infra: factoring firewall
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
bf88a6e74f
commit
6b0b4ff807
@ -1,5 +1,23 @@
|
||||
resource "hcloud_firewall" "prod" {
|
||||
name= "prod"
|
||||
|
||||
rule {
|
||||
direction ="in"
|
||||
protocol = "icmp"
|
||||
source_ips = [
|
||||
"0.0.0.0/0",
|
||||
"::/0"
|
||||
]
|
||||
}
|
||||
rule {
|
||||
direction ="in"
|
||||
protocol = "udp"
|
||||
port = "51820"
|
||||
source_ips = [
|
||||
"0.0.0.0/0",
|
||||
"::/0"
|
||||
]
|
||||
}
|
||||
rule {
|
||||
direction ="in"
|
||||
protocol = "tcp"
|
||||
@ -18,28 +36,11 @@ resource "hcloud_firewall" "prod" {
|
||||
"::/0"
|
||||
]
|
||||
}
|
||||
# torrent UDH port
|
||||
rule {
|
||||
direction ="in"
|
||||
protocol = "udp"
|
||||
port = "6881"
|
||||
source_ips = [
|
||||
"0.0.0.0/0",
|
||||
"::/0"
|
||||
]
|
||||
}
|
||||
# wireguard port
|
||||
rule {
|
||||
direction ="in"
|
||||
protocol = "udp"
|
||||
port = "51820"
|
||||
source_ips = [
|
||||
"0.0.0.0/0",
|
||||
"::/0"
|
||||
]
|
||||
|
||||
}
|
||||
# torrent listen port
|
||||
|
||||
resource "hcloud_firewall" "torrent" {
|
||||
name = "torrent"
|
||||
rule {
|
||||
direction ="in"
|
||||
protocol = "tcp"
|
||||
@ -52,7 +53,8 @@ resource "hcloud_firewall" "prod" {
|
||||
}
|
||||
rule {
|
||||
direction ="in"
|
||||
protocol = "icmp"
|
||||
protocol = "udp"
|
||||
port = "6881"
|
||||
source_ips = [
|
||||
"0.0.0.0/0",
|
||||
"::/0"
|
||||
|
@ -8,6 +8,7 @@ resource "hcloud_server" "HomeLab2" {
|
||||
firewall_ids = [
|
||||
hcloud_firewall.prod.id,
|
||||
hcloud_firewall.Gitea_SSH.id,
|
||||
hcloud_firewall.torrent.id,
|
||||
hcloud_firewall.mail.id,
|
||||
]
|
||||
labels = {
|
||||
|
Loading…
Reference in New Issue
Block a user