define all networks, servers & firewall rules

hetzner-pulumi/index.ts

@@ -1,8 +1,10 @@
-import {  
+import {
   subNetwork,
   regionalNetwork,
+  allowHttp,
+  allowSSH,
 } from "./resources/network";
-import { genServer } from "./resources/compute";
+import { server } from "./resources/compute";
 
 import {
   VmSize,
@@ -12,9 +14,11 @@ import {
   ServerLocations,
 } from "./resources/types";
 
+// regional vnet
 const eu = regionalNetwork("ha", "10.24.0.0/18", NetworkRegion.eu);
 const usEast = regionalNetwork("ha", "10.25.0.0/18", NetworkRegion.usEast);
 
+// subnets for reginal vnets
 const network = {
   eu: {
     lb: subNetwork(eu, NetworkRole.lb, NetworkRegion.eu, "10.24.1.0/24"),
@@ -22,33 +26,67 @@ const network = {
     web: subNetwork(eu, NetworkRole.web, NetworkRegion.eu, "10.24.3.0/24"),
     // db: subNetwork(eu, NetworkRole.db, "10.24.4.0/24")
   },
-  us: {
+  usEast: {
-    lb: subNetwork(usEast, NetworkRole.lb, NetworkRegion.usEast, "10.25.1.0/24"),
+    lb: subNetwork(
-    web: subNetwork(usEast, NetworkRole.web, NetworkRegion.usEast, "10.25.2.0/24"),
+      usEast,
+      NetworkRole.lb,
+      NetworkRegion.usEast,
+      "10.25.1.0/24",
+    ),
+    cache: subNetwork(
+      usEast,
+      NetworkRole.cache,
+      NetworkRegion.usEast,
+      "10.25.2.0/24",
+    ),
+    web: subNetwork(
+      usEast,
+      NetworkRole.web,
+      NetworkRegion.usEast,
+      "10.25.3.0/24",
+    ),
   },
 };
 
+// variable un-maps
 const hel1 = ServerLocations.helsinki;
 const hil = ServerLocations.hillsboro;
-
+const [EU_LB, US_LB, EU_CACHE, US_CACHE, EU_WEB, US_WEB] = [
-const haproxyEU1 = genServer("haproxy-1", VmSize.small, OS.debian, hel1, network.eu.lb);
+  network.eu.lb,
-const haproxyEU2 = genServer("haproxy-2", VmSize.small, OS.debian, hel1, network.eu.lb);
+  network.usEast.lb,
-const haproxyUS1 = genServer("haproxy-1", VmSize.small, OS.debian, hil, network.us.lb);
+  network.eu.cache,
-
+  network.usEast.cache,
-const haproxyCache1 = genServer("varnish-1", VmSize.small, OS.debian, hel1, network.eu.cache);
+  network.eu.web,
-const haproxyCache2 = genServer("varnish-2", VmSize.small, OS.debian, hel1, network.eu.cache);
+  network.usEast.web,
-// const varnishUS = genServer(2, 'varnish', VmSize.small, OS.debian, hel1, network.us.cache)
-
-export const servers = [
-  haproxyEU1, haproxyEU2, haproxyUS1, haproxyCache1, haproxyCache2
 ];
 
+// compute - server resources
+const haEU1 = server("haproxy-1", VmSize.small, OS.debian, hel1, EU_LB);
+const haEU2 = server("haproxy-2", VmSize.small, OS.debian, hel1, EU_LB);
+const haUS1 = server("haproxy-1", VmSize.small, OS.debian, hil, US_LB);
+// const haUS2 = server("haproxy-2", VmSize.small, OS.debian, hil, US_LB);
+
+const cacheEU1 = server("varnish-1", VmSize.small, OS.debian, hel1, EU_CACHE);
+const cacheEU2 = server("varnish-2", VmSize.small, OS.debian, hil, EU_CACHE);
+// const cacheUS1 = server("varnish-1", VmSize.small, OS.debian, hil, US_CACHE);
+// const cacheUS2 = server("varnish-2", VmSize.small, OS.debian, hil, US_CACHE);
+
+const webEU1 = server("web-1", VmSize.small, OS.debian, hel1, EU_WEB);
+// const webEU2 = server("web-2", VmSize.small, OS.debian, hel1, EU_WEB);
+// const webUS1 = server("web-1", VmSize.small, OS.debian, hil, US_WEB);
+
+// firewall & exports
+export const firewalls = [allowHttp, allowSSH];
+
+// exports contd.
+export const servers = [haEU1, haEU2, haUS1, cacheEU1, cacheEU2, webEU1];
+
 export const networks = [
   eu,
   usEast,
   network.eu.lb,
   network.eu.cache,
   network.eu.web,
-  network.us.lb,
+  network.usEast.lb,
-  network.us.web,
+  network.usEast.web,
 ];

hetzner-pulumi/resources/compute.ts

@@ -13,20 +13,13 @@ const serverLabels = {
   env: pulumi.getStack(),
 };
 
-/*
+const sshPublicKey = config.require("sshPublicKey");
-function getSshPublicKey(): hcloud.SshKey {
-  const sshPublicKey = config.require("sshPublicKey"); 
-  return sshKey;
-}
-*/
-
-  const sshPublicKey = config.require("sshPublicKey"); 
   const sshKey = new hcloud.SshKey("ssh-key", {
     name: `pulumi-${pulumi.getStack()}-ssh`,
     publicKey: sshPublicKey,
   });
 
-export function genServer(
+export function server(
   name: string,
   size: VmSize,
   os: OS = OS.debian,
@@ -34,6 +27,7 @@ export function genServer(
   network: hcloud.NetworkSubnet
 ): hcloud.Server {
   const ceap = getCheapestServerType('eu');
+
   const hexId = new random.RandomId(`${name}-${location}`, {
     byteLength: 2, // 2 bytes = 4 hex characters
   });
@@ -45,6 +39,11 @@ export function genServer(
     image: os,
     serverType: ceap,
     location,
+    backups: false,
+    publicNets: [{
+        ipv4Enabled: false,
+        ipv6Enabled: true,
+    }],
     networks: [network],
     sshKeys: [sshKey.name],
     labels: serverLabels

hetzner-pulumi/resources/config.ts

@@ -2,15 +2,6 @@ import * as pulumi from "@pulumi/pulumi";
 
 const config = new pulumi.Config();
 
-const variables = {
-  osImage: config.get("image") || "debian-11",
-  machineType: config.get("serverType") || "f1-micro",
-  machineLocation:  config.get("location") || "hel1",
-  instanceTag:  config.get("instanceTag") || "webserver",
-  servicePort: config.get("servicePort") || "80" 
-}
-
 export {
-  variables,
   config
 }