Finished LZ.

main.tf

@@ -33,77 +33,107 @@ module "hub_network" {
   nat = true
 }
 
-module "spoke_network" {
-  source = "./modules/network"
+# module "spoke_network" {
+#   source = "./modules/network"
 
-  name       = "${var.spoke.name}-vpc"
-  project_id = var.spoke.project
+#   name       = "${var.spoke.name}-vpc"
+#   project_id = var.spoke.project
 
-  subnets = [
-    {
-      name   = "${var.spoke.name}-network"
-      cidr   = var.spoke.cidr
-      region = local.spoke_region
-    }
-  ]
+#   subnets = [
+#     {
+#       name   = "${var.spoke.name}-network"
+#       cidr   = var.spoke.cidr
+#       region = local.spoke_region
+#     }
+#   ]
 
-  nat = true
-}
+#   nat = true
+# }
 
-module "hub_to_spoke_peering" {
-  source = "./modules/network-peering"
+# module "hub_to_spoke_peering" {
+#   source = "./modules/network-peering"
 
-  left = {
-    project_id   = var.hub.project
-    network_id   = module.hub_network.id
-    network_name = module.hub_network.name
-  }
+#   left = {
+#     project_id   = var.hub.project
+#     network_id   = module.hub_network.id
+#     network_name = module.hub_network.name
+#   }
 
-  right = {
-    project_id   = var.spoke.project
-    network_id   = module.spoke_network.id
-    network_name = module.spoke_network.name
-  }
+#   right = {
+#     project_id   = var.spoke.project
+#     network_id   = module.spoke_network.id
+#     network_name = module.spoke_network.name
+#   }
 
-  hub_spoke = true
+#   hub_spoke = true
 
-  depends_on = [
-    module.hub_network,
-    module.spoke_network
-  ]
-}
+#   depends_on = [
+#     module.hub_network,
+#     module.spoke_network
+#   ]
+# }
 
-module "gw" {
-  source = "./modules/cloud-vpn"
+# module "gw" {
+#   source = "./modules/cloud-vpn"
 
-  name            = "${var.hub.name}-vpn"
-  network_name    = module.hub_network.name
-  region          = local.hub_region
-  vpn_external_ip = var.vpn_external_ip
-}
+#   name            = "${var.hub.name}-vpn"
+#   network_name    = module.hub_network.name
+#   region          = local.hub_region
+#   vpn_external_ip = var.vpn_external_ip
+# }
 
-module "to_lazurowa" {
-  source        = "./modules/cloud-vpn-tunnel"
-  name          = "${var.hub.name}-to-lazurowa"
-  gw_name       = module.gw.name
-  peer_ip       = var.peer_ip
-  shared_secret = var.shared_secret
+# module "to_lazurowa" {
+#   source        = "./modules/cloud-vpn-tunnel"
+#   name          = "${var.hub.name}-to-lazurowa"
+#   gw_name       = module.gw.name
+#   peer_ip       = var.peer_ip
+#   shared_secret = var.shared_secret
 
-  local_selectors  = [var.hub.cidr, var.spoke.cidr]
-  remote_selectors = var.remote_selectors
+#   local_selectors  = [var.hub.cidr, var.spoke.cidr]
+#   remote_selectors = var.remote_selectors
+
+#   depends_on = [module.gw]
+# }
 
 module "vm_gw" {
   source = "./modules/linux-vm"
 
-  name           = "vm-${var.hub.name}-gw"
-  network_name   = "${var.hub.name}-vpc"
-  subnet_name    = "${var.hub.name}-network"
-  ssh            = var.ssh
-  can_ip_forward = true
+  name             = "vm-${var.hub.name}-gw"
+  network_name     = "${var.hub.name}-vpc"
+  subnet_name      = "${var.hub.name}-network"
+  ssh              = var.ssh
+  can_ip_forward   = true
+  internal_ip      = "192.168.16.100"
+  external_ip_name = var.vpn_external_ip
+  remote_subnets   = var.remote_selectors
+
+  startup_script = var.wireguard != null ? templatefile("${path.module}/wireguard_setup.sh",
+    {
+      address_space        = var.wireguard.address_space
+      private_key          = var.wireguard.private_key
+      public_key           = var.wireguard.public_key
+      remote_public_key    = var.wireguard.remote_public_key
+      remote_address_space = var.wireguard.remote_address_space
+    }
+  ) : null
+
 
   depends_on = [module.hub_network]
 }
 
+resource "google_compute_firewall" "allow_wireguard" {
+  name    = "allow-wireguard"
+  network = module.hub_network.name
+
+  allow {
+    protocol = "udp"
+    ports    = ["51820-51829"]
+  }
+
+  source_ranges      = ["0.0.0.0/0"]
+  destination_ranges = ["192.168.16.100/32"]
+}
+
 module "vm_hub" {
   source = "./modules/linux-vm"
 
@@ -115,17 +145,17 @@ module "vm_hub" {
   depends_on = [module.hub_network]
 }
 
-module "vm_spoke" {
-  source = "./modules/linux-vm"
+# module "vm_spoke" {
+#   source = "./modules/linux-vm"
 
-  name         = "vm-${var.spoke.name}"
-  project_id   = var.spoke.project
-  network_name = "${var.spoke.name}-vpc"
-  subnet_name  = "${var.spoke.name}-network"
-  ssh          = var.ssh
+#   name         = "vm-${var.spoke.name}"
+#   project_id   = var.spoke.project
+#   network_name = "${var.spoke.name}-vpc"
+#   subnet_name  = "${var.spoke.name}-network"
+#   ssh          = var.ssh
 
-  depends_on = [module.spoke_network]
-}
+#   depends_on = [module.spoke_network]
+# }
 
 module "koszewscy_internal_zone" {
   source = "./modules/dns-managed-zone"
@@ -137,13 +167,13 @@ module "koszewscy_internal_zone" {
   target_name_servers = ["192.168.2.5"]
 }
 
-module "koszewscy_internal_zone_spoke" {
-  source = "./modules/dns-managed-zone"
+# module "koszewscy_internal_zone_spoke" {
+#   source = "./modules/dns-managed-zone"
 
-  project_id = var.spoke.project
-  dns_name   = "koszewscy.waw.pl."
-  zone_name  = "koszewscy-waw-pl-spoke"
+#   project_id = var.spoke.project
+#   dns_name   = "koszewscy.waw.pl."
+#   zone_name  = "koszewscy-waw-pl-spoke"
 
-  network_id         = module.spoke_network.id
-  peering_network_id = module.hub_network.id
-}
+#   network_id         = module.spoke_network.id
+#   peering_network_id = module.hub_network.id
+# }