package main

import (
	"github.com/pulumi/pulumi-linode/sdk/v3/go/linode"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func firewall(ctx *pulumi.Context) error {
	allowHttp := linode.FirewallInboundArgs{
		Label: pulumi.String("accept-inbound-tcp-80"),
		Action: pulumi.String("ACCEPT"),
		Protocol: pulumi.String("TCP"),
		Ports: pulumi.String("80"),
		Ipv4s: pulumi.StringArray{
			pulumi.String("0.0.0.0/0"),
		},
		Ipv6s: pulumi.StringArray{
			pulumi.String("::/0"),
		},
	}

	allowHttps := linode.FirewallInboundArgs{
		Label: pulumi.String("accept-inbound-tcp-443"),
		Action: pulumi.String("ACCEPT"),
		Protocol: pulumi.String("TCP"),
		Ports: pulumi.String("443"),
		Ipv4s: pulumi.StringArray{
			pulumi.String("0.0.0.0/0"),
		},
		Ipv6s: pulumi.StringArray{
			pulumi.String("::/0"),
		},
	}

	tags := []string{"flow"}

	label := "fireflow"

	firewallArgs := linode.FirewallArgs{
		Label: pulumi.String(label),
		Tags: pulumi.ToStringArray(tags),
		InboundPolicy: pulumi.String("DROP"),
		Inbounds: linode.FirewallInboundArray{
			&allowHttp,
			&allowHttps,
		},
		OutboundPolicy: pulumi.String("ACCEPT"),
	}

	_, err := linode.NewFirewall(ctx, label, &firewallArgs)

	if err != nil {
		return err
	}

	return nil
}