Refactor

terraform/.gitignore

@@ -0,0 +1,13 @@
+.terraform/
+
+*.tfstate
+*.tfstate.*
+
+terraform.tfvars
+
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+crash.log

terraform/main.tf

@@ -0,0 +1,30 @@
+provider "hcloud" {
+  token = var.hcloud_api_token
+}
+
+data "hcloud_image" "wg_image" {
+  with_selector = "service=wireguard"
+  most_recent = true
+}
+
+resource "hcloud_ssh_key" "wg_server_ssh_key" {
+  public_key = var.wg_server_ssh_publickey
+  name = var.wg_server_ssh_publickey_name
+}
+
+resource "hcloud_server" "wg_server" {
+  image = data.hcloud_image.wg_image.id
+  name = var.wg_server_name
+  server_type = var.wg_server_type
+  location = var.wg_server_location
+  labels = {
+    service = "wireguard"
+  }
+  ssh_keys = [
+    hcloud_ssh_key.wg_server_ssh_key.id
+  ]
+  user_data = templatefile("${path.module}/templates/user-data.tpl", {
+    wg_server_own_privatekey = var.wg_server_own_privatekey
+    wg_server_peer_publickeys = var.wg_server_peer_publickeys
+  })
+}

terraform/outputs.tf

@@ -0,0 +1,9 @@
+output "wg_server_ipv4_address" {
+  value = hcloud_server.wg_server.ipv4_address
+  description = "IPv4 address"
+}
+
+output "wg_server_ipv6_address" {
+  value = hcloud_server.wg_server.ipv6_address
+  description = "IPv6 address"
+}

terraform/templates/user-data.tpl

@@ -0,0 +1,17 @@
+#cloud-config
+
+write_files:
+  - path: "/etc/wireguard/wg0-privatekey"
+    owner: "root:root"
+    permissions: "0600"
+    content: |
+      ${wg_server_own_privatekey}
+  - path: "/etc/wireguard/wg0-peers.conf"
+    owner: "root:root"
+    permissions: "0644"
+    content: |
+      %{~ for index, pubkey in wg_server_peer_publickeys ~}
+      [Peer]
+      PublicKey = ${pubkey}
+      AllowedIPs = 10.10.10.${index+2}/32, fd10:10:10::${index+2}/128
+      %{~ endfor ~}

terraform/terraform.tfvars.sample

@@ -0,0 +1,11 @@
+hcloud_api_token = ""
+
+wg_server_name = ""
+wg_server_type = ""
+wg_server_location = ""
+
+wg_server_ssh_publickey = ""
+wg_server_ssh_publickey_name = ""
+
+wg_server_own_privatekey = ""
+wg_server_peer_publickeys = []

terraform/variables.tf

@@ -0,0 +1,42 @@
+variable "hcloud_api_token" {
+  type = string
+  description = "Hetzner Cloud API token"
+}
+
+variable "wg_server_name" {
+  type = string
+  description = "Server name"
+  default = "wireguard"
+}
+
+variable "wg_server_type" {
+  type = string
+  description = "Server type"
+  default = "cx11"
+}
+
+variable "wg_server_location" {
+  type = string
+  description = "Server location"
+  default = "fsn1"
+}
+
+variable "wg_server_ssh_publickey" {
+  type = string
+  description = "SSH public key"
+}
+
+variable "wg_server_ssh_publickey_name" {
+  type = string
+  description = "SSH public key name"
+}
+
+variable "wg_server_own_privatekey" {
+  type = string
+  description = "WireGuard private key"
+}
+
+variable "wg_server_peer_publickeys" {
+  type = list(string)
+  description = "WireGuard peer public keys"
+}