new twingate tf, kubernetse and compose files + structure

docker-compose/twingate/connector/compose.yaml

@@ -1,24 +0,0 @@
----
-# -- (Optional) When using a custom network
-# networks:
-#   your-custom-network:
-#     -- (Optional) When attaching an external network
-#     external: true
-services:
-  twingate_connector:
-    container_name: twingate_connector
-    image: docker.io/twingate/connector:1.74.0
-    environment:
-      - TWINGATE_NETWORK=your-twingate-network
-      - TWINGATE_ACCESS_TOKEN=${TWINGATE_ACCESS_TOKEN}
-      - TWINGATE_REFRESH_TOKEN=${TWINGATE_REFRESH_TOKEN}
-      # -- (Optional) Change loglevel
-      # - TWINGATE_LOG_LEVEL=3
-      # -- (Optional) Add custom DNS Server
-      # - TWINGATE_DNS=10.20.0.1
-    sysctls:
-      net.ipv4.ping_group_range: "0 2147483647"
-    # -- (Optional) When using a custom network
-    # networks:
-    #   - your-custom-network
-    restart: unless-stopped

docker-compose/twingate_connector/compose.yaml

@@ -0,0 +1,24 @@
+---
+services:
+  twingate_connector:
+    container_name: twingate_connector
+    image: docker.io/twingate/connector:1.74.0
+    environment:
+      - TWINGATE_NETWORK=  # FIXME Add your Twingate network name here
+      - TWINGATE_ACCESS_TOKEN=${TWINGATE_ACCESS_TOKEN:?error}
+      - TWINGATE_REFRESH_TOKEN=${TWINGATE_REFRESH_TOKEN:?error}
+      - TWINGATE_LOG_LEVEL=1
+      - TWINGATE_DNS=  # FIXME Add your local DNS server here, if needed
+                       #       (e.g. 10.0.0.1), otherwise remove this line
+    sysctls:
+      net.ipv4.ping_group_range: "0 2147483647"
+    networks:
+      - frontend
+      - backend
+    restart: unless-stopped
+
+networks:
+  frontend:
+    external: true
+  backend:
+    external: true

kubernetes/twingate_connector/twingate_connector.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: twingate.com/v1beta
+kind: TwingateConnector  # NOTE This requires the Twingate Kubernetes Operator
+# to be installed in your Kubernetes cluster.
+metadata:
+  name: twingate_connector
+  namespace: twingate
+spec:
+  image:
+    repository: "twingate/connector"
+    tag: "1.74.0"
+  name: twingate_connector
+  hasStatusNotificationsEnabled: false

kubernetes/twingate_operator/helm/values.yaml

@@ -0,0 +1,10 @@
+---
+image:
+  repository: twingate/kubernetes-operator
+  pullPolicy: IfNotPresent
+  tag: "0.19.0"
+twingateOperator:
+  network: ""  # FIXME Add your Twingate network name here
+  remoteNetworkId: ""  # FIXME Add your Twingate remote network ID here
+  logFormat: "plain"
+  logVerbosity: "quiet"

terraform/twingate/provider.tf

@@ -0,0 +1,20 @@
+terraform {
+  required_version = ">= 0.13.0"
+  required_providers {
+    twingate = {
+      source = "Twingate/twingate"
+      version = "3.0.16"
+    }
+  }
+}
+
+variable "TWINGATE_TOKEN" {
+  type        = string
+  description = "Twingate API Token"
+  sensitive   = true
+}
+
+provider "twingate" {
+  api_token = var.TWINGATE_TOKEN
+  network   = ""  # FIXME Add your Twingate network name here
+}

terraform/twingate/twingate_group.tf

@@ -0,0 +1,7 @@
+resource "twingate_group" "administrators" {
+  name = "Administrators"
+
+  user_ids = [
+    data.twingate_user.admin.id
+  ]
+}

terraform/twingate/twingate_remote_network.tf

@@ -0,0 +1,7 @@
+data "twingate_remote_network" "default_network" {
+  name = "default_network"
+}
+
+resource "twingate_remote_network" "new_network" {
+  name = "new_network"
+}

terraform/twingate/twingate_resource.tf

@@ -0,0 +1,28 @@
+resource "twingate_resource" "new_resource" {
+  name                = "new_resource"
+  address             = "new_resource.home.arpa"
+  remote_network_id   = data.twingate_remote_network.default_network.id
+  security_policy_id  = data.twingate_security_policy.default_policy.id
+
+  protocols = {
+    allow_icmp = true
+    tcp = {
+      policy = "ALLOW_ALL"
+    }
+    udp = {
+      policy = "ALLOW_ALL"
+    }
+  }
+
+  dynamic "access_group" {
+    for_each = [
+      twingate_group.administrators.id
+    ]
+    content {
+      group_id = access_group.value
+      security_policy_id = data.twingate_security_policy.default_policy.id
+    }
+  }
+
+  is_active = true
+}

terraform/twingate/twingate_security_policy.tf

@@ -0,0 +1,3 @@
+data "twingate_security_policy" "default_policy" {
+  name = "Default Policy"
+}

terraform/twingate/twingate_user.tf

@@ -0,0 +1,12 @@
+data "twingate_user" "admin" {
+  id = ""  # FIXME Replace with actual user ID
+}
+
+resource "twingate_user" "new_user" {
+  email       = "new.user@example.com"
+  first_name  = "New"
+  last_name   = "User"
+  role        = "DEVOPS" # NOTE Defines the role, either ADMIN, DEVOPS,
+  # SUPPORT or MEMBER
+  send_invite = true
+}