admin/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor firewall rules and add network resources for production environment

Browse Source
This commit is contained in:
Noah
2025-12-23 10:54:03 +01:00
parent 34dd484004
commit f850066aad
4 changed files with 230 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
terraform/prod__firewall.tf
View File

@@ -2,21 +2,49 @@ resource "hcloud_firewall" "production_fw" {
name = "production-fw"
rule {
direction = "in"
protocol = "icmp"
protocol = "tcp"
port = "80"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
rule {
direction = "in"
protocol = "tcp"
port = "80-85"
port = "443"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "in"
protocol = "tcp"
port = "22"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "out"
protocol = "tcp"
port = "any"
destination_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "out"
protocol = "udp"
port = "any"
destination_ips = [
"0.0.0.0/0",
"::/0"
]
}
}

9
terraform/prod_network.tf Normal file
View File

@@ -0,0 +1,9 @@
resource "hcloud_network" "prodnet" {
name = "prod-network"
ip_range = "10.0.0.0/16"
}
resource "netbox_ip_range" "prodnet" {
start_address = "10.0.0.1/16"
end_address = "10.0.255.254/16"
}

131
terraform/terraform.tfstate
View File

@@ -1,9 +1,136 @@
{
"version": 4,
"terraform_version": "1.14.3",
"serial": 3,
"serial": 10,
"lineage": "2f42bf18-041f-78d9-24cc-d9a193bc3daf",
"outputs": {},
"resources": [],
"resources": [
{
"mode": "managed",
"type": "hcloud_firewall",
"name": "production_fw",
"provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"apply_to": [],
"id": "10323541",
"labels": {},
"name": "production-fw",
"rule": [
{
"description": "",
"destination_ips": [
"0.0.0.0/0",
"::/0"
],
"direction": "out",
"port": "any",
"protocol": "tcp",
"source_ips": []
},
{
"description": "",
"destination_ips": [
"0.0.0.0/0",
"::/0"
],
"direction": "out",
"port": "any",
"protocol": "udp",
"source_ips": []
},
{
"description": "",
"destination_ips": [],
"direction": "in",
"port": "22",
"protocol": "tcp",
"source_ips": [
"0.0.0.0/0",
"::/0"
]
},
{
"description": "",
"destination_ips": [],
"direction": "in",
"port": "443",
"protocol": "tcp",
"source_ips": [
"0.0.0.0/0",
"::/0"
]
},
{
"description": "",
"destination_ips": [],
"direction": "in",
"port": "80",
"protocol": "tcp",
"source_ips": [
"0.0.0.0/0",
"::/0"
]
}
]
},
"sensitive_attributes": [],
"identity_schema_version": 0,
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "hcloud_network",
"name": "prodnet",
"provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"delete_protection": false,
"expose_routes_to_vswitch": false,
"id": "11773043",
"ip_range": "10.0.0.0/16",
"labels": {},
"name": "prod-network"
},
"sensitive_attributes": [],
"identity_schema_version": 0,
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "netbox_ip_range",
"name": "prodnet",
"provider": "provider[\"registry.terraform.io/e-breuninger/netbox\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"description": null,
"end_address": "10.0.255.254/16",
"id": "1",
"role_id": null,
"size": 65534,
"start_address": "10.0.0.1/16",
"status": "active",
"tags": null,
"tags_all": [],
"tenant_id": null,
"vrf_id": null
},
"sensitive_attributes": [],
"identity_schema_version": 0,
"private": "bnVsbA=="
}
]
}
],
"check_results": null
}

65
terraform/terraform.tfstate.backup
View File

@@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.14.3",
"serial": 1,
"serial": 8,
"lineage": "2f42bf18-041f-78d9-24cc-d9a193bc3daf",
"outputs": {},
"resources": [
@@ -15,16 +15,38 @@
"schema_version": 0,
"attributes": {
"apply_to": [],
"id": "10322075",
"id": "10323541",
"labels": {},
"name": "production-fw",
"rule": [
{
"description": "",
"destination_ips": [
"0.0.0.0/0",
"::/0"
],
"direction": "out",
"port": "any",
"protocol": "tcp",
"source_ips": []
},
{
"description": "",
"destination_ips": [
"0.0.0.0/0",
"::/0"
],
"direction": "out",
"port": "any",
"protocol": "udp",
"source_ips": []
},
{
"description": "",
"destination_ips": [],
"direction": "in",
"port": "",
"protocol": "icmp",
"port": "22",
"protocol": "tcp",
"source_ips": [
"0.0.0.0/0",
"::/0"
@@ -34,7 +56,18 @@
"description": "",
"destination_ips": [],
"direction": "in",
"port": "80-85",
"port": "443",
"protocol": "tcp",
"source_ips": [
"0.0.0.0/0",
"::/0"
]
},
{
"description": "",
"destination_ips": [],
"direction": "in",
"port": "80",
"protocol": "tcp",
"source_ips": [
"0.0.0.0/0",
@@ -48,6 +81,28 @@
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "hcloud_network",
"name": "prodnet",
"provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"delete_protection": false,
"expose_routes_to_vswitch": false,
"id": "11773043",
"ip_range": "10.0.0.0/16",
"labels": null,
"name": "prod-network"
},
"sensitive_attributes": [],
"identity_schema_version": 0,
"private": "bnVsbA=="
}
]
}
],
"check_results": null