feat: add openvpn firewall rule to allow 1194(#18)

* Add UPD openvpn firewall rule * upddate tags * Rename tags
DeimosCloud · Apr 6, 2022 · 2923d5f · 2923d5f
1 parent 137a969
commit 2923d5f
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -53,6 +53,7 @@ No modules.
 | [google_compute_address.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_address) | resource |
 | [google_compute_disk.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_disk) | resource |
 | [google_compute_firewall.allow-external-ssh](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource |
+| [google_compute_firewall.allow-openvpn-udp-port](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource |
 | [google_compute_instance_from_template.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance_from_template) | resource |
 | [google_compute_instance_template.tpl](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance_template) | resource |
 | [local_sensitive_file.private_key](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |

diff --git a/main.tf b/main.tf
@@ -5,8 +5,10 @@ locals {
   metadata = merge(var.metadata, {
     sshKeys = "${var.remote_user}:${tls_private_key.ssh-key.public_key_openssh}"
   })
-  ssh_tag          = ["allow-ssh"]
-  tags             = toset(concat(var.tags, local.ssh_tag))
+  ssh_tag     = ["allow-ssh"]
+  openvpn_tag = ["openvpn-${var.name}"]
+  tags        = toset(concat(var.tags, local.ssh_tag, local.openvpn_tag))
+
   output_folder    = var.output_dir
   private_key_file = "private-key.pem"
   # adding the null_resource to prevent evaluating this until the openvpn_update_users has executed
@@ -31,6 +33,26 @@ resource "google_compute_firewall" "allow-external-ssh" {
   target_tags   = local.ssh_tag
 }
 
+resource "google_compute_firewall" "allow-openvpn-udp-port" {
+  name        = "openvpn-${var.name}-allow"
+  network     = var.network
+  description = "Creates firewall rule targeting the openvpn instance"
+
+  allow {
+    protocol = "tcp"
+    ports    = ["1194"]
+  }
+
+  allow {
+    protocol = "udp"
+    ports    = ["1194"]
+  }
+
+  source_ranges = ["0.0.0.0/0"]
+  target_tags   = local.openvpn_tag
+}
+
+
 resource "google_compute_address" "default" {
   name         = "openvpn-${var.name}-global-ip"
   region       = var.region