Iterate over firewall ports

I'll convert this to a module some day, honest!
This commit is contained in:
Jake Howard 2021-03-23 22:09:48 +00:00
parent 70829dc617
commit 95e97ef757
Signed by: jake
GPG key ID: 57AFB45680EDD477
2 changed files with 58 additions and 51 deletions

View file

@ -1,3 +1,15 @@
locals {
casey_open_ports = toset([
"80/tcp",
"443/tcp",
"51820/udp",
"4242/tcp",
"8448/tcp",
"6328/udp"
])
}
resource "vultr_instance" "casey" {
plan = "" # On a plan unsupported by API
region = "lhr"
@ -17,56 +29,32 @@ resource "vultr_firewall_rule" "casey_ping" {
subnet_size = 0
}
resource "vultr_firewall_rule" "casey_web" {
resource "vultr_firewall_rule" "casey_pingv6" {
firewall_group_id = vultr_firewall_group.casey.id
protocol = "tcp"
port = 80
protocol = "icmp"
ip_type = "v6"
subnet = "::"
subnet_size = 0
}
resource "vultr_firewall_rule" "casey_v4" {
for_each = local.casey_open_ports
firewall_group_id = vultr_firewall_group.casey.id
protocol = split("/", each.value)[1]
port = split("/", each.value)[0]
ip_type = "v4"
subnet = "0.0.0.0"
subnet_size = 0
}
resource "vultr_firewall_rule" "casey_web_secure" {
firewall_group_id = vultr_firewall_group.casey.id
protocol = "tcp"
port = 443
ip_type = "v4"
subnet = "0.0.0.0"
subnet_size = 0
}
resource "vultr_firewall_rule" "casey_v6" {
for_each = local.casey_open_ports
resource "vultr_firewall_rule" "casey_wireguard" {
firewall_group_id = vultr_firewall_group.casey.id
protocol = "udp"
port = 51820
ip_type = "v4"
subnet = "0.0.0.0"
subnet_size = 0
}
resource "vultr_firewall_rule" "casey_quassel" {
firewall_group_id = vultr_firewall_group.casey.id
protocol = "tcp"
port = 4242
ip_type = "v4"
subnet = "0.0.0.0"
subnet_size = 0
}
resource "vultr_firewall_rule" "casey_matrix" {
firewall_group_id = vultr_firewall_group.casey.id
protocol = "tcp"
port = 8448
ip_type = "v4"
subnet = "0.0.0.0"
subnet_size = 0
}
resource "vultr_firewall_rule" "casey_nebula" {
firewall_group_id = vultr_firewall_group.casey.id
protocol = "udp"
port = 6328
ip_type = "v4"
subnet = "0.0.0.0"
protocol = split("/", each.value)[1]
port = split("/", each.value)[0]
ip_type = "v6"
subnet = "::"
subnet_size = 0
}

View file

@ -1,3 +1,10 @@
locals {
walker_open_ports = toset([
"80/tcp",
"443/tcp",
])
}
resource "vultr_instance" "walker" {
plan = "vhf-1c-1gb"
region = "lhr"
@ -17,20 +24,32 @@ resource "vultr_firewall_rule" "walker_ping" {
subnet_size = 0
}
resource "vultr_firewall_rule" "walker_web" {
resource "vultr_firewall_rule" "walker_pingv6" {
firewall_group_id = vultr_firewall_group.walker.id
protocol = "tcp"
port = 80
protocol = "icmp"
ip_type = "v6"
subnet = "::"
subnet_size = 0
}
resource "vultr_firewall_rule" "walker_v4" {
for_each = local.walker_open_ports
firewall_group_id = vultr_firewall_group.walker.id
protocol = split("/", each.value)[1]
port = split("/", each.value)[0]
ip_type = "v4"
subnet = "0.0.0.0"
subnet_size = 0
}
resource "vultr_firewall_rule" "walker_web_secure" {
resource "vultr_firewall_rule" "walker_v6" {
for_each = local.walker_open_ports
firewall_group_id = vultr_firewall_group.walker.id
protocol = "tcp"
port = 443
ip_type = "v4"
subnet = "0.0.0.0"
protocol = split("/", each.value)[1]
port = split("/", each.value)[0]
ip_type = "v6"
subnet = "::"
subnet_size = 0
}