Skip to content
Snippets Groups Projects
Commit a180810f authored by František Dvořák's avatar František Dvořák
Browse files

Custom security groups

parent 0a5a3fa6
No related branches found
No related tags found
No related merge requests found
......@@ -31,6 +31,7 @@ resource "openstack_compute_instance_v2" "server" {
flavor_name = "standard.medium"
image_name = var.image
key_pair = var.ssh
security_groups = [openstack_networking_secgroup_v2.secgroup.name]
user_data = data.template_cloudinit_config.user_data[count.index].rendered
network {
name = var.local_network
......
resource "openstack_networking_secgroup_v2" "secgroup" {
name = var.domain
description = "${title(var.domain)} security group"
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_self4" {
direction = "ingress"
ethertype = "IPv4"
remote_group_id = openstack_networking_secgroup_v2.secgroup.id
security_group_id = openstack_networking_secgroup_v2.secgroup.id
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_self6" {
direction = "ingress"
ethertype = "IPv6"
remote_group_id = openstack_networking_secgroup_v2.secgroup.id
security_group_id = openstack_networking_secgroup_v2.secgroup.id
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp4" {
direction = "ingress"
ethertype = "IPv4"
protocol = "icmp"
security_group_id = openstack_networking_secgroup_v2.secgroup.id
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp6" {
direction = "ingress"
ethertype = "IPv6"
protocol = "ipv6-icmp"
security_group_id = openstack_networking_secgroup_v2.secgroup.id
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_other4" {
for_each = var.security_trusted_cidr4
direction = "ingress"
ethertype = "IPv4"
remote_ip_prefix = each.key
security_group_id = openstack_networking_secgroup_v2.secgroup.id
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_other6" {
for_each = var.security_trusted_cidr6
direction = "ingress"
ethertype = "IPv6"
remote_ip_prefix = each.key
security_group_id = openstack_networking_secgroup_v2.secgroup.id
}
......@@ -44,6 +44,33 @@ variable "public_network" {
# default = "public-cesnet-78-128-250-PERSONAL"
}
variable "security_trusted_cidr4" {
description = "Trusted networks"
type = set(string)
default = [
"78.128.128.0/17", # CESNET
"116.216.0.0/15", # UNOB, JČU
"146.102.0.0/16", # VŠE
"147.32.0.0/15", # ČVUT, VSCHT
"147.228.0.0/14", # ZČU, VUT, TUL, AVČR
"147.251.0.0/16", # MUNI
"158.194.0.0/16", # UPOL
"158.196.0.0/16", # VŠB
"193.84.32.0/20", # ČZU
"193.84.192.0/19", # SLU
"195.113.0.0/16", # CESNET
"195.178.64.0/19", # CESNET
]
}
variable "security_trusted_cidr6" {
description = "Trusted networks"
type = set(string)
default = [
"2001:718::/32", # CESNET
]
}
variable "ssh" {
description = "SSH key name"
default = "openstack"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment