terraform { required_providers { google = { source = "hashicorp/google" version = "~> 5" } } } provider "google" { project = var.project_id } resource "google_dns_managed_zone" "singforhope_cloud" { name = "singforhope-cloud" dns_name = "${var.domain_name}." dnssec_config { state = "on" non_existence = "nsec3" default_key_specs { algorithm = "rsasha256" key_length = 2048 key_type = "keySigning" } default_key_specs { algorithm = "rsasha256" key_length = 1024 key_type = "zoneSigning" } } } resource "google_compute_instance" "gitea_vm" { name = "gitea-vm" machine_type = var.machine_type zone = var.zone tags = ["gitea"] boot_disk { initialize_params { image = "debian-cloud/debian-11" } } network_interface { network = "default" access_config { } } service_account { email = "456409048169-compute@developer.gserviceaccount.com" scopes = ["https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring.write", "https://www.googleapis.com/auth/pubsub", "https://www.googleapis.com/auth/service.management.readonly", "https://www.googleapis.com/auth/servicecontrol", "https://www.googleapis.com/auth/trace.append"] } } resource "google_compute_instance" "n8n_vm" { name = "n8n-vm" machine_type = var.machine_type zone = var.zone tags = ["n8n"] boot_disk { initialize_params { image = "debian-cloud/debian-11" } } network_interface { network = "default" access_config { } } service_account { email = "456409048169-compute@developer.gserviceaccount.com" scopes = ["https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring.write", "https://www.googleapis.com/auth/pubsub", "https://www.googleapis.com/auth/service.management.readonly", "https://www.googleapis.com/auth/servicecontrol", "https://www.googleapis.com/auth/trace.append"] } } resource "google_compute_firewall" "gitea_http" { name = "gitea-http" network = "default" allow { protocol = "tcp" ports = ["3000"] } source_ranges = ["0.0.0.0/0"] target_tags = ["gitea"] } resource "google_compute_firewall" "http_allow" { name = "http-allow" network = "default" allow { protocol = "tcp" ports = ["80"] } source_ranges = ["0.0.0.0/0"] target_tags = ["gitea"] } resource "google_compute_firewall" "https_allow" { name = "https-allow" network = "default" allow { protocol = "tcp" ports = ["443"] } source_ranges = ["0.0.0.0/0"] target_tags = ["gitea"] } resource "google_compute_firewall" "n8n_app_allow" { name = "n8n-app-allow" network = "default" allow { protocol = "tcp" ports = ["5678"] } source_ranges = ["0.0.0.0/0"] target_tags = ["n8n"] } resource "google_compute_firewall" "n8n_http_allow" { name = "n8n-http-allow" network = "default" allow { protocol = "tcp" ports = ["80"] } source_ranges = ["0.0.0.0/0"] target_tags = ["n8n"] } resource "google_compute_firewall" "n8n_https_allow" { name = "n8n-https-allow" network = "default" allow { protocol = "tcp" ports = ["443"] } source_ranges = ["0.0.0.0/0"] target_tags = ["n8n"] } resource "google_dns_record_set" "gitea" { name = "git.${var.domain_name}." type = "A" ttl = 300 managed_zone = google_dns_managed_zone.singforhope_cloud.name rrdatas = [google_compute_instance.gitea_vm.network_interface[0].access_config[0].nat_ip] } resource "google_dns_record_set" "n8n" { name = "n8n.${var.domain_name}." type = "A" ttl = 300 managed_zone = google_dns_managed_zone.singforhope_cloud.name rrdatas = [google_compute_instance.n8n_vm.network_interface[0].access_config[0].nat_ip] }