terraform { required_providers { google = { source = "hashicorp/google" version = ">= 6.27.0" } } } locals { hub_region = substr(var.hub.zone, 0, length(var.hub.zone) - 2) spoke_region = substr(var.spoke.zone, 0, length(var.spoke.zone) - 2) } provider "google" { # Configuration options region = local.hub_region zone = var.hub.zone project = var.hub.project } module "hub_network" { source = "./modules/network" name = "${var.hub.name}-vpc" subnets = [{ name = "${var.hub.name}-network" cidr = var.hub.cidr region = local.hub_region }] nat = true } # module "spoke_network" { # source = "./modules/network" # name = "${var.spoke.name}-vpc" # project_id = var.spoke.project # subnets = [ # { # name = "${var.spoke.name}-network" # cidr = var.spoke.cidr # region = local.spoke_region # } # ] # nat = true # } # module "hub_to_spoke_peering" { # source = "./modules/network-peering" # left = { # project_id = var.hub.project # network_id = module.hub_network.id # network_name = module.hub_network.name # } # right = { # project_id = var.spoke.project # network_id = module.spoke_network.id # network_name = module.spoke_network.name # } # hub_spoke = true # depends_on = [ # module.hub_network, # module.spoke_network # ] # } # module "gw" { # source = "./modules/cloud-vpn" # name = "${var.hub.name}-vpn" # network_name = module.hub_network.name # region = local.hub_region # vpn_external_ip = var.vpn_external_ip # } # module "to_lazurowa" { # source = "./modules/cloud-vpn-tunnel" # name = "${var.hub.name}-to-lazurowa" # gw_name = module.gw.name # peer_ip = var.peer_ip # shared_secret = var.shared_secret # local_selectors = [var.hub.cidr, var.spoke.cidr] # remote_selectors = var.remote_selectors # depends_on = [module.gw] # } module "vm_gw" { source = "./modules/linux-vm" name = "vm-${var.hub.name}-gw" network_name = "${var.hub.name}-vpc" subnet_name = "${var.hub.name}-network" ssh = var.ssh can_ip_forward = true internal_ip = "192.168.16.100" external_ip_name = var.vpn_external_ip remote_subnets = var.remote_selectors startup_script = var.wireguard != null ? templatefile("${path.module}/wireguard_setup.sh", { address_space = var.wireguard.address_space private_key = var.wireguard.private_key public_key = var.wireguard.public_key remote_public_key = var.wireguard.remote_public_key remote_address_space = var.wireguard.remote_address_space } ) : null depends_on = [module.hub_network] } resource "google_compute_firewall" "allow_wireguard" { name = "allow-wireguard" network = module.hub_network.name allow { protocol = "udp" ports = ["51820-51829"] } source_ranges = ["0.0.0.0/0"] destination_ranges = ["192.168.16.100/32"] } module "vm_hub" { source = "./modules/linux-vm" name = "vm-${var.hub.name}" network_name = "${var.hub.name}-vpc" subnet_name = "${var.hub.name}-network" ssh = var.ssh depends_on = [module.hub_network] } # module "vm_spoke" { # source = "./modules/linux-vm" # name = "vm-${var.spoke.name}" # project_id = var.spoke.project # network_name = "${var.spoke.name}-vpc" # subnet_name = "${var.spoke.name}-network" # ssh = var.ssh # depends_on = [module.spoke_network] # } module "koszewscy_internal_zone" { source = "./modules/dns-managed-zone" dns_name = "koszewscy.waw.pl." network_id = module.hub_network.id target_name_servers = ["192.168.2.5"] } # module "koszewscy_internal_zone_spoke" { # source = "./modules/dns-managed-zone" # project_id = var.spoke.project # dns_name = "koszewscy.waw.pl." # zone_name = "koszewscy-waw-pl-spoke" # network_id = module.spoke_network.id # peering_network_id = module.hub_network.id # }