diff options
| author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2021-08-17 14:26:01 +0200 |
|---|---|---|
| committer | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2021-08-17 14:26:01 +0200 |
| commit | a8f17044b56d395bb8cd9fcedd237b2d4fc5ba8d (patch) | |
| tree | c6ff73d2024554222553430bec4d584e36a6bdbd | |
| parent | e6941a9ebb865d70207e49c1156ce0ab7ff7f967 (diff) | |
| download | infrastructure-a8f17044b56d395bb8cd9fcedd237b2d4fc5ba8d.tar.gz | |
more security groups
| -rw-r--r-- | terraform/infra.tf | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/terraform/infra.tf b/terraform/infra.tf index c413239e..36f10126 100644 --- a/terraform/infra.tf +++ b/terraform/infra.tf @@ -107,6 +107,84 @@ resource "openstack_networking_secgroup_rule_v2" "sg_base_ingress_ssh" { security_group_id = "${openstack_networking_secgroup_v2.sg_base.id}" } + + +resource "openstack_networking_secgroup_v2" "sg_haste_server" { + name = "haste-server" + description = "Allow incoming TCP requests for haste server" + delete_default_rules = "true" +} + +resource "openstack_networking_secgroup_rule_v2" "sg_haste_server_main" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 7777 + port_range_max = 7777 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = "${openstack_networking_secgroup_v2.sg_haste_server.id}" +} + +resource "openstack_networking_secgroup_v2" "sg_gitlab_bot" { + name = "gitlab-bot" + description = "Allow incoming TCP requests for gitlab-bot" + delete_default_rules = "true" +} + + +resource "openstack_networking_secgroup_rule_v2" "sg_gitlab_bot_main" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 1337 + port_range_max = 1337 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = "${openstack_networking_secgroup_v2.sg_gitlab_bot.id}" +} + + +resource "openstack_networking_secgroup_v2" "sg_git_server" { + name = "git-server" + description = "Allow inbound SSH, HTTP, HTTPS and Git requests." + delete_default_rules = "true" +} + +resource "openstack_networking_secgroup_rule_v2" "sg_git_server_http" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = "${openstack_networking_secgroup_v2.sg_git_server.id}" +} + +resource "openstack_networking_secgroup_rule_v2" "sg_git_server_https" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = "${openstack_networking_secgroup_v2.sg_git_server.id}" +} + +resource "openstack_networking_secgroup_rule_v2" "sg_git_server_git" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9418 + port_range_max = 9418 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = "${openstack_networking_secgroup_v2.sg_git_server.id}" +} + + + + + + + resource "openstack_networking_port_v2" "frontend_port" { name = "port_1" network_id = "${openstack_networking_network_v2.baserock_network.id}" |