From 7763e347a7e8bf6e43a54984a6115de9f0e13f00 Mon Sep 17 00:00:00 2001
From: Johannes Rothe <mail@johannes-rothe.de>
Date: Tue, 12 Sep 2023 21:20:24 +0200
Subject: [PATCH] Loadbalancer terraform config

---
 terraform/main.tf                             |  4 ++
 terraform/modules/loadbalancer/main.tf        | 49 ++++++++++++-------
 terraform/modules/loadbalancer/outputs.tf     |  3 ++
 terraform/modules/loadbalancer/variables.tf   | 15 ++++++
 .../modules/private-server-group/main.tf      | 12 ++++-
 .../modules/private-server-group/outputs.tf   |  4 ++
 .../modules/private-server-group/variables.tf |  5 ++
 terraform/prod.tfvars                         |  8 +++
 terraform/variables.tf                        | 10 ++++
 9 files changed, 90 insertions(+), 20 deletions(-)
 create mode 100644 terraform/prod.tfvars

diff --git a/terraform/main.tf b/terraform/main.tf
index af9ec6e..8f17128 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -4,12 +4,16 @@ module "private_server_group" {
   network_zone               = var.network_zone
   server_count               = var.server_count
   server_subnetwork_ip_range = var.subnetwork_ip_range
+  ssh_keys                   = var.ssh_keys
 }
 
 module "loadbalancer" {
   source         = "./modules/loadbalancer"
   location       = var.location
   subnet_id      = module.private_server_group.subnetwork_id
+  network_id     = module.private_server_group.network_id
   lb_internal_ip = var.lb_internal_ip
   lb_external_ip = var.lb_external_ip
+  lb_service_id  = var.lb_service_id
+  ssh_key_ids    = module.private_server_group.ssh_key_ids
 }
diff --git a/terraform/modules/loadbalancer/main.tf b/terraform/modules/loadbalancer/main.tf
index c863537..bb009e6 100644
--- a/terraform/modules/loadbalancer/main.tf
+++ b/terraform/modules/loadbalancer/main.tf
@@ -1,26 +1,39 @@
-resource "hcloud_load_balancer" "main" {
-  name               = "main"
-  load_balancer_type = var.lb_type
-  location           = var.location
-  algorithm {
-    type = var.lb_algorithm
+resource "hcloud_server" "lb" {
+  name        = "LB"
+  image       = "ubuntu-22.04"
+  server_type = "cx21"
+  location    = var.location
+  labels = {
+    app = "lb"
+  }
+  ssh_keys = var.ssh_key_ids
+
+  public_net {
+    ipv4_enabled = true
+    ipv6_enabled = false
+  }
+
+  network {
+    network_id = var.network_id
+    ip         = var.lb_internal_ip
   }
 }
 
-resource "hcloud_load_balancer_network" "main" {
-  load_balancer_id = hcloud_load_balancer.main.id
-  subnet_id        = var.subnet_id
-  ip               = var.lb_internal_ip
-}
-
 resource "hcloud_load_balancer_target" "main" {
-  type             = "label_selector"
-  load_balancer_id = hcloud_load_balancer.main.id
-  label_selector   = "app=web"
+  type             = "server"
+  load_balancer_id = var.lb_service_id
   use_private_ip   = true
+  server_id        = hcloud_server.lb.id
 }
 
-resource "hcloud_load_balancer_service" "main" {
-  load_balancer_id = hcloud_load_balancer.main.id
-  protocol         = "http"
+resource "hcloud_load_balancer_network" "main" {
+  load_balancer_id = var.lb_service_id
+  network_id       = var.network_id
+}
+
+resource "hcloud_load_balancer_service" "load_balancer_service" {
+  load_balancer_id = var.lb_service_id
+  protocol         = "tcp"
+  listen_port      = 443
+  destination_port = 443
 }
diff --git a/terraform/modules/loadbalancer/outputs.tf b/terraform/modules/loadbalancer/outputs.tf
index e69de29..a8d1d66 100644
--- a/terraform/modules/loadbalancer/outputs.tf
+++ b/terraform/modules/loadbalancer/outputs.tf
@@ -0,0 +1,3 @@
+output "lb_public_ip" {
+  value = hcloud_server.lb.ipv4_address
+}
diff --git a/terraform/modules/loadbalancer/variables.tf b/terraform/modules/loadbalancer/variables.tf
index 7610bae..858fcbe 100644
--- a/terraform/modules/loadbalancer/variables.tf
+++ b/terraform/modules/loadbalancer/variables.tf
@@ -34,7 +34,22 @@ variable "lb_internal_ip" {
   type        = string
 }
 
+variable "lb_service_id" {
+  description = "ID of the loadbalancer service to attach to"
+  type        = number
+}
+
 variable "subnet_id" {
   description = "ID of the subnetwork to attach the loadbalancer to"
   type        = string
 }
+
+variable "network_id" {
+  description = "ID of the network to attach the loadbalancer to"
+  type        = string
+}
+
+variable "ssh_key_ids" {
+  description = "SSH key IDs to add to the loadbalancer server"
+  type        = list(number)
+}
diff --git a/terraform/modules/private-server-group/main.tf b/terraform/modules/private-server-group/main.tf
index c11756a..a6ba846 100644
--- a/terraform/modules/private-server-group/main.tf
+++ b/terraform/modules/private-server-group/main.tf
@@ -8,14 +8,16 @@ resource "hcloud_server" "private_node" {
     app = "web"
   }
 
+  ssh_keys = hcloud_ssh_key.main[*].id
+
   public_net {
-    ipv4_enabled = false
+    ipv4_enabled = true
     ipv6_enabled = false
   }
 
   network {
     network_id = hcloud_network.main.id
-    ip         = cidrhost(hcloud_network_subnet.main.ip_range, count.index + 2)
+    ip         = cidrhost(hcloud_network_subnet.main.ip_range, count.index + 3)
   }
   depends_on = [
     hcloud_network_subnet.main
@@ -33,3 +35,9 @@ resource "hcloud_network_subnet" "main" {
   network_zone = var.network_zone
   ip_range     = var.server_subnetwork_ip_range
 }
+
+resource "hcloud_ssh_key" "main" {
+  count      = length(var.ssh_keys)
+  name       = "ssh-key-${count.index}"
+  public_key = file(var.ssh_keys[count.index])
+}
diff --git a/terraform/modules/private-server-group/outputs.tf b/terraform/modules/private-server-group/outputs.tf
index df32390..7486dfe 100644
--- a/terraform/modules/private-server-group/outputs.tf
+++ b/terraform/modules/private-server-group/outputs.tf
@@ -13,3 +13,7 @@ output "server_name" {
 output "server_network" {
   value = hcloud_server.private_node[*].network
 }
+
+output "ssh_key_ids" {
+  value = hcloud_ssh_key.main[*].id
+}
diff --git a/terraform/modules/private-server-group/variables.tf b/terraform/modules/private-server-group/variables.tf
index f665fb4..02f25c0 100644
--- a/terraform/modules/private-server-group/variables.tf
+++ b/terraform/modules/private-server-group/variables.tf
@@ -42,3 +42,8 @@ variable "server_subnetwork_ip_range" {
   type        = string
   default     = "10.0.0.0/24"
 }
+
+variable "ssh_keys" {
+  description = "SSH keys to add to the servers"
+  type        = list(string)
+}
diff --git a/terraform/prod.tfvars b/terraform/prod.tfvars
new file mode 100644
index 0000000..a674aa8
--- /dev/null
+++ b/terraform/prod.tfvars
@@ -0,0 +1,8 @@
+location            = "nbg1"
+network_zone        = "eu-central"
+server_count        = 1
+subnetwork_ip_range = "10.0.0.0/24"
+lb_internal_ip      = "10.0.0.100"
+lb_external_ip      = "167.235.105.161"
+lb_service_id       = 1399502
+ssh_keys            = ["rothe.pub"]
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 3d01a8c..9bdbaf9 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -33,3 +33,13 @@ variable "lb_internal_ip" {
   description = "Internal IP address of the loadbalancer"
   type        = string
 }
+
+variable "lb_service_id" {
+  description = "ID of the loadbalancer service to attach to"
+  type        = number
+}
+
+variable "ssh_keys" {
+  description = "SSH keys to add to servers"
+  type        = list(string)
+}