github.com/captn3m0/nebula.git

author	Nemo <me@captnemo.in>	2018-06-02 19:56:56.0 +05:30:00
committer	Nemo <me@captnemo.in>	2018-06-02 19:56:56.0 +05:30:00
commit	76343d991d32f87292dfe25e1153c27675765ee2 [patch]
tree	0a86d7dede6f9f343b7ba79cab48ed89d274b56b
parent	b9965f20928ef4942df57e4bd6d0e224095238d2
download	76343d991d32f87292dfe25e1153c27675765ee2.tar.gz

ACL is inbound, not outbound

Diff

 main.tf                |  6 ++++++
 tinyproxy/main.tf      | 26 ++++++++++++++++++++++++++
 tinyproxy/variables.tf |  3 +++
 3 files changed, 35 insertions(+)

diff --git a/main.tf b/main.tf
index cbd3eb4..ebee876 100644
--- a/main.tf
+++ a/main.tf
@@ -119,6 +119,12 @@
  source = "digitalocean"
}

// Used to force access to ISP related resources
module "tinyproxy" {

  source = "tinyproxy"
  ips    = "${var.ips}"
}

module "abstruse" {

  source         = "abstruse"
  domain         = "ci.bb8.fun"
diff --git a/tinyproxy/main.tf b/tinyproxy/main.tf
new file mode 100644
index 0000000..84d26c3 100644
--- /dev/null
+++ a/tinyproxy/main.tf
@@ -1,0 +1,26 @@
data "docker_registry_image" "tinyproxy" {

  name = "captn3m0/tinyproxy:latest"
}

resource "docker_image" "tinyproxy" {

  name          = "${data.docker_registry_image.tinyproxy.name}"
  pull_triggers = ["${data.docker_registry_image.tinyproxy.sha256_digest}"]
}

resource "docker_container" "tinyproxy" {

  name  = "tinyproxy"
  image = "${docker_image.tinyproxy.latest}"

  // Access is restricted to VPN only
  command = ["ANY"]

  ports {

    internal = 8888
    external = 8888
    ip       = "${var.ips["tun0"]}"
  }

  restart               = "unless-stopped"
  destroy_grace_seconds = 10
  must_run              = true
}
diff --git a/tinyproxy/variables.tf b/tinyproxy/variables.tf
new file mode 100644
index 0000000..f7b7a99 100644
--- /dev/null
+++ a/tinyproxy/variables.tf
@@ -1,0 +1,3 @@
variable "ips" {

  type = "map"
}