From d0d05f89a17eeef0e3ec06f54e6d2b89f29f7b53 Mon Sep 17 00:00:00 2001 From: Oli Date: Fri, 23 Dec 2022 13:38:06 +0000 Subject: [PATCH] update hcloud provider to 1.36.1 --- .terraform.lock.hcl | 34 ++++++------- firewall.tf | 114 ++++++++++++++++++++++++++++++++++++++++++++ main.tf | 2 +- 3 files changed, 132 insertions(+), 18 deletions(-) diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index a5565f5..d63927c 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,24 +2,24 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hetznercloud/hcloud" { - version = "1.36.1" - constraints = "1.36.1" + version = "1.36.2" + constraints = "1.36.2" hashes = [ - "h1:xZSvxx6aUo0oZp2uqNxi/+wqnCNEBBuu8y7GeXIO9qA=", - "zh:16558b25c7f92f187278e94e951b0ab687882b06acff5b1387f3293f27939f8c", - "zh:28fc79ac2189ff0f5e6c9535ada8f57552b6e21c978b59dc78e086c27b9e4b23", - "zh:373907f9f7f2cefa94e2d5638bf5bef3d3b17e7655dc84dd6089346c6f4f9096", - "zh:394716cd877de682a0772d660f1bdb3838c5d751eca2211105d5ede248c48c39", - "zh:3c438c6590fcc8ac65a10039b2f5ba9ee379a734cb93a59c6cf74f385d891e87", - "zh:3f777a460a62fd23b283c269f1533b3887bf0c5564581e1e96cf294e077f5a8a", - "zh:4f62967553d7ce81ec14db7685306b625970ba6640b5764dc0137675ab97af0b", - "zh:56da08f8d75f596d6f9da4f0fd16bd60d1733cabcc260e885e1d7a711d6d3d8b", - "zh:62776c885bfa8e715dba6662f1744b5251f4cdd523dd4d1e4ccb2e25489593e9", - "zh:64cbb68139aa65f95ab3e654d872f9d34ef991fbf667fc30e0f29b96b5e8b4ed", - "zh:75a4b7a73ff0a537214d12d820438b7ae7a33d660e5d793f4ae0ebe3152bff00", - "zh:7b59d72538772ada7d51eaa50c905285200b1889ab29948b533412ccdf4d18de", - "zh:b84eeaa82bf765c6dd945ae83f1a9271fa5fad53b861b18b09cb8deda67dae13", - "zh:e81c3ea971e32a6ca3fdb0cd9e644614308ab2cf2a19482dd8a109d67fe3fb6f", + "h1:VO/dl+g5NfJd436hmT+9NOMQk6oRU4Z9TSJJJrNlN0M=", + "zh:0498ef4209924b30ce7b4a232dd6aee08feab2ebbc90064db699adc10c16707e", + "zh:292e3c0c55d320cf164cdd431ee31580dd86f435aec99721597204bab5de3970", + "zh:3ce8558658baa7c4b9f1eeb92427665b4b930e5b157fbf352977778c90e11aaa", + "zh:46abd0bdeeba46b86832ed31338ad837b584f7b2152f8a9bfa6c3802f481a6da", + "zh:5804e71d411577f06abc0986c8c2e475c49042a192efce5936e4d5bdd874fc22", + "zh:7cef0782e8198346bfe7b61601e1cf8f2158280a5cf665140b72838545ca3127", + "zh:be81782af391ff4cc0859d976637aa00e6fe34061fe4f1df1f5ab5d62ef94f82", + "zh:bf2660e70edf758305085698fc9d05306b174b99559cd0f3f61c0b705ba22275", + "zh:caf727b0a378dc8c9c3594bbf176865f87aa732077820ff045eb352f5a48aeed", + "zh:cf95fc3121b358c7b7b667193ab36b8cb6140e2f6dfbf6f1b4c55b7fec1bb6ef", + "zh:d6d3119f8b971e982b6421dfa3b86314ccaeceaf047a3b6505f79e1a30f8301e", + "zh:e6f7f65dced2e88e3082c57ddcd118412595678cf3c7289bc7e12c724b3bd892", + "zh:f41f59ca511ab1a591d5abdc7f6d32d2e03a1d6087d206a741f95b7b0dd2ea17", + "zh:fbe59fbb5f272a6b206a380f6dbf49837b199960dd038afca2e89b11f72fdfda", ] } diff --git a/firewall.tf b/firewall.tf index 940be03..3a3ed29 100644 --- a/firewall.tf +++ b/firewall.tf @@ -30,3 +30,117 @@ resource "hcloud_firewall" "ssh" { label_selector = "env=prod" } } + +resource "hcloud_firewall" "web" { + name = "Webserver" + rule { + direction = "in" + protocol = "tcp" + port = "80" + description = "HTTP" + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + rule { + direction = "in" + protocol = "tcp" + port = "443" + description = "HTTPS" + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + apply_to { + server = hcloud_server.web.id + } +} + +resource "hcloud_firewall" "monitoring" { + name = "Monitoring" + rule { + direction = "in" + protocol = "tcp" + port = "9100" + description = "node-exporter" + source_ips = [ + var.bastion_host.ipv4, + var.bastion_host.ipv6 + ] + } + rule { + direction = "in" + protocol = "tcp" + port = "9558" + description = "systemd-exporter" + source_ips = [ + var.bastion_host.ipv4, + var.bastion_host.ipv6 + ] + } + rule { + direction = "in" + protocol = "tcp" + port = "9187" + description = "postgres-exporter" + source_ips = [ + var.bastion_host.ipv4, + var.bastion_host.ipv6 + ] + } + rule { + direction = "in" + protocol = "tcp" + port = "9113" + description = "nginx-exporter" + source_ips = [ + var.bastion_host.ipv4, + var.bastion_host.ipv6 + ] + } + rule { + direction = "in" + protocol = "tcp" + port = "9253" + description = "php-exporter" + source_ips = [ + var.bastion_host.ipv4, + var.bastion_host.ipv6 + ] + } + rule { + direction = "in" + protocol = "tcp" + port = "9205" + description = "nextcloud" + source_ips = [ + var.bastion_host.ipv4, + var.bastion_host.ipv6 + ] + } + rule { + direction = "in" + protocol = "tcp" + port = "9206" + description = "nextcloud_push" + source_ips = [ + var.bastion_host.ipv4, + var.bastion_host.ipv6 + ] + } + rule { + direction = "in" + protocol = "tcp" + port = "5572" + description = "rclone" + source_ips = [ + var.bastion_host.ipv4, + var.bastion_host.ipv6 + ] + } + # apply_to { + # server = hcloud_server.web.id + # } +} \ No newline at end of file diff --git a/main.tf b/main.tf index e729d3a..52683f2 100644 --- a/main.tf +++ b/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { hcloud = { source = "hetznercloud/hcloud" - version = "1.36.1" + version = "1.36.2" } ionosdeveloper = { source = "ionos-developer/ionosdeveloper"