-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.tf
More file actions
78 lines (63 loc) · 2.68 KB
/
main.tf
File metadata and controls
78 lines (63 loc) · 2.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
resource "digitalocean_droplet" "main" {
name = var.droplet_name
size = var.droplet_size
image = var.droplet_image
region = var.region
vpc_uuid = var.vpc_id
# SSH Keys
ssh_keys = var.ssh_keys
# Tags
tags = concat(var.tags, [var.droplet_name])
# User data
user_data = var.user_data
# Monitoring
monitoring = var.enable_monitoring
backups = var.enable_backups
ipv6 = var.enable_ipv6
resize_disk = var.resize_disk
droplet_agent = var.droplet_agent
graceful_shutdown = var.graceful_shutdown
}
resource "digitalocean_firewall" "main" {
name = "${var.droplet_name}-firewall"
droplet_ids = [digitalocean_droplet.main.id]
dynamic "inbound_rule" {
for_each = var.inbound_rules
content {
protocol = inbound_rule.value.protocol
port_range = lookup(inbound_rule.value, "port_range", null)
source_addresses = lookup(inbound_rule.value, "source_addresses", ["0.0.0.0/0", "::/0"])
# Optional: source droplet tags, load balancer UIDs, kubernetes IDs
source_droplet_ids = lookup(inbound_rule.value, "source_droplet_ids", [])
source_tags = lookup(inbound_rule.value, "source_tags", [])
source_load_balancer_uids = lookup(inbound_rule.value, "source_load_balancer_uids", [])
source_kubernetes_ids = lookup(inbound_rule.value, "source_kubernetes_ids", [])
}
}
dynamic "outbound_rule" {
for_each = var.outbound_rules
content {
protocol = outbound_rule.value.protocol
port_range = lookup(outbound_rule.value, "port_range", null)
destination_addresses = lookup(outbound_rule.value, "destination_addresses", ["0.0.0.0/0", "::/0"])
# Optional: destination droplet tags, load balancer UIDs, kubernetes IDs
destination_droplet_ids = lookup(outbound_rule.value, "destination_droplet_ids", [])
destination_tags = lookup(outbound_rule.value, "destination_tags", [])
destination_load_balancer_uids = lookup(outbound_rule.value, "destination_load_balancer_uids", [])
destination_kubernetes_ids = lookup(outbound_rule.value, "destination_kubernetes_ids", [])
}
}
tags = concat(var.firewall_tags, var.tags)
}
# Attach floating IP if provided
resource "digitalocean_floating_ip_assignment" "main" {
count = var.floating_ip != null ? 1 : 0
ip_address = var.floating_ip
droplet_id = digitalocean_droplet.main.id
}
# Create project resources association if project_id is provided
resource "digitalocean_project_resources" "main" {
count = var.project_id != null ? 1 : 0
project = var.project_id
resources = [digitalocean_droplet.main.urn]
}