diff --git a/terraform/.terraform/modules/modules.json b/terraform/.terraform/modules/modules.json index 8ef2609..fbf12a0 100644 --- a/terraform/.terraform/modules/modules.json +++ b/terraform/.terraform/modules/modules.json @@ -1 +1 @@ -{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"prod-firewall","Source":"./modules/firewall","Dir":"modules/firewall"}]} \ No newline at end of file +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"private-network","Source":"./modules/network","Dir":"modules/network"},{"Key":"prod-firewall","Source":"./modules/firewall","Dir":"modules/firewall"}]} \ No newline at end of file diff --git a/terraform/main.tf b/terraform/main.tf index af137f6..b51760e 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,3 +1,6 @@ module "prod-firewall" { source = "./modules/firewall" +} +module "private-network" { + source = "./modules/network" } \ No newline at end of file diff --git a/terraform/modules/dns/main.tf b/terraform/modules/dns/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/terraform/modules/dns/output.tf b/terraform/modules/dns/output.tf new file mode 100644 index 0000000..e69de29 diff --git a/terraform/modules/dns/variables.tf b/terraform/modules/dns/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/terraform/modules/firewall/main.tf b/terraform/modules/firewall/main.tf index c39080a..1cfbe7e 100644 --- a/terraform/modules/firewall/main.tf +++ b/terraform/modules/firewall/main.tf @@ -13,6 +13,9 @@ terraform { resource "hcloud_firewall" "prod-fw" { name = "prod-fw" + labels = { + environment = "production" + } rule { direction = "in" protocol = "tcp" diff --git a/terraform/modules/network/main.tf b/terraform/modules/network/main.tf index e69de29..5574831 100644 --- a/terraform/modules/network/main.tf +++ b/terraform/modules/network/main.tf @@ -0,0 +1,27 @@ +terraform { + required_providers { + hcloud = { + source = "hetznercloud/hcloud" + version = "1.57.0" + } + netbox = { + source = "e-breuninger/netbox" + version = "5.0.0" + } + } +} + +resource "hcloud_network" "privnet" { + name = "privnet" + ip_range = "10.0.0.0/8" + labels = { + environment = "production" + } +} +resource "hcloud_network_subnet" "privsubnet" { + network_id = hcloud_network.privnet.id + type = "cloud" + network_zone = "eu-central" + ip_range = "10.0.1.0/24" +} + diff --git a/terraform/terraform.tfstate b/terraform/terraform.tfstate new file mode 100644 index 0000000..aa6e9f7 --- /dev/null +++ b/terraform/terraform.tfstate @@ -0,0 +1,142 @@ +{ + "version": 4, + "terraform_version": "1.14.3", + "serial": 10, + "lineage": "7c69e311-e46b-0d39-a679-49d13d742523", + "outputs": {}, + "resources": [ + { + "module": "module.private-network", + "mode": "managed", + "type": "hcloud_network", + "name": "privnet", + "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "delete_protection": false, + "expose_routes_to_vswitch": false, + "id": "11776424", + "ip_range": "10.0.0.0/8", + "labels": { + "environment": "production" + }, + "name": "privnet" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.private-network", + "mode": "managed", + "type": "hcloud_network_subnet", + "name": "privsubnet", + "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "gateway": "10.0.0.1", + "id": "11776424-10.0.1.0/24", + "ip_range": "10.0.1.0/24", + "network_id": 11776424, + "network_zone": "eu-central", + "type": "cloud", + "vswitch_id": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "module.private-network.hcloud_network.privnet" + ] + } + ] + }, + { + "module": "module.prod-firewall", + "mode": "managed", + "type": "hcloud_firewall", + "name": "prod-fw", + "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "apply_to": [], + "id": "10325524", + "labels": { + "environment": "production" + }, + "name": "prod-fw", + "rule": [ + { + "description": "Allow HTTP", + "destination_ips": [], + "direction": "in", + "port": "80", + "protocol": "tcp", + "source_ips": [ + "0.0.0.0/0", + "::/0" + ] + }, + { + "description": "Allow HTTP/S", + "destination_ips": [], + "direction": "in", + "port": "443", + "protocol": "tcp", + "source_ips": [ + "0.0.0.0/0", + "::/0" + ] + }, + { + "description": "Allow SSH", + "destination_ips": [], + "direction": "in", + "port": "22", + "protocol": "tcp", + "source_ips": [ + "0.0.0.0/0", + "::/0" + ] + }, + { + "description": "Allow all outbound TCP traffic", + "destination_ips": [ + "0.0.0.0/0", + "::/0" + ], + "direction": "out", + "port": "", + "protocol": "tcp", + "source_ips": [] + }, + { + "description": "Allow all outbound UDP traffic", + "destination_ips": [ + "0.0.0.0/0", + "::/0" + ], + "direction": "out", + "port": "", + "protocol": "udp", + "source_ips": [] + } + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==" + } + ] + } + ], + "check_results": null +} diff --git a/terraform/terraform.tfstate.backup b/terraform/terraform.tfstate.backup new file mode 100644 index 0000000..8fc3ecc --- /dev/null +++ b/terraform/terraform.tfstate.backup @@ -0,0 +1,140 @@ +{ + "version": 4, + "terraform_version": "1.14.3", + "serial": 7, + "lineage": "7c69e311-e46b-0d39-a679-49d13d742523", + "outputs": {}, + "resources": [ + { + "module": "module.private-network", + "mode": "managed", + "type": "hcloud_network", + "name": "privnet", + "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "delete_protection": false, + "expose_routes_to_vswitch": false, + "id": "11776424", + "ip_range": "10.0.0.0/8", + "labels": null, + "name": "privnet" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.private-network", + "mode": "managed", + "type": "hcloud_network_subnet", + "name": "privsubnet", + "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "gateway": "10.0.0.1", + "id": "11776424-10.0.1.0/24", + "ip_range": "10.0.1.0/24", + "network_id": 11776424, + "network_zone": "eu-central", + "type": "cloud", + "vswitch_id": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "module.private-network.hcloud_network.privnet" + ] + } + ] + }, + { + "module": "module.prod-firewall", + "mode": "managed", + "type": "hcloud_firewall", + "name": "prod-fw", + "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "apply_to": [], + "id": "10325524", + "labels": { + "environment": "production" + }, + "name": "prod-fw", + "rule": [ + { + "description": "Allow HTTP", + "destination_ips": [], + "direction": "in", + "port": "80", + "protocol": "tcp", + "source_ips": [ + "0.0.0.0/0", + "::/0" + ] + }, + { + "description": "Allow HTTP/S", + "destination_ips": [], + "direction": "in", + "port": "443", + "protocol": "tcp", + "source_ips": [ + "0.0.0.0/0", + "::/0" + ] + }, + { + "description": "Allow SSH", + "destination_ips": [], + "direction": "in", + "port": "22", + "protocol": "tcp", + "source_ips": [ + "0.0.0.0/0", + "::/0" + ] + }, + { + "description": "Allow all outbound TCP traffic", + "destination_ips": [ + "0.0.0.0/0", + "::/0" + ], + "direction": "out", + "port": "", + "protocol": "tcp", + "source_ips": [] + }, + { + "description": "Allow all outbound UDP traffic", + "destination_ips": [ + "0.0.0.0/0", + "::/0" + ], + "direction": "out", + "port": "", + "protocol": "udp", + "source_ips": [] + } + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==" + } + ] + } + ], + "check_results": null +}