infra: factoring firewall
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
vincent 2023-10-09 20:12:43 +02:00
parent bf88a6e74f
commit 6b0b4ff807
2 changed files with 26 additions and 23 deletions

View File

@ -1,5 +1,23 @@
resource "hcloud_firewall" "prod" { resource "hcloud_firewall" "prod" {
name= "prod" name= "prod"
rule {
direction ="in"
protocol = "icmp"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction ="in"
protocol = "udp"
port = "51820"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule { rule {
direction ="in" direction ="in"
protocol = "tcp" protocol = "tcp"
@ -18,28 +36,11 @@ resource "hcloud_firewall" "prod" {
"::/0" "::/0"
] ]
} }
# torrent UDH port
rule {
direction ="in"
protocol = "udp"
port = "6881"
source_ips = [
"0.0.0.0/0",
"::/0"
]
} }
# wireguard port
rule {
direction ="in"
protocol = "udp"
port = "51820"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
# torrent listen port resource "hcloud_firewall" "torrent" {
name = "torrent"
rule { rule {
direction ="in" direction ="in"
protocol = "tcp" protocol = "tcp"
@ -52,7 +53,8 @@ resource "hcloud_firewall" "prod" {
} }
rule { rule {
direction ="in" direction ="in"
protocol = "icmp" protocol = "udp"
port = "6881"
source_ips = [ source_ips = [
"0.0.0.0/0", "0.0.0.0/0",
"::/0" "::/0"

View File

@ -8,6 +8,7 @@ resource "hcloud_server" "HomeLab2" {
firewall_ids = [ firewall_ids = [
hcloud_firewall.prod.id, hcloud_firewall.prod.id,
hcloud_firewall.Gitea_SSH.id, hcloud_firewall.Gitea_SSH.id,
hcloud_firewall.torrent.id,
hcloud_firewall.mail.id, hcloud_firewall.mail.id,
] ]
labels = { labels = {