wireguard-setup/terraform/main.tf

76 lines
1.8 KiB
Terraform
Raw Normal View History

2021-06-14 23:08:23 +02:00
terraform {
required_providers {
hcloud = {
2022-03-02 20:43:36 +01:00
source = "hetznercloud/hcloud"
2023-06-22 12:53:11 +02:00
version = "~> 1.41.0"
2021-06-14 23:08:23 +02:00
}
}
}
2020-01-30 21:33:16 +01:00
provider "hcloud" {
token = var.hcloud_api_token
}
data "hcloud_image" "wg_image" {
with_selector = "service=wireguard"
2021-06-14 22:49:37 +02:00
most_recent = true
2020-01-30 21:33:16 +01:00
}
2021-11-21 16:21:05 +01:00
resource "hcloud_firewall" "wg_firewall" {
name = var.wg_firewall_name
labels = { service = "wireguard" }
rule {
description = "ICMP"
direction = "in"
protocol = "icmp"
source_ips = ["0.0.0.0/0", "::0/0"]
}
rule {
description = "SSH"
direction = "in"
protocol = "tcp"
port = "122"
source_ips = ["0.0.0.0/0", "::0/0"]
}
rule {
description = "WireGuard"
direction = "in"
protocol = "udp"
port = "51820"
source_ips = ["0.0.0.0/0", "::0/0"]
}
rule {
description = "WireGuard"
direction = "in"
protocol = "udp"
port = "53"
source_ips = ["0.0.0.0/0", "::0/0"]
}
rule {
description = "WireGuard"
direction = "in"
protocol = "tcp"
port = "443"
source_ips = ["0.0.0.0/0", "::0/0"]
}
}
resource "hcloud_ssh_key" "wg_ssh_key" {
public_key = var.wg_ssh_publickey
name = var.wg_ssh_publickey_name
2020-01-30 21:33:16 +01:00
}
resource "hcloud_server" "wg_server" {
2021-11-21 16:21:05 +01:00
image = data.hcloud_image.wg_image.id
name = var.wg_server_name
server_type = var.wg_server_type
location = var.wg_server_location
labels = { service = "wireguard" }
firewall_ids = [hcloud_firewall.wg_firewall.id]
ssh_keys = [hcloud_ssh_key.wg_ssh_key.id]
2022-03-02 20:43:36 +01:00
user_data = templatefile("${path.module}/templates/user-data.tpl", {
2021-06-14 22:51:25 +02:00
wg_server_wg_privatekey = var.wg_server_wg_privatekey
wg_server_wg_peer_publickeys = var.wg_server_wg_peer_publickeys
2020-01-30 21:33:16 +01:00
})
}