define all networks, servers & firewall rules

defines server backup & publicNet
removed variables from config
2026-01-07 18:05:53 +00:00 · 2025-12-29 17:50:06 +01:00 · 2025-12-29 17:49:40 +01:00 · 2025-12-29 17:48:13 +01:00
3 changed files with 64 additions and 36 deletions
--- a/hetzner-pulumi/index.ts
+++ b/hetzner-pulumi/index.ts
@@ -1,8 +1,10 @@
-import {  
+import {
  subNetwork,
  regionalNetwork,
+  allowHttp,
+  allowSSH,
 } from "./resources/network";
-import { genServer } from "./resources/compute";
+import { server } from "./resources/compute";

 import {
  VmSize,
@@ -12,9 +14,11 @@ import {
  ServerLocations,
 } from "./resources/types";

+// regional vnet
 const eu = regionalNetwork("ha", "10.24.0.0/18", NetworkRegion.eu);
 const usEast = regionalNetwork("ha", "10.25.0.0/18", NetworkRegion.usEast);

+// subnets for reginal vnets
 const network = {
  eu: {
    lb: subNetwork(eu, NetworkRole.lb, NetworkRegion.eu, "10.24.1.0/24"),
@@ -22,33 +26,67 @@ const network = {
    web: subNetwork(eu, NetworkRole.web, NetworkRegion.eu, "10.24.3.0/24"),
    // db: subNetwork(eu, NetworkRole.db, "10.24.4.0/24")
  },
-  us: {
-    lb: subNetwork(usEast, NetworkRole.lb, NetworkRegion.usEast, "10.25.1.0/24"),
-    web: subNetwork(usEast, NetworkRole.web, NetworkRegion.usEast, "10.25.2.0/24"),
+  usEast: {
+    lb: subNetwork(
+      usEast,
+      NetworkRole.lb,
+      NetworkRegion.usEast,
+      "10.25.1.0/24",
+    ),
+    cache: subNetwork(
+      usEast,
+      NetworkRole.cache,
+      NetworkRegion.usEast,
+      "10.25.2.0/24",
+    ),
+    web: subNetwork(
+      usEast,
+      NetworkRole.web,
+      NetworkRegion.usEast,
+      "10.25.3.0/24",
+    ),
  },
 };

+// variable un-maps
 const hel1 = ServerLocations.helsinki;
 const hil = ServerLocations.hillsboro;
-
-const haproxyEU1 = genServer("haproxy-1", VmSize.small, OS.debian, hel1, network.eu.lb);
-const haproxyEU2 = genServer("haproxy-2", VmSize.small, OS.debian, hel1, network.eu.lb);
-const haproxyUS1 = genServer("haproxy-1", VmSize.small, OS.debian, hil, network.us.lb);
-
-const haproxyCache1 = genServer("varnish-1", VmSize.small, OS.debian, hel1, network.eu.cache);
-const haproxyCache2 = genServer("varnish-2", VmSize.small, OS.debian, hel1, network.eu.cache);
-// const varnishUS = genServer(2, 'varnish', VmSize.small, OS.debian, hel1, network.us.cache)
-
-export const servers = [
-  haproxyEU1, haproxyEU2, haproxyUS1, haproxyCache1, haproxyCache2
+const [EU_LB, US_LB, EU_CACHE, US_CACHE, EU_WEB, US_WEB] = [
+  network.eu.lb,
+  network.usEast.lb,
+  network.eu.cache,
+  network.usEast.cache,
+  network.eu.web,
+  network.usEast.web,
 ];

+// compute - server resources
+const haEU1 = server("haproxy-1", VmSize.small, OS.debian, hel1, EU_LB);
+const haEU2 = server("haproxy-2", VmSize.small, OS.debian, hel1, EU_LB);
+const haUS1 = server("haproxy-1", VmSize.small, OS.debian, hil, US_LB);
+// const haUS2 = server("haproxy-2", VmSize.small, OS.debian, hil, US_LB);
+
+const cacheEU1 = server("varnish-1", VmSize.small, OS.debian, hel1, EU_CACHE);
+const cacheEU2 = server("varnish-2", VmSize.small, OS.debian, hil, EU_CACHE);
+// const cacheUS1 = server("varnish-1", VmSize.small, OS.debian, hil, US_CACHE);
+// const cacheUS2 = server("varnish-2", VmSize.small, OS.debian, hil, US_CACHE);
+
+const webEU1 = server("web-1", VmSize.small, OS.debian, hel1, EU_WEB);
+// const webEU2 = server("web-2", VmSize.small, OS.debian, hel1, EU_WEB);
+// const webUS1 = server("web-1", VmSize.small, OS.debian, hil, US_WEB);
+
+// firewall & exports
+export const firewalls = [allowHttp, allowSSH];
+
+// exports contd.
+export const servers = [haEU1, haEU2, haUS1, cacheEU1, cacheEU2, webEU1];
+
 export const networks = [
  eu,
  usEast,
  network.eu.lb,
  network.eu.cache,
  network.eu.web,
-  network.us.lb,
-  network.us.web,
+  network.usEast.lb,
+  network.usEast.web,
 ];
--- a/hetzner-pulumi/resources/compute.ts
+++ b/hetzner-pulumi/resources/compute.ts
@@ -13,20 +13,13 @@ const serverLabels = {
  env: pulumi.getStack(),
 };

-/*
-function getSshPublicKey(): hcloud.SshKey {
-  const sshPublicKey = config.require("sshPublicKey"); 
-  return sshKey;
-}
-*/
-
-  const sshPublicKey = config.require("sshPublicKey"); 
+const sshPublicKey = config.require("sshPublicKey");
  const sshKey = new hcloud.SshKey("ssh-key", {
    name: `pulumi-${pulumi.getStack()}-ssh`,
    publicKey: sshPublicKey,
  });

-export function genServer(
+export function server(
  name: string,
  size: VmSize,
  os: OS = OS.debian,
@@ -34,6 +27,7 @@ export function genServer(
  network: hcloud.NetworkSubnet
 ): hcloud.Server {
  const ceap = getCheapestServerType('eu');
+
  const hexId = new random.RandomId(`${name}-${location}`, {
    byteLength: 2, // 2 bytes = 4 hex characters
  });
@@ -45,6 +39,11 @@ export function genServer(
    image: os,
    serverType: ceap,
    location,
+    backups: false,
+    publicNets: [{
+        ipv4Enabled: false,
+        ipv6Enabled: true,
+    }],
    networks: [network],
    sshKeys: [sshKey.name],
    labels: serverLabels
--- a/hetzner-pulumi/resources/config.ts
+++ b/hetzner-pulumi/resources/config.ts
@@ -2,15 +2,6 @@ import * as pulumi from "@pulumi/pulumi";

 const config = new pulumi.Config();

-const variables = {
-  osImage: config.get("image") || "debian-11",
-  machineType: config.get("serverType") || "f1-micro",
-  machineLocation:  config.get("location") || "hel1",
-  instanceTag:  config.get("instanceTag") || "webserver",
-  servicePort: config.get("servicePort") || "80" 
-}
-
 export {
-  variables,
  config
 }
Author	SHA1	Message	Date
Kevin Midboe	1fd7cfe01d	define all networks, servers & firewall rules	2025-12-29 17:50:06 +01:00
Kevin Midboe	6e9506265f	defines server backup & publicNet	2025-12-29 17:49:40 +01:00
Kevin Midboe	cbb6c9034c	removed variables from config	2025-12-29 17:48:13 +01:00