From d7038e26b9e83c35ceb3bb1b8ae7b009c80ddc3b Mon Sep 17 00:00:00 2001
From: shockrah <dev@shockrah.xyz>
Date: Sun, 28 Apr 2024 21:31:59 -0700
Subject: [PATCH] Adding firewall stuff

---
 infra/static-vultr/firewall.tf | 11 +++++++++++
 infra/static-vultr/host.tf     |  1 +
 2 files changed, 12 insertions(+)

diff --git a/infra/static-vultr/firewall.tf b/infra/static-vultr/firewall.tf
index 357bd53..55f2e6f 100644
--- a/infra/static-vultr/firewall.tf
+++ b/infra/static-vultr/firewall.tf
@@ -12,6 +12,17 @@ resource vultr_firewall_rule web_v4 {
   port        = each.value
 }
 
+resource vultr_firewall_rule web_v6 {
+  for_each = toset(["80", "443"])
+  firewall_group_id = vultr_firewall_group.host.id
+  protocol = "tcp"
+  ip_type  = "v6"
+  subnet   = "::"
+  subnet_size = 0
+  port     = each.value
+}
+
+# Turn this off when we're not doing maintenance
 resource vultr_firewall_rule ssh_v4 {
   count = var.enable_ssh ? 1 : 0
   firewall_group_id = vultr_firewall_group.host.id
diff --git a/infra/static-vultr/host.tf b/infra/static-vultr/host.tf
index e7ad896..db696dc 100644
--- a/infra/static-vultr/host.tf
+++ b/infra/static-vultr/host.tf
@@ -17,4 +17,5 @@ resource "vultr_instance" "websites" {
     hour = var.host.backups.hour
   }
   ssh_key_ids = [ vultr_ssh_key.host.id ]
+  firewall_group_id = vultr_firewall_group.host.id
 }