Skip to content
Snippets Groups Projects
Select Git revision
  • 40aa847d1f9c5d2a1a5161ecedb879c2657f9416
  • master default protected
  • rednatco-v2
  • base-pairs-ladder
  • rednatco
  • test
  • ntc-tube-uniform-color
  • ntc-tube-missing-atoms
  • restore-vertex-array-per-program
  • watlas2
  • dnatco_new
  • cleanup-old-nodejs
  • webmmb
  • fix_auth_seq_id
  • update_deps
  • ext_dev
  • ntc_balls
  • nci-2
  • plugin
  • bugfix-0.4.5
  • nci
  • v0.5.0-dev.1
  • v0.4.5
  • v0.4.4
  • v0.4.3
  • v0.4.2
  • v0.4.1
  • v0.4.0
  • v0.3.12
  • v0.3.11
  • v0.3.10
  • v0.3.9
  • v0.3.8
  • v0.3.7
  • v0.3.6
  • v0.3.5
  • v0.3.4
  • v0.3.3
  • v0.3.2
  • v0.3.1
  • v0.3.0
41 results

symbol-table.ts

Blame
    • firewall.tf 1.71 KiB
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49 
    

    

    

    resource "openstack_networking_secgroup_v2" "all" {
	name = format("%s.all", var.domain)
	description = "${title(var.domain)} all security group"
}

resource "openstack_networking_secgroup_v2" "ssh" {
	name = format("%s.ssh", var.domain)
	description = "${title(var.domain)} ssh security group"
}

resource "openstack_networking_secgroup_rule_v2" "all_self" {
	for_each = toset(["0.0.0.0/0", "::/0"])
	direction = "ingress"
	ethertype = length(regexall(":", each.value)) == 0 ? "IPv4" : "IPv6"
	remote_group_id = openstack_networking_secgroup_v2.all.id
	security_group_id = openstack_networking_secgroup_v2.all.id
}

resource "openstack_networking_secgroup_rule_v2" "all_icmp" {
	for_each = toset(["0.0.0.0/0", "::/0"])
	direction = "ingress"
	ethertype = length(regexall(":", each.value)) == 0 ? "IPv4" : "IPv6"
	protocol = each.value == "0.0.0.0/0" ? "icmp" : "ipv6-icmp"
	security_group_id = openstack_networking_secgroup_v2.all.id
}

resource "openstack_networking_secgroup_rule_v2" "all_other" {
	for_each = var.security_trusted_cidr
	direction = "ingress"
	ethertype = length(regexall(":", each.value)) == 0 ? "IPv4" : "IPv6"
	remote_ip_prefix = each.key
	security_group_id = openstack_networking_secgroup_v2.all.id
}

resource "openstack_networking_secgroup_rule_v2" "all_floatip" {
	direction = "ingress"
	ethertype = "IPv4"
	remote_ip_prefix = "${openstack_networking_floatingip_v2.floatip_1.address}/32"
	security_group_id = openstack_networking_secgroup_v2.all.id
}

resource "openstack_networking_secgroup_rule_v2" "ssh" {
	for_each = var.security_admin_cidr
	direction = "ingress"
	ethertype = length(regexall(":", each.value)) == 0 ? "IPv4" : "IPv6"
	remote_ip_prefix = each.key
	security_group_id = openstack_networking_secgroup_v2.ssh.id
}