opencode-devbox/deploy/setup-openstack-secgroup.sh

#!/bin/bash
# setup-openstack-secgroup.sh — Create an OpenStack security group for opencode-devbox
#
# Prerequisites:
#   - OpenStack CLI installed (pip install python-openstackclient)
#   - Authenticated (source your openrc.sh or clouds.yaml configured)
#
# Usage:
#   ./setup-openstack-secgroup.sh [group-name]
#
# Default group name: opencode-devbox

set -euo pipefail

GROUP_NAME="${1:-opencode-devbox}"

BOLD="\033[1m"; GREEN="\033[32m"; YELLOW="\033[33m"; RESET="\033[0m"
info()  { echo -e "${BOLD}==>${RESET} $*"; }
ok()    { echo -e "${GREEN}${BOLD}✓${RESET} $*"; }
warn()  { echo -e "${YELLOW}${BOLD}!${RESET} $*"; }

if ! command -v openstack &>/dev/null; then
  echo "Error: openstack CLI not found. Install with: pip install python-openstackclient"
  exit 1
fi

# Check if group already exists
if openstack security group show "$GROUP_NAME" &>/dev/null; then
  warn "Security group '$GROUP_NAME' already exists — updating rules"
else
  info "Creating security group '$GROUP_NAME'..."
  openstack security group create "$GROUP_NAME" \
    --description "opencode-devbox: SSH, mosh, HTTPS"
  ok "Security group created"
fi

# Add rules (idempotent — OpenStack ignores duplicates)
info "Adding rules..."

# SSH (TCP 22)
openstack security group rule create "$GROUP_NAME" \
  --protocol tcp --dst-port 22 --remote-ip 0.0.0.0/0 \
  --description "SSH" 2>/dev/null && ok "SSH (TCP 22)" || warn "SSH rule already exists"

# Mosh (UDP 60000-61000)
openstack security group rule create "$GROUP_NAME" \
  --protocol udp --dst-port 60000:61000 --remote-ip 0.0.0.0/0 \
  --description "mosh" 2>/dev/null && ok "mosh (UDP 60000-61000)" || warn "mosh rule already exists"

# ICMP (ping — useful for diagnostics)
openstack security group rule create "$GROUP_NAME" \
  --protocol icmp --remote-ip 0.0.0.0/0 \
  --description "ICMP ping" 2>/dev/null && ok "ICMP ping" || warn "ICMP rule already exists"

echo ""
ok "Security group '$GROUP_NAME' ready"
echo ""
echo -e "${BOLD}Apply to a new instance:${RESET}"
echo "  openstack server create --security-group $GROUP_NAME ..."
echo ""
echo -e "${BOLD}Apply to an existing instance:${RESET}"
echo "  openstack server add security group <instance-name> $GROUP_NAME"
echo ""