Make private hetznet network /16 (again) but subnet /24

I also noticed that routing packets to addresses outside the network via one host in the network wasn't easy. Maybe because everything has to go via the hetzner network router and there isn't a way to say "hello .0.1, I would like to send a packet to .1.1 via .0.4"
datasektionen · Dec 19, 2024 · 3020ec1 · 3020ec1
1 parent 418dd02
commit 3020ec1
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 14 deletions.
diff --git a/hosts.tf b/hosts.tf
@@ -9,6 +9,18 @@ locals {
   }
 }
 
+resource "hcloud_network" "cluster" {
+  name     = "nomad-cluster-network"
+  ip_range = "10.83.0.0/16" # NOTE: Must be kept in sync with `config.dsekt.addresses.subnet` in nix
+}
+
+resource "hcloud_network_subnet" "cluster-main" {
+  network_id   = hcloud_network.cluster.id
+  type         = "cloud"
+  ip_range     = "10.83.0.0/24"
+  network_zone = "eu-central"
+}
+
 resource "hcloud_server" "cluster_hosts" {
   for_each    = local.cluster_hosts
   name        = each.key

diff --git a/main.tf b/main.tf
@@ -75,18 +75,6 @@ data "cloudflare_zone" "datasektionen" {
   name = "datasektionen.se"
 }
 
-resource "hcloud_network" "cluster" {
-  name     = "nomad-cluster-network"
-  ip_range = "10.83.0.0/24"
-}
-
-resource "hcloud_network_subnet" "cluster-main" {
-  network_id   = hcloud_network.cluster.id
-  type         = "cloud"
-  ip_range     = "10.83.0.0/24"
-  network_zone = "eu-central"
-}
-
 resource "cloudflare_record" "zone_apex" {
   name    = "@"
   type    = "A"

diff --git a/modules/addresses.nix b/modules/addresses.nix
@@ -31,7 +31,7 @@ in
       hades
     ];
 
-    # Must be kept in sync with `hcloud_network_subnet.cluster-main.ip_range` in tf
-    subnet = "10.83.0.0/24";
+    # Must be kept in sync with `hcloud_network.cluster.ip_range` in tf
+    subnet = "10.83.0.0/16";
   };
 }