kritikos-io/homelab-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add initial Terraform configuration for Azure and Proxmox resources

Browse Source
This commit is contained in:
Alexandros Kritikos
2026-03-01 14:16:44 +02:00
parent 44d658745e
commit b11172504d
17 changed files with 869 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
modules/pangolin/firewall.tf Normal file
View File

@@ -0,0 +1,100 @@
resource "azurerm_network_security_group" "nsg" {
name = "${var.vm_name}-nsg"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
tags = var.tags
}
resource "azurerm_network_interface_security_group_association" "nic_nsg" {
network_interface_id = azurerm_network_interface.nic.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
resource "azurerm_network_security_rule" "allow_udp_51820" {
name = "Allow-Wireguard"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Udp"
source_port_range = "*"
destination_port_range = "51820"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = azurerm_network_security_group.nsg.name
}
resource "azurerm_network_security_rule" "allow_ssh_vps" {
name = "Allow-SSH-VPS"
priority = 110
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "2222"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = azurerm_network_security_group.nsg.name
source_address_prefix = length(var.allowed_ssh_cidrs_ipv4) == 0 ? "*" : null
source_address_prefixes = length(var.allowed_ssh_cidrs_ipv4) > 0 ? var.allowed_ssh_cidrs_ipv4 : null
}
resource "azurerm_network_security_rule" "allow_ssh_proxy" {
name = "Allow-SSH-Proxy"
priority = 120
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = azurerm_network_security_group.nsg.name
source_address_prefix = "*"
source_address_prefixes = null
}
resource "azurerm_network_security_rule" "allow_postgres" {
name = "Allow-Postgres"
priority = 130
direction = "Inbound"
access = "Deny"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "5432"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = azurerm_network_security_group.nsg.name
}
resource "azurerm_network_security_rule" "allow_http" {
name = "Allow-HTTP"
priority = 140
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = azurerm_network_security_group.nsg.name
}
resource "azurerm_network_security_rule" "allow_https" {
name = "Allow-HTTPS"
priority = 150
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = azurerm_network_security_group.nsg.name
}