hetzner cloud
* create a project for testing
* create API token for the new project
* generate SSH key for VM access:
* `ssh-keygen -t ed25519 -C "terraform" -f ssh-terraform-hetzner -P ''`
`single-host/` contains play for a simple test VM

View file

@ -0,0 +1,24 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hetznercloud/hcloud" {
version = "1.33.2"
constraints = "1.33.2"
hashes = [
"h1:3Hx8p9LbcnHfBhy3nT7+unlc5rwkiSZjLt9SVQOSpB8=",
"zh:0a5d0f332d7dfe77fa27301094af98a185aabfb9f56d71b81936e03211e4d66f",
"zh:0e047859ee7296f335881933ccf8ce8c07aa47bef56d5449a81b85a2d9dac93a",
"zh:1d3d0896f518df9e245c3207ed231e528f5dcfe628508e7c3ceba4a2bfefaa7a",
"zh:1d7a31c8c490512896ce327ab220e950f1a2e30ee83cc2e58e69bbbfbbb87e72",
"zh:67cbb2492683cb22f6c54f26bee72aec140c8dd2d0881b2815d2ef80959fc751",
"zh:771062815e662979204ac2dc91c34c893f27670d67e02370e48124483d3c9838",
"zh:957ebb146898cd059c0cc8b4c32e574b61041d8b6a11cd854b3cc1d3baaeb3a9",
"zh:95dbd8634000b979213cb97b5d869cad78299ac994d0665d150c8dafc1390429",
"zh:a21b22b2e9d835e1b8b3b7e0b41a4d199171d62e9e9be78c444c700e96b31316",
"zh:aead1ba50640a51f20d574374f2c6065d9bfa4eea5ef044d1475873c33e58239",
"zh:cefabd0a78af40ea5cd08e1ca436c753df9b1c6496eb27281b755a2de1f167ab",
"zh:d98cffc5206b9a7550a23e13031a6f53566bd1ed3bf65314bc55ef12404d49ce",
"zh:dddaaf95b6aba701153659feff12c7bce6acc78362cb5ff8321a1a1cbf780cd9",
"zh:fd662b483250326a1bfbe5684c22c5083955a43e0773347eea35cd4c2cfe700e",
]
}

5
single-host/README.md Normal file
View file

@ -0,0 +1,5 @@
# Sets up a single debian host with incoming firewall
* Copy secret.auto.tfvars.example to secret.auto.tfvars
* Set up your API key in secret.auto.tfvars
* `terraform init` && `terraform plan` && `terraform apply`

33
single-host/firewall.tf Normal file
View file

@ -0,0 +1,33 @@
resource "hcloud_firewall" "single-firewall" {
name = "single-firewall"
rule {
direction = "in"
protocol = "icmp"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "in"
protocol = "tcp"
port = "22"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "in"
protocol = "tcp"
port = "80"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
}

3
single-host/provider.tf Normal file
View file

@ -0,0 +1,3 @@
provider "hcloud" {
token = var.hcloud_token
}

View file

@ -0,0 +1 @@
hcloud_token = "tokitoki"

22
single-host/server.tf Normal file
View file

@ -0,0 +1,22 @@
resource "hcloud_server" "single-server1" {
name = "single-server1"
image = var.os_type
server_type = var.server_type
location = var.location
labels = {
type = "single"
}
ssh_keys = [hcloud_ssh_key.default.id]
user_data = jsonencode({
"users": {
"name": "ansible",
"groups": ["users", "admin"],
"sudo": "ALL=(ALL) NOPASSWD:ALL",
"shell": "/bin/bash",
"ssh_authorized_keys": ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE32LygGZyJonoWVjRgQ0Hq8iy39aLs+oH5Flmn9RhAj terraform melpomene"]
},
"package_update": true,
"package_upgrade": true
})
firewall_ids = [hcloud_firewall.single-firewall.id]
}

4
single-host/ssh.tf Normal file
View file

@ -0,0 +1,4 @@
resource "hcloud_ssh_key" "default" {
name = "terraform"
public_key = file("../ssh-terraform-hetzner.pub")
}

10
single-host/terraform.tf Normal file
View file

@ -0,0 +1,10 @@
terraform {
required_providers {
hcloud = {
source = "hetznercloud/hcloud"
version = "1.33.2"
}
}
required_version = ">= 1.1"
}

28
single-host/variables.tf Normal file
View file

@ -0,0 +1,28 @@
variable "hcloud_token" {
sensitive = true
# default = <defined in secret.auto.tfvars>
}
variable "location" {
default = "nbg1"
}
variable "instances" {
default = "1"
}
variable "server_type" {
default = "cx11"
}
variable "os_type" {
default = "debian-11"
}
variable "disk_size" {
default = "20"
}
variable "ip_range" {
default = "10.0.1.0/24"
}