infra/prod/main.tf at main · juanlu.space/tangled-knot-iac

IaC for a Tangled Knot
tangled-knot-iac / infra / prod / main.tf
at main 2.2 kB view raw
 1terraform {
 2  required_providers {
 3    clouding = {
 4      source  = "astrojuanlu/clouding"
 5      version = "1.0.1"
 6    }
 7  }
 8}
 9
10provider "clouding" {}
11
12data "clouding_sshkey" "main" {
13  id = "LQbN5nv9krK9JaeZ"
14}
15
16data "clouding_image" "ubuntu_24_04" {
17  id = "p06Wq42PGkneDVEb"
18}
19
20resource "clouding_firewall" "knot" {
21  name        = "Knot Firewall"
22  description = "Firewall rules for Knot server (SSH, Git SSH, Web)"
23}
24
25# Allow SSH (port 22)
26resource "clouding_firewall_rule" "ssh" {
27  firewall_id    = clouding_firewall.knot.id
28  description    = "Allow SSH"
29  protocol       = "tcp"
30  port_range_min = 22
31  port_range_max = 22
32  source_ip      = "0.0.0.0/0"
33}
34
35# Allow Git SSH (port 2222)
36resource "clouding_firewall_rule" "git_ssh" {
37  firewall_id    = clouding_firewall.knot.id
38  description    = "Allow Git SSH"
39  protocol       = "tcp"
40  port_range_min = 2222
41  port_range_max = 2222
42  source_ip      = "0.0.0.0/0"
43}
44
45# Allow HTTP (port 80) for Let's Encrypt certificate challenges
46resource "clouding_firewall_rule" "http" {
47  firewall_id    = clouding_firewall.knot.id
48  description    = "Allow HTTP (Let's Encrypt)"
49  protocol       = "tcp"
50  port_range_min = 80
51  port_range_max = 80
52  source_ip      = "0.0.0.0/0"
53}
54
55# Allow HTTPS (port 443) for Caddy SSL proxy
56resource "clouding_firewall_rule" "https" {
57  firewall_id    = clouding_firewall.knot.id
58  description    = "Allow HTTPS (Caddy)"
59  protocol       = "tcp"
60  port_range_min = 443
61  port_range_max = 443
62  source_ip      = "0.0.0.0/0"
63}
64
65# Create a server for Knot
66resource "clouding_server" "knot0" {
67  name        = "nudo0"
68  hostname    = "nudo0"
69  flavor_id   = "0.5x1"
70  firewall_id = clouding_firewall.knot.id
71
72  volume = {
73    source = "image"
74    id     = data.clouding_image.ubuntu_24_04.id
75    ssd_gb = 20
76  }
77
78  access_configuration = {
79    ssh_key_id = data.clouding_sshkey.main.id
80  }
81
82  enable_strict_antiddos_filtering = false
83
84  # backup_preference = {
85  #   frequency = "OneWeek"
86  #   slots     = 4
87  # }
88
89  # user_data = file("${path.module}/cloud-init.yaml")
90
91  timeouts = {
92    create = "10m"
93  }
94}
95
96output "knot0_ipv4" {
97  value = try(clouding_server.knot0.public_ip, "Not yet assigned")
98}