initial setup -- needs to be changed

.gitignore

@@ -0,0 +1,2 @@
+.terraform/
+*.qcow2

.terraform.lock.hcl

@@ -0,0 +1,63 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/null" {
+  version = "3.2.4"
+  hashes = [
+    "h1:L5V05xwp/Gto1leRryuesxjMfgZwjb7oool4WS1UEFQ=",
+    "zh:59f6b52ab4ff35739647f9509ee6d93d7c032985d9f8c6237d1f8a59471bbbe2",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:795c897119ff082133150121d39ff26cb5f89a730a2c8c26f3a9c1abf81a9c43",
+    "zh:7b9c7b16f118fbc2b05a983817b8ce2f86df125857966ad356353baf4bff5c0a",
+    "zh:85e33ab43e0e1726e5f97a874b8e24820b6565ff8076523cc2922ba671492991",
+    "zh:9d32ac3619cfc93eb3c4f423492a8e0f79db05fec58e449dee9b2d5873d5f69f",
+    "zh:9e15c3c9dd8e0d1e3731841d44c34571b6c97f5b95e8296a45318b94e5287a6e",
+    "zh:b4c2ab35d1b7696c30b64bf2c0f3a62329107bd1a9121ce70683dec58af19615",
+    "zh:c43723e8cc65bcdf5e0c92581dcbbdcbdcf18b8d2037406a5f2033b1e22de442",
+    "zh:ceb5495d9c31bfb299d246ab333f08c7fb0d67a4f82681fbf47f2a21c3e11ab5",
+    "zh:e171026b3659305c558d9804062762d168f50ba02b88b231d20ec99578a6233f",
+    "zh:ed0fe2acdb61330b01841fa790be00ec6beaac91d41f311fb8254f74eb6a711f",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/time" {
+  version = "0.13.1"
+  hashes = [
+    "h1:ZT5ppCNIModqk3iOkVt5my8b8yBHmDpl663JtXAIRqM=",
+    "zh:02cb9aab1002f0f2a94a4f85acec8893297dc75915f7404c165983f720a54b74",
+    "zh:04429b2b31a492d19e5ecf999b116d396dac0b24bba0d0fb19ecaefe193fdb8f",
+    "zh:26f8e51bb7c275c404ba6028c1b530312066009194db721a8427a7bc5cdbc83a",
+    "zh:772ff8dbdbef968651ab3ae76d04afd355c32f8a868d03244db3f8496e462690",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:898db5d2b6bd6ca5457dccb52eedbc7c5b1a71e4a4658381bcbb38cedbbda328",
+    "zh:8de913bf09a3fa7bedc29fec18c47c571d0c7a3d0644322c46f3aa648cf30cd8",
+    "zh:9402102c86a87bdfe7e501ffbb9c685c32bbcefcfcf897fd7d53df414c36877b",
+    "zh:b18b9bb1726bb8cfbefc0a29cf3657c82578001f514bcf4c079839b6776c47f0",
+    "zh:b9d31fdc4faecb909d7c5ce41d2479dd0536862a963df434be4b16e8e4edc94d",
+    "zh:c951e9f39cca3446c060bd63933ebb89cedde9523904813973fbc3d11863ba75",
+    "zh:e5b773c0d07e962291be0e9b413c7a22c044b8c7b58c76e8aa91d1659990dfb5",
+  ]
+}
+
+provider "registry.terraform.io/stackitcloud/stackit" {
+  version     = "0.54.0"
+  constraints = ">= 0.50.0"
+  hashes = [
+    "h1:BUvQBZsEKzW/n8Kr7DBowCMBazViGb5Yi2g3HZBZv74=",
+    "zh:07408dfe367c654692be22fcad86623ea1f8d96df7f6e1a68a74d58b65f40afa",
+    "zh:0ba554b80bc7486fa2bbab5f5a659fef0bd9ad5194133e7b4be3102bc849d90a",
+    "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f",
+    "zh:230cac307e3a4847c4dd443796b388dfa5cbc4e169cbc2671657b50745bcf903",
+    "zh:388ed295c2f966178fe5a0c158c6066daaffeb8e6c8077ed31571fa9c50f1200",
+    "zh:6ae2b11d8709b4a5446b41ad5fec3b396edd9b62a09dcc8c63975d0bb740ff5c",
+    "zh:72829df7ecad876e76951eb8a09871b145091d58d09a8a9c52f159c43026eba9",
+    "zh:9247391d6293f13294e642c7eaf7115aa9e2f610c6c48a81a9faab659074cebb",
+    "zh:aba8fa070d0e8a7676b87356a143cb778f136a969b58e4ec3eb616b5e3f0682d",
+    "zh:b158d437e48694fc7beae27aa4c1de16ca6e8c2b20dda33dd02cea92a3bd1859",
+    "zh:b249e2047ac3e716ef50d7e41709dabf651213674ad271b06036b3a9c2b6aae7",
+    "zh:c6afbca3d6ce4ece1630dfdc33dc7d0ead12162e2605bc8dd56e7aa7be49e053",
+    "zh:d031fad3c387be06310494da329c0bc5331fe25caad69466ff177f0774f27bcc",
+    "zh:dcf6d60e59f49667bae3ddaad87d1a73d203eac8112e33aff94a3aef83bd9ebb",
+    "zh:e2436b7dc3d4e47772365914795aed9e490b9fcd672f71ec794a0bb195326bf8",
+  ]
+}

00-provider.tf

@@ -0,0 +1,23 @@
+
+terraform {
+  required_providers {
+    stackit = {
+      source = "stackitcloud/stackit"
+      version = ">=0.50.0"
+    }
+  }
+}
+
+# Authentication
+# Key flow (using path)
+
+
+provider "stackit" {
+  default_region = var.default_region
+  service_account_key_path = var.service_account_key_path
+  enable_beta_resources = true
+}
+
+module "project" {
+  source = "./project"
+}

01-network.tf

@@ -0,0 +1,95 @@
+// ------- project 1 - landingzone ------------
+
+resource "stackit_network" "wan_network" {
+  project_id          = module.project.project_info["project1"].project_id
+  name                = "wan_network"
+  ipv4_nameservers    = ["1.1.1.1", "8.8.8.8"]
+  ipv4_prefix_length  = 24
+  ipv4_prefix         = "10.220.0.0/24"
+  routed              = true
+}
+
+resource "stackit_network" "lan_network1" {
+  project_id         = module.project.project_info["project1"].project_id
+  name               = "lan_network1"
+  ipv4_prefix_length = 24
+  ipv4_prefix        = "10.220.1.0/24"
+  routed              = false
+}
+
+resource "stackit_network" "lan_network2" {
+  project_id         = module.project.project_info["project1"].project_id
+  name               = "lan_network2"
+  ipv4_prefix_length = 24
+  ipv4_prefix        = "10.220.2.0/24"
+  routed              = false
+}
+
+resource "stackit_network" "lan_network3" {
+  project_id         = module.project.project_info["project1"].project_id
+  name               = "lan_network3"
+  ipv4_prefix_length = 24
+  ipv4_prefix        = "10.220.3.0/24"
+  routed              = false
+}
+
+resource "stackit_network_interface" "wan" {
+  project_id        = module.project.project_info["project1"].project_id
+  network_id        = stackit_network.wan_network.network_id
+  security          = false
+  name              = "MGMT"
+  ipv4              = "10.220.0.254"
+
+}
+
+resource "stackit_network_interface" "lan1" {
+  project_id         = module.project.project_info["project1"].project_id
+  network_id         = stackit_network.lan_network1.network_id
+  security           = false
+  name              = "LAN1"
+}
+
+resource "stackit_network_interface" "lan2" {
+  project_id         = module.project.project_info["project1"].project_id
+  network_id         = stackit_network.lan_network2.network_id
+  security           = false
+  name              = "LAN2"
+}
+
+resource "stackit_network_interface" "lan3" {
+  project_id         = module.project.project_info["project1"].project_id
+  network_id         = stackit_network.lan_network3.network_id
+  security           = false
+  name              = "LAN3"
+}
+
+# ---------- project 2 core ------------------
+
+resource "stackit_network" "p2_lan_network1" {
+  project_id         = module.project.project_info["project2"].project_id
+  name               = "p2_lan_network"
+  ipv4_prefix_length = 24
+  ipv4_prefix        = "10.220.5.0/24"
+  routed              = false
+}
+
+resource "stackit_network_interface" "p2_lan1" {
+  project_id         = module.project.project_info["project2"].project_id
+  network_id         = stackit_network.p2_lan_network1.network_id
+  security           = true 
+  name              = "P2LAN1"
+  security_group_ids = [ stackit_security_group.example.security_group_id ]
+}
+
+
+resource "stackit_public_ip" "wan_ip" {
+  project_id           = module.project.project_info["project1"].project_id
+  network_interface_id = stackit_network_interface.wan.network_interface_id
+}
+
+output "public_ips" {
+  value = {
+    "wan_ip"   = stackit_public_ip.wan_ip.ip
+  }
+}
+

02-pfSense-image.tf

@@ -0,0 +1,28 @@
+// Local copy of the Image 
+resource "null_resource" "pfsense_image_file" {
+    triggers = {
+    always_run = timestamp()
+  }
+
+  provisioner "local-exec" {
+    command = "curl -o pfsense.qcow2 https://pfsense.object.storage.eu01.onstackit.cloud/pfsense-ce-2.7.2-amd64-10-12-2024.qcow2"
+  }
+}
+
+// Upload VPN Appliance Image to STACKIT
+resource "stackit_image" "pfsense_image" {
+  project_id       = module.project.project_info["project1"].project_id
+  name             = "pfsense-2.7.2-amd64-image"
+  local_file_path  = "./pfsense.qcow2"
+  disk_format      = "qcow2"
+  depends_on       = [null_resource.pfsense_image_file]
+  min_disk_size    = 50
+  min_ram          = 4
+  config = {
+    uefi           = false
+    cdrom_bus      = "scsi"
+    disk_bus       = "scsi"
+    secure_boot    = false
+  }
+}
+

03-pfSense-appliance.tf

@@ -0,0 +1,24 @@
+resource "stackit_volume" "pfsense_vol" {
+  project_id        = module.project.project_info["project1"].project_id
+  name              = "pfsense-2.7.2-root"
+  availability_zone = var.region_az1
+  size              = 50
+  performance_class = "storage_premium_perf4"
+  source = {
+    id    = stackit_image.pfsense_image.image_id
+    type  = "image"
+  }
+}
+
+resource "stackit_server" "pfsense_appliance" {
+  project_id      = module.project.project_info["project1"].project_id
+  name            = "pfSense"
+  boot_volume = {
+    source_type   = "volume"
+    source_id     = stackit_volume.pfsense_vol.volume_id
+  }
+  availability_zone = var.region_az1
+  machine_type      = var.flavor
+  network_interfaces = [stackit_network_interface.wan.network_interface_id]
+}
+

04-attachment.tf

@@ -0,0 +1,19 @@
+resource "stackit_server_network_interface_attach" "nic-attachment-lan1" {
+  project_id           = module.project.project_info["project1"].project_id
+  server_id            = stackit_server.pfsense_appliance.server_id
+  network_interface_id = stackit_network_interface.lan1.network_interface_id
+}
+
+resource "stackit_server_network_interface_attach" "nic-attachment-lan2" {
+  project_id           = module.project.project_info["project1"].project_id
+  server_id            = stackit_server.pfsense_appliance.server_id
+  network_interface_id = stackit_network_interface.lan2.network_interface_id
+  depends_on = [ stackit_server_network_interface_attach.nic-attachment-lan1]
+}
+
+resource "stackit_server_network_interface_attach" "nic-attachment-lan3" {
+  project_id           = module.project.project_info["project1"].project_id
+  server_id            = stackit_server.pfsense_appliance.server_id
+  network_interface_id = stackit_network_interface.lan3.network_interface_id
+  depends_on = [ stackit_server_network_interface_attach.nic-attachment-lan2]
+}

05-server.tf

@@ -0,0 +1,30 @@
+resource "stackit_volume" "example_vol" {
+  project_id        = module.project.project_info["project2"].project_id
+  name              = "example_root"
+  availability_zone = var.region_az1
+  size              = 200
+  performance_class = "storage_premium_perf6"
+  source = {
+    id    = data.stackit_image.debian.image_id
+    type  = "image"
+  }
+}
+
+resource "stackit_server" "dev_server" {
+  project_id        = module.project.project_info["project2"].project_id
+  name            = "server1"
+  boot_volume = {
+    source_type   = "volume"
+    source_id     = stackit_volume.example_vol.volume_id
+  }
+  availability_zone = var.region_az1
+  machine_type      = var.flavor
+  network_interfaces = [stackit_network_interface.p2_lan1.network_interface_id]
+  keypair_name = stackit_key_pair.keypair.name
+}
+
+data "stackit_image" "debian" {
+  project_id = module.project.project_info["project2"].project_id
+  image_id   = "d1151962-f2cd-45e6-9c67-185c5055c7e0"
+}
+

06-security-group.tf

@@ -0,0 +1,33 @@
+resource "stackit_security_group" "example" {
+  project_id = module.project.project_info["project2"].project_id
+  name       = "test"
+  labels = {
+    "key" = "example"
+  }
+}
+
+resource "stackit_security_group_rule" "icmp_ingress" {
+  security_group_id = stackit_security_group.example.security_group_id
+  project_id = module.project.project_info["project2"].project_id
+  direction         = "ingress"
+  icmp_parameters = {
+    code = 0
+    type = 8
+  }
+  protocol = {
+    name = "icmp"
+  }
+}
+resource "stackit_security_group_rule" "icmp_egress" {
+  project_id = module.project.project_info["project2"].project_id
+  security_group_id = stackit_security_group.example.security_group_id
+  direction         = "egress"
+  icmp_parameters = {
+    code = 0
+    type = 8
+  }
+  protocol = {
+    name = "icmp"
+  }
+}
+

80-keypair.tf

@@ -0,0 +1,5 @@
+resource "stackit_key_pair" "keypair" {
+  name       = "msodan2"
+  public_key = chomp(file("/Users/sodan/.ssh/id_ed25519.pub"))
+}
+

99-variables.tf

@@ -0,0 +1,35 @@
+# -- network variables
+variable "organization_id" {
+  default = "03a34540-3c1a-4794-b2c6-7111ecf824ef"
+}
+
+variable "service_account_key_path" {
+  default = "/Users/sodan/.stackit/credentials.json"
+}
+
+variable "default_region" {
+  default ="eu01"
+}
+
+variable "region_az1" {
+  default = "eu01-1"
+}
+
+variable "region_az2" {
+  default = "eu01-2"
+}
+
+variable "region_az3" {
+  default = "eu01-3"
+}
+
+variable "region_metro" {
+  default = "eu01-m"
+}
+
+variable "flavor" {
+  type        = string
+  description = ""
+  default     = "m1.2"
+}
+

README.md

@@ -1,3 +0,0 @@
-# landingzone
-
-this deploys a new project in an Org with one pfsense as VPN Gateway.

project/.terraform.lock.hcl

@@ -0,0 +1,44 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/time" {
+  version = "0.13.1"
+  hashes = [
+    "h1:ZT5ppCNIModqk3iOkVt5my8b8yBHmDpl663JtXAIRqM=",
+    "zh:02cb9aab1002f0f2a94a4f85acec8893297dc75915f7404c165983f720a54b74",
+    "zh:04429b2b31a492d19e5ecf999b116d396dac0b24bba0d0fb19ecaefe193fdb8f",
+    "zh:26f8e51bb7c275c404ba6028c1b530312066009194db721a8427a7bc5cdbc83a",
+    "zh:772ff8dbdbef968651ab3ae76d04afd355c32f8a868d03244db3f8496e462690",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:898db5d2b6bd6ca5457dccb52eedbc7c5b1a71e4a4658381bcbb38cedbbda328",
+    "zh:8de913bf09a3fa7bedc29fec18c47c571d0c7a3d0644322c46f3aa648cf30cd8",
+    "zh:9402102c86a87bdfe7e501ffbb9c685c32bbcefcfcf897fd7d53df414c36877b",
+    "zh:b18b9bb1726bb8cfbefc0a29cf3657c82578001f514bcf4c079839b6776c47f0",
+    "zh:b9d31fdc4faecb909d7c5ce41d2479dd0536862a963df434be4b16e8e4edc94d",
+    "zh:c951e9f39cca3446c060bd63933ebb89cedde9523904813973fbc3d11863ba75",
+    "zh:e5b773c0d07e962291be0e9b413c7a22c044b8c7b58c76e8aa91d1659990dfb5",
+  ]
+}
+
+provider "registry.terraform.io/stackitcloud/stackit" {
+  version     = "0.53.0"
+  constraints = ">= 0.50.0"
+  hashes = [
+    "h1:KpyF8wGtsxPKJjDla/r93FftL7qFCe/MtiN+1ug1+No=",
+    "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f",
+    "zh:27df5dd8cd7af79080e071d8c3ef81d792ee7665b569255ec4c931fa5595b7b5",
+    "zh:452f8ee8dabc0bdf8ec623d186061750a527bb02225c9810f412c46d142bb73a",
+    "zh:48512ed6362d537687a74f5ddd36ed288e36b8f47ad6ead78c71f5152912c777",
+    "zh:4e4b2be9cda9f866b47bf4c9b3a9d3c9c8a0c6006d66e9a33f54317694ea48a1",
+    "zh:5239ec2377e1d186b465b07bd1c71793d7a142a1bfe155abdf84d60d8189b1bc",
+    "zh:5e506b9e423ff1c65482bd8dcee629cef0789b0879d1b2d61c1e478c4506b2eb",
+    "zh:705762fa6bfc02ccab39a8b544f9090f63d6e49364c09ac4a2f29878ff53235f",
+    "zh:882ceb507151aff47ec57808adb2a7104686be46ee34963eecb0fabfd771caf8",
+    "zh:ab2ba4430a0eb433ee6d0b99c738c6addbcab6bd921b7ed660d55fc979515c29",
+    "zh:b26b03356b44e6eacaa84aa4170aee4b9afe78f18c48ec209a6a1c0bfe7f4d47",
+    "zh:b77ddbc99c4a77b1c2410ba7526498be6ee723bb3b42c5dd4e712408119224bf",
+    "zh:c808c34807aeb34aa0e66ee9c25b523b398925682fa7c0f6b0115dd0e91b2c33",
+    "zh:d76c00fddbc80140825757f71b22d1c3a64978a4792b52bfde3747ee93f8e7fa",
+    "zh:fb03cb807d9817693a001bed3334c5636fd61fb745d611b14b013bfdcf066068",
+  ]
+}

project/00-provider.tf

@@ -0,0 +1,18 @@
+
+terraform {
+  required_providers {
+    stackit = {
+      source = "stackitcloud/stackit"
+      version = ">=0.50.0"
+    }
+  }
+}
+
+# Authentication
+# Key flow (using path)
+
+provider "stackit" {
+  default_region = var.default_region
+  service_account_key_path = var.service_account_key_path
+  enable_beta_resources = true
+}

project/01-sna.tf

@@ -0,0 +1,25 @@
+resource "time_sleep" "wait_before_destroy" {
+  destroy_duration = "60s"
+}
+
+resource "stackit_network_area" "sna" {
+  organization_id = var.organization_id
+  name            = "landingzone_sna"
+  network_ranges = [
+    {
+      prefix = "10.220.0.0/16"
+    }
+  ]
+  transfer_network = "172.16.9.0/24"
+  depends_on = [time_sleep.wait_before_destroy]
+}
+
+resource "stackit_network_area_route" "sna_route1" {
+  organization_id = var.organization_id
+  network_area_id = stackit_network_area.sna.network_area_id
+  prefix          = "10.220.5.0/24"
+  next_hop        = "10.220.0.0"
+  labels = {
+    "key" = "value"
+  }
+}

project/02-project.tf

@@ -0,0 +1,41 @@
+
+
+variable "projects" {
+  type = map(object({
+    name         = string
+    owner_email  = string
+  }))
+  default = {
+    project1 = {
+      name         = "landingzone"
+      owner_email  = "michael.sodan@stackit.cloud"
+    }
+    project2 = {
+      name         = "core"
+      owner_email  = "michael.sodan@stackit.cloud"
+    }
+    project3 = {
+      name         = "commvault"
+      owner_email  = "michael.sodan@stackit.cloud"
+    }
+  }
+}
+
+resource "stackit_resourcemanager_project" "projects" {
+  for_each           = var.projects
+  parent_container_id = var.organization_id
+  name                = each.value.name
+  owner_email         = each.value.owner_email
+  labels = {
+    "networkArea" = stackit_network_area.sna.network_area_id
+  }
+}
+
+output "project_info" {
+  value = {
+    for k, project in stackit_resourcemanager_project.projects : k => {
+      project_id   = project.project_id
+      container_id = project.container_id
+    }
+  }
+}

project/99-variables.tf

@@ -0,0 +1,35 @@
+# -- network variables
+variable "organization_id" {
+  default = "03a34540-3c1a-4794-b2c6-7111ecf824ef"
+}
+
+variable "service_account_key_path" {
+  default = "/Users/sodan/.stackit/credentials.json"
+}
+
+variable "default_region" {
+  default ="eu01"
+}
+
+variable "region_az1" {
+  default = "eu01-1"
+}
+
+variable "region_az2" {
+  default = "eu01-2"
+}
+
+variable "region_az3" {
+  default = "eu01-3"
+}
+
+variable "region_metro" {
+  default = "eu01-m"
+}
+
+variable "flavor" {
+  type        = string
+  description = ""
+  default     = "c1.2"
+}
+