Callisto13/main.tf

## main.tf
terraform {
  required_providers {
    equinix = {
      version = "~> 1.11.1"
      source  = "equinix/equinix"
    }
  }
}

provider "equinix" {
  auth_token = var.metal_auth_token
}

## VARS

variable "metal_auth_token" {
  description = "The auth token for Equinix"
  type        = string
  sensitive   = true
}

variable "project_id" {
  description = "ID of an existing project"
  type        = string
}

variable "metro" {
  description = "The metro to create resources in."
  type        = string
  default     = "da"
}

variable "plan" {
  description = "The plan to use for devices."
  type        = string
  default     = "t3.small.x86"
}

variable "operating_system" {
  description = "The operating system to use for devices."
  type        = string
  default     = "ubuntu_20_04"
}

## THE JUICE

# Create a VLAN in the project
resource "equinix_metal_vlan" "vlan" {
  description = "VLAN for tunnel demo"
  metro       = var.metro
  project_id  = var.project_id
  vxlan = 1100
}

# Create a mock storage device
resource "equinix_metal_device" "storage" {
  hostname            = "storage"
  project_id          = var.project_id
  plan                = var.plan
  metro               = var.metro
  operating_system    = var.operating_system
  billing_cycle       = "hourly"
  user_data           = "#!/bin/bash\ncurl -s https://gist.githubusercontent.com/Callisto13/9c31cfb7cc10f9cfbbda61137a48f942/raw/f5319e045e8ff2b38e7166d33ad0afb43717ce07/storage-userdata.sh | bash -s"
}

# Update the storage device networking to be just Layer2 Bonded with VLAN
# attached to bond0
resource "equinix_metal_port" "bond0_storage" {
  port_id  = [for p in equinix_metal_device.storage.ports : p.id if p.name == "bond0"][0]
  layer2   = true
  bonded   = true
  vlan_ids = [equinix_metal_vlan.vlan.id]
}

# Create a tunnel device
resource "equinix_metal_device" "tunnel" {
  hostname            = "tunnel"
  project_id          = var.project_id
  plan                = var.plan
  metro               = var.metro
  operating_system    = var.operating_system
  billing_cycle       = "hourly"
  user_data           = "#!/bin/bash\ncurl -s https://gist.githubusercontent.com/Callisto13/9c31cfb7cc10f9cfbbda61137a48f942/raw/6e5f0b99aba4be8b2ec08c4bb0a5a532eb89acdd/tunnel-userdata.sh | bash -s"
}

# Update the tunnel device networking to be Hybrid Bonded with VLAN
# attached to bond0
resource "equinix_metal_port" "bond0_tunnel" {
  port_id  = [for p in equinix_metal_device.tunnel.ports : p.id if p.name == "bond0"][0]
  layer2   = false
  bonded   = true
  vlan_ids = [equinix_metal_vlan.vlan.id]
}

# useful outputs to print
output "tunnel_L3_ip" {
  value = equinix_metal_device.tunnel.network.0.address
  description = "The public IP of the tunnel device"
}

output "storage_L2_ip" {
  value = "192.168.10.10"
  description = "The VLAN interface of the storage device"
}

output "tunnel_command" {
  value = "ssh -i <key> -L 1024:192.168.10.10:8000 root@${equinix_metal_device.tunnel.network.0.address}"
  description = "The tunnel command to run, follow with `curl 127.0.0.1:1024`"
}

## storage-userdata.sh
#!/bin/bash

modprobe 8021q
echo "8021q" >> /etc/modules-load.d/networking.conf
ip addr add 192.168.10.10/25 dev bond0

cat <<'EOF' > /root/launch.sh
#!/bin/bash

mkdir -p /root/server
cd /root/server || true
echo "IF YOU CAN READ THIS YOU DESERVE CAKE" > index.html
python3 -m http.server 8000
EOF

chmod +x /root/launch.sh

cat <<'EOF' > /etc/systemd/system/storage.service
[Unit]
Description=mock storage service
After=network.target

[Service]
Type=simple
Restart=always
RestartSec=5
User=root
ExecStart=/root/launch.sh
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable storage
systemctl start storage
systemctl status storage

## terraform.tfvars.json
{
  "project_id": "REPLACE",
  "metal_auth_token": "REPLACE"
}

## tunnel-userdata.sh
#!/bin/bash

export VLAN_ID=1100
export ADDR=11

modprobe 8021q
echo "8021q" >> /etc/modules-load.d/networking.conf
ip link add link bond0 name "bond0.$VLAN_ID" type vlan id "$VLAN_ID"
ip addr add "192.168.10.$ADDR/25" dev "bond0.$VLAN_ID"
ip -d link set dev "bond0.$VLAN_ID" up
ip -d link show "bond0.$VLAN_ID"
	terraform {
	required_providers {
	equinix = {
	version = "~> 1.11.1"
	source = "equinix/equinix"
	}
	}
	}

	provider "equinix" {
	auth_token = var.metal_auth_token
	}

	## VARS

	variable "metal_auth_token" {
	description = "The auth token for Equinix"
	type = string
	sensitive = true
	}

	variable "project_id" {
	description = "ID of an existing project"
	type = string
	}

	variable "metro" {
	description = "The metro to create resources in."
	type = string
	default = "da"
	}

	variable "plan" {
	description = "The plan to use for devices."
	type = string
	default = "t3.small.x86"
	}

	variable "operating_system" {
	description = "The operating system to use for devices."
	type = string
	default = "ubuntu_20_04"
	}

	## THE JUICE

	# Create a VLAN in the project
	resource "equinix_metal_vlan" "vlan" {
	description = "VLAN for tunnel demo"
	metro = var.metro
	project_id = var.project_id
	vxlan = 1100
	}

	# Create a mock storage device
	resource "equinix_metal_device" "storage" {
	hostname = "storage"
	project_id = var.project_id
	plan = var.plan
	metro = var.metro
	operating_system = var.operating_system
	billing_cycle = "hourly"
	user_data = "#!/bin/bash\ncurl -s https://gist.githubusercontent.com/Callisto13/9c31cfb7cc10f9cfbbda61137a48f942/raw/f5319e045e8ff2b38e7166d33ad0afb43717ce07/storage-userdata.sh \| bash -s"
	}

	# Update the storage device networking to be just Layer2 Bonded with VLAN
	# attached to bond0
	resource "equinix_metal_port" "bond0_storage" {
	port_id = [for p in equinix_metal_device.storage.ports : p.id if p.name == "bond0"][0]
	layer2 = true
	bonded = true
	vlan_ids = [equinix_metal_vlan.vlan.id]
	}

	# Create a tunnel device
	resource "equinix_metal_device" "tunnel" {
	hostname = "tunnel"
	project_id = var.project_id
	plan = var.plan
	metro = var.metro
	operating_system = var.operating_system
	billing_cycle = "hourly"
	user_data = "#!/bin/bash\ncurl -s https://gist.githubusercontent.com/Callisto13/9c31cfb7cc10f9cfbbda61137a48f942/raw/6e5f0b99aba4be8b2ec08c4bb0a5a532eb89acdd/tunnel-userdata.sh \| bash -s"
	}

	# Update the tunnel device networking to be Hybrid Bonded with VLAN
	# attached to bond0
	resource "equinix_metal_port" "bond0_tunnel" {
	port_id = [for p in equinix_metal_device.tunnel.ports : p.id if p.name == "bond0"][0]
	layer2 = false
	bonded = true
	vlan_ids = [equinix_metal_vlan.vlan.id]
	}

	# useful outputs to print
	output "tunnel_L3_ip" {
	value = equinix_metal_device.tunnel.network.0.address
	description = "The public IP of the tunnel device"
	}

	output "storage_L2_ip" {
	value = "192.168.10.10"
	description = "The VLAN interface of the storage device"
	}

	output "tunnel_command" {
	value = "ssh -i <key> -L 1024:192.168.10.10:8000 root@${equinix_metal_device.tunnel.network.0.address}"
	description = "The tunnel command to run, follow with `curl 127.0.0.1:1024`"
	}
	#!/bin/bash

	modprobe 8021q
	echo "8021q" >> /etc/modules-load.d/networking.conf
	ip addr add 192.168.10.10/25 dev bond0

	cat <<'EOF' > /root/launch.sh
	#!/bin/bash

	mkdir -p /root/server
	cd /root/server \|\| true
	echo "IF YOU CAN READ THIS YOU DESERVE CAKE" > index.html
	python3 -m http.server 8000
	EOF

	chmod +x /root/launch.sh

	cat <<'EOF' > /etc/systemd/system/storage.service
	[Unit]
	Description=mock storage service
	After=network.target

	[Service]
	Type=simple
	Restart=always
	RestartSec=5
	User=root
	ExecStart=/root/launch.sh
	KillMode=process

	[Install]
	WantedBy=multi-user.target
	EOF

	systemctl daemon-reload
	systemctl enable storage
	systemctl start storage
	systemctl status storage
	#!/bin/bash

	export VLAN_ID=1100
	export ADDR=11

	modprobe 8021q
	echo "8021q" >> /etc/modules-load.d/networking.conf
	ip link add link bond0 name "bond0.$VLAN_ID" type vlan id "$VLAN_ID"
	ip addr add "192.168.10.$ADDR/25" dev "bond0.$VLAN_ID"
	ip -d link set dev "bond0.$VLAN_ID" up
	ip -d link show "bond0.$VLAN_ID"