From ce48dbe1e9990039dc49f7d566965096aeee3156 Mon Sep 17 00:00:00 2001 From: trivernis Date: Tue, 3 Oct 2023 12:02:33 +0200 Subject: [PATCH] Change server OS image anf fix firewall rules --- infra/init.tf | 55 +++++++-------------------------------------------- 1 file changed, 7 insertions(+), 48 deletions(-) diff --git a/infra/init.tf b/infra/init.tf index c753e02..48b18c8 100644 --- a/infra/init.tf +++ b/infra/init.tf @@ -34,7 +34,7 @@ resource "hcloud_placement_group" "spread-group" { resource "hcloud_server" "control" { name = "cluster-control" - image = "ubuntu-22.04" + image = "fedora-38" location = "nbg1" ssh_keys = ["archomen_cloud1", "deepthought_cloud1"] server_type = "cx11" @@ -57,7 +57,7 @@ resource "hcloud_server" "control" { resource "hcloud_server" "worker-1" { name = "cluster-worker-1" - image = "ubuntu-20.04" + image = "fedora-38" location = "nbg1" ssh_keys = ["archomen_cloud2", "deepthought_cloud2"] server_type = "cx21" @@ -100,64 +100,23 @@ resource "hcloud_firewall" "firewall" { ] } - ## Outbound rules rule { - direction = "out" - protocol = "tcp" - port = "53" - destination_ips = [ - "0.0.0.0/0", - "::/0" - ] - } - - rule { - direction = "out" - protocol = "udp" - port = "53" - destination_ips = [ - "0.0.0.0/0", - "::/0" - ] - } - - rule { - direction = "out" - protocol = "udp" - port = "123" - destination_ips = [ - "0.0.0.0/0", - "::/0" - ] - } - - rule { - direction = "out" + direction = "in" protocol = "tcp" port = "80" - destination_ips = [ + source_ips = [ "0.0.0.0/0", "::/0" ] } rule { - direction = "out" - protocol = "udp" + direction = "in" + protocol = "tcp" port = "443" - destination_ips = [ - "0.0.0.0/0", - "::/0" - ] - } - - rule { - direction = "out" - protocol = "icmp" - destination_ips = [ + source_ips = [ "0.0.0.0/0", "::/0" ] } - }