From 97d18f78a5a6c9f136c50c7983078fcec18b86eb Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@codethink.co.uk>
Date: Tue, 17 Aug 2021 14:44:22 +0200
Subject: more groups

---
 terraform/infra.tf | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)

diff --git a/terraform/infra.tf b/terraform/infra.tf
index 36f10126..396cfe6f 100644
--- a/terraform/infra.tf
+++ b/terraform/infra.tf
@@ -181,9 +181,66 @@ resource "openstack_networking_secgroup_rule_v2" "sg_git_server_git" {
 
 
 
+resource "openstack_networking_secgroup_v2" "sg_shared_artifact_cache" {
+  name        = "shared-artifact-cache"
+  description = "Allow inbound HTTP, HTTPS and ostree-over-SSH (which I've assigned to port 22200)"
+  delete_default_rules = "true"
+}
 
+resource "openstack_networking_secgroup_rule_v2" "sg_shared_artifact_cache_http" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 80
+  port_range_max    = 80
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.sg_shared_artifact_cache.id}"
+}
+resource "openstack_networking_secgroup_rule_v2" "sg_shared_artifact_cache_https" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 443
+  port_range_max    = 443
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.sg_shared_artifact_cache.id}"
+}
+resource "openstack_networking_secgroup_rule_v2" "sg_shared_artifact_cache_ssh" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 22200
+  port_range_max    = 22200
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.sg_shared_artifact_cache.id}"
+}
+
+
+resource "openstack_networking_secgroup_v2" "sg_web_server" {
+  name        = "web-server"
+  description = "Allow inbound HTTP, HTTPS and ostree-over-SSH (which I've assigned to port 22200)"
+  delete_default_rules = "true"
+}
 
 
+resource "openstack_networking_secgroup_rule_v2" "sg_web_server_http" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 80
+  port_range_max    = 80
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.sg_web_server.id}"
+}
+resource "openstack_networking_secgroup_rule_v2" "sg_web_server_https" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 443
+  port_range_max    = 443
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.sg_web_server.id}"
+
 
 resource "openstack_networking_port_v2" "frontend_port" {
   name               = "port_1"
-- 
cgit v1.2.1