Merge pull request #946 from rust-lang/provision-dev-desktop-eu-2

provision dev-desktop-eu-2

Author: marcoieni

terragrunt/accounts/dev-desktops-prod/europe-west1/.terraform.lock.hcl

@@ -0,0 +1,21 @@
+terraform {
+  source = "../../../modules//dev-desktops-gcp"
+}
+
+include {
+  path           = find_in_parent_folders()
+  merge_strategy = "deep"
+}
+
+inputs = {
+  project = "dev-desktops-prod"
+  region  = "europe-west1"
+  zone    = "europe-west1-b"
+  instances = {
+    "dev-desktop-eu-2" = {
+      # vCPUs: 32, RAM: 64 GiB, AMD Milan.
+      instance_type = "c2d-highcpu-32"
+      storage       = 2000
+    }
+  }
+}

terragrunt/accounts/dev-desktops-prod/europe-west1/terragrunt.hcl

@@ -33,13 +33,6 @@ variable "zone" {
   type        = string
 }
 
-# A dedicated network keeps dev-desktop traffic isolated from other services.
-variable "network_name" {
-  description = "The VPC network name for dev desktops"
-  type        = string
-  default     = "dev-desktops"
-}
-
 variable "subnet_cidr" {
   description = "The IPv4 CIDR range for the dev desktops subnet"
   type        = string
@@ -56,3 +49,7 @@ variable "instances" {
     storage       = number
   }))
 }
+
+locals {
+  network_name = "dev-desktops-${var.region}"
+}

terragrunt/modules/dev-desktops-gcp/_terraform.tf

@@ -1,6 +1,6 @@
 # Ingress rules mirror AWS/Azure dev-desktop access (SSH, mosh, ping).
 resource "google_compute_firewall" "dev_desktops_access_ipv4" {
-  name    = "${var.network_name}-access-ipv4"
+  name    = "${local.network_name}-access-ipv4"
   network = google_compute_network.dev_desktops.id
 
   target_tags = ["dev-desktops"]
@@ -28,7 +28,7 @@ resource "google_compute_firewall" "dev_desktops_access_ipv4" {
 
 # IPv6 ingress rules mirror IPv4 access (SSH, mosh, ping).
 resource "google_compute_firewall" "dev_desktops_access_ipv6" {
-  name    = "${var.network_name}-access-ipv6"
+  name    = "${local.network_name}-access-ipv6"
   network = google_compute_network.dev_desktops.id
 
   target_tags = ["dev-desktops"]
@@ -57,7 +57,7 @@ resource "google_compute_firewall" "dev_desktops_access_ipv6" {
 
 # Allow Prometheus node_exporter scraping from monitoring.infra.rust-lang.org.
 resource "google_compute_firewall" "dev_desktops_node_exporter" {
-  name    = "${var.network_name}-node-exporter"
+  name    = "${local.network_name}-node-exporter"
   network = google_compute_network.dev_desktops.id
 
   target_tags = ["dev-desktops"]
@@ -72,7 +72,7 @@ resource "google_compute_firewall" "dev_desktops_node_exporter" {
 
 # Explicit egress rule documents intent for full outbound connectivity.
 resource "google_compute_firewall" "dev_desktops_egress_ipv4" {
-  name      = "${var.network_name}-egress-ipv4"
+  name      = "${local.network_name}-egress-ipv4"
   network   = google_compute_network.dev_desktops.id
   direction = "EGRESS"
 
@@ -85,7 +85,7 @@ resource "google_compute_firewall" "dev_desktops_egress_ipv4" {
 
 # IPv6 egress rule documents intent for full outbound connectivity.
 resource "google_compute_firewall" "dev_desktops_egress_ipv6" {
-  name      = "${var.network_name}-egress-ipv6"
+  name      = "${local.network_name}-egress-ipv6"
   network   = google_compute_network.dev_desktops.id
   direction = "EGRESS"
 

terragrunt/modules/dev-desktops-gcp/firewall.tf

@@ -5,7 +5,7 @@ resource "google_project_service" "compute" {
 
 # Dedicated VPC to isolate dev desktops from other GCP workloads.
 resource "google_compute_network" "dev_desktops" {
-  name = var.network_name
+  name = local.network_name
   # For ipv6 support we need custom subnets
   auto_create_subnetworks = false
 
@@ -14,7 +14,7 @@ resource "google_compute_network" "dev_desktops" {
 
 # Dual-stack subnet to support both external IPv4 and IPv6 addresses.
 resource "google_compute_subnetwork" "dev_desktops" {
-  name          = "${var.network_name}-${var.region}"
+  name          = local.network_name
   ip_cidr_range = var.subnet_cidr
   region        = var.region