Murat ÖZDEMİR
03ad812512
Overhaul and expand firewall definitions for both `prod` and `test` environments to enable comprehensive inter-subnet communication. This includes implementing explicit rules supporting: - Docker Swarm overlay networks between application and database subnets. - High-availability database clusters (PostgreSQL replication, MongoDB replica sets, Patroni, etcd). - Internal access for various infrastructure services (Vault, Redis, RabbitMQ, APISIX, Prometheus, Grafana). All firewall rule descriptions are standardized in English for improved clarity and consistency. Additionally, update default `server_type_swarm` and `server_type_db` variables to the recommended `CPX` series for both environments. An initial generated Ansible inventory for the test environment is also added.
41 lines
900 B
HCL
41 lines
900 B
HCL
variable "hcloud_token" {
|
|
type = string
|
|
sensitive = true
|
|
description = "Hetzner Cloud API token for the prod project"
|
|
}
|
|
|
|
variable "location" {
|
|
type = string
|
|
default = "fsn1"
|
|
description = "Hetzner Cloud datacenter location"
|
|
}
|
|
|
|
variable "image" {
|
|
type = string
|
|
default = "rocky-10"
|
|
description = "Server image"
|
|
}
|
|
|
|
variable "server_type_swarm" {
|
|
type = string
|
|
default = "cpx42"
|
|
description = "Hetzner server type for Swarm nodes"
|
|
}
|
|
|
|
variable "server_type_db" {
|
|
type = string
|
|
default = "cpx32"
|
|
description = "Hetzner server type for DB nodes"
|
|
}
|
|
|
|
variable "admin_ssh_public_key_path" {
|
|
type = string
|
|
default = "~/.ssh/id_ed25519.pub"
|
|
description = "Path to the admin SSH public key file"
|
|
}
|
|
|
|
variable "admin_allowed_cidrs" {
|
|
type = list(string)
|
|
description = "CIDR list for admin SSH access"
|
|
}
|