diff options
| author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2021-08-17 14:44:22 +0200 |
|---|---|---|
| committer | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2021-08-17 14:44:22 +0200 |
| commit | 97d18f78a5a6c9f136c50c7983078fcec18b86eb (patch) | |
| tree | a5fb40e3e2a2c47c38005b2e52b01cdef25d4bdc | |
| parent | a8f17044b56d395bb8cd9fcedd237b2d4fc5ba8d (diff) | |
| download | infrastructure-97d18f78a5a6c9f136c50c7983078fcec18b86eb.tar.gz | |
more groups
| -rw-r--r-- | terraform/infra.tf | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/terraform/infra.tf b/terraform/infra.tf index 36f10126..396cfe6f 100644 --- a/terraform/infra.tf +++ b/terraform/infra.tf @@ -181,9 +181,66 @@ resource "openstack_networking_secgroup_rule_v2" "sg_git_server_git" { +resource "openstack_networking_secgroup_v2" "sg_shared_artifact_cache" { + name = "shared-artifact-cache" + description = "Allow inbound HTTP, HTTPS and ostree-over-SSH (which I've assigned to port 22200)" + delete_default_rules = "true" +} +resource "openstack_networking_secgroup_rule_v2" "sg_shared_artifact_cache_http" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = "${openstack_networking_secgroup_v2.sg_shared_artifact_cache.id}" +} +resource "openstack_networking_secgroup_rule_v2" "sg_shared_artifact_cache_https" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = "${openstack_networking_secgroup_v2.sg_shared_artifact_cache.id}" +} +resource "openstack_networking_secgroup_rule_v2" "sg_shared_artifact_cache_ssh" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22200 + port_range_max = 22200 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = "${openstack_networking_secgroup_v2.sg_shared_artifact_cache.id}" +} + + +resource "openstack_networking_secgroup_v2" "sg_web_server" { + name = "web-server" + description = "Allow inbound HTTP, HTTPS and ostree-over-SSH (which I've assigned to port 22200)" + delete_default_rules = "true" +} +resource "openstack_networking_secgroup_rule_v2" "sg_web_server_http" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = "${openstack_networking_secgroup_v2.sg_web_server.id}" +} +resource "openstack_networking_secgroup_rule_v2" "sg_web_server_https" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = "${openstack_networking_secgroup_v2.sg_web_server.id}" + resource "openstack_networking_port_v2" "frontend_port" { name = "port_1" |