From 163b12efbc192ec80392dd6154c18923516db541 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Fri, 18 Feb 2022 12:22:15 -0600
Subject: [PATCH] Add firewall rule for Discourse

---
 site-cookbooks/kosmos_discourse/metadata.rb        | 1 +
 site-cookbooks/kosmos_discourse/recipes/default.rb | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/site-cookbooks/kosmos_discourse/metadata.rb b/site-cookbooks/kosmos_discourse/metadata.rb
index 76a2e83..d8aa80e 100644
--- a/site-cookbooks/kosmos_discourse/metadata.rb
+++ b/site-cookbooks/kosmos_discourse/metadata.rb
@@ -8,3 +8,4 @@ version '0.1.0'
 chef_version '>= 14.0'
 
 depends "kosmos-nginx"
+depends 'firewall'
diff --git a/site-cookbooks/kosmos_discourse/recipes/default.rb b/site-cookbooks/kosmos_discourse/recipes/default.rb
index de204a8..b60c210 100644
--- a/site-cookbooks/kosmos_discourse/recipes/default.rb
+++ b/site-cookbooks/kosmos_discourse/recipes/default.rb
@@ -32,3 +32,12 @@ systemd_unit "discourse.service" do
            }})
   action [:create, :enable]
 end
+
+include_recipe 'firewall'
+
+firewall_rule 'discourse' do
+  port     [3001]
+  source   "10.1.1.0/24"
+  protocol :tcp
+  command  :allow
+end