a593af9b27
Sanitized for public release: - Removed all API keys, tokens, and secrets - Removed personal Discord IDs from hermes-openclaw.json - Updated git URLs to be generic placeholders - All sensitive data uses environment variable interpolation
124 lines
No EOL
3.2 KiB
HCL
124 lines
No EOL
3.2 KiB
HCL
# Hetzner Cloud Provider Resources
|
|
# Conditionally created when var.cloud_provider == "hetzner"
|
|
|
|
# =============================================================================
|
|
# SSH KEY DATA SOURCE
|
|
# =============================================================================
|
|
|
|
data "hcloud_ssh_key" "keys" {
|
|
for_each = toset(var.ssh_key_names)
|
|
name = each.key
|
|
}
|
|
|
|
# =============================================================================
|
|
# NETWORK (Optional - for multi-server deployments)
|
|
# =============================================================================
|
|
|
|
resource "hcloud_network" "agent" {
|
|
count = var.create_network && local.is_hetzner ? 1 : 0
|
|
|
|
name = "${var.server_name}-network"
|
|
ip_range = var.network_ip_range
|
|
}
|
|
|
|
resource "hcloud_network_subnet" "agent" {
|
|
count = var.create_network && local.is_hetzner ? 1 : 0
|
|
|
|
network_id = hcloud_network.agent[0].id
|
|
type = "cloud"
|
|
network_zone = var.network_zone
|
|
ip_range = cidrsubnet(var.network_ip_range, 8, 0)
|
|
}
|
|
|
|
# =============================================================================
|
|
# FIREWALL
|
|
# =============================================================================
|
|
|
|
resource "hcloud_firewall" "agent" {
|
|
count = local.is_hetzner ? 1 : 0
|
|
|
|
name = "${var.server_name}-firewall"
|
|
|
|
# Inbound: SSH only
|
|
rule {
|
|
direction = "in"
|
|
protocol = "tcp"
|
|
port = tostring(var.ssh_port)
|
|
source_ips = var.ssh_allowed_ips
|
|
}
|
|
|
|
# Outbound: Allow all
|
|
rule {
|
|
direction = "out"
|
|
protocol = "tcp"
|
|
port = "1-65535"
|
|
destination_ips = ["0.0.0.0/0", "::/0"]
|
|
}
|
|
|
|
rule {
|
|
direction = "out"
|
|
protocol = "udp"
|
|
port = "1-65535"
|
|
destination_ips = ["0.0.0.0/0", "::/0"]
|
|
}
|
|
|
|
rule {
|
|
direction = "out"
|
|
protocol = "icmp"
|
|
destination_ips = ["0.0.0.0/0", "::/0"]
|
|
}
|
|
}
|
|
|
|
# =============================================================================
|
|
# SERVER
|
|
# =============================================================================
|
|
|
|
resource "hcloud_server" "agent" {
|
|
count = local.is_hetzner ? 1 : 0
|
|
|
|
name = var.server_name
|
|
image = var.server_image
|
|
server_type = var.server_type_hetzner
|
|
location = var.location_hetzner
|
|
|
|
ssh_keys = [for key in data.hcloud_ssh_key.keys : key.id]
|
|
|
|
# Network attachment (if enabled)
|
|
dynamic "network" {
|
|
for_each = var.create_network ? [1] : []
|
|
content {
|
|
network_id = hcloud_network.agent[0].id
|
|
}
|
|
}
|
|
|
|
# Labels for organization
|
|
labels = {
|
|
project = var.project_name
|
|
environment = var.environment
|
|
framework = var.agent_framework
|
|
managed = "terraform"
|
|
}
|
|
|
|
# Firewall attachment
|
|
firewall_ids = [hcloud_firewall.agent[0].id]
|
|
|
|
# Cloud-init user data
|
|
user_data = local.userdata
|
|
|
|
# Public IPv4 and IPv6 (enabled by default)
|
|
public_net {
|
|
ipv4_enabled = true
|
|
ipv6_enabled = true
|
|
}
|
|
}
|
|
|
|
# =============================================================================
|
|
# FIREWALL ATTACHMENT (Reference)
|
|
# =============================================================================
|
|
|
|
resource "hcloud_firewall_attachment" "agent" {
|
|
count = local.is_hetzner ? 1 : 0
|
|
|
|
firewall_id = hcloud_firewall.agent[0].id
|
|
server_ids = [hcloud_server.agent[0].id]
|
|
} |