diff options
author | William Carroll <wpcarro@gmail.com> | 2021-12-28T02·27-0400 |
---|---|---|
committer | clbot <clbot@tvl.fyi> | 2021-12-28T02·31+0000 |
commit | 413c421e8bf41e0462a9015ad398b6efebaf1f1b (patch) | |
tree | 8385ead1b6edabbdde47c880cf83a9628ee2f79c | |
parent | 3a85d8cededded1afb6d947f073f9ba0ebd1fb9e (diff) |
feat(wpcarro/terraform): Configure firewall r/3486
When I include "80" and "443" in the allowed TCP ports, the ports don't appear to be open, but when I add the tags "http-server" and "https-server", which I don't control, they do. I'm not sure what's going on, but I don't want to let perfect be the enemy of good... Change-Id: I46097a9d80708d14261b0af34c16ab1129aa8107 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4725 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
-rw-r--r-- | users/wpcarro/terraform/gcp.tf | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/users/wpcarro/terraform/gcp.tf b/users/wpcarro/terraform/gcp.tf index f287e90e919d..b02be762ad73 100644 --- a/users/wpcarro/terraform/gcp.tf +++ b/users/wpcarro/terraform/gcp.tf @@ -15,8 +15,7 @@ resource "google_compute_instance" "default" { tags = [ "http-server", "https-server", - "mosh-server", - "quassel-core", + "diogenes-firewall" ] boot_disk { @@ -44,4 +43,23 @@ resource "google_compute_instance" "default" { service_account { scopes = ["cloud-platform"] } +} + +resource "google_compute_firewall" "default" { + name = "diogenes-firewall" + network = "default" + + allow { + protocol = "tcp" + ports = ["6698"] + } + + allow { + protocol = "udp" + ports = [ + "60000-61000" # mosh + ] + } + + source_tags = ["diogenes-firewall"] } \ No newline at end of file |