From cfbf76a18532bd7929f1e88ec68c5ad9c2e674c1 Mon Sep 17 00:00:00 2001
From: Alec Warner <antarus@gentoo.org>
Date: Thu, 27 Dec 2018 12:49:44 -0500
Subject: Add firewall rule.

Tag our rsync nodes and add a firewall rule to allow tcp/873.

Signed-off-by: Alec Warner <antarus@gentoo.org>
---
 src/infra.gentoo.org/rsync.tf | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/infra.gentoo.org/rsync.tf b/src/infra.gentoo.org/rsync.tf
index 85eaec9..2e278ac 100644
--- a/src/infra.gentoo.org/rsync.tf
+++ b/src/infra.gentoo.org/rsync.tf
@@ -2,7 +2,7 @@ resource "google_compute_instance_template" "rsync-node-template" {
   name        = "rsync-node-template"
   description = "This template is used to create rsync node instances."
 
-  tags = []
+  tags = ["rsync"]
 
   labels = {
 		container-vm = "cos-stable-71-11151-60-0"
@@ -70,3 +70,12 @@ resource "google_compute_region_autoscaler" "rsync-autoscaler" {
 		}
 	}
 }
+
+resource "google_compute_firewall" "rsync-in" {
+	name = "rsync-in"
+	allow {
+		protocol = "tcp"
+		ports = ["873"]
+	}
+	target_tags = ["rsync"]
+}
-- 
cgit v1.2.3-65-gdbad