#!/bin/sh

# we're adding a bunch of relatively default groups. you can use the same syntax to open ports for munin or other things

SECGROUP=$1

# where do we start? SSH?
nova secgroup-add-rule $SECGROUP tcp 22 22 0/0
nova secgroup-add-rule $SECGROUP tcp 4422 4422 0/0

# web is so common
nova secgroup-add-rule $SECGROUP tcp 80 80 0/0
nova secgroup-add-rule $SECGROUP tcp 443 443 0/0
# client needs 4430 for api communication, at least for webapp
nova secgroup-add-rule $SECGROUP tcp 4430 4430 0/0

# ping. People like Ping, the story about Ping
nova secgroup-add-rule $SECGROUP  ICMP -1 -1 0/0

# Ping doesn't like Onions, but we do!
nova secgroup-add-rule $SECGROUP tcp 9001 9001 0/0

# There's also this story about Alice, who gets into a rabbit hole
nova secgroup-add-rule $SECGROUP UDP 1194 1194 0/0

# stunnel to couchdb nodes
nova secgroup-add-rule $SECGROUP tcp 15984 15984 0/0

# bigcouch replication stuff
nova secgroup-add-rule $SECGROUP tcp 14369 14369 0/0
nova secgroup-add-rule $SECGROUP tcp 19002 19002 0/0

# soledad
nova secgroup-add-rule $SECGROUP tcp 2323 2323 0/0

# It probably makes sense to have a bunch of these open for mosh
nova secgroup-add-rule $SECGROUP UDP 60000 60020 0/0

# mail
nova secgroup-add-rule $SECGROUP tcp 25 25 0/0
nova secgroup-add-rule $SECGROUP tcp 465 465 0/0
nova secgroup-add-rule $SECGROUP tcp 587 587 0/0

# client needs to be able to fetch keys
nova secgroup-add-rule $SECGROUP tcp 6425 6425 0/0

# That's it for now