Adding firewall stuff

2024-04-28 21:31:59 -07:00 · 2024-04-28 21:31:59 -07:00 · d7038e26b9
commit d7038e26b9
parent 2133c1ff3e
2 changed files with 12 additions and 0 deletions
--- a/infra/static-vultr/firewall.tf
+++ b/infra/static-vultr/firewall.tf
@ -12,6 +12,17 @@ resource vultr_firewall_rule web_v4 {
  port        = each.value
 }

+resource vultr_firewall_rule web_v6 {
+  for_each = toset(["80", "443"])
+  firewall_group_id = vultr_firewall_group.host.id
+  protocol = "tcp"
+  ip_type  = "v6"
+  subnet   = "::"
+  subnet_size = 0
+  port     = each.value
+}
+
+# Turn this off when we're not doing maintenance
 resource vultr_firewall_rule ssh_v4 {
  count = var.enable_ssh ? 1 : 0
  firewall_group_id = vultr_firewall_group.host.id
--- a/infra/static-vultr/host.tf
+++ b/infra/static-vultr/host.tf
@ -17,4 +17,5 @@ resource "vultr_instance" "websites" {
    hour = var.host.backups.hour
  }
  ssh_key_ids = [ vultr_ssh_key.host.id ]
+  firewall_group_id = vultr_firewall_group.host.id
 }