about summary refs log tree commit diff
diff options
context:
space:
mode:
authorWilliam Carroll <wpcarro@gmail.com>2021-12-28T02·27-0400
committerclbot <clbot@tvl.fyi>2021-12-28T02·31+0000
commit413c421e8bf41e0462a9015ad398b6efebaf1f1b (patch)
tree8385ead1b6edabbdde47c880cf83a9628ee2f79c
parent3a85d8cededded1afb6d947f073f9ba0ebd1fb9e (diff)
feat(wpcarro/terraform): Configure firewall r/3486
When I include "80" and "443" in the allowed TCP ports, the ports don't appear
to be open, but when I add the tags "http-server" and "https-server", which I
don't control, they do. I'm not sure what's going on, but I don't want to let
perfect be the enemy of good...

Change-Id: I46097a9d80708d14261b0af34c16ab1129aa8107
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4725
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
-rw-r--r--users/wpcarro/terraform/gcp.tf22
1 files changed, 20 insertions, 2 deletions
diff --git a/users/wpcarro/terraform/gcp.tf b/users/wpcarro/terraform/gcp.tf
index f287e90e919d..b02be762ad73 100644
--- a/users/wpcarro/terraform/gcp.tf
+++ b/users/wpcarro/terraform/gcp.tf
@@ -15,8 +15,7 @@ resource "google_compute_instance" "default" {
   tags = [
     "http-server",
     "https-server",
-    "mosh-server",
-    "quassel-core",
+    "diogenes-firewall"
   ]
 
   boot_disk {
@@ -44,4 +43,23 @@ resource "google_compute_instance" "default" {
   service_account {
     scopes = ["cloud-platform"]
   }
+}
+
+resource "google_compute_firewall" "default" {
+  name = "diogenes-firewall"
+  network = "default"
+
+  allow {
+    protocol = "tcp"
+    ports = ["6698"]
+  }
+
+  allow {
+    protocol = "udp"
+    ports = [
+      "60000-61000" # mosh
+    ]
+  }
+
+  source_tags = ["diogenes-firewall"]
 }
\ No newline at end of file