juanlu.space / tangled-knot-iac
IaC for a Tangled Knot
fork atom

Fix prod infra

juanlu.space 476bd655 2f83d28f

options
unified split
Changed files
+15 -5
infra
prod
main.tf
+15 -5
infra/prod/main.tf 
···

       
42

       
 

       
  source_ip      = "0.0.0.0/0"


     

       
43

       
 

       
}


     

       
44

       
 

       



     

       
45

       
-

       
# Allow Knot server (port 5555)


     

       
46

       
-

       
resource "clouding_firewall_rule" "knot_server" {


     

       
47

       
 

       
  firewall_id    = clouding_firewall.knot.id


     

       
48

       
-

       
  description    = "Allow Knot server"


     

       
49

       
 

       
  protocol       = "tcp"


     

       
50

       
-

       
  port_range_min = 5555


     

       
51

       
-

       
  port_range_max = 5555


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
52

       
 

       
  source_ip      = "0.0.0.0/0"


     

       
53

       
 

       
}


     

       
54

       
 

       



     
···

       
42

       
 

       
  source_ip      = "0.0.0.0/0"


     

       
43

       
 

       
}


     

       
44

       
 

       



     

       
45

       
+

       
# Allow HTTP (port 80) for Let's Encrypt certificate challenges


     

       
46

       
+

       
resource "clouding_firewall_rule" "http" {


     

       
47

       
 

       
  firewall_id    = clouding_firewall.knot.id


     

       
48

       
+

       
  description    = "Allow HTTP (Let's Encrypt)"


     

       
49

       
 

       
  protocol       = "tcp"


     

       
50

       
+

       
  port_range_min = 80


     

       
51

       
+

       
  port_range_max = 80


     

       
52

       
+

       
  source_ip      = "0.0.0.0/0"


     

       
53

       
+

       
}


     

       
54

       
+

       



     

       
55

       
+

       
# Allow HTTPS (port 443) for Caddy SSL proxy


     

       
56

       
+

       
resource "clouding_firewall_rule" "https" {


     

       
57

       
+

       
  firewall_id    = clouding_firewall.knot.id


     

       
58

       
+

       
  description    = "Allow HTTPS (Caddy)"


     

       
59

       
+

       
  protocol       = "tcp"


     

       
60

       
+

       
  port_range_min = 443


     

       
61

       
+

       
  port_range_max = 443


     

       
62

       
 

       
  source_ip      = "0.0.0.0/0"


     

       
63

       
 

       
}


     

       
64