comparing 240dc190f7180f9dfe820fc2abf9fcdd2fe10c08 and main on juanlu.space/tangled-knot-iac

+4 -1

config/inventory/prod/clouding_groups.yaml

···

       3
       3
        
         children:

     

       4
       4
        
           knot_servers:

     

       5
       5
        
             hosts:

     

       6
       6
       -
               nudo0: {}

     

       6
       6
       +
               nudo0:

     

       7
       7
       +
                 knot_enable_caddy: true

     

       8
       8
       +
                 knot_server_hostname: "knot.juanlu.space"

     

       9
       9
       +
                 knot_server_owner: "did:plc:p7v4p6njfpdv6gen4bllnkqm"

+16 -6

infra/prod/main.tf

···

       42
       42
        
         source_ip      = "0.0.0.0/0"

     

       43
       43
        
       }

     

       44
       44
        
       

     

       45
       45
       -
       # Allow Knot server (port 5555)

     

       46
       46
       -
       resource "clouding_firewall_rule" "knot_server" {

     

       45
       45
       +
       # Allow HTTP (port 80) for Let's Encrypt certificate challenges

     

       46
       46
       +
       resource "clouding_firewall_rule" "http" {

     

       47
       47
        
         firewall_id    = clouding_firewall.knot.id

     

       48
       48
       -
         description    = "Allow Knot server"

     

       48
       48
       +
         description    = "Allow HTTP (Let's Encrypt)"

     

       49
       49
        
         protocol       = "tcp"

     

       50
       50
       -
         port_range_min = 5555

     

       51
       51
       -
         port_range_max = 5555

     

       50
       50
       +
         port_range_min = 80

     

       51
       51
       +
         port_range_max = 80

     

       52
       52
       +
         source_ip      = "0.0.0.0/0"

     

       53
       53
       +
       }

     

       54
       54
       +
       

     

       55
       55
       +
       # Allow HTTPS (port 443) for Caddy SSL proxy

     

       56
       56
       +
       resource "clouding_firewall_rule" "https" {

     

       57
       57
       +
         firewall_id    = clouding_firewall.knot.id

     

       58
       58
       +
         description    = "Allow HTTPS (Caddy)"

     

       59
       59
       +
         protocol       = "tcp"

     

       60
       60
       +
         port_range_min = 443

     

       61
       61
       +
         port_range_max = 443

     

       52
       62
        
         source_ip      = "0.0.0.0/0"

     

       53
       63
        
       }

     

       54
       64
        
       

     
···

       84
       94
        
       }

     

       85
       95
        
       

     

       86
       96
        
       output "knot0_ipv4" {

     

       87
       87
       -
         value = try(clouding_server.knot0.hostname, "Not yet assigned")

     

       97
       97
       +
         value = try(clouding_server.knot0.public_ip, "Not yet assigned")

     

       88
       98
        
       }

Compare changes