terraform: default to random cidr block for vpcs

terraform/aws/aws-ec2-autoscaling-dual-subnet/main.tf

@@ -36,11 +36,6 @@ module "vpc" {
 
   name = local.name
   tags = local.aws_tags
-
-  cidr = "10.0.80.0/22"
-
-  public_subnets  = ["10.0.80.0/24"]
-  private_subnets = ["10.0.81.0/24"]
 }
 
 resource "tailscale_tailnet_key" "main" {

terraform/aws/aws-ec2-autoscaling-dual-subnet/outputs.tf

@@ -2,6 +2,10 @@ output "vpc_id" {
   value = module.vpc.vpc_id
 }
 
+output "vpc_cidr" {
+  value = module.vpc.vpc_cidr_block
+}
+
 output "nat_public_ips" {
   value = module.vpc.nat_public_ips
 }

terraform/aws/aws-ec2-autoscaling-session-recorder/main.tf

@@ -31,11 +31,6 @@ module "vpc" {
 
   name = local.name
   tags = local.aws_tags
-
-  cidr = "10.0.80.0/22"
-
-  public_subnets  = ["10.0.80.0/24"]
-  private_subnets = ["10.0.81.0/24"]
 }
 
 resource "aws_vpc_endpoint" "recorder" {

terraform/aws/aws-ec2-autoscaling-session-recorder/outputs.tf

@@ -2,6 +2,10 @@ output "vpc_id" {
   value = module.vpc.vpc_id
 }
 
+output "vpc_cidr" {
+  value = module.vpc.vpc_cidr_block
+}
+
 output "nat_public_ips" {
   value = module.vpc.nat_public_ips
 }

terraform/aws/aws-ec2-autoscaling/main.tf

@@ -35,11 +35,6 @@ module "vpc" {
 
   name = local.name
   tags = local.aws_tags
-
-  cidr = "10.0.80.0/22"
-
-  public_subnets  = ["10.0.80.0/24"]
-  private_subnets = ["10.0.81.0/24"]
 }
 
 resource "tailscale_tailnet_key" "main" {

terraform/aws/aws-ec2-autoscaling/outputs.tf

@@ -2,6 +2,10 @@ output "vpc_id" {
   value = module.vpc.vpc_id
 }
 
+output "vpc_cidr" {
+  value = module.vpc.vpc_cidr_block
+}
+
 output "nat_public_ips" {
   value = module.vpc.nat_public_ips
 }

terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf

@@ -36,11 +36,6 @@ module "vpc" {
   name = local.name
   tags = local.aws_tags
 
-  cidr = "10.0.80.0/22"
-
-  public_subnets  = ["10.0.80.0/24"]
-  private_subnets = ["10.0.81.0/24"]
-
   enable_ipv6 = true
 }
 

terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/outputs.tf

@@ -2,6 +2,10 @@ output "vpc_id" {
   value = module.vpc.vpc_id
 }
 
+output "vpc_cidr" {
+  value = module.vpc.vpc_cidr_block
+}
+
 output "nat_public_ips" {
   value = module.vpc.nat_public_ips
 }

terraform/aws/aws-ec2-instance/main.tf

@@ -35,11 +35,6 @@ module "vpc" {
 
   name = local.name
   tags = local.aws_tags
-
-  cidr = "10.0.80.0/22"
-
-  public_subnets  = ["10.0.80.0/24"]
-  private_subnets = ["10.0.81.0/24"]
 }
 
 resource "tailscale_tailnet_key" "main" {

terraform/aws/aws-ec2-instance/outputs.tf

@@ -2,6 +2,10 @@ output "vpc_id" {
   value = module.vpc.vpc_id
 }
 
+output "vpc_cidr" {
+  value = module.vpc.vpc_cidr_block
+}
+
 output "nat_public_ips" {
   value = module.vpc.nat_public_ips
 }

terraform/aws/internal-modules/aws-vpc/main.tf

@@ -1,5 +1,15 @@
-data "aws_availability_zones" "available" {
-  state = "available"
+locals {
+  vpc_cidr            = var.cidr == "" ? cidrsubnet("10.0.0.0/16", 6, random_integer.vpc_cidr[0].result) : var.cidr # /22
+  public_subnet_cidr  = length(var.public_subnets) == 0 ? [cidrsubnet(local.vpc_cidr, 2, 0)] : var.public_subnets   # /24 inside the /22
+  private_subnet_cidr = length(var.private_subnets) == 0 ? [cidrsubnet(local.vpc_cidr, 2, 1)] : var.private_subnets # next /24
+}
+
+# Pick a random /22 within 10.0.0.0/16
+resource "random_integer" "vpc_cidr" {
+  count = var.cidr == "" ? 1 : 0
+
+  min = 0
+  max = 63 # 2^(22-16)-1 = 64 slices in a /16
 }
 
 module "vpc" {
@@ -13,11 +23,11 @@ module "vpc" {
   public_subnet_tags  = merge(var.tags, { Name = "${var.name}-public" })
   private_subnet_tags = merge(var.tags, { Name = "${var.name}-private" })
 
-  cidr = var.cidr
+  azs = var.azs != null ? var.azs : data.aws_availability_zones.available.zone_ids
 
-  azs             = var.azs != null ? var.azs : data.aws_availability_zones.available.zone_ids
-  public_subnets  = var.public_subnets
-  private_subnets = var.private_subnets
+  cidr            = local.vpc_cidr
+  public_subnets  = local.public_subnet_cidr
+  private_subnets = local.private_subnet_cidr
 
   map_public_ip_on_launch = true
   enable_nat_gateway      = true
@@ -30,3 +40,7 @@ module "vpc" {
   public_subnet_ipv6_prefixes                   = range(0, length(var.public_subnets))
   private_subnet_ipv6_prefixes                  = range(10, 10 + length(var.private_subnets))
 }
+
+data "aws_availability_zones" "available" {
+  state = "available"
+}

terraform/aws/internal-modules/aws-vpc/variables.tf

@@ -21,14 +21,17 @@ variable "azs" {
 variable "cidr" {
   description = "IPv4 CIDR block for the VPC"
   type        = string
+  default     = ""
 }
 variable "public_subnets" {
   description = "List of public subnet CIDR blocks"
   type        = list(string)
+  default     = []
 }
 variable "private_subnets" {
   description = "List of private subnet CIDR blocks"
   type        = list(string)
+  default     = []
 }
 variable "enable_ipv6" {
   description = "Conditional to provision IPV6 VPC resources too"

terraform/azure/azure-linux-vm/main.tf

@@ -29,7 +29,7 @@ locals {
   vpc_id                    = module.vpc.vnet_id
   subnet_id                 = module.vpc.public_subnet_id
   network_security_group_id = azurerm_network_security_group.tailscale_ingress.id
-  instance_type             = "Standard_DS1_v2"
+  instance_type             = "Standard_D2as_v6"
   admin_public_key_path     = var.admin_public_key_path
 }
 
@@ -47,12 +47,6 @@ module "vpc" {
   location            = local.location
   resource_group_name = local.resource_group_name
 
-  cidrs = ["10.0.0.0/22"]
-  subnet_cidrs = [
-    "10.0.0.0/24",
-    "10.0.1.0/24",
-    "10.0.2.0/24",
-  ]
   subnet_name_public               = "public"
   subnet_name_private              = "private"
   subnet_name_private_dns_resolver = "dns-inbound"

terraform/azure/azure-linux-vm/outputs.tf

@@ -2,6 +2,10 @@ output "vpc_id" {
   value = module.vpc.vnet_id
 }
 
+output "vpc_cidrs" {
+  value = module.vpc.vnet_address_space
+}
+
 output "nat_public_ips" {
   value = module.vpc.nat_public_ips
 }

terraform/azure/internal-modules/azure-network/main.tf

@@ -1,3 +1,16 @@
+locals {
+  cidrs        = length(var.cidrs) == 0 ? [cidrsubnet("10.0.0.0/16", 6, random_integer.vpc_cidr[0].result)] : var.cidrs                                                    # /22
+  subnet_cidrs = length(var.subnet_cidrs) == 0 ? [cidrsubnet(local.cidrs[0], 2, 0), cidrsubnet(local.cidrs[0], 2, 1), cidrsubnet(local.cidrs[0], 2, 2)] : var.subnet_cidrs # /24 inside the /22
+}
+
+# Pick a random /22 within 10.0.0.0/16
+resource "random_integer" "vpc_cidr" {
+  count = length(var.cidrs) == 0 ? 1 : 0
+
+  min = 0
+  max = 63 # 2^(22-16)-1 = 64 slices in a /16
+}
+
 module "vpc" {
   # https://registry.terraform.io/modules/Azure/network/azurerm/latest
   source  = "Azure/network/azurerm"
@@ -9,8 +22,8 @@ module "vpc" {
   vnet_name = var.name
   tags      = var.tags
 
-  address_spaces  = var.cidrs
-  subnet_prefixes = var.subnet_cidrs
+  address_spaces  = local.cidrs
+  subnet_prefixes = local.subnet_cidrs
   subnet_names = [
     var.subnet_name_public,
     var.subnet_name_private,

terraform/azure/internal-modules/azure-network/variables.tf

@@ -24,10 +24,12 @@ variable "tags" {
 variable "cidrs" {
   description = "IPv4 CIDR block for the VPC"
   type        = list(string)
+  default     = []
 }
 variable "subnet_cidrs" {
   description = "List of CIDR blocks"
   type        = list(string)
+  default     = []
 }
 variable "subnet_name_public" {
   description = "Name of the `public` subnet"

terraform/google/google-compute-instance/main.tf

@@ -38,19 +38,6 @@ module "vpc" {
   region     = local.region
 
   name = local.name
-
-  subnets = [
-    {
-      subnet_name   = "subnet-${local.region}-10-0-121"
-      subnet_ip     = "10.0.121.0/24"
-      subnet_region = local.region
-    },
-    {
-      subnet_name   = "subnet-${local.region}-10-0-122"
-      subnet_ip     = "10.0.122.0/24"
-      subnet_region = local.region
-    }
-  ]
 }
 
 resource "tailscale_tailnet_key" "main" {

terraform/google/google-compute-instance/outputs.tf

@@ -2,6 +2,10 @@ output "instance_id" {
   value = module.tailscale_instance.instance_id
 }
 
+output "subnets_ips" {
+  value = module.vpc.subnets_ips
+}
+
 output "user_data_md5" {
   description = "MD5 hash of the VM user_data script - for detecting changes"
   value       = module.tailscale_instance.user_data_md5

terraform/google/internal-modules/google-vpc/main.tf

@@ -1,3 +1,28 @@
+locals {
+  cidr = length(var.subnets) == 0 ? [cidrsubnet("10.0.0.0/16", 6, random_integer.vpc_cidr[0].result)] : [] # /22
+  #   subnets = length(var.subnets) == 0 ? [cidrsubnet(local.cidr[0], 2, 0), cidrsubnet(local.cidr[0], 2, 1)] : var.subnets # /24 inside the /22
+  subnets = length(var.subnets) == 0 ? [
+    {
+      subnet_name   = "subnet-0"
+      subnet_ip     = cidrsubnet(local.cidr[0], 2, 0)
+      subnet_region = var.region
+    },
+    {
+      subnet_name   = "subnet-1"
+      subnet_ip     = cidrsubnet(local.cidr[0], 2, 1)
+      subnet_region = var.region
+    }
+  ] : var.subnets
+}
+
+# Pick a random /22 within 10.0.0.0/16
+resource "random_integer" "vpc_cidr" {
+  count = length(var.subnets) == 0 ? 1 : 0
+
+  min = 0
+  max = 63 # 2^(22-16)-1 = 64 slices in a /16
+}
+
 module "vpc" {
   # https://registry.terraform.io/modules/terraform-google-modules/network/google/latest
   source  = "terraform-google-modules/network/google"
@@ -6,7 +31,7 @@ module "vpc" {
   project_id   = var.project_id
   network_name = var.name
 
-  subnets = var.subnets
+  subnets = local.subnets
 }
 
 module "cloud_router" {

terraform/google/internal-modules/google-vpc/variables.tf

@@ -25,4 +25,5 @@ variable "subnets" {
       subnet_region = string
     }
   ))
+  default = []
 }