ACL is inbound, not outbound

2018-06-02 19:56:56 +05:30 · 2018-06-02 19:56:56 +05:30 · 76343d991d
parent b9965f2092
commit 76343d991d
3 changed files with 35 additions and 0 deletions
--- a/main.tf
+++ b/main.tf
@ -119,6 +119,12 @@ module "digitalocean" {
  source = "digitalocean"
 }

+// Used to force access to ISP related resources
+module "tinyproxy" {
+  source = "tinyproxy"
+  ips    = "${var.ips}"
+}
+
 module "abstruse" {
  source         = "abstruse"
  domain         = "ci.bb8.fun"
--- a/tinyproxy/main.tf
+++ b/tinyproxy/main.tf
@ -0,0 +1,26 @@
+data "docker_registry_image" "tinyproxy" {
+  name = "captn3m0/tinyproxy:latest"
+}
+
+resource "docker_image" "tinyproxy" {
+  name          = "${data.docker_registry_image.tinyproxy.name}"
+  pull_triggers = ["${data.docker_registry_image.tinyproxy.sha256_digest}"]
+}
+
+resource "docker_container" "tinyproxy" {
+  name  = "tinyproxy"
+  image = "${docker_image.tinyproxy.latest}"
+
+  // Access is restricted to VPN only
+  command = ["ANY"]
+
+  ports {
+    internal = 8888
+    external = 8888
+    ip       = "${var.ips["tun0"]}"
+  }
+
+  restart               = "unless-stopped"
+  destroy_grace_seconds = 10
+  must_run              = true
+}
--- a/tinyproxy/variables.tf
+++ b/tinyproxy/variables.tf
@ -0,0 +1,3 @@
+variable "ips" {
+  type = "map"
+}