DTSV/Terraform
1
0
Fork 0
Code Issues Pull Requests Releases Activity
Files
d0d05f89a17eeef0e3ec06f54e6d2b89f29f7b53
Terraform/firewall.tf
Oli d0d05f89a1 update hcloud provider to 1.36.1
2022-12-23 13:38:06 +00:00

146 lines
2.6 KiB
HCL
Raw Blame History

# Hetzner Cloud Firewall
resource "hcloud_firewall" "icmp" {
name = "ICMP"
rule {
direction = "in"
protocol = "icmp"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
apply_to {
label_selector = "env=prod"
}
}
resource "hcloud_firewall" "ssh" {
name = "SSH"
rule {
direction = "in"
protocol = "tcp"
port = "22"
source_ips = [
var.bastion_host.ipv4,
var.bastion_host.ipv6
]
}
apply_to {
label_selector = "env=prod"
}
}
resource "hcloud_firewall" "web" {
name = "Webserver"
rule {
direction = "in"
protocol = "tcp"
port = "80"
description = "HTTP"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "in"
protocol = "tcp"
port = "443"
description = "HTTPS"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
apply_to {
server = hcloud_server.web.id
}
}
resource "hcloud_firewall" "monitoring" {
name = "Monitoring"
rule {
direction = "in"
protocol = "tcp"
port = "9100"
description = "node-exporter"
source_ips = [
var.bastion_host.ipv4,
var.bastion_host.ipv6
]
}
rule {
direction = "in"
protocol = "tcp"
port = "9558"
description = "systemd-exporter"
source_ips = [
var.bastion_host.ipv4,
var.bastion_host.ipv6
]
}
rule {
direction = "in"
protocol = "tcp"
port = "9187"
description = "postgres-exporter"
source_ips = [
var.bastion_host.ipv4,
var.bastion_host.ipv6
]
}
rule {
direction = "in"
protocol = "tcp"
port = "9113"
description = "nginx-exporter"
source_ips = [
var.bastion_host.ipv4,
var.bastion_host.ipv6
]
}
rule {
direction = "in"
protocol = "tcp"
port = "9253"
description = "php-exporter"
source_ips = [
var.bastion_host.ipv4,
var.bastion_host.ipv6
]
}
rule {
direction = "in"
protocol = "tcp"
port = "9205"
description = "nextcloud"
source_ips = [
var.bastion_host.ipv4,
var.bastion_host.ipv6
]
}
rule {
direction = "in"
protocol = "tcp"
port = "9206"
description = "nextcloud_push"
source_ips = [
var.bastion_host.ipv4,
var.bastion_host.ipv6
]
}
rule {
direction = "in"
protocol = "tcp"
port = "5572"
description = "rclone"
source_ips = [
var.bastion_host.ipv4,
var.bastion_host.ipv6
]
}
# apply_to {
# server = hcloud_server.web.id
# }
}
Reference in New Issue View Git Blame Copy Permalink