-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
103 lines (95 loc) · 2.84 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
locals {
environment = "dev"
region = "europe-west4"
zone = "europe-west4-a"
project = "pj-basic-tf-main"
}
provider "google" {
project = local.project
region = local.region
}
module "network" {
source = "git@github.com:ijsvogel/tf-modules.git//network/basic"
vpcs = {
"nw-dev-example" = {
project = local.project
description = "VPC Network for Ijsvogel prod"
routing_mode = "REGIONAL"
environment = local.environment
name = "example"
skip_default_deny_fw = true # Default deny all egress rule
subnets = {
"nwr-nl" = {
name = "nl"
region = local.region
cidr_primary = "10.0.0.0/24"
private_google_access = true
secondary_ranges = {}
}
}
}
}
firewalls = {
"nw-dev-example" = {
project = local.project
network = "nw-dev-example"
ingress_allow_tag = {} # Used For internal communication (vm -> vm inside same VPC)
ingress_allow_range = {
"allow-ssh-http" = {
description = "Allow SSH from public to bastion"
source_ranges = ["0.0.0.0/0"]
priority = 1000
target_tags = []
protocols = {
"tcp" = ["22", "80", "8080"]
}
}
}
egress_allow_range = {
# Allow all internal networking
"allow-all" = {
description = "Allow all egress"
destination_ranges = ["0.0.0.0/0"]
priority = 1000
target_tags = []
protocols = {
"all" = []
}
}
}
egress_deny_range = {}
}
}
}
module "compute_instance" {
source = "git@github.com:ijsvogel/tf-modules.git//compute/compute_engine/v0.0.1"
project_id = "pj-basic-tf-main"
num_instances = 1
hostname = "web-server-vm"
name_prefix = "dev"
subnetwork = module.network.sub_networks["nw-dev-example"]["nwr-nl"].self_link
region = local.region
zone = local.zone
deletion_protection = false
enable_public_ip = true
machine_type = "f1-micro" # Defaults to e2-small
labels = {
environment = "dev"
}
service_account = {
email = "1071561576304-compute@developer.gserviceaccount.com"
scopes = ["cloud-platform"]
}
network_tags = ["bastion-host"]
metadata = {
"enable-oslogin" = "FALSE"
}
startup_script = <<EOF
curl https://github.com/Milo-devoteam/whalesayer/releases/download/v0.1.0/whalesayer-amd64 -Lo /usr/local/bin/whalesayer
apt update && apt install cowsay
chmod 755 /usr/local/bin/whalesayer
export COW_PATH=/usr/share/cowsay/cows
export PORT=8080
whalesayer
EOF
}