resource "google_compute_address" "forgejo" {
  name   = "forgejo-ip"
  region = var.region
}

resource "google_compute_firewall" "https" {
  name      = "allow-https"
  network   = "default"
  direction = "INGRESS"

  allow {
    protocol = "tcp"
    ports    = ["80", "443"]
  }

  source_ranges = ["0.0.0.0/0"]
  target_tags   = ["forgejo"]
}

resource "google_compute_firewall" "iap_ssh" {
  name      = "allow-iap-ssh"
  network   = "default"
  direction = "INGRESS"

  allow {
    protocol = "tcp"
    ports    = ["22"]
  }

  source_ranges = ["35.235.240.0/20"]
  target_tags   = ["forgejo"]
}