From bf72367cf2c34a206bd18d8cde815fd01037f82c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Mon, 17 Jul 2023 18:05:34 +0200
Subject: [PATCH] Add a firewall rule to the kosmos_openresty cookbook

It is part of the run list in production
---
 roles/openresty.rb                                  |  1 +
 site-cookbooks/kosmos_openresty/metadata.rb         |  1 +
 site-cookbooks/kosmos_openresty/recipes/firewall.rb | 11 +++++++++++
 3 files changed, 13 insertions(+)
 create mode 100644 site-cookbooks/kosmos_openresty/recipes/firewall.rb

diff --git a/roles/openresty.rb b/roles/openresty.rb
index 35edc0b..2d6b2ae 100644
--- a/roles/openresty.rb
+++ b/roles/openresty.rb
@@ -7,6 +7,7 @@ development_run_list = %w(
 
 default_run_list = %w(
   kosmos_openresty::default
+  kosmos_openresty::firewall
 )
 
 env_run_lists(
diff --git a/site-cookbooks/kosmos_openresty/metadata.rb b/site-cookbooks/kosmos_openresty/metadata.rb
index cfc3381..444b54c 100644
--- a/site-cookbooks/kosmos_openresty/metadata.rb
+++ b/site-cookbooks/kosmos_openresty/metadata.rb
@@ -6,4 +6,5 @@ description 'Installs/Configures openresty'
 version '0.1.0'
 chef_version '>= 18.0'
 
+depends 'kosmos-base'
 depends 'openresty'
diff --git a/site-cookbooks/kosmos_openresty/recipes/firewall.rb b/site-cookbooks/kosmos_openresty/recipes/firewall.rb
new file mode 100644
index 0000000..b6f5b28
--- /dev/null
+++ b/site-cookbooks/kosmos_openresty/recipes/firewall.rb
@@ -0,0 +1,11 @@
+#
+# Cookbook Name:: kosmos_openresty
+# Recipe:: firewall
+
+include_recipe "kosmos-base::firewall"
+
+firewall_rule "http/https" do
+  port     [80, 443]
+  protocol :tcp
+  command  :allow
+end