resource "proxmox_virtual_environment_cluster_firewall_security_group" "prometheus_node_exporter" {
  name    = "prom-node-exp"
  comment = "Allow Prometheus server to pull Prometheus node exporter from Monitoring Node."

  rule {
    type   = "in"
    source = split("/", proxmox_virtual_environment_container.monitoring.initialization[0].ip_config[0].ipv4[0].address)[0]
    proto  = "tcp"
    dport  = "9100"
    action = "ACCEPT"
  }
}

output "prometheus_node_exporter_sg" {
  value     = proxmox_virtual_environment_cluster_firewall_security_group.prometheus_node_exporter
  sensitive = true
}

resource "proxmox_virtual_environment_cluster_firewall_security_group" "prometheus_nginx_exporter" {
  name    = "prom-nginx-exp"
  comment = "Allow Prometheus server to pull Prometheus nginx exporter from Monitoring Node."

  rule {
    type   = "in"
    source = split("/", proxmox_virtual_environment_container.monitoring.initialization[0].ip_config[0].ipv4[0].address)[0]
    proto  = "tcp"
    dport  = "9113"
    action = "ACCEPT"
  }
}

output "prometheus_nginx_exporter_sg" {
  value     = proxmox_virtual_environment_cluster_firewall_security_group.prometheus_nginx_exporter
  sensitive = true
}

resource "proxmox_virtual_environment_cluster_firewall_security_group" "prometheus_server_exporter" {
  name    = "prom-srv-exp"
  comment = "Allow Prometheus server to pull Prometheus default exporter from Monitoring Node."

  rule {
    type   = "in"
    source = split("/", proxmox_virtual_environment_container.monitoring.initialization[0].ip_config[0].ipv4[0].address)[0]
    proto  = "tcp"
    dport  = "9090"
    action = "ACCEPT"
  }
}

output "prometheus_server_exporter_sg" {
  value     = proxmox_virtual_environment_cluster_firewall_security_group.prometheus_server_exporter
  sensitive = true
}

resource "proxmox_virtual_environment_cluster_firewall_security_group" "prometheus_alertmanager" {
  name    = "prom-alert"
  comment = "Access Prometheus Alertmanager from Monitoring Node."

  rule {
    type   = "in"
    source = split("/", proxmox_virtual_environment_container.monitoring.initialization[0].ip_config[0].ipv4[0].address)[0]
    proto  = "tcp"
    dport  = "9093"
    action = "ACCEPT"
  }
}

output "prometheus_alertmanager_sg" {
  value     = proxmox_virtual_environment_cluster_firewall_security_group.prometheus_alertmanager
  sensitive = true
}