systems/infrastructure
1
Fork 0
Code Issues 1 Pull requests 15 Activity Actions

Iterate over firewall ports

Browse source 
I'll convert this to a module some day, honest!
This commit is contained in:
Jake Howard 2021-03-23 22:09:48 +00:00
parent 70829dc617
commit 95e97ef757
Signed by: jake
GPG key ID: 57AFB45680EDD477
2 changed files with 58 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

74
terraform/casey_vps.tf
View file

@ -1,3 +1,15 @@
locals {
casey_open_ports = toset([
"80/tcp",
"443/tcp",
"51820/udp",
"4242/tcp",
"8448/tcp",
"6328/udp"
])
}
resource "vultr_instance" "casey" { resource "vultr_instance" "casey" {
plan = "" # On a plan unsupported by API plan = "" # On a plan unsupported by API
region = "lhr" region = "lhr"
@ -17,56 +29,32 @@ resource "vultr_firewall_rule" "casey_ping" {
subnet_size = 0 subnet_size = 0
} }
resource "vultr_firewall_rule" "casey_web" { resource "vultr_firewall_rule" "casey_pingv6" {
firewall_group_id = vultr_firewall_group.casey.id firewall_group_id = vultr_firewall_group.casey.id
protocol = "tcp" protocol = "icmp"
port = 80 ip_type = "v6"
subnet = "::"
subnet_size = 0
}
resource "vultr_firewall_rule" "casey_v4" {
for_each = local.casey_open_ports
firewall_group_id = vultr_firewall_group.casey.id
protocol = split("/", each.value)[1]
port = split("/", each.value)[0]
ip_type = "v4" ip_type = "v4"
subnet = "0.0.0.0" subnet = "0.0.0.0"
subnet_size = 0 subnet_size = 0
} }
resource "vultr_firewall_rule" "casey_web_secure" { resource "vultr_firewall_rule" "casey_v6" {
firewall_group_id = vultr_firewall_group.casey.id for_each = local.casey_open_ports
protocol = "tcp"
port = 443
ip_type = "v4"
subnet = "0.0.0.0"
subnet_size = 0
}
resource "vultr_firewall_rule" "casey_wireguard" {
firewall_group_id = vultr_firewall_group.casey.id firewall_group_id = vultr_firewall_group.casey.id
protocol = "udp" protocol = split("/", each.value)[1]
port = 51820 port = split("/", each.value)[0]
ip_type = "v4" ip_type = "v6"
subnet = "0.0.0.0" subnet = "::"
subnet_size = 0
}
resource "vultr_firewall_rule" "casey_quassel" {
firewall_group_id = vultr_firewall_group.casey.id
protocol = "tcp"
port = 4242
ip_type = "v4"
subnet = "0.0.0.0"
subnet_size = 0
}
resource "vultr_firewall_rule" "casey_matrix" {
firewall_group_id = vultr_firewall_group.casey.id
protocol = "tcp"
port = 8448
ip_type = "v4"
subnet = "0.0.0.0"
subnet_size = 0
}
resource "vultr_firewall_rule" "casey_nebula" {
firewall_group_id = vultr_firewall_group.casey.id
protocol = "udp"
port = 6328
ip_type = "v4"
subnet = "0.0.0.0"
subnet_size = 0 subnet_size = 0
} }

35
terraform/walker_vps.tf
View file

@ -1,3 +1,10 @@
locals {
walker_open_ports = toset([
"80/tcp",
"443/tcp",
])
}
resource "vultr_instance" "walker" { resource "vultr_instance" "walker" {
plan = "vhf-1c-1gb" plan = "vhf-1c-1gb"
region = "lhr" region = "lhr"
@ -17,20 +24,32 @@ resource "vultr_firewall_rule" "walker_ping" {
subnet_size = 0 subnet_size = 0
} }
resource "vultr_firewall_rule" "walker_web" { resource "vultr_firewall_rule" "walker_pingv6" {
firewall_group_id = vultr_firewall_group.walker.id firewall_group_id = vultr_firewall_group.walker.id
protocol = "tcp" protocol = "icmp"
port = 80 ip_type = "v6"
subnet = "::"
subnet_size = 0
}
resource "vultr_firewall_rule" "walker_v4" {
for_each = local.walker_open_ports
firewall_group_id = vultr_firewall_group.walker.id
protocol = split("/", each.value)[1]
port = split("/", each.value)[0]
ip_type = "v4" ip_type = "v4"
subnet = "0.0.0.0" subnet = "0.0.0.0"
subnet_size = 0 subnet_size = 0
} }
resource "vultr_firewall_rule" "walker_web_secure" { resource "vultr_firewall_rule" "walker_v6" {
for_each = local.walker_open_ports
firewall_group_id = vultr_firewall_group.walker.id firewall_group_id = vultr_firewall_group.walker.id
protocol = "tcp" protocol = split("/", each.value)[1]
port = 443 port = split("/", each.value)[0]
ip_type = "v4" ip_type = "v6"
subnet = "0.0.0.0" subnet = "::"
subnet_size = 0 subnet_size = 0
} }