homelab/terraform/common/firewall_ipsets.tf

resource "proxmox_virtual_environment_firewall_ipset" "promeheus_server" {

  name    = "prometheus-server"
  comment = "Different environment Prometheus Server addresses."

  cidr {
    name    = "192.168.0.252"
    comment = "dev"
  }

  cidr {
    name    = "192.168.1.252"
    comment = "prod"
  }
}

resource "proxmox_virtual_environment_firewall_ipset" "dev_loggers" {

  name    = "dev-loggers"
  comment = "Nodes that send logs to Monitoring Node."

  cidr {
    name    = "192.168.0.254"
    comment = "bastion"
  }

  cidr {
    name    = "192.168.0.253"
    comment = "load-balancer"
  }

  cidr {
    name    = "192.168.0.252"
    comment = "monitoring"
  }

  cidr {
    name    = "192.168.0.3"
    comment = "postgresql"
  }

  cidr {
    name    = "192.168.0.10"
    comment = "main-page"
  }

  cidr {
    name    = "192.168.0.15"
    comment = "searxng"
  }

  cidr {
    name    = "192.168.0.20"
    comment = "forgejo"
  }

  cidr {
    name    = "192.168.0.21"
    comment = "forgejo-runner"
  }
}

resource "proxmox_virtual_environment_firewall_ipset" "prod_loggers" {

  name    = "prod-loggers"
  comment = "Nodes that send logs to Monitoring Node."

  cidr {
    name    = "192.168.1.254"
    comment = "bastion"
  }

  cidr {
    name    = "192.168.1.253"
    comment = "load-balancer"
  }

  cidr {
    name    = "192.168.1.252"
    comment = "monitoring"
  }

  cidr {
    name    = "192.168.1.3"
    comment = "postgresql"
  }

  cidr {
    name    = "192.168.1.10"
    comment = "main-page"
  }

  cidr {
    name    = "192.168.1.15"
    comment = "searxng"
  }

  cidr {
    name    = "192.168.1.20"
    comment = "forgejo"
  }

  cidr {
    name    = "192.168.1.21"
    comment = "forgejo-runner"
  }
}

resource "proxmox_virtual_environment_firewall_ipset" "dev_postgres_clients" {

  name    = "dev-postgres-clients"
  comment = "Nodes that can connect to postgres Node."

  cidr {
    name    = "192.168.0.20"
    comment = "forgejo"
  }
}

output "dev_postgres_clients_ipset" {
  value     = proxmox_virtual_environment_firewall_ipset.dev_postgres_clients
  sensitive = true
}

resource "proxmox_virtual_environment_firewall_ipset" "prod_postgres_clients" {

  name    = "prod-postgres-clients"
  comment = "Nodes that can connect to postgres Node."

  cidr {
    name    = "192.168.1.20"
    comment = "forgejo"
  }
}

output "prod_postgres_clients_ipset" {
  value     = proxmox_virtual_environment_firewall_ipset.prod_postgres_clients
  sensitive = true
}

resource "proxmox_virtual_environment_firewall_ipset" "dev_valkey_clients" {

  name    = "dev-valkey-clients"
  comment = "Nodes that can connect to valkey Node."

  cidr {
    name    = "192.168.0.15"
    comment = "searxng"
  }
}

output "dev_valkey_clients_ipset" {
  value     = proxmox_virtual_environment_firewall_ipset.dev_valkey_clients
  sensitive = true
}

resource "proxmox_virtual_environment_firewall_ipset" "prod_valkey_clients" {

  name    = "prod-valkey-clients"
  comment = "Nodes that can connect to valkey Node."

  cidr {
    name    = "192.168.1.15"
    comment = "searxng"
  }
}

output "prod_valkey_clients_ipset" {
  value     = proxmox_virtual_environment_firewall_ipset.prod_valkey_clients
  sensitive = true
}