From 95e97ef757336c4c95d48a8e60843122f4f5dd5f Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Tue, 23 Mar 2021 22:09:48 +0000 Subject: [PATCH] Iterate over firewall ports I'll convert this to a module some day, honest! --- terraform/casey_vps.tf | 74 +++++++++++++++++------------------------ terraform/walker_vps.tf | 35 ++++++++++++++----- 2 files changed, 58 insertions(+), 51 deletions(-) diff --git a/terraform/casey_vps.tf b/terraform/casey_vps.tf index ba2b96e..a77dd96 100644 --- a/terraform/casey_vps.tf +++ b/terraform/casey_vps.tf @@ -1,3 +1,15 @@ +locals { + casey_open_ports = toset([ + "80/tcp", + "443/tcp", + "51820/udp", + "4242/tcp", + "8448/tcp", + "6328/udp" + ]) +} + + resource "vultr_instance" "casey" { plan = "" # On a plan unsupported by API region = "lhr" @@ -17,56 +29,32 @@ resource "vultr_firewall_rule" "casey_ping" { subnet_size = 0 } -resource "vultr_firewall_rule" "casey_web" { +resource "vultr_firewall_rule" "casey_pingv6" { firewall_group_id = vultr_firewall_group.casey.id - protocol = "tcp" - port = 80 + protocol = "icmp" + ip_type = "v6" + subnet = "::" + subnet_size = 0 +} + +resource "vultr_firewall_rule" "casey_v4" { + for_each = local.casey_open_ports + + firewall_group_id = vultr_firewall_group.casey.id + protocol = split("/", each.value)[1] + port = split("/", each.value)[0] ip_type = "v4" subnet = "0.0.0.0" subnet_size = 0 } -resource "vultr_firewall_rule" "casey_web_secure" { - firewall_group_id = vultr_firewall_group.casey.id - protocol = "tcp" - port = 443 - ip_type = "v4" - subnet = "0.0.0.0" - subnet_size = 0 -} +resource "vultr_firewall_rule" "casey_v6" { + for_each = local.casey_open_ports -resource "vultr_firewall_rule" "casey_wireguard" { firewall_group_id = vultr_firewall_group.casey.id - protocol = "udp" - port = 51820 - ip_type = "v4" - subnet = "0.0.0.0" - subnet_size = 0 -} - -resource "vultr_firewall_rule" "casey_quassel" { - firewall_group_id = vultr_firewall_group.casey.id - protocol = "tcp" - port = 4242 - ip_type = "v4" - subnet = "0.0.0.0" - subnet_size = 0 -} - -resource "vultr_firewall_rule" "casey_matrix" { - firewall_group_id = vultr_firewall_group.casey.id - protocol = "tcp" - port = 8448 - ip_type = "v4" - subnet = "0.0.0.0" - subnet_size = 0 -} - -resource "vultr_firewall_rule" "casey_nebula" { - firewall_group_id = vultr_firewall_group.casey.id - protocol = "udp" - port = 6328 - ip_type = "v4" - subnet = "0.0.0.0" + protocol = split("/", each.value)[1] + port = split("/", each.value)[0] + ip_type = "v6" + subnet = "::" subnet_size = 0 } diff --git a/terraform/walker_vps.tf b/terraform/walker_vps.tf index cda6adc..89e770c 100644 --- a/terraform/walker_vps.tf +++ b/terraform/walker_vps.tf @@ -1,3 +1,10 @@ +locals { + walker_open_ports = toset([ + "80/tcp", + "443/tcp", + ]) +} + resource "vultr_instance" "walker" { plan = "vhf-1c-1gb" region = "lhr" @@ -17,20 +24,32 @@ resource "vultr_firewall_rule" "walker_ping" { subnet_size = 0 } -resource "vultr_firewall_rule" "walker_web" { +resource "vultr_firewall_rule" "walker_pingv6" { firewall_group_id = vultr_firewall_group.walker.id - protocol = "tcp" - port = 80 + protocol = "icmp" + ip_type = "v6" + subnet = "::" + subnet_size = 0 +} + +resource "vultr_firewall_rule" "walker_v4" { + for_each = local.walker_open_ports + + firewall_group_id = vultr_firewall_group.walker.id + protocol = split("/", each.value)[1] + port = split("/", each.value)[0] ip_type = "v4" subnet = "0.0.0.0" subnet_size = 0 } -resource "vultr_firewall_rule" "walker_web_secure" { +resource "vultr_firewall_rule" "walker_v6" { + for_each = local.walker_open_ports + firewall_group_id = vultr_firewall_group.walker.id - protocol = "tcp" - port = 443 - ip_type = "v4" - subnet = "0.0.0.0" + protocol = split("/", each.value)[1] + port = split("/", each.value)[0] + ip_type = "v6" + subnet = "::" subnet_size = 0 }