update hcloud provider to 1.36.1

.terraform.lock.hcl

@@ -2,24 +2,24 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.terraform.io/hetznercloud/hcloud" {
-  version     = "1.36.1"
+  version     = "1.36.2"
-  constraints = "1.36.1"
+  constraints = "1.36.2"
   hashes = [
-    "h1:xZSvxx6aUo0oZp2uqNxi/+wqnCNEBBuu8y7GeXIO9qA=",
+    "h1:VO/dl+g5NfJd436hmT+9NOMQk6oRU4Z9TSJJJrNlN0M=",
-    "zh:16558b25c7f92f187278e94e951b0ab687882b06acff5b1387f3293f27939f8c",
+    "zh:0498ef4209924b30ce7b4a232dd6aee08feab2ebbc90064db699adc10c16707e",
-    "zh:28fc79ac2189ff0f5e6c9535ada8f57552b6e21c978b59dc78e086c27b9e4b23",
+    "zh:292e3c0c55d320cf164cdd431ee31580dd86f435aec99721597204bab5de3970",
-    "zh:373907f9f7f2cefa94e2d5638bf5bef3d3b17e7655dc84dd6089346c6f4f9096",
+    "zh:3ce8558658baa7c4b9f1eeb92427665b4b930e5b157fbf352977778c90e11aaa",
-    "zh:394716cd877de682a0772d660f1bdb3838c5d751eca2211105d5ede248c48c39",
+    "zh:46abd0bdeeba46b86832ed31338ad837b584f7b2152f8a9bfa6c3802f481a6da",
-    "zh:3c438c6590fcc8ac65a10039b2f5ba9ee379a734cb93a59c6cf74f385d891e87",
+    "zh:5804e71d411577f06abc0986c8c2e475c49042a192efce5936e4d5bdd874fc22",
-    "zh:3f777a460a62fd23b283c269f1533b3887bf0c5564581e1e96cf294e077f5a8a",
+    "zh:7cef0782e8198346bfe7b61601e1cf8f2158280a5cf665140b72838545ca3127",
-    "zh:4f62967553d7ce81ec14db7685306b625970ba6640b5764dc0137675ab97af0b",
+    "zh:be81782af391ff4cc0859d976637aa00e6fe34061fe4f1df1f5ab5d62ef94f82",
-    "zh:56da08f8d75f596d6f9da4f0fd16bd60d1733cabcc260e885e1d7a711d6d3d8b",
+    "zh:bf2660e70edf758305085698fc9d05306b174b99559cd0f3f61c0b705ba22275",
-    "zh:62776c885bfa8e715dba6662f1744b5251f4cdd523dd4d1e4ccb2e25489593e9",
+    "zh:caf727b0a378dc8c9c3594bbf176865f87aa732077820ff045eb352f5a48aeed",
-    "zh:64cbb68139aa65f95ab3e654d872f9d34ef991fbf667fc30e0f29b96b5e8b4ed",
+    "zh:cf95fc3121b358c7b7b667193ab36b8cb6140e2f6dfbf6f1b4c55b7fec1bb6ef",
-    "zh:75a4b7a73ff0a537214d12d820438b7ae7a33d660e5d793f4ae0ebe3152bff00",
+    "zh:d6d3119f8b971e982b6421dfa3b86314ccaeceaf047a3b6505f79e1a30f8301e",
-    "zh:7b59d72538772ada7d51eaa50c905285200b1889ab29948b533412ccdf4d18de",
+    "zh:e6f7f65dced2e88e3082c57ddcd118412595678cf3c7289bc7e12c724b3bd892",
-    "zh:b84eeaa82bf765c6dd945ae83f1a9271fa5fad53b861b18b09cb8deda67dae13",
+    "zh:f41f59ca511ab1a591d5abdc7f6d32d2e03a1d6087d206a741f95b7b0dd2ea17",
-    "zh:e81c3ea971e32a6ca3fdb0cd9e644614308ab2cf2a19482dd8a109d67fe3fb6f",
+    "zh:fbe59fbb5f272a6b206a380f6dbf49837b199960dd038afca2e89b11f72fdfda",
   ]
 }
 

firewall.tf

@@ -30,3 +30,117 @@ resource "hcloud_firewall" "ssh" {
     label_selector = "env=prod"
   }
 }
+
+resource "hcloud_firewall" "web" {
+  name = "Webserver"
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "80"
+    description = "HTTP"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "443"
+    description = "HTTPS"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  apply_to {
+    server = hcloud_server.web.id
+  }
+}
+
+resource "hcloud_firewall" "monitoring" {
+  name = "Monitoring"
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "9100"
+    description = "node-exporter"
+    source_ips = [
+      var.bastion_host.ipv4,
+      var.bastion_host.ipv6
+    ]
+  }
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "9558"
+    description = "systemd-exporter"
+    source_ips = [
+      var.bastion_host.ipv4,
+      var.bastion_host.ipv6
+    ]
+  }
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "9187"
+    description = "postgres-exporter"
+    source_ips = [
+      var.bastion_host.ipv4,
+      var.bastion_host.ipv6
+    ]
+  }
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "9113"
+    description = "nginx-exporter"
+    source_ips = [
+      var.bastion_host.ipv4,
+      var.bastion_host.ipv6
+    ]
+  }
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "9253"
+    description = "php-exporter"
+    source_ips = [
+      var.bastion_host.ipv4,
+      var.bastion_host.ipv6
+    ]
+  }
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "9205"
+    description = "nextcloud"
+    source_ips = [
+      var.bastion_host.ipv4,
+      var.bastion_host.ipv6
+    ]
+  }
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "9206"
+    description = "nextcloud_push"
+    source_ips = [
+      var.bastion_host.ipv4,
+      var.bastion_host.ipv6
+    ]
+  }
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "5572"
+    description = "rclone"
+    source_ips = [
+      var.bastion_host.ipv4,
+      var.bastion_host.ipv6
+    ]
+  }
+  # apply_to {
+  #   server = hcloud_server.web.id
+  # }
+}

main.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     hcloud = {
       source = "hetznercloud/hcloud"
-      version = "1.36.1"
+      version = "1.36.2"
     }
     ionosdeveloper = {
       source  = "ionos-developer/ionosdeveloper"