mgmt/infrastructure/opentofu/providers/oracle-cloud/main.tf

# Oracle Cloud Infrastructure 模块

terraform {
  required_providers {
    oci = {
      source  = "oracle/oci"
      version = "~> 7.20"
    }
  }
}

# 获取可用域
data "oci_identity_availability_domains" "ads" {
  compartment_id = var.oci_config.tenancy_ocid
}

# 获取镜像
data "oci_core_images" "ubuntu_images" {
  compartment_id           = var.oci_config.tenancy_ocid
  operating_system         = "Canonical Ubuntu"
  operating_system_version = "22.04"
  shape                    = "VM.Standard.E2.1.Micro"
  sort_by                  = "TIMECREATED"
  sort_order               = "DESC"
}

# VCN (虚拟云网络)
resource "oci_core_vcn" "main" {
  compartment_id = var.oci_config.tenancy_ocid
  cidr_blocks    = [var.vpc_cidr]
  display_name   = "${var.project_name}-${var.environment}-vcn"
  dns_label      = "${var.project_name}${var.environment}"

  freeform_tags = merge(var.common_tags, {
    Name = "${var.project_name}-${var.environment}-vcn"
  })
}

# 互联网网关
resource "oci_core_internet_gateway" "main" {
  compartment_id = var.oci_config.tenancy_ocid
  vcn_id         = oci_core_vcn.main.id
  display_name   = "${var.project_name}-${var.environment}-igw"
  enabled        = true

  freeform_tags = merge(var.common_tags, {
    Name = "${var.project_name}-${var.environment}-igw"
  })
}

# 路由表
resource "oci_core_route_table" "main" {
  compartment_id = var.oci_config.tenancy_ocid
  vcn_id         = oci_core_vcn.main.id
  display_name   = "${var.project_name}-${var.environment}-rt"

  route_rules {
    destination       = "0.0.0.0/0"
    destination_type  = "CIDR_BLOCK"
    network_entity_id = oci_core_internet_gateway.main.id
  }

  freeform_tags = merge(var.common_tags, {
    Name = "${var.project_name}-${var.environment}-rt"
  })
}

# 安全列表
resource "oci_core_security_list" "main" {
  compartment_id = var.oci_config.tenancy_ocid
  vcn_id         = oci_core_vcn.main.id
  display_name   = "${var.project_name}-${var.environment}-sl"

  # 出站规则
  egress_security_rules {
    destination = "0.0.0.0/0"
    protocol    = "all"
  }

  # 入站规则 - SSH
  ingress_security_rules {
    protocol = "6" # TCP
    source   = "0.0.0.0/0"
    tcp_options {
      min = 22
      max = 22
    }
  }

  # 入站规则 - HTTP
  ingress_security_rules {
    protocol = "6" # TCP
    source   = "0.0.0.0/0"
    tcp_options {
      min = 80
      max = 80
    }
  }

  # 入站规则 - HTTPS
  ingress_security_rules {
    protocol = "6" # TCP
    source   = "0.0.0.0/0"
    tcp_options {
      min = 443
      max = 443
    }
  }

  freeform_tags = merge(var.common_tags, {
    Name = "${var.project_name}-${var.environment}-sl"
  })
}

# 子网
resource "oci_core_subnet" "public" {
  count           = length(var.availability_zones)
  compartment_id  = var.oci_config.tenancy_ocid
  vcn_id          = oci_core_vcn.main.id
  cidr_block      = cidrsubnet(var.vpc_cidr, 8, count.index)
  display_name    = "${var.project_name}-${var.environment}-public-${var.availability_zones[count.index]}"
  dns_label       = "public${var.availability_zones[count.index]}"
  route_table_id  = oci_core_route_table.main.id
  security_list_ids = [oci_core_security_list.main.id]

  freeform_tags = merge(var.common_tags, {
    Name = "${var.project_name}-${var.environment}-public-${var.availability_zones[count.index]}"
    Type = "public"
  })
}

# 输出
output "vcn_id" {
  description = "VCN ID"
  value       = oci_core_vcn.main.id
}

output "subnet_ids" {
  description = "子网 ID 列表"
  value       = oci_core_subnet.public[*].id
}

output "availability_domains" {
  description = "可用域列表"
  value       = data.oci_identity_availability_domains.ads.availability_domains[*].name
}

output "ubuntu_image_id" {
  description = "Ubuntu 镜像 ID"
  value       = data.oci_core_images.ubuntu_images.images[0].id
}