2022-01-21 21:52:21 +00:00
|
|
|
resource "linode_instance" "casey" {
|
|
|
|
label = "casey"
|
|
|
|
image = "linode/arch"
|
|
|
|
region = "eu-west"
|
|
|
|
type = "g6-nanode-1"
|
|
|
|
private_ip = true
|
|
|
|
}
|
|
|
|
|
2024-03-07 22:30:10 +00:00
|
|
|
resource "linode_ipv6_range" "casey_extra" {
|
|
|
|
linode_id = linode_instance.casey.id
|
|
|
|
prefix_length = 64
|
|
|
|
}
|
|
|
|
|
|
|
|
locals {
|
|
|
|
private_ipv6_marker = cidrhost(linode_ipv6_range.casey_extra.id, 1)
|
|
|
|
private_ipv6_range = cidrsubnet(linode_ipv6_range.casey_extra.id, 64, 1)
|
|
|
|
}
|
|
|
|
|
2022-01-21 21:52:21 +00:00
|
|
|
resource "linode_firewall" "casey" {
|
|
|
|
label = "casey"
|
|
|
|
linodes = [linode_instance.casey.id]
|
|
|
|
outbound_policy = "ACCEPT"
|
|
|
|
inbound_policy = "DROP"
|
|
|
|
|
|
|
|
inbound {
|
|
|
|
label = "allow-ping"
|
|
|
|
action = "ACCEPT"
|
|
|
|
protocol = "ICMP"
|
|
|
|
ipv4 = ["0.0.0.0/0"]
|
|
|
|
ipv6 = ["::/0"]
|
|
|
|
}
|
|
|
|
|
|
|
|
inbound {
|
|
|
|
label = "allow-inbound-https"
|
|
|
|
action = "ACCEPT"
|
|
|
|
protocol = "TCP"
|
|
|
|
ports = "443"
|
|
|
|
ipv4 = ["0.0.0.0/0"]
|
|
|
|
ipv6 = ["::/0"]
|
|
|
|
}
|
|
|
|
|
|
|
|
inbound {
|
|
|
|
label = "allow-inbound-http"
|
|
|
|
action = "ACCEPT"
|
|
|
|
protocol = "TCP"
|
|
|
|
ports = "80"
|
|
|
|
ipv4 = ["0.0.0.0/0"]
|
|
|
|
ipv6 = ["::/0"]
|
|
|
|
}
|
|
|
|
|
|
|
|
inbound {
|
|
|
|
label = "allow-inbound-wireguard"
|
|
|
|
action = "ACCEPT"
|
|
|
|
protocol = "UDP"
|
|
|
|
ports = "51820"
|
|
|
|
ipv4 = ["0.0.0.0/0"]
|
|
|
|
ipv6 = ["::/0"]
|
|
|
|
}
|
|
|
|
|
2022-03-18 19:44:06 +00:00
|
|
|
inbound {
|
|
|
|
label = "allow-inbound-wireguard-53"
|
|
|
|
action = "ACCEPT"
|
|
|
|
protocol = "UDP"
|
|
|
|
ports = "53"
|
|
|
|
ipv4 = ["0.0.0.0/0"]
|
|
|
|
ipv6 = ["::/0"]
|
|
|
|
}
|
|
|
|
|
2022-01-21 21:52:21 +00:00
|
|
|
inbound {
|
|
|
|
label = "allow-inbound-nebula"
|
|
|
|
action = "ACCEPT"
|
|
|
|
protocol = "UDP"
|
|
|
|
ports = "6328"
|
|
|
|
ipv4 = ["0.0.0.0/0"]
|
|
|
|
ipv6 = ["::/0"]
|
|
|
|
}
|
|
|
|
|
|
|
|
inbound {
|
|
|
|
label = "allow-inbound-matrix"
|
|
|
|
action = "ACCEPT"
|
|
|
|
protocol = "TCP"
|
|
|
|
ports = "8448"
|
|
|
|
ipv4 = ["0.0.0.0/0"]
|
|
|
|
ipv6 = ["::/0"]
|
|
|
|
}
|
2024-01-27 14:18:37 +00:00
|
|
|
|
|
|
|
inbound {
|
|
|
|
label = "allow-inbound-headscale"
|
|
|
|
action = "ACCEPT"
|
|
|
|
protocol = "UDP"
|
|
|
|
ports = "41641"
|
|
|
|
ipv4 = ["0.0.0.0/0"]
|
|
|
|
ipv6 = ["::/0"]
|
|
|
|
}
|
|
|
|
|
|
|
|
inbound {
|
|
|
|
label = "allow-inbound-stun"
|
|
|
|
action = "ACCEPT"
|
|
|
|
protocol = "UDP"
|
|
|
|
ports = "3478"
|
|
|
|
ipv4 = ["0.0.0.0/0"]
|
|
|
|
ipv6 = ["::/0"]
|
|
|
|
}
|
2024-02-01 19:41:47 +00:00
|
|
|
|
|
|
|
inbound {
|
|
|
|
label = "allow-inbound-tailscale"
|
|
|
|
action = "ACCEPT"
|
|
|
|
protocol = "UDP"
|
|
|
|
ports = "41641"
|
|
|
|
ipv4 = ["0.0.0.0/0"]
|
|
|
|
ipv6 = ["::/0"]
|
|
|
|
}
|
2022-01-21 21:52:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "linode_rdns" "casey_reverse_ipv4" {
|
|
|
|
address = linode_instance.casey.ip_address
|
2023-12-31 18:22:21 +00:00
|
|
|
rdns = cloudflare_record.sys_domain_casey.hostname
|
2022-01-19 08:29:56 +00:00
|
|
|
}
|
2023-04-23 13:56:44 +01:00
|
|
|
|
|
|
|
resource "linode_rdns" "casey_reverse_ipv6" {
|
|
|
|
address = split("/", linode_instance.casey.ipv6)[0]
|
2023-12-31 18:22:21 +00:00
|
|
|
rdns = cloudflare_record.sys_domain_casey.hostname
|
2023-04-23 13:56:44 +01:00
|
|
|
}
|