diff --git a/deploy.tf b/deploy.tf index 0217754b1af67ad4f4c35662d91811762e73d220..c50042f58c94bf28f7b5e261bb49c625c0074c38 100644 --- a/deploy.tf +++ b/deploy.tf @@ -177,7 +177,6 @@ resource "openstack_compute_instance_v2" "server" { key_pair = var.ssh security_groups = [ openstack_networking_secgroup_v2.all.name, - openstack_networking_secgroup_v2.ssh.name, ] user_data = data.template_cloudinit_config.ctx[count.index].rendered network { diff --git a/firewall.tf b/firewall.tf index 0d0afe0b53791656eff27a827d961a6d5cafc8d3..2bccc2805baba24e69b8a0cce418faf4c331e4bc 100644 --- a/firewall.tf +++ b/firewall.tf @@ -1,13 +1,8 @@ resource "openstack_networking_secgroup_v2" "all" { - name = format("%s.all", var.domain) + name = var.domain description = "${title(var.domain)} all security group" } -resource "openstack_networking_secgroup_v2" "ssh" { - name = format("%s.ssh", var.domain) - description = "${title(var.domain)} ssh security group" -} - resource "openstack_networking_secgroup_rule_v2" "all_self" { for_each = toset(["0.0.0.0/0", "::/0"]) direction = "ingress" @@ -32,17 +27,12 @@ resource "openstack_networking_secgroup_rule_v2" "all_other" { security_group_id = openstack_networking_secgroup_v2.all.id } -resource "openstack_networking_secgroup_rule_v2" "all_floatip" { - direction = "ingress" - ethertype = "IPv4" - remote_ip_prefix = "${openstack_networking_floatingip_v2.floatip_1.address}/32" - security_group_id = openstack_networking_secgroup_v2.all.id -} - resource "openstack_networking_secgroup_rule_v2" "ssh" { for_each = var.security_admin_cidr direction = "ingress" ethertype = length(regexall(":", each.value)) == 0 ? "IPv4" : "IPv6" + port_range_min = 22 + port_range_max = 22 remote_ip_prefix = each.key - security_group_id = openstack_networking_secgroup_v2.ssh.id + security_group_id = openstack_networking_secgroup_v2.all.id }