split resources into multiple tf files

2024-04-17 02:56:53 +12:00
parent c2f7590b44
commit b8c2dae1fa
4 changed files with 214 additions and 217 deletions
--- a/terraform/hetzner/firewall.tf
+++ b/terraform/hetzner/firewall.tf
@ -0,0 +1,100 @@
+resource "hcloud_firewall" "opnsense" {
+  name = "opnsense"
+  # HTTP
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "80"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  # HTTPS
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "443"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  # Wireguard
+  rule {
+    direction = "in"
+    protocol  = "udp"
+    port      = "51820"
+    source_ips = [
+      "0.0.0.0/0"
+    ]
+  }
+  # DNS UDP
+  rule {
+    direction = "in"
+    protocol  = "udp"
+    port      = "53"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  # DNS TCP
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "53"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  # SMTP
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "25"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  # SMTPS
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "465"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  # IMAPS
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "993"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }  
+  # Matrix Federation
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "8448"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }  
+  # ICMP IPv6
+  rule {
+    direction = "in"
+    protocol  = "icmp"
+    source_ips = [
+      "::/0"
+    ]
+  }   
+}