Change server OS image anf fix firewall rules

1 year ago · ce48dbe1e9
parent 981ed41a3b
commit ce48dbe1e9
1 changed files with 7 additions and 48 deletions
--- a/infra/init.tf
+++ b/infra/init.tf
@ -34,7 +34,7 @@ resource "hcloud_placement_group" "spread-group" {
 resource "hcloud_server" "control" {
  name        = "cluster-control"
-  image       = "ubuntu-22.04"
+  image       = "fedora-38"
  location    = "nbg1"
  ssh_keys  = ["archomen_cloud1", "deepthought_cloud1"]
  server_type = "cx11"
@ -57,7 +57,7 @@ resource "hcloud_server" "control" {
 resource "hcloud_server" "worker-1" {
  name        = "cluster-worker-1"
-  image       = "ubuntu-20.04"
+  image       = "fedora-38"
  location    = "nbg1"
  ssh_keys  = ["archomen_cloud2", "deepthought_cloud2"]
  server_type = "cx21"
@ -100,64 +100,23 @@ resource "hcloud_firewall" "firewall" {
    ]
  }
  ## Outbound rules
  rule {
-    direction = "out"
+    direction = "in"
    protocol  = "tcp"
    port      = "53"
    destination_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
  rule {
    direction = "out"
    protocol  = "udp"
    port      = "53"
    destination_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
  rule {
    direction = "out"
    protocol  = "udp"
    port      = "123"
    destination_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
  rule {
    direction = "out"
    protocol  = "tcp"
    port      = "80"
-    destination_ips = [
+    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
  rule {
-    direction = "out"
+    direction = "in"
-    protocol  = "udp"
+    protocol  = "tcp"
    port      = "443"
-    destination_ips = [
+    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
  rule {
    direction = "out"
    protocol  = "icmp"
    destination_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
 }