kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

[RAN] Add firewall

Browse source
This commit is contained in:
Kat Inskip 2023-05-01 09:47:57 -07:00
parent b0a7fa16c1
commit 019731411e
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
3 changed files with 53 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
cluster/traefik.tf
View file

@ -20,8 +20,6 @@ resource "helm_release" "traefik" {
ports = {
traefik = {
traefik = {
hostPort = 9000
hostIP = "100.105.14.66"
expose = true
}
web = {

6
nixos/roles/k8s-cluster/kubernetes.nix
View file

@ -11,11 +11,7 @@ in {
];
networking = {
firewall.allowedTCPPorts = [
kubeMasterAPIServerPort
443
80
];
firewall.enable = false;
extraHosts = "${kubeMasterIP} ${kubeMasterHostname}";
};

52
tf/ran-hcloud.tf
View file

@ -27,6 +27,9 @@ resource "hcloud_server" "ran" {
ipv6_enabled = true
ipv6 = hcloud_primary_ip.ran_ipv6.id
}
firewall_ids = [
hcloud_firewall.ran.id
]
lifecycle {
ignore_changes = [
@ -46,4 +49,53 @@ resource "hcloud_rdns" "ran-v6" {
server_id = hcloud_server.ran.id
ip_address = hcloud_server.ran.ipv6_address
dns_ptr = "ran.gensokyo.zone"
}
resource "hcloud_firewall" "ran" {
name = "ran-firewall"
rule {
direction = "in"
protocol = "icmp"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "in"
protocol = "tcp"
port = "80"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "in"
protocol = "tcp"
port = "443"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "in"
protocol = "udp"
port = "60000-61000"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "in"
protocol = "tcp"
port = "22"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
}