As I still maintain the demo instance, it's useful to integrate the demo
instance into the current terraform configuration, this allows it to
benefit from further developement of this repository.

The current README and variable descriptions should help anyone
interested in creating their own demo instance equivalent, to deploy
this to their hetzer cloud account. Even if not, it might provide some
nice inspiration regarding the instance handling.

This patch drops the unused subnet variable from the hcloud_instance
module, which wasn't used anyway. This help to make the module fully
compatible with the way the hedgedoc demo instance is deployed.

This patch finally upstreams the currently used terraform setup for the
gateway machine at Hetzner. This should provide better insights into the
infrastructure and help people to learn from the setup.

It also helps to keep the automation level high and using terraform more
actively to keep these servers running.

The gateway server is the frontend reverse proxy for all web-originating
traffic and provides a simple setup, that runs a L4 HAProxy to forward
all traffic to the Kubernetes cluster, where it's terminated and handled.

This allows to keep the cloud server stupid and not being able to
compromise a connection (at least not more than any other middlebox).
This keeps the trust away from the cloud provider.

Currently the resolv.conf was deleted but not properly replaced. This
patch adjust that and makes sure things are put in the right place.

This patch adds the required firewall rules to automatically allow ssh
access from the local machine (but only from this machine) to all
Kubernetes notes.

Internal networks have been removed from the concept. Therefore they
should no longer be mentioned in the README.

Terraform leaves timestamp-based tfstate backups in the terraform
directory, which don't need to remain after a destroy. This patch fixes
the problem by adding the remaining files to the cleanup command ran
after `terraform destory`.

With nginx-ingress in place (or any other ingress-controller), this
patch provides the required DNS entires that can be used directly or as
part of a CNAME entry.

This patch adjust the label selectors for the loadbalancer and splits
into the expected ingress and master labels to correspond with the
firewall rules.