From 1c2fd6f620604c9db388f92911c9ae935af557b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Mon, 22 Mar 2021 20:31:01 +0100
Subject: [PATCH] Simplify security groups

---
 deploy.tf   |  1 -
 firewall.tf | 18 ++++--------------
 2 files changed, 4 insertions(+), 15 deletions(-)

diff --git a/deploy.tf b/deploy.tf
index 0217754..c50042f 100644
--- a/deploy.tf
+++ b/deploy.tf
@@ -177,7 +177,6 @@ resource "openstack_compute_instance_v2" "server" {
 	key_pair = var.ssh
 	security_groups = [
 		openstack_networking_secgroup_v2.all.name,
-		openstack_networking_secgroup_v2.ssh.name,
 	]
 	user_data = data.template_cloudinit_config.ctx[count.index].rendered
 	network {
diff --git a/firewall.tf b/firewall.tf
index 0d0afe0..2bccc28 100644
--- a/firewall.tf
+++ b/firewall.tf
@@ -1,13 +1,8 @@
 resource "openstack_networking_secgroup_v2" "all" {
-	name = format("%s.all", var.domain)
+	name = var.domain
 	description = "${title(var.domain)} all security group"
 }
 
-resource "openstack_networking_secgroup_v2" "ssh" {
-	name = format("%s.ssh", var.domain)
-	description = "${title(var.domain)} ssh security group"
-}
-
 resource "openstack_networking_secgroup_rule_v2" "all_self" {
 	for_each = toset(["0.0.0.0/0", "::/0"])
 	direction = "ingress"
@@ -32,17 +27,12 @@ resource "openstack_networking_secgroup_rule_v2" "all_other" {
 	security_group_id = openstack_networking_secgroup_v2.all.id
 }
 
-resource "openstack_networking_secgroup_rule_v2" "all_floatip" {
-	direction = "ingress"
-	ethertype = "IPv4"
-	remote_ip_prefix = "${openstack_networking_floatingip_v2.floatip_1.address}/32"
-	security_group_id = openstack_networking_secgroup_v2.all.id
-}
-
 resource "openstack_networking_secgroup_rule_v2" "ssh" {
 	for_each = var.security_admin_cidr
 	direction = "ingress"
 	ethertype = length(regexall(":", each.value)) == 0 ? "IPv4" : "IPv6"
+	port_range_min = 22
+	port_range_max = 22
 	remote_ip_prefix = each.key
-	security_group_id = openstack_networking_secgroup_v2.ssh.id
+	security_group_id = openstack_networking_secgroup_v2.all.id
 }
-- 
GitLab