Move generic vultr firewall stuff into module

Modules are pretty nice!
2021-03-23 22:33:10 +00:00 · 2021-03-23 22:33:10 +00:00 · e80bcb5a8b
parent 95e97ef757
commit e80bcb5a8b
8 changed files with 66 additions and 91 deletions
--- a/terraform/casey_vps.tf
+++ b/terraform/casey_vps.tf
@ -1,12 +1,15 @@
-locals {
-  casey_open_ports = toset([
+module "casey_firewall" {
+  source = "./vultr_firewall/"
+
+  description = "casey"
+  ports = [
    "80/tcp",
    "443/tcp",
    "51820/udp",
    "4242/tcp",
    "8448/tcp",
    "6328/udp"
-  ])
+  ]
 }


@ -14,47 +17,5 @@ resource "vultr_instance" "casey" {
  plan              = "" # On a plan unsupported by API
  region            = "lhr"
  hostname          = "casey"
-  firewall_group_id = vultr_firewall_group.casey.id
-}
-
-resource "vultr_firewall_group" "casey" {
-  description = "casey"
-}
-
-resource "vultr_firewall_rule" "casey_ping" {
-  firewall_group_id = vultr_firewall_group.casey.id
-  protocol          = "icmp"
-  ip_type           = "v4"
-  subnet            = "0.0.0.0"
-  subnet_size       = 0
-}
-
-resource "vultr_firewall_rule" "casey_pingv6" {
-  firewall_group_id = vultr_firewall_group.casey.id
-  protocol          = "icmp"
-  ip_type           = "v6"
-  subnet            = "::"
-  subnet_size       = 0
-}
-
-resource "vultr_firewall_rule" "casey_v4" {
-  for_each = local.casey_open_ports
-
-  firewall_group_id = vultr_firewall_group.casey.id
-  protocol          = split("/", each.value)[1]
-  port              = split("/", each.value)[0]
-  ip_type           = "v4"
-  subnet            = "0.0.0.0"
-  subnet_size       = 0
-}
-
-resource "vultr_firewall_rule" "casey_v6" {
-  for_each = local.casey_open_ports
-
-  firewall_group_id = vultr_firewall_group.casey.id
-  protocol          = split("/", each.value)[1]
-  port              = split("/", each.value)[0]
-  ip_type           = "v6"
-  subnet            = "::"
-  subnet_size       = 0
+  firewall_group_id = module.casey_firewall.firewall_group.id
 }
--- a/terraform/vultr_firewall/group.tf
+++ b/terraform/vultr_firewall/group.tf
@ -0,0 +1,3 @@
+resource "vultr_firewall_group" "group" {
+  description = var.description
+}
--- a/terraform/vultr_firewall/outputs.tf
+++ b/terraform/vultr_firewall/outputs.tf
@ -0,0 +1,3 @@
+output "firewall_group" {
+  value = vultr_firewall_group.group
+}
--- a/terraform/vultr_firewall/ping.tf
+++ b/terraform/vultr_firewall/ping.tf
@ -0,0 +1,15 @@
+resource "vultr_firewall_rule" "ping" {
+  firewall_group_id = vultr_firewall_group.group.id
+  protocol          = "icmp"
+  ip_type           = "v4"
+  subnet            = "0.0.0.0"
+  subnet_size       = 0
+}
+
+resource "vultr_firewall_rule" "pingv6" {
+  firewall_group_id = vultr_firewall_group.group.id
+  protocol          = "icmp"
+  ip_type           = "v6"
+  subnet            = "::"
+  subnet_size       = 0
+}
--- a/terraform/vultr_firewall/rules.tf
+++ b/terraform/vultr_firewall/rules.tf
@ -0,0 +1,21 @@
+resource "vultr_firewall_rule" "v4" {
+  for_each = toset(var.ports)
+
+  firewall_group_id = vultr_firewall_group.group.id
+  protocol          = split("/", each.value)[1]
+  port              = split("/", each.value)[0]
+  ip_type           = "v4"
+  subnet            = "0.0.0.0"
+  subnet_size       = 0
+}
+
+resource "vultr_firewall_rule" "v6" {
+  for_each = toset(var.ports)
+
+  firewall_group_id = vultr_firewall_group.group.id
+  protocol          = split("/", each.value)[1]
+  port              = split("/", each.value)[0]
+  ip_type           = "v6"
+  subnet            = "::"
+  subnet_size       = 0
+}
--- a/terraform/vultr_firewall/terraform.tf
+++ b/terraform/vultr_firewall/terraform.tf
@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    vultr = {
+      source  = "vultr/vultr"
+      version = "2.1.4"
+    }
+  }
+}
--- a/terraform/vultr_firewall/variables.tf
+++ b/terraform/vultr_firewall/variables.tf
@ -0,0 +1,2 @@
+variable "ports" {}
+variable "description" {}
--- a/terraform/walker_vps.tf
+++ b/terraform/walker_vps.tf
@ -1,55 +1,17 @@
-locals {
-  walker_open_ports = toset([
+module "walker_firewall" {
+  source = "./vultr_firewall/"
+
+  description = "walker"
+  ports = toset([
    "80/tcp",
    "443/tcp",
  ])
 }

+
 resource "vultr_instance" "walker" {
  plan              = "vhf-1c-1gb"
  region            = "lhr"
  hostname          = "walker"
-  firewall_group_id = vultr_firewall_group.walker.id
-}
-
-resource "vultr_firewall_group" "walker" {
-  description = "walker"
-}
-
-resource "vultr_firewall_rule" "walker_ping" {
-  firewall_group_id = vultr_firewall_group.walker.id
-  protocol          = "icmp"
-  ip_type           = "v4"
-  subnet            = "0.0.0.0"
-  subnet_size       = 0
-}
-
-resource "vultr_firewall_rule" "walker_pingv6" {
-  firewall_group_id = vultr_firewall_group.walker.id
-  protocol          = "icmp"
-  ip_type           = "v6"
-  subnet            = "::"
-  subnet_size       = 0
-}
-
-resource "vultr_firewall_rule" "walker_v4" {
-  for_each = local.walker_open_ports
-
-  firewall_group_id = vultr_firewall_group.walker.id
-  protocol          = split("/", each.value)[1]
-  port              = split("/", each.value)[0]
-  ip_type           = "v4"
-  subnet            = "0.0.0.0"
-  subnet_size       = 0
-}
-
-resource "vultr_firewall_rule" "walker_v6" {
-  for_each = local.walker_open_ports
-
-  firewall_group_id = vultr_firewall_group.walker.id
-  protocol          = split("/", each.value)[1]
-  port              = split("/", each.value)[0]
-  ip_type           = "v6"
-  subnet            = "::"
-  subnet_size       = 0
+  firewall_group_id = module.walker_firewall.firewall_group.id
 }