infra: factoring firewall
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
vincent 2023-10-09 20:12:43 +02:00
parent bf88a6e74f
commit 6b0b4ff807
2 changed files with 26 additions and 23 deletions

View File

@ -1,5 +1,23 @@
resource "hcloud_firewall" "prod" {
name= "prod"
rule {
direction ="in"
protocol = "icmp"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction ="in"
protocol = "udp"
port = "51820"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction ="in"
protocol = "tcp"
@ -18,28 +36,11 @@ resource "hcloud_firewall" "prod" {
"::/0"
]
}
# torrent UDH port
rule {
direction ="in"
protocol = "udp"
port = "6881"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
# wireguard port
rule {
direction ="in"
protocol = "udp"
port = "51820"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
# torrent listen port
resource "hcloud_firewall" "torrent" {
name = "torrent"
rule {
direction ="in"
protocol = "tcp"
@ -52,7 +53,8 @@ resource "hcloud_firewall" "prod" {
}
rule {
direction ="in"
protocol = "icmp"
protocol = "udp"
port = "6881"
source_ips = [
"0.0.0.0/0",
"::/0"

View File

@ -8,6 +8,7 @@ resource "hcloud_server" "HomeLab2" {
firewall_ids = [
hcloud_firewall.prod.id,
hcloud_firewall.Gitea_SSH.id,
hcloud_firewall.torrent.id,
hcloud_firewall.mail.id,
]
labels = {