data "dns_a_record_set" "ctl" {
  host = "zknt-hh3.trantuete.net"
}

locals {
  host_cidr = flatten([
    for ip in data.dns_a_record_set.ctl.addrs :
      "${ip}/32"
  ])
}

resource "hcloud_firewall" "k8s-node" {
  name = "k8s-node"
  rule {
    direction = "in"
    protocol  = "icmp"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }

  rule {
    direction = "in"
    protocol  = "tcp"
    port      = "22"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }

  rule {
    direction = "in"
    protocol  = "tcp"
    port      = "6443"
    source_ips = local.host_cidr
  }

}