# For IPs that are trusted because of which employee/location they're coming from.
# 
# Fred dreams of deleting this file completely.
locals {

  trusted_ips = [       # IPs for 'permissive' ingress. Used for the bastion host and for testing. Think twice before employing.
    "108.203.37.38/32", # Duane Waddle
    "24.11.231.98/32",  # George Starcher
    "99.151.37.185/32", # Wesley Leonard
    "73.10.53.113/32",  # Rick Page Home
    "74.211.32.26/32",  # Brad Poulton
    "70.160.60.248/32", # Brandon Naughton
    "67.167.143.87/32", # Fred Damstra
    #"76.173.128.126/32",   # Jeremy Cooper
    "97.117.127.174/32", # Colby Williams
    # We currently have the VPN in a public subnet and we are using a internet gateway. If we want a static egress IP we need to use a private subnet for the VPN and a NAT gateway.
    # https://aws.amazon.com/premiumsupport/knowledge-center/client-vpn-static-ip-address/
    "18.252.173.222/32", # Test AWS VPN Internet GW Dynamic IP
    "18.252.186.82/32",  # Prod AWS VPN Internet GW Dynamic IP
  ]

  portal_test_whitelist = [ # IPs for Portal Test and vmray
    "12.245.107.250/32",    # DPS Office Legato
    "12.204.167.162/32",    # DPS Office San Antonio
    "54.86.98.62/32",       # DPS AWS User VPN
    "108.203.37.38/32",     # Duane Waddle
    "24.11.231.98/32",      # George Starcher
    "99.151.37.185/32",     # Wesley Leonard
    "73.10.53.113/32",      # Rick Page Home
    "74.211.32.26/32",      # Brad Poulton
    "70.160.60.248/32",     # Brandon Naughton
    "67.167.143.30/32",     # Frederick Damstra
    "97.117.127.174/32",    # Colby Williams
    #"76.173.128.126/32",   # Jeremy Cooper
    "73.213.108.186/32", # LaDonia Wicks
  ]

  admin_ips = [
    "108.28.25.119/32",   # James Kerr Home
    "73.10.53.113/32",    # Rick Page Home
    "99.151.37.185/32",   # Wesley Leonard Home
    "74.211.32.26/32",    # Brad Poulton Home
    "104.9.149.90/32",    # Greg Rivas Home
    "100.4.76.3/32",      # Brandon Naughton Home
    "170.248.173.247/32", # AFS site
    "170.248.173.245/32", # AFS site
    "107.207.74.118/32",  # Angelita Crawley Home
    "69.207.192.131/32",  # Aaron Flores Home
    "70.120.19.33/32",    # Hilda Colon-Martinez Home
    "198.13.82.11/32",    # Hussein Carrenard Home
    "136.226.18.198/32",  # Jose Alvarez Home
  ]

  # from https://config.zscaler.com/zscalergov.net/cenr
  zscalar_ips = [
    "165.225.3.0/24",
    "136.226.10.0/23",
    "136.226.12.0/23",
    "136.226.14.0/23",
    "165.225.46.0/24",
    "136.226.6.0/23",
    "136.226.4.0/23",
    "136.226.8.0/23",
    "136.226.22.0/24",
    "165.225.48.0/24",
    "136.226.18.0/23",
    "136.226.16.0/23",
    "136.226.20.0/23",
  ]

}