From 15b9dea7a95765f1f3c09fe0dcb2ea5b5cb669c1 Mon Sep 17 00:00:00 2001 From: Egor Tensin Date: Fri, 4 Aug 2023 14:18:08 +0200 Subject: import some common modules --- digitalocean/firewall/main.tf | 34 ++++++++++++++++++++++++++++++++++ digitalocean/firewall/providers.tf | 8 ++++++++ digitalocean/firewall/variables.tf | 10 ++++++++++ 3 files changed, 52 insertions(+) create mode 100644 digitalocean/firewall/main.tf create mode 100644 digitalocean/firewall/providers.tf create mode 100644 digitalocean/firewall/variables.tf (limited to 'digitalocean/firewall') diff --git a/digitalocean/firewall/main.tf b/digitalocean/firewall/main.tf new file mode 100644 index 0000000..937a76a --- /dev/null +++ b/digitalocean/firewall/main.tf @@ -0,0 +1,34 @@ +resource "digitalocean_firewall" "this" { + name = var.name + droplet_ids = var.droplet_ids + + inbound_rule { + protocol = "icmp" + source_addresses = ["0.0.0.0/0", "::/0"] + } + outbound_rule { + protocol = "icmp" + destination_addresses = ["0.0.0.0/0", "::/0"] + } + + dynamic "inbound_rule" { + for_each = var.open_ports + + content { + protocol = "tcp" + port_range = inbound_rule.value + source_addresses = ["0.0.0.0/0", "::/0"] + } + } + + outbound_rule { + protocol = "tcp" + port_range = "1-65535" + destination_addresses = ["0.0.0.0/0", "::/0"] + } + outbound_rule { + protocol = "udp" + port_range = "1-65535" + destination_addresses = ["0.0.0.0/0", "::/0"] + } +} diff --git a/digitalocean/firewall/providers.tf b/digitalocean/firewall/providers.tf new file mode 100644 index 0000000..68aba8c --- /dev/null +++ b/digitalocean/firewall/providers.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + digitalocean = { + source = "digitalocean/digitalocean" + version = "~> 2.0" + } + } +} diff --git a/digitalocean/firewall/variables.tf b/digitalocean/firewall/variables.tf new file mode 100644 index 0000000..6512f00 --- /dev/null +++ b/digitalocean/firewall/variables.tf @@ -0,0 +1,10 @@ +variable "name" { + type = string +} +variable "open_ports" { + type = list(string) + default = ["22"] +} +variable "droplet_ids" { + type = list(string) +} -- cgit v1.2.3