module "casey_firewall" { source = "./vultr_firewall/" description = "casey" ports = [ "80/tcp", "443/tcp", "51820/udp", "8448/tcp", "6328/udp" ] } resource "vultr_instance" "casey" { plan = "" # On a plan unsupported by API region = "lhr" hostname = "casey" firewall_group_id = module.casey_firewall.firewall_group.id } # Linode resource "linode_instance" "casey" { label = "casey" image = "linode/arch" region = "eu-west" type = "g6-nanode-1" private_ip = true } resource "linode_firewall" "casey" { label = "casey" linodes = [linode_instance.casey.id] outbound_policy = "ACCEPT" inbound_policy = "DROP" inbound { label = "allow-ping" action = "ACCEPT" protocol = "ICMP" ipv4 = ["0.0.0.0/0"] ipv6 = ["::/0"] } inbound { label = "allow-inbound-https" action = "ACCEPT" protocol = "TCP" ports = "443" ipv4 = ["0.0.0.0/0"] ipv6 = ["::/0"] } inbound { label = "allow-inbound-http" action = "ACCEPT" protocol = "TCP" ports = "80" ipv4 = ["0.0.0.0/0"] ipv6 = ["::/0"] } inbound { label = "allow-inbound-wireguard" action = "ACCEPT" protocol = "UDP" ports = "51820" ipv4 = ["0.0.0.0/0"] ipv6 = ["::/0"] } inbound { label = "allow-inbound-nebula" action = "ACCEPT" protocol = "UDP" ports = "6328" ipv4 = ["0.0.0.0/0"] ipv6 = ["::/0"] } inbound { label = "allow-inbound-matrix" action = "ACCEPT" protocol = "TCP" ports = "8448" ipv4 = ["0.0.0.0/0"] ipv6 = ["::/0"] } } resource "linode_rdns" "casey_reverse_ipv4" { address = linode_instance.casey.ip_address rdns = "casey.sys.theorangeone.net" }