feat: add all of the terraform files

Signed-off-by: Vojtech Mares <iam@vojtechmares.com>

terraform/firewalls.tf

@@ -0,0 +1,95 @@
+resource "hcloud_firewall" "cthulhu_nodes_public" {
+  name = "cthulhu-nodes-public"
+
+  rule {
+    description = "Allow ICMP (ping)"
+    direction   = "in"
+    protocol    = "icmp"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    description = "Allow SSH"
+    direction   = "in"
+    protocol    = "tcp"
+    port        = "22"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    description = "Allow HTTP"
+    direction   = "in"
+    protocol    = "tcp"
+    port        = "80"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    description = "Allow HTTPS"
+    direction   = "in"
+    protocol    = "tcp"
+    port        = "443"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    description = "Allow HTTP/3"
+    direction   = "in"
+    protocol    = "udp"
+    port        = "443"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    description = "Allow Kubernetes API Server"
+    direction   = "in"
+    protocol    = "tcp"
+    port        = "6443"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+}
+
+resource "hcloud_firewall" "cthulhu_nodes_private" {
+  name = "cthulhu-nodes-private"
+
+  rule {
+    description = "Allow ICMP (ping)"
+    direction   = "in"
+    protocol    = "icmp"
+    source_ips  = [hcloud_network.cthulhu.ip_range]
+  }
+
+  rule {
+    description = "Allow eveyrthing TCP on all ports"
+    direction   = "in"
+    protocol    = "tcp"
+    port        = "any"
+    source_ips  = [hcloud_network.cthulhu.ip_range]
+  }
+
+  rule {
+    description = "Allow eveyrthing UDP on all ports"
+    direction   = "in"
+    protocol    = "udp"
+    port        = "any"
+    source_ips  = [hcloud_network.cthulhu.ip_range]
+  }
+}