Created
January 16, 2019 05:03
-
-
Save kalbasit/c33329ef4e0eb8586c8d1071bd9e7a01 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resources = { | |
ec2SecurityGroups = { | |
ssh-in = { | |
inherit accessKeyId region; | |
description = "Allow incoming SSH connection from anywhere"; | |
rules = [ | |
{ fromPort = 22; toPort = 22; protocol = "tcp"; sourceIp = "0.0.0.0/0"; } | |
# TODO(low): https://github.com/NixOS/nixops/issues/683 | |
# {fromPort = 22; toPort = 22; protocol = "tcp"; sourceIp = "::/0"; } | |
]; | |
}; | |
http-in = { | |
inherit accessKeyId region; | |
description = "Allow incoming HTTP connection from anywhere"; | |
rules = [ | |
{ fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "0.0.0.0/0"; } | |
# TODO(low): https://github.com/NixOS/nixops/issues/683 | |
# {fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "::/0"; } | |
]; | |
}; | |
backend-http-in = { resources, ... }: { | |
inherit accessKeyId region; | |
description = "Allow backend HTTP connection from HTTP servers"; | |
rules = [ | |
{ fromPort = 8080; toPort = 8080; protocol = "tcp"; sourceGroup = { inherit ownerId; groupName = resources.ec2SecurityGroups.http-in.name; }; } | |
# TODO(low): https://github.com/NixOS/nixops/issues/683 | |
# {fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "::/0"; } | |
]; | |
}; | |
redis-in = { resources, ... }: { | |
inherit accessKeyId region; | |
description = "Allow incoming Redis connection from backend HTTP hosts"; | |
rules = [ | |
{ fromPort = 6379; toPort = 6379; protocol = "tcp"; sourceGroup = { inherit ownerId; groupName = resources.ec2SecurityGroups.backend-http-in.name; }; } | |
# TODO(low): https://github.com/NixOS/nixops/issues/683 | |
# {fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "::/0"; } | |
]; | |
}; | |
}; | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment