infra: factoring firewall

2023-10-09 20:12:43 +02:00 · 2023-10-09 20:12:43 +02:00 · 6b0b4ff807
commit 6b0b4ff807
parent bf88a6e74f
2 changed files with 26 additions and 23 deletions
--- a/infra/firewall.tf
+++ b/infra/firewall.tf
@ -1,6 +1,24 @@
 resource "hcloud_firewall" "prod" {
  name= "prod"
+   
  rule {
+    direction ="in"
+    protocol = "icmp"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  rule {
+    direction ="in"
+    protocol = "udp"
+    port = "51820"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+   rule {
    direction ="in"
    protocol = "tcp"
    port = "80"
@ -18,28 +36,11 @@ resource "hcloud_firewall" "prod" {
      "::/0"
    ]
  }
-  # torrent UDH port
-  rule {
-    direction ="in"
-    protocol = "udp"
-    port = "6881"
-    source_ips = [
-      "0.0.0.0/0",
-      "::/0"
-    ]
-  }
-  # wireguard port
-  rule {
-    direction ="in"
-    protocol = "udp"
-    port = "51820"
-    source_ips = [
-      "0.0.0.0/0",
-      "::/0"
-    ]
+}

-  }
-# torrent listen port
+
+resource "hcloud_firewall" "torrent" {
+  name = "torrent"
  rule {
    direction ="in"
    protocol = "tcp"
@ -50,9 +51,10 @@ resource "hcloud_firewall" "prod" {
    ]

  }
-  rule {
+ rule {
    direction ="in"
-    protocol = "icmp"
+    protocol = "udp"
+    port = "6881"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
--- a/infra/server.tf
+++ b/infra/server.tf
@ -8,6 +8,7 @@ resource "hcloud_server" "HomeLab2" {
  firewall_ids = [
    hcloud_firewall.prod.id,
    hcloud_firewall.Gitea_SSH.id,
+    hcloud_firewall.torrent.id,
    hcloud_firewall.mail.id,
  ]
  labels = {