diff --git a/images/koolbox/Dockerfile b/images/koolbox/Dockerfile
index 9de6088fda2467617f0b7d37cfd8d30c075dfab6..16e126f0e6d6e83f5dd76bfe100dbdb892848c09 100644
--- a/images/koolbox/Dockerfile
+++ b/images/koolbox/Dockerfile
@@ -127,7 +127,8 @@ ENV MDBOOK_VERSION=${MDBOOK_VERSION}
RUN curl -L "https://github.com/rust-lang/mdBook/releases/download/${MDBOOK_VERSION}/mdbook-${MDBOOK_VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar xvzf - mdbook \
&& install -o root -g root -m 0755 mdbook /usr/local/bin/mdbook
-
+# Terraform CLI
+FROM FROM docker.io/hashicorp/terraform:1.3.6 AS terraform
# Actual start of container build
FROM quay.io/fedora/fedora:36
@@ -177,6 +178,7 @@ COPY --from=mdbook /usr/local/bin/mdbook /usr/local/bin/mdbook
COPY --from=release-cli /usr/local/bin/release-cli /usr/local/bin/release-cli
COPY --from=git-chglog /usr/local/bin/git-chglog /usr/local/bin/git-chglog
COPY --from=svu /usr/local/bin/svu /usr/local/bin/svu
+COPY --from=terraform /bin/terraform /usr/local/bin/terraform
RUN true \
&& echo "command -v kubectl-krew >/dev/null && export PATH=\"${KREW_ROOT:-$HOME/.krew}/bin:$PATH\"" >> /root/.bashrc \
@@ -188,9 +190,9 @@ RUN true \
&& true
RUN true \
- && kubectl krew install cyclonus \
- && kubectl krew install outdated \
- && kubectl krew install access-matrix \
+ && /usr/local/bin/kubectl krew install cyclonus \
+ && /usr/local/bin/kubectl krew install outdated \
+ && /usr/local/bin/kubectl krew install access-matrix \
&& true
# Create workspace
diff --git a/terraform/k8s01/.terraform.lock.hcl b/terraform/k8s01/.terraform.lock.hcl
new file mode 100644
index 0000000000000000000000000000000000000000..a400b7eb0eeb8baf9cc07880a179dd4431124c10
--- /dev/null
+++ b/terraform/k8s01/.terraform.lock.hcl
@@ -0,0 +1,122 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/cloudflare/cloudflare" {
+ version = "3.29.0"
+ constraints = "3.29.0"
+ hashes = [
+ "h1:iGDvVJ6kdlopyhR3ONeoh8gZWZg8+M/seP7VM7gOp1I=",
+ "zh:0947f7f9e0234aaeb6b5f344de4148a6379d05370937e1c255872697803c17cc",
+ "zh:17abb230abd852e0e4ed9921cd9aaf03336ad4a13a25b1040ed86cdbddf05123",
+ "zh:2ddf550dbdf5c58bbb8d14de6b2dc76627bb92787b99328300fb312c51e12d1f",
+ "zh:4645758bdefe52c1aa260368522aff6fcb4e508c918e9b2c263c9debd7d71684",
+ "zh:6047320a05d07045f7fb4b24c2540600473a94fc15a24ef99339a6690ab47dfe",
+ "zh:6db2d4e4bc3ab8b6107aec80a8041388c2a7722472c5efa6caf8435a453b1f33",
+ "zh:8b6b75a75567ae44a788128aebcbb59cebd9a9dbc4ddc1b05f4455734363d55a",
+ "zh:90c51deb4e96690ed73d8b8498d5ab2d7bb78597861bbef23fab18764371deb0",
+ "zh:9b0f89952afb5d00e31fb745f1ebb4ef677591ca62c002c744d23bcaa0d51e9a",
+ "zh:9cfe38d8ef5515d164f59b5f4ddc14bb8817051ea4efed54cb7834c66492dd79",
+ "zh:acf89e44b8643d52186ef5155c8889845681471abb60a933017cda9bc38d86ef",
+ "zh:c09205c6f1e39994c2f707cce0758a2cd16949b33566a724644593d2a616ea41",
+ "zh:c5412f2868592db091b91361b7a85fa3a1a97282e9e6e1c5883dd5f6b5f2e86c",
+ "zh:ff93702ca9a99863914718ae4214acffa1a72d481c8e1d3254ccf5930a2d7e10",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/http" {
+ version = "3.2.1"
+ hashes = [
+ "h1:DfxMa1zM/0NCFWN5PAxivSHJMNkOAFZvDYQkO72ZQmw=",
+ "zh:088b3b3128034485e11dff8da16e857d316fbefeaaf5bef24cceda34c6980641",
+ "zh:09ed1f2462ea4590b112e048c4af556f0b6eafc7cf2c75bb2ac21cd87ca59377",
+ "zh:39c6b0b4d3f0f65e783c467d3f634e2394820b8aef907fcc24493f21dcf73ca3",
+ "zh:47aab45327daecd33158a36c1a36004180a518bf1620cdd5cfc5e1fe77d5a86f",
+ "zh:4d70a990aa48116ab6f194eef393082c21cf58bece933b63575c63c1d2b66818",
+ "zh:65470c43fda950c7e9ac89417303c470146de984201fff6ef84299ea29e02d30",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:842b4dd63e438f5cd5fdfba1c09b8fdf268e8766e6690988ee24e8b25bfd9e8d",
+ "zh:a167a057f7e2d80c78d4b4057538588131fceb983d5c93b07675ad9eb1aa5790",
+ "zh:d0ba69b62b6db788cfe3cf8f7dc6e9a0eabe2927dc119d7fe3fe6573ee559e66",
+ "zh:e28d24c1d5ff24b1d1cc6f0074a1f41a6974f473f4ff7a37e55c7b6dca68308a",
+ "zh:fde8a50554960e5366fd0e1ca330a7c1d24ae6bbb2888137a5c83d83ce14fd18",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/local" {
+ version = "1.4.0"
+ constraints = "1.4.0"
+ hashes = [
+ "h1:P3mtBQSRp/KhVLJgwdHZRTWaYsT6A9nSwrmKrRZwsW8=",
+ "zh:1b265fcfdce8cc3ccb51969c6d7a61531bf8a6e1218d95c1a74c40f25595c74b",
+ "zh:2ea6d8c503a1119b80a273eacd187516347c00a54990c47d130235e2ad53d163",
+ "zh:38bcc4a224d2c0745015564b0803a368b2bd08d1a3e349783bc4c09c68fde24b",
+ "zh:3fada9c646bf57bcdd6844d7c30153407a2a8100811daa69fc0d674fb39a9d18",
+ "zh:74ccb372e752188ba4ff1b1280222d6fd61bdf29dcf474edb8ea63178897912c",
+ "zh:7a323f05ccd7caa1450301af1bb7cac25e2d6ac799eb581219c2c663e5d9ae3f",
+ "zh:7ef13da7e8ae7129fae8a9c72845d52d4586db496359228ed435aeab2f44aea8",
+ "zh:9df7edb284f5548918b839b18204c6a78ac33b4df070d4e4a5c264bb11152e9c",
+ "zh:b062919beaca2e06fd3b333b700dae664828fe734479e51c2c28b8219286e0fc",
+ "zh:ca9fe963f261236b3f3308f8b4979cdd95dd68281b00c1c18a6d17db07519ac8",
+ "zh:e125e4a7d838e231a88e0efc1e727f5a1807db5c0cad5e1cbaf1b52c560b47c7",
+ "zh:f3c3bbab3785f00433135538bdb697d516bc43f102c1b128a0c1419b172e88f6",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/random" {
+ version = "3.4.3"
+ hashes = [
+ "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
+ "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
+ "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
+ "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
+ "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
+ "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
+ "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
+ "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
+ "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
+ "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
+ "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/template" {
+ version = "2.2.0"
+ constraints = "2.2.0"
+ hashes = [
+ "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
+ "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
+ "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
+ "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
+ "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
+ "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
+ "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
+ "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
+ "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
+ "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
+ "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
+ ]
+}
+
+provider "registry.terraform.io/hetznercloud/hcloud" {
+ version = "1.36.1"
+ constraints = "1.36.1"
+ hashes = [
+ "h1:xZSvxx6aUo0oZp2uqNxi/+wqnCNEBBuu8y7GeXIO9qA=",
+ "zh:16558b25c7f92f187278e94e951b0ab687882b06acff5b1387f3293f27939f8c",
+ "zh:28fc79ac2189ff0f5e6c9535ada8f57552b6e21c978b59dc78e086c27b9e4b23",
+ "zh:373907f9f7f2cefa94e2d5638bf5bef3d3b17e7655dc84dd6089346c6f4f9096",
+ "zh:394716cd877de682a0772d660f1bdb3838c5d751eca2211105d5ede248c48c39",
+ "zh:3c438c6590fcc8ac65a10039b2f5ba9ee379a734cb93a59c6cf74f385d891e87",
+ "zh:3f777a460a62fd23b283c269f1533b3887bf0c5564581e1e96cf294e077f5a8a",
+ "zh:4f62967553d7ce81ec14db7685306b625970ba6640b5764dc0137675ab97af0b",
+ "zh:56da08f8d75f596d6f9da4f0fd16bd60d1733cabcc260e885e1d7a711d6d3d8b",
+ "zh:62776c885bfa8e715dba6662f1744b5251f4cdd523dd4d1e4ccb2e25489593e9",
+ "zh:64cbb68139aa65f95ab3e654d872f9d34ef991fbf667fc30e0f29b96b5e8b4ed",
+ "zh:75a4b7a73ff0a537214d12d820438b7ae7a33d660e5d793f4ae0ebe3152bff00",
+ "zh:7b59d72538772ada7d51eaa50c905285200b1889ab29948b533412ccdf4d18de",
+ "zh:b84eeaa82bf765c6dd945ae83f1a9271fa5fad53b861b18b09cb8deda67dae13",
+ "zh:e81c3ea971e32a6ca3fdb0cd9e644614308ab2cf2a19482dd8a109d67fe3fb6f",
+ ]
+}
diff --git a/terraform/k8s01/firewall.tf b/terraform/k8s01/firewall.tf
new file mode 100644
index 0000000000000000000000000000000000000000..cc6a4efdbd65074318739ba29573e6c7db7ebd6e
--- /dev/null
+++ b/terraform/k8s01/firewall.tf
@@ -0,0 +1,88 @@
+resource "hcloud_firewall" "ingress-web" {
+ name = "ingress-web"
+ apply_to {
+ label_selector = "firewall.hetzner.si-infra.de/web=true"
+ }
+
+ # ICMP is always a good idea
+ #
+ # Network reachability tests
+ rule {
+ direction = "in"
+ protocol = "icmp"
+ source_ips = [
+ "0.0.0.0/0",
+ "::/0"
+ ]
+ }
+
+ # Allow HTTP and HTTPS traffic in
+ rule {
+ direction = "in"
+ protocol = "tcp"
+ port = "80"
+ source_ips = [
+ "0.0.0.0/0",
+ "::/0"
+ ]
+ }
+ rule {
+ direction = "in"
+ protocol = "tcp"
+ port = "443"
+ source_ips = [
+ "0.0.0.0/0",
+ "::/0"
+ ]
+ }
+}
+
+resource "hcloud_firewall" "ingress-email" {
+ name = "ingress-email"
+ apply_to {
+ label_selector = "firewall.hetzner.si-infra.de/email=true"
+ }
+
+ # ICMP is always a good idea
+ #
+ # Network reachability tests
+ rule {
+ direction = "in"
+ protocol = "icmp"
+ source_ips = [
+ "0.0.0.0/0",
+ "::/0"
+ ]
+ }
+
+ # Allow HTTP and HTTPS traffic in
+ rule {
+ direction = "in"
+ protocol = "tcp"
+ port = "25"
+ source_ips = [
+ "0.0.0.0/0",
+ "::/0"
+ ]
+ }
+
+ rule {
+ direction = "in"
+ protocol = "tcp"
+ port = "465"
+ source_ips = [
+ "0.0.0.0/0",
+ "::/0"
+ ]
+ }
+
+ rule {
+ direction = "in"
+ protocol = "tcp"
+ port = "993"
+ source_ips = [
+ "0.0.0.0/0",
+ "::/0"
+ ]
+ }
+}
diff --git a/terraform/k8s01/main.tf b/terraform/k8s01/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..11c35d3c492f5c2a66515bb5ad291c081d49e79e
--- /dev/null
+++ b/terraform/k8s01/main.tf
@@ -0,0 +1,19 @@
+module "gw" {
+ source = "../modules/hcloud_instance"
+ instance_count = 1
+ location = var.location
+ name = "gw"
+ dns_domain = var.dns_domain
+ dns_zone_id = var.dns_zone_id
+ dns_record_aaaa = false
+ image = "fedora-36"
+ user_data = templatefile("templates/cloud-init.tpl", {netbird_key = "${var.netbird_key}"})
+ ssh_keys = data.hcloud_ssh_keys.all_keys.ssh_keys.*.name
+ server_type = "cx11"
+ labels = {
+ "cluster.kubernetes.io/k8s01" = "owner",
+ "firewall.hetzner.si-infra.de/web" = "true",
+ "firewall.hetzner.si-infra.de/email" = "true"
+ }
+ subnet = hcloud_network_subnet.subnet.id
+}
diff --git a/terraform/k8s01/network.tf b/terraform/k8s01/network.tf
new file mode 100644
index 0000000000000000000000000000000000000000..62cc1e08f7143fbe2a804e3f90ae6999b0f03ddb
--- /dev/null
+++ b/terraform/k8s01/network.tf
@@ -0,0 +1,11 @@
+resource "hcloud_network" "network" {
+ name = "hetzner-network"
+ ip_range = var.network_cidr
+}
+
+resource "hcloud_network_subnet" "subnet" {
+ network_id = hcloud_network.network.id
+ type = "server"
+ network_zone = "eu-central"
+ ip_range = var.subnet_cidr
+}
diff --git a/terraform/k8s01/output.tf b/terraform/k8s01/output.tf
new file mode 100644
index 0000000000000000000000000000000000000000..6e469dafd9019bb5a0c21aad12ef7e087db6db1a
--- /dev/null
+++ b/terraform/k8s01/output.tf
@@ -0,0 +1,3 @@
+output "gw" {
+ value = module.gw
+}
diff --git a/terraform/k8s01/provider.tf b/terraform/k8s01/provider.tf
new file mode 100644
index 0000000000000000000000000000000000000000..eac840f084bdc6ce9d8da6a04297c9d5afa3d27e
--- /dev/null
+++ b/terraform/k8s01/provider.tf
@@ -0,0 +1,14 @@
+provider "cloudflare" {
+}
+
+provider "hcloud" {
+}
+
+provider "template" {
+}
+
+provider "local" {
+}
+
+provider "random" {
+}
diff --git a/terraform/k8s01/ssh.tf b/terraform/k8s01/ssh.tf
new file mode 100644
index 0000000000000000000000000000000000000000..db794f29d0e7b7cc56cb41a7ce3a1eedfa203cd5
--- /dev/null
+++ b/terraform/k8s01/ssh.tf
@@ -0,0 +1,2 @@
+data "hcloud_ssh_keys" "all_keys" {
+}
diff --git a/terraform/k8s01/templates/cloud-init.tpl b/terraform/k8s01/templates/cloud-init.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..387868af418ba1e73e328dd0d99a1d72ddb29dab
--- /dev/null
+++ b/terraform/k8s01/templates/cloud-init.tpl
@@ -0,0 +1,79 @@
+#!/bin/bash
+
+set -e
+
+dnf upgrade -y
+
+cat <<EOF | tee /etc/yum.repos.d/wiretrustee.repo
+[Wiretrustee]
+name=Wiretrustee
+baseurl=https://pkgs.wiretrustee.com/yum/
+enabled=1
+gpgcheck=0
+gpgkey=https://pkgs.wiretrustee.com/yum/repodata/repomd.xml.key
+repo_gpgcheck=1
+EOF
+
+dnf install -y netbird
+
+netbird up --setup-key ${netbird_key}
+
+# Install and configure HAProxy
+dnf install -y haproxy
+
+mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.orig
+
+cat <<EOF | tee /etc/haproxy/haproxy.cfg
+listen smtp
+ bind 0.0.0.0:25
+ bind :::25
+ mode tcp
+ option tcplog
+ log stdout format short daemon info
+ timeout connect 7s
+ timeout client 1m
+ timeout server 1m
+ server srv1-smtp mail.k8s01.si-infra.de:10025 send-proxy-v2
+listen l1
+ bind 0.0.0.0:80
+ bind :::80
+ mode tcp
+ timeout connect 4s
+ timeout client 180s
+ timeout server 180s
+ server srv1-http ingress.k8s01.si-infra.de:80 check inter 5s
+listen l2
+ bind 0.0.0.0:443
+ bind :::443
+ mode tcp
+ timeout connect 4s
+ timeout client 180s
+ timeout server 180s
+ server srv1-https ingress.k8s01.si-infra.de:443 check inter 5s
+listen submissions
+ bind 0.0.0.0:465
+ bind :::465
+ mode tcp
+ timeout connect 4s
+ timeout client 180s
+ timeout server 180s
+ server srv1-submissions mail.k8s01.si-infra.de:465
+listen imaps
+ bind 0.0.0.0:993
+ bind :::993
+ mode tcp
+ timeout connect 4s
+ timeout client 180s
+ timeout server 180s
+ server srv1-imaps mail.k8s01.si-infra.de:993 check inter 5s
+
+EOF
+
+systemctl enable --now haproxy.service
+
+# Enable automatic updates
+dnf install -y dnf-automatic
+
+systemctl enable --now dnf-automatic-install.timer
+
+reboot
diff --git a/terraform/k8s01/variables.tf b/terraform/k8s01/variables.tf
new file mode 100644
index 0000000000000000000000000000000000000000..a11edbaebe0722346c33e4499682d80a7fe1dbfa
--- /dev/null
+++ b/terraform/k8s01/variables.tf
@@ -0,0 +1,33 @@
+variable "dns_domain" {
+ type = string
+ description = "Name of the Cloudflare domain"
+}
+
+variable "dns_zone_id" {
+ type = string
+ description = "Zone ID of the Cloudflare domain"
+}
+
+variable "network_cidr" {
+ type = string
+ description = "CIDR for the network"
+ default = "10.2.0.0/24"
+}
+
+variable "subnet_cidr" {
+ type = string
+ description = "CIDR for the subnet"
+ default = "10.2.0.0/28"
+}
+
+variable "location" {
+ type = string
+ description = "Region"
+ default = "nbg1"
+}
+
+
+variable "netbird_key" {
+ type = string
+ description = "NetBird activation key"
+}
\ No newline at end of file
diff --git a/terraform/k8s01/versions.tf b/terraform/k8s01/versions.tf
new file mode 120000
index 0000000000000000000000000000000000000000..8bd0ff1400c92ad24a8bebe8b67a5fbcbae252b2
--- /dev/null
+++ b/terraform/k8s01/versions.tf
@@ -0,0 +1 @@
+../versions.tf
\ No newline at end of file
diff --git a/terraform/modules/hcloud_instance/main.tf b/terraform/modules/hcloud_instance/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..72ea024b250af7505c1ba53db27e2be349cc3103
--- /dev/null
+++ b/terraform/modules/hcloud_instance/main.tf
@@ -0,0 +1,71 @@
+# The MIT License (MIT)
+#
+# Copyright 2021 Simon Lauger
+# Copyright 2022 Christoph (Sheogorath) Kern
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+resource "hcloud_server" "server" {
+ count = var.instance_count
+ name = "${format("${var.name}%02d", count.index + 1)}.${var.dns_domain}"
+ image = var.image
+ server_type = var.server_type
+ keep_disk = var.keep_disk
+ ssh_keys = var.ssh_keys
+ user_data = var.user_data
+ labels = var.labels
+ datacenter = var.datacenter
+ backups = var.backups
+ public_net {
+ ipv4 = element(hcloud_primary_ip.main.*.id, count.index)
+ }
+ lifecycle {
+ ignore_changes = [firewall_ids]
+ }
+}
+
+resource "hcloud_primary_ip" "main" {
+ count = var.instance_count
+ name = "${format("${var.name}%02d", count.index + 1)}.${var.dns_domain}"
+ datacenter = var.datacenter
+ type = "ipv4"
+ assignee_type = "server"
+ auto_delete = false
+}
+
+resource "cloudflare_record" "dns-a" {
+ count = var.instance_count
+ zone_id = var.dns_zone_id
+ name = element(hcloud_server.server.*.name, count.index)
+ value = element(hcloud_server.server.*.ipv4_address, count.index)
+ type = "A"
+ ttl = 1800
+}
+
+resource "cloudflare_record" "dns-aaaa" {
+ count = var.dns_record_aaaa ? var.instance_count : "0"
+ zone_id = var.dns_zone_id
+ name = element(hcloud_server.server.*.name, count.index)
+ value = "${element(hcloud_server.server.*.ipv6_address, count.index)}1"
+ type = "AAAA"
+ ttl = 120
+}
+
+resource "hcloud_rdns" "dns-ptr-ipv4" {
+ count = var.instance_count
+ server_id = element(hcloud_server.server.*.id, count.index)
+ ip_address = element(hcloud_server.server.*.ipv4_address, count.index)
+ dns_ptr = element(hcloud_server.server.*.name, count.index)
+}
+
+resource "hcloud_rdns" "dns-ptr-ipv6" {
+ count = var.instance_count
+ server_id = element(hcloud_server.server.*.id, count.index)
+ ip_address = "${element(hcloud_server.server.*.ipv6_address, count.index)}1"
+ dns_ptr = element(hcloud_server.server.*.name, count.index)
+}
diff --git a/terraform/modules/hcloud_instance/network.tf b/terraform/modules/hcloud_instance/network.tf
new file mode 100644
index 0000000000000000000000000000000000000000..bebdd11533e51e2fc420e42343861e6834185ca6
--- /dev/null
+++ b/terraform/modules/hcloud_instance/network.tf
@@ -0,0 +1,5 @@
+#resource "hcloud_server_network" "server_network" {
+# server_id = element(hcloud_server.server.*.id, count.index)
+# subnet_id = var.subnet
+# count = length(hcloud_server.server.*.id)
+#}
diff --git a/terraform/modules/hcloud_instance/output.tf b/terraform/modules/hcloud_instance/output.tf
new file mode 100644
index 0000000000000000000000000000000000000000..5e0805a6b82a5b94da647fd2d66466e2e73167c8
--- /dev/null
+++ b/terraform/modules/hcloud_instance/output.tf
@@ -0,0 +1,30 @@
+# The MIT License (MIT)
+#
+# Copyright 2021 Simon Lauger
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+output "server_ids" {
+ value = hcloud_server.server.*.id
+}
+
+output "server_names" {
+ value = hcloud_server.server.*.name
+}
+
+#output "internal_ipv4_addresses" {
+# value = hcloud_server_network.server_network.*.ip
+#}
+
+output "ipv4_addresses" {
+ value = hcloud_server.server.*.ipv4_address
+}
+
+output "ipv6_addresses" {
+ value = hcloud_server.server.*.ipv6_address
+}
diff --git a/terraform/modules/hcloud_instance/variables.tf b/terraform/modules/hcloud_instance/variables.tf
new file mode 100644
index 0000000000000000000000000000000000000000..953cdced5646197d791e5b4d6369f8c205f3759d
--- /dev/null
+++ b/terraform/modules/hcloud_instance/variables.tf
@@ -0,0 +1,111 @@
+# The MIT License (MIT)
+#
+# Copyright 2021 Simon Lauger
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+variable "name" {
+ type = string
+ description = "Instance name"
+}
+
+variable "dns_domain" {
+ type = string
+ description = "DNS domain"
+}
+
+variable "dns_zone_id" {
+ description = "Zone ID"
+ default = null
+}
+
+variable "dns_internal_ip" {
+ description = "Point DNS record to internal ip"
+ default = false
+}
+
+variable "dns_record_aaaa" {
+ description = "Create AAAA record"
+ default = true
+}
+
+variable "instance_count" {
+ type = number
+ description = "Number of instances to deploy"
+ default = 1
+}
+
+variable "server_type" {
+ type = string
+ description = "Hetzner Cloud instance type"
+ default = "cx11"
+}
+
+variable "image" {
+ type = string
+ description = "Hetzner Cloud system image"
+ default = "ubuntu-18.04"
+}
+
+variable "user_data" {
+ description = "Cloud-Init user data to use during server creation"
+ default = null
+}
+
+variable "ssh_keys" {
+ type = list(any)
+ description = "SSH key IDs or names which should be injected into the server at creation time"
+ default = []
+}
+
+variable "keep_disk" {
+ type = bool
+ description = "If true, do not upgrade the disk. This allows downgrading the server type later."
+ default = true
+}
+
+variable "labels" {
+ type = map(string)
+ description = "Labels that the instance is tagged with."
+ default = {}
+}
+
+variable "location" {
+ type = string
+ description = "The location name to create the server in. nbg1, fsn1 or hel1"
+ default = "nbg1"
+}
+
+variable "datacenter" {
+ type = string
+ description = "The location name to create the server in. nbg1, fsn1 or hel1"
+ default = "nbg1-dc3"
+}
+
+variable "backups" {
+ type = bool
+ description = "Enable or disable backups"
+ default = false
+}
+
+variable "volume" {
+ type = bool
+ description = "Enable or disable an additional volume"
+ default = false
+}
+
+variable "volume_size" {
+ type = number
+ description = "Size of the additional data volume"
+ default = 20
+}
+
+variable "subnet" {
+ type = string
+ description = "Id of the additional internal network"
+}
diff --git a/terraform/modules/hcloud_instance/versions.tf b/terraform/modules/hcloud_instance/versions.tf
new file mode 120000
index 0000000000000000000000000000000000000000..b7707ec81b9ec1f5743a08b56f8479195b92f036
--- /dev/null
+++ b/terraform/modules/hcloud_instance/versions.tf
@@ -0,0 +1 @@
+../../versions.tf
\ No newline at end of file
diff --git a/terraform/modules/hcloud_instance/volumes.tf b/terraform/modules/hcloud_instance/volumes.tf
new file mode 100644
index 0000000000000000000000000000000000000000..eef1db2746553f84c5ec643ffbd95d8b1206474d
--- /dev/null
+++ b/terraform/modules/hcloud_instance/volumes.tf
@@ -0,0 +1,19 @@
+# The MIT License (MIT)
+#
+# Copyright 2021 Simon Lauger
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+resource "hcloud_volume" "volumes" {
+ name = "${element(hcloud_server.server.*.name, count.index)}-data"
+ size = var.volume_size
+ format = "xfs"
+ automount = false
+ server_id = element(hcloud_server.server.*.id, count.index)
+ count = var.volume == true ? var.instance_count : 0
+}
diff --git a/terraform/versions.tf b/terraform/versions.tf
new file mode 100644
index 0000000000000000000000000000000000000000..396d4216f1a9f861ef8b2c6d09bd251dfcb5dfc0
--- /dev/null
+++ b/terraform/versions.tf
@@ -0,0 +1,21 @@
+terraform {
+ required_providers {
+ cloudflare = {
+ source = "cloudflare/cloudflare"
+ version = "3.29.0"
+ }
+ hcloud = {
+ source = "hetznercloud/hcloud"
+ version = "1.36.1"
+ }
+ template = {
+ source = "hashicorp/template"
+ version = "2.2.0"
+ }
+ local = {
+ source = "hashicorp/local"
+ version = "1.4.0"
+ }
+ }
+ required_version = ">= 0.14"
+}