From a96de3678b1f3b552387e7501ef23a41002e7314 Mon Sep 17 00:00:00 2001
From: Michael Sodan <michael.sodan@stackit.cloud>
Date: Tue, 27 May 2025 16:12:25 +0200
Subject: [PATCH] change network routing and add s3

---
 01-network.tf           | 33 +++++++++++++++++++++++++++++----
 03-pfSense-appliance.tf |  1 +
 04-attachment.tf        |  2 ++
 05-server.tf            |  5 +++--
 06-security-group.tf    |  2 ++
 80-keypair.tf           |  3 ++-
 99-variables.tf         |  2 +-
 project/01-sna.tf       | 12 +++++++-----
 project/99-variables.tf |  2 +-
 9 files changed, 48 insertions(+), 14 deletions(-)

diff --git a/01-network.tf b/01-network.tf
index f91fb12..e22a9c8 100644
--- a/01-network.tf
+++ b/01-network.tf
@@ -1,5 +1,5 @@
 // ------- project 1 - landingzone ------------
-
+// This file defines the network setup for the first project landingzone.
 resource "stackit_network" "wan_network" {
   project_id          = module.project.project_info["project1"].project_id
   name                = "wan_network"
@@ -14,7 +14,7 @@ resource "stackit_network" "lan_network1" {
   name               = "lan_network1"
   ipv4_prefix_length = 24
   ipv4_prefix        = "10.220.1.0/24"
-  routed              = false
+  routed              = true
 }
 
 resource "stackit_network" "lan_network2" {
@@ -22,7 +22,7 @@ resource "stackit_network" "lan_network2" {
   name               = "lan_network2"
   ipv4_prefix_length = 24
   ipv4_prefix        = "10.220.2.0/24"
-  routed              = false
+  routed              = true
 }
 
 resource "stackit_network" "lan_network3" {
@@ -64,13 +64,14 @@ resource "stackit_network_interface" "lan3" {
 }
 
 # ---------- project 2 core ------------------
+// This file defines the network setup for the second project (core).
 
 resource "stackit_network" "p2_lan_network1" {
   project_id         = module.project.project_info["project2"].project_id
   name               = "p2_lan_network"
   ipv4_prefix_length = 24
   ipv4_prefix        = "10.220.5.0/24"
-  routed              = false
+  routed              = true
 }
 
 resource "stackit_network_interface" "p2_lan1" {
@@ -81,15 +82,39 @@ resource "stackit_network_interface" "p2_lan1" {
   security_group_ids = [ stackit_security_group.example.security_group_id ]
 }
 
+resource "stackit_network" "p2_wan_network1" {
+  project_id         = module.project.project_info["project2"].project_id
+  name               = "wan"
+  ipv4_prefix_length = 24
+  ipv4_prefix        = "10.220.6.0/24"
+  routed              = true
+}
 
+resource "stackit_network_interface" "p2_wan_interface1" {
+  project_id         = module.project.project_info["project2"].project_id
+  network_id         = stackit_network.p2_wan_network1.network_id
+  security           = false
+  name              = "wan_if"
+}
+
+
+// ---------- public IPs ------------------
+// This file defines the public IPs for the projects.
 resource "stackit_public_ip" "wan_ip" {
   project_id           = module.project.project_info["project1"].project_id
   network_interface_id = stackit_network_interface.wan.network_interface_id
 }
 
+resource "stackit_public_ip" "wan_server" {
+  project_id           = module.project.project_info["project2"].project_id
+  network_interface_id = stackit_network_interface.p2_wan_interface1.network_interface_id
+}
+
+// Output the public IPs for both projects
 output "public_ips" {
   value = {
     "wan_ip"   = stackit_public_ip.wan_ip.ip
+    "wan_server"   = stackit_public_ip.wan_server.ip
   }
 }
 
diff --git a/03-pfSense-appliance.tf b/03-pfSense-appliance.tf
index 22087b9..cd24a21 100644
--- a/03-pfSense-appliance.tf
+++ b/03-pfSense-appliance.tf
@@ -1,3 +1,4 @@
+// This file is part of the STACKIT Terraform module for deploying a pfSense appliance.
 resource "stackit_volume" "pfsense_vol" {
   project_id        = module.project.project_info["project1"].project_id
   name              = "pfsense-2.7.2-root"
diff --git a/04-attachment.tf b/04-attachment.tf
index 7ea4979..8f3cbf0 100644
--- a/04-attachment.tf
+++ b/04-attachment.tf
@@ -1,3 +1,5 @@
+
+// Attach network interfaces to the pfSense server without recreating the server
 resource "stackit_server_network_interface_attach" "nic-attachment-lan1" {
   project_id           = module.project.project_info["project1"].project_id
   server_id            = stackit_server.pfsense_appliance.server_id
diff --git a/05-server.tf b/05-server.tf
index 29e1feb..6912542 100644
--- a/05-server.tf
+++ b/05-server.tf
@@ -1,3 +1,4 @@
+// create the server in the second project (core)
 resource "stackit_volume" "example_vol" {
   project_id        = module.project.project_info["project2"].project_id
   name              = "example_root"
@@ -19,12 +20,12 @@ resource "stackit_server" "dev_server" {
   }
   availability_zone = var.region_az1
   machine_type      = var.flavor
-  network_interfaces = [stackit_network_interface.p2_lan1.network_interface_id]
+  network_interfaces = [stackit_network_interface.p2_wan_interface1.network_interface_id, stackit_network_interface.p2_lan1.network_interface_id ]
   keypair_name = stackit_key_pair.keypair.name
 }
 
 data "stackit_image" "debian" {
   project_id = module.project.project_info["project2"].project_id
-  image_id   = "d1151962-f2cd-45e6-9c67-185c5055c7e0"
+  image_id   = "d1151962-f2cd-45e6-9c67-185c5055c7e0" // Debian 12 (Bookworm) x86_64
 }
 
diff --git a/06-security-group.tf b/06-security-group.tf
index 26c1220..0d77333 100644
--- a/06-security-group.tf
+++ b/06-security-group.tf
@@ -1,3 +1,5 @@
+
+// Security Group and Security Group Rules
 resource "stackit_security_group" "example" {
   project_id = module.project.project_info["project2"].project_id
   name       = "test"
diff --git a/80-keypair.tf b/80-keypair.tf
index 0313d81..0a868b3 100644
--- a/80-keypair.tf
+++ b/80-keypair.tf
@@ -1,5 +1,6 @@
+// keypair adding to the server
 resource "stackit_key_pair" "keypair" {
-  name       = "msodan2"
+  name       = "pubkeyforauth"
   public_key = chomp(file("/Users/sodan/.ssh/id_ed25519.pub"))
 }
 
diff --git a/99-variables.tf b/99-variables.tf
index 45225a5..33b78ca 100644
--- a/99-variables.tf
+++ b/99-variables.tf
@@ -1,4 +1,4 @@
-# -- network variables
+# --  variables
 variable "organization_id" {
   default = "03a34540-3c1a-4794-b2c6-7111ecf824ef"
 }
diff --git a/project/01-sna.tf b/project/01-sna.tf
index f722d42..676c575 100644
--- a/project/01-sna.tf
+++ b/project/01-sna.tf
@@ -1,25 +1,27 @@
-resource "time_sleep" "wait_before_destroy" {
+/* resource "time_sleep" "wait_before_destroy" {
   destroy_duration = "60s"
 }
+*/
 
 resource "stackit_network_area" "sna" {
   organization_id = var.organization_id
-  name            = "landingzone_sna"
+  name            = "project_sna"
   network_ranges = [
     {
       prefix = "10.220.0.0/16"
     }
   ]
   transfer_network = "172.16.9.0/24"
-  depends_on = [time_sleep.wait_before_destroy]
+  //depends_on = [time_sleep.wait_before_destroy]
 }
 
-resource "stackit_network_area_route" "sna_route1" {
+/* resource "stackit_network_area_route" "sna_route1" {
   organization_id = var.organization_id
   network_area_id = stackit_network_area.sna.network_area_id
-  prefix          = "10.220.5.0/24"
+  prefix          = "10.220.99.0/24"
   next_hop        = "10.220.0.0"
   labels = {
     "key" = "value"
   }
 }
+*/
diff --git a/project/99-variables.tf b/project/99-variables.tf
index b0e3412..963fd4a 100644
--- a/project/99-variables.tf
+++ b/project/99-variables.tf
@@ -1,4 +1,4 @@
-# -- network variables
+# -- variables
 variable "organization_id" {
   default = "03a34540-3c1a-4794-b2c6-7111ecf824ef"
 }