commit 26f54cbdc69e20b40d9290c0dbe2576c84fc82c4 · juanlu.space/tangled-knot-iac

+25

infra/prod/.terraform.lock.hcl

···

       1
       1
       +
       # This file is maintained automatically by "tofu init".

     

       2
       2
       +
       # Manual edits may be lost in future updates.

     

       3
       3
       +
       

     

       4
       4
       +
       provider "registry.opentofu.org/renemontilva/clouding" {

     

       5
       5
       +
         version     = "1.0.1"

     

       6
       6
       +
         constraints = ">= 1.0.0"

     

       7
       7
       +
         hashes = [

     

       8
       8
       +
           "h1:YlLCHWZ0KDPYLw6VPBict8KKsHZVcm0pvWW/kNGjIno=",

     

       9
       9
       +
           "zh:187eb96cd2a0768727d735a1a2d0795e46fd783405c133376251d9f24c8effe4",

     

       10
       10
       +
           "zh:5ac07c6342f45dccedb7fdb2ab8f62ab008b13c0d9b0290b7ae8af59bae55613",

     

       11
       11
       +
           "zh:700f9e08c12ac505307ca08a5516b546a0e5c3f392aae5909fde9f2fa3992000",

     

       12
       12
       +
           "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",

     

       13
       13
       +
           "zh:9189d1869e76cf376bca9cc29568a75074d7783035f181e1951daca002cf016f",

     

       14
       14
       +
           "zh:9381dc7d860f76688a0aaf390b2e9fa74cdb6a2e75cf1d7b98d9abe6896be316",

     

       15
       15
       +
           "zh:9e151d6ae3e105d9d09147e6e340e863489b7e4f5cdb03bb7bc891ba61976a35",

     

       16
       16
       +
           "zh:a43a7350787cd2f58753b41b7c1f9164b8c921590be7f45b9ebb96bff5f93363",

     

       17
       17
       +
           "zh:a8736ca52ff81e74d820aaea8cb881432bb12d7d9576968f97dc887ac871d048",

     

       18
       18
       +
           "zh:d9eaf212086176c75fd954f76c62628b59456913033b5bc1c733335af1bf5f57",

     

       19
       19
       +
           "zh:de283437e2d335cf9249c527c77f56a888d870125d3623f7b51c56fc2f5a7281",

     

       20
       20
       +
           "zh:dfdad92f93b603f1863b2d66c72acdf5d044e37488fe2d45c83e3ba512412862",

     

       21
       21
       +
           "zh:e2c5446a7705d34f3e44037c88eec213fc291d11d810315ca9942fd0cfda8071",

     

       22
       22
       +
           "zh:ebb9bc6639d8bfa9edfb3927f31ab012b76f158c95f96055af3dbfbfbb99e10d",

     

       23
       23
       +
           "zh:ec431afc740d6b1c1c29f37f3de3a751c55ce18cae2bbd215e435ec79a64ce65",

     

       24
       24
       +
         ]

     

       25
       25
       +
       }

+88

infra/prod/main.tf

···

       1
       1
       +
       terraform {

     

       2
       2
       +
         required_providers {

     

       3
       3
       +
           clouding = {

     

       4
       4
       +
             source  = "astrojuanlu/clouding"

     

       5
       5
       +
             version = "1.0.1"

     

       6
       6
       +
           }

     

       7
       7
       +
         }

     

       8
       8
       +
       }

     

       9
       9
       +
       

     

       10
       10
       +
       provider "clouding" {}

     

       11
       11
       +
       

     

       12
       12
       +
       data "clouding_sshkey" "main" {

     

       13
       13
       +
         id = "LQbN5nv9krK9JaeZ"

     

       14
       14
       +
       }

     

       15
       15
       +
       

     

       16
       16
       +
       data "clouding_image" "ubuntu_24_04" {

     

       17
       17
       +
         id = "p06Wq42PGkneDVEb"

     

       18
       18
       +
       }

     

       19
       19
       +
       

     

       20
       20
       +
       resource "clouding_firewall" "knot" {

     

       21
       21
       +
         name        = "Knot Firewall"

     

       22
       22
       +
         description = "Firewall rules for Knot server (SSH, Git SSH, Web)"

     

       23
       23
       +
       }

     

       24
       24
       +
       

     

       25
       25
       +
       # Allow SSH (port 22)

     

       26
       26
       +
       resource "clouding_firewall_rule" "ssh" {

     

       27
       27
       +
         firewall_id    = clouding_firewall.knot.id

     

       28
       28
       +
         description    = "Allow SSH"

     

       29
       29
       +
         protocol       = "tcp"

     

       30
       30
       +
         port_range_min = 22

     

       31
       31
       +
         port_range_max = 22

     

       32
       32
       +
         source_ip      = "0.0.0.0/0"

     

       33
       33
       +
       }

     

       34
       34
       +
       

     

       35
       35
       +
       # Allow Git SSH (port 2222)

     

       36
       36
       +
       resource "clouding_firewall_rule" "git_ssh" {

     

       37
       37
       +
         firewall_id    = clouding_firewall.knot.id

     

       38
       38
       +
         description    = "Allow Git SSH"

     

       39
       39
       +
         protocol       = "tcp"

     

       40
       40
       +
         port_range_min = 2222

     

       41
       41
       +
         port_range_max = 2222

     

       42
       42
       +
         source_ip      = "0.0.0.0/0"

     

       43
       43
       +
       }

     

       44
       44
       +
       

     

       45
       45
       +
       # Allow Knot server (port 5555)

     

       46
       46
       +
       resource "clouding_firewall_rule" "knot_server" {

     

       47
       47
       +
         firewall_id    = clouding_firewall.knot.id

     

       48
       48
       +
         description    = "Allow Knot server"

     

       49
       49
       +
         protocol       = "tcp"

     

       50
       50
       +
         port_range_min = 5555

     

       51
       51
       +
         port_range_max = 5555

     

       52
       52
       +
         source_ip      = "0.0.0.0/0"

     

       53
       53
       +
       }

     

       54
       54
       +
       

     

       55
       55
       +
       # Create a server for Knot

     

       56
       56
       +
       resource "clouding_server" "knot0" {

     

       57
       57
       +
         name        = "nudo0"

     

       58
       58
       +
         hostname    = "nudo0"

     

       59
       59
       +
         flavor_id   = "0.5x1"

     

       60
       60
       +
         firewall_id = clouding_firewall.knot.id

     

       61
       61
       +
       

     

       62
       62
       +
         volume = {

     

       63
       63
       +
           source = "image"

     

       64
       64
       +
           id     = data.clouding_image.ubuntu_24_04.id

     

       65
       65
       +
           ssd_gb = 20

     

       66
       66
       +
         }

     

       67
       67
       +
       

     

       68
       68
       +
         access_configuration = {

     

       69
       69
       +
           ssh_key_id = data.clouding_sshkey.main.id

     

       70
       70
       +
         }

     

       71
       71
       +
       

     

       72
       72
       +
         enable_strict_antiddos_filtering = false

     

       73
       73
       +
       

     

       74
       74
       +
         # backup_preference = {

     

       75
       75
       +
         #   frequency = "OneWeek"

     

       76
       76
       +
         #   slots     = 4

     

       77
       77
       +
         # }

     

       78
       78
       +
       

     

       79
       79
       +
         # user_data = file("${path.module}/cloud-init.yaml")

     

       80
       80
       +
       

     

       81
       81
       +
         timeouts = {

     

       82
       82
       +
           create = "10m"

     

       83
       83
       +
         }

     

       84
       84
       +
       }

     

       85
       85
       +
       

     

       86
       86
       +
       output "knot0_ipv4" {

     

       87
       87
       +
         value = try(clouding_server.knot0.hostname, "Not yet assigned")

     

       88
       88
       +
       }