Deploy firewall
This commit is contained in:
parent
6796067e18
commit
2718ea4106
24
terraform/.terraform.lock.hcl
Normal file
24
terraform/.terraform.lock.hcl
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
# This file is maintained automatically by "terraform init".
|
||||||
|
# Manual edits may be lost in future updates.
|
||||||
|
|
||||||
|
provider "registry.terraform.io/hetznercloud/hcloud" {
|
||||||
|
version = "1.32.1"
|
||||||
|
constraints = "~> 1.32.1"
|
||||||
|
hashes = [
|
||||||
|
"h1:RfLu8m+y3fKf5FrDJarSp06KS4R75yZxPy9n+Df5PjM=",
|
||||||
|
"zh:043e941caf46b3a37cae5f2f9c1b7ce2b30f0b492bada6f3d8d6a7384f5cb7b2",
|
||||||
|
"zh:055835d483dd172e7b0e500f9dd789353e32c9328d51793b8d88451df4e92067",
|
||||||
|
"zh:3dd5a0006ab7f464a2bca8c5a46e583c6f09ba66aeff1ca847397b61fc823597",
|
||||||
|
"zh:3f0444956fdcb059ee9ea54f51af016d86f297477335f519256ca158a75c5e59",
|
||||||
|
"zh:569a80f0c9e2f5fb121d9050bc10d6e6ba30507e2e985b809a2613dcb5bdc095",
|
||||||
|
"zh:5e7e8499e62408d784d4c886827d421962134a3efda5f5f4f8794f9b1c17190c",
|
||||||
|
"zh:67b48380e144ba4c31fff41442cbf53463eba285321d4283430b605285048923",
|
||||||
|
"zh:7ddc434dbefecc6b1934f683f54ad5552c9e466b5e256b9cfe67f7b28ffecc7d",
|
||||||
|
"zh:87c0b5f4f6b3121cc81935ccb8598a58bda20c7f96f8a4270ecb0b6b2096ba40",
|
||||||
|
"zh:891d2234146c3fbc2fe6d2a0c176cefd01d16d2d1d25eebe6e15909aac4a1ddf",
|
||||||
|
"zh:a90ced7f84d8bdd64afd00c69ea9e2b1ed43314da020860c31ff266b3716d1f0",
|
||||||
|
"zh:b8c86266d9f4ae4d2cca8f3f7d58a48d0c000f16aa21a733bb81c760efa690f7",
|
||||||
|
"zh:bf8fdd6eb8619dc20d85d418ed910a79af0b28bf79ac3a4029f0d0ae032c9c7d",
|
||||||
|
"zh:d6d87b405c0fd5e576a7e0a8976689d555299806484fdacca205537367d92f37",
|
||||||
|
]
|
||||||
|
}
|
@ -2,7 +2,7 @@ terraform {
|
|||||||
required_providers {
|
required_providers {
|
||||||
hcloud = {
|
hcloud = {
|
||||||
source = "hetznercloud/hcloud"
|
source = "hetznercloud/hcloud"
|
||||||
version = "~> 1.26.2"
|
version = "~> 1.32.1"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -16,23 +16,59 @@ data "hcloud_image" "wg_image" {
|
|||||||
most_recent = true
|
most_recent = true
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "hcloud_ssh_key" "wg_server_ssh_key" {
|
resource "hcloud_firewall" "wg_firewall" {
|
||||||
public_key = var.wg_server_ssh_publickey
|
name = var.wg_firewall_name
|
||||||
name = var.wg_server_ssh_publickey_name
|
labels = { service = "wireguard" }
|
||||||
|
rule {
|
||||||
|
description = "ICMP"
|
||||||
|
direction = "in"
|
||||||
|
protocol = "icmp"
|
||||||
|
source_ips = ["0.0.0.0/0", "::0/0"]
|
||||||
|
}
|
||||||
|
rule {
|
||||||
|
description = "SSH"
|
||||||
|
direction = "in"
|
||||||
|
protocol = "tcp"
|
||||||
|
port = "122"
|
||||||
|
source_ips = ["0.0.0.0/0", "::0/0"]
|
||||||
|
}
|
||||||
|
rule {
|
||||||
|
description = "WireGuard"
|
||||||
|
direction = "in"
|
||||||
|
protocol = "udp"
|
||||||
|
port = "51820"
|
||||||
|
source_ips = ["0.0.0.0/0", "::0/0"]
|
||||||
|
}
|
||||||
|
rule {
|
||||||
|
description = "WireGuard"
|
||||||
|
direction = "in"
|
||||||
|
protocol = "udp"
|
||||||
|
port = "53"
|
||||||
|
source_ips = ["0.0.0.0/0", "::0/0"]
|
||||||
|
}
|
||||||
|
rule {
|
||||||
|
description = "WireGuard"
|
||||||
|
direction = "in"
|
||||||
|
protocol = "tcp"
|
||||||
|
port = "443"
|
||||||
|
source_ips = ["0.0.0.0/0", "::0/0"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hcloud_ssh_key" "wg_ssh_key" {
|
||||||
|
public_key = var.wg_ssh_publickey
|
||||||
|
name = var.wg_ssh_publickey_name
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "hcloud_server" "wg_server" {
|
resource "hcloud_server" "wg_server" {
|
||||||
image = data.hcloud_image.wg_image.id
|
image = data.hcloud_image.wg_image.id
|
||||||
name = var.wg_server_name
|
name = var.wg_server_name
|
||||||
server_type = var.wg_server_type
|
server_type = var.wg_server_type
|
||||||
location = var.wg_server_location
|
location = var.wg_server_location
|
||||||
labels = {
|
labels = { service = "wireguard" }
|
||||||
service = "wireguard"
|
firewall_ids = [hcloud_firewall.wg_firewall.id]
|
||||||
}
|
ssh_keys = [hcloud_ssh_key.wg_ssh_key.id]
|
||||||
ssh_keys = [
|
user_data = templatefile("${path.module}/templates/user-data.tpl", {
|
||||||
hcloud_ssh_key.wg_server_ssh_key.id
|
|
||||||
]
|
|
||||||
user_data = templatefile("${path.module}/templates/user-data.tpl", {
|
|
||||||
wg_server_wg_privatekey = var.wg_server_wg_privatekey
|
wg_server_wg_privatekey = var.wg_server_wg_privatekey
|
||||||
wg_server_wg_peer_publickeys = var.wg_server_wg_peer_publickeys
|
wg_server_wg_peer_publickeys = var.wg_server_wg_peer_publickeys
|
||||||
})
|
})
|
||||||
|
@ -4,8 +4,10 @@ wg_server_name = ""
|
|||||||
wg_server_type = ""
|
wg_server_type = ""
|
||||||
wg_server_location = ""
|
wg_server_location = ""
|
||||||
|
|
||||||
wg_server_ssh_publickey = ""
|
|
||||||
wg_server_ssh_publickey_name = ""
|
|
||||||
|
|
||||||
wg_server_wg_privatekey = ""
|
wg_server_wg_privatekey = ""
|
||||||
wg_server_wg_peer_publickeys = []
|
wg_server_wg_peer_publickeys = []
|
||||||
|
|
||||||
|
wg_firewall_name = ""
|
||||||
|
|
||||||
|
wg_ssh_publickey = ""
|
||||||
|
wg_ssh_publickey_name = ""
|
||||||
|
@ -22,22 +22,30 @@ variable "wg_server_location" {
|
|||||||
default = "fsn1"
|
default = "fsn1"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "wg_server_ssh_publickey" {
|
|
||||||
type = string
|
|
||||||
description = "SSH public key"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "wg_server_ssh_publickey_name" {
|
|
||||||
type = string
|
|
||||||
description = "SSH public key name"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "wg_server_wg_privatekey" {
|
variable "wg_server_wg_privatekey" {
|
||||||
type = string
|
type = string
|
||||||
description = "WireGuard private key"
|
description = "WireGuard private key"
|
||||||
|
default = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "wg_server_wg_peer_publickeys" {
|
variable "wg_server_wg_peer_publickeys" {
|
||||||
type = list(string)
|
type = list(string)
|
||||||
description = "WireGuard peer public keys"
|
description = "WireGuard peer public keys"
|
||||||
|
default = []
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "wg_firewall_name" {
|
||||||
|
type = string
|
||||||
|
description = "Firewall name"
|
||||||
|
default = "wireguard"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "wg_ssh_publickey" {
|
||||||
|
type = string
|
||||||
|
description = "SSH public key"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "wg_ssh_publickey_name" {
|
||||||
|
type = string
|
||||||
|
description = "SSH public key name"
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user