infra: factoring firewall

2023-10-09 20:12:43 +02:00 · 2023-10-09 20:12:43 +02:00 · 6b0b4ff807
commit 6b0b4ff807
parent bf88a6e74f
2 changed files with 26 additions and 23 deletions
--- a/infra/firewall.tf
+++ b/infra/firewall.tf
@ -1,5 +1,23 @@
 resource "hcloud_firewall" "prod" {
  name= "prod"
+   
+  rule {
+    direction ="in"
+    protocol = "icmp"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  rule {
+    direction ="in"
+    protocol = "udp"
+    port = "51820"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
   rule {
    direction ="in"
    protocol = "tcp"
@ -18,28 +36,11 @@ resource "hcloud_firewall" "prod" {
      "::/0"
    ]
  }
-  # torrent UDH port
-  rule {
-    direction ="in"
-    protocol = "udp"
-    port = "6881"
-    source_ips = [
-      "0.0.0.0/0",
-      "::/0"
-    ]
 }
-  # wireguard port
-  rule {
-    direction ="in"
-    protocol = "udp"
-    port = "51820"
-    source_ips = [
-      "0.0.0.0/0",
-      "::/0"
-    ]

-  }
-# torrent listen port
+
+resource "hcloud_firewall" "torrent" {
+  name = "torrent"
  rule {
    direction ="in"
    protocol = "tcp"
@ -52,7 +53,8 @@ resource "hcloud_firewall" "prod" {
  }
 rule {
    direction ="in"
-    protocol = "icmp"
+    protocol = "udp"
+    port = "6881"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
--- a/infra/server.tf
+++ b/infra/server.tf
@ -8,6 +8,7 @@ resource "hcloud_server" "HomeLab2" {
  firewall_ids = [
    hcloud_firewall.prod.id,
    hcloud_firewall.Gitea_SSH.id,
+    hcloud_firewall.torrent.id,
    hcloud_firewall.mail.id,
  ]
  labels = {