Introduces the Terraform config for the Hetzner cloud firewall

This commit is contained in:
Maximilian Kratz 2023-04-06 11:23:26 +02:00
parent 89e7a44112
commit 5a192d6e8a
3 changed files with 64 additions and 0 deletions

62
firewall.tf Normal file
View File

@ -0,0 +1,62 @@
resource "hcloud_firewall" "forgejo-fw" {
name = "forgejo-fw"
rule {
direction = "in"
protocol = "icmp"
source_ips = [
"0.0.0.0/0",
"::/0"
]
description = "icmp"
}
rule {
direction = "in"
protocol = "tcp"
port = "22"
source_ips = [
"0.0.0.0/0",
"::/0"
]
description = "ssh forgejo"
}
rule {
direction = "in"
protocol = "tcp"
port = "50001"
source_ips = [
"0.0.0.0/0",
"::/0"
]
description = "ssh os"
}
rule {
direction = "in"
protocol = "tcp"
port = "80"
source_ips = [
"0.0.0.0/0",
"::/0"
]
description = "http"
}
rule {
direction = "in"
protocol = "tcp"
port = "443"
source_ips = [
"0.0.0.0/0",
"::/0"
]
description = "https"
}
rule {
direction = "in"
protocol = "tcp"
port = "9100"
source_ips = [
"0.0.0.0/0",
"::/0"
]
description = "node_exporter"
}
}

View File

@ -15,6 +15,7 @@ resource "hcloud_server" "production" {
})
delete_protection = true
rebuild_protection = true
firewall_ids = [hcloud_firewall.forgejo-fw.id]
}
# Set RDNS entry of production server IPv4

View File

@ -35,6 +35,7 @@ resource "hcloud_server" "staging" {
ipv4 = hcloud_primary_ip.staging-ipv4.id
ipv6 = hcloud_primary_ip.staging-ipv6.id
}
firewall_ids = [hcloud_firewall.forgejo-fw.id]
}
# Set RDNS entry of staging server IPv4