professional-service-best-practices/landingzone_ipsec
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
landingzone_ipsec/01-network.tf

162 lines
5.6 KiB
HCL
Raw Permalink Blame History

/* ------- project 1 - landingzone ------------ */
resource "stackit_network" "landingzone_wan" {
project_id = module.project.project_info["landingzone"].project_id
name = "landingzone_wan"
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
ipv4_prefix = "10.220.0.0/24"
routed = true
}
resource "stackit_network" "landingzone_lan" {
project_id = module.project.project_info["landingzone"].project_id
name = "landingzone_lan"
ipv4_prefix = "10.220.1.0/24"
routed = true
}
resource "stackit_network_interface" "landingzone_wan" {
project_id = module.project.project_info["landingzone"].project_id
network_id = stackit_network.landingzone_wan.network_id
security = false
name = "MGMT"
ipv4 = "10.220.0.254"
}
resource "stackit_network_interface" "landingzone_lan" {
project_id = module.project.project_info["landingzone"].project_id
network_id = stackit_network.landingzone_lan.network_id
security = false
name = "LAN1"
}
/* ---------- project 2 core ------------------ */
resource "stackit_network" "core_lan" {
project_id = module.project.project_info["core"].project_id
name = "core_lan"
ipv4_prefix = "10.220.5.0/24"
routed = true
}
resource "stackit_network_interface" "core_lan" {
project_id = module.project.project_info["core"].project_id
network_id = stackit_network.core_lan.network_id
security = false
name = "CORELAN"
// security_group_ids = [ stackit_security_group.example.security_group_id ]
}
/* this is for adding a second network interface to the core project (for WAN access).*/
resource "stackit_network" "core_wan" {
project_id = module.project.project_info["core"].project_id
name = "core_wan"
ipv4_prefix = "10.220.50.0/24"
routed = true
}
resource "stackit_network_interface" "core_wan" {
project_id = module.project.project_info["core"].project_id
network_id = stackit_network.core_wan.network_id
security = false
name = "core_wan_if"
}
/**/
/* ---------- project 3 backup ------------------ */
resource "stackit_network" "backup_lan" {
project_id = module.project.project_info["backup"].project_id
name = "backup_lan"
ipv4_prefix = "10.220.6.0/24"
routed = true
}
resource "stackit_network_interface" "backup_lan" {
project_id = module.project.project_info["backup"].project_id
network_id = stackit_network.backup_lan.network_id
security = false
name = "BACKUPLAN"
//security_group_ids = [ stackit_security_group.example.security_group_id ]
}
/* project 4 for SKE, so no configuration necessary here */
/* ------- project 5 - vpn ------------ */
resource "stackit_network" "vpn_wan" {
project_id = module.project.project_info["vpn"].project_id
name = "vpn_wan"
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
ipv4_prefix = "10.230.0.0/24"
routed = true
}
resource "stackit_network" "vpn_lan" {
project_id = module.project.project_info["vpn"].project_id
name = "vpn_lan"
ipv4_prefix = "10.230.1.0/24"
routed = true
}
resource "stackit_network_interface" "vpn_wan" {
project_id = module.project.project_info["vpn"].project_id
network_id = stackit_network.vpn_wan.network_id
security = false
name = "MGMT"
ipv4 = "10.230.0.254"
}
resource "stackit_network_interface" "vpn_lan" {
project_id = module.project.project_info["vpn"].project_id
network_id = stackit_network.vpn_lan.network_id
security = false
name = "VPNLAN"
}
/* ---------- project 6 infra ------------------ */
resource "stackit_network" "infra_lan" {
project_id = module.project.project_info["infra"].project_id
name = "infra_lan"
ipv4_prefix = "10.230.5.0/24"
routed = true
}
resource "stackit_network_interface" "infra_lan" {
project_id = module.project.project_info["infra"].project_id
network_id = stackit_network.infra_lan.network_id
security = false
name = "INFRALAN"
// security_group_ids = [ stackit_security_group.example_beta.security_group_id ]
}
/* ---------- public IP configuration------------- */
resource "stackit_public_ip" "landingzone_wan" {
project_id = module.project.project_info["landingzone"].project_id
network_interface_id = stackit_network_interface.landingzone_wan.network_interface_id
}
resource "stackit_public_ip" "vpn_wan" {
project_id = module.project.project_info["vpn"].project_id
network_interface_id = stackit_network_interface.vpn_wan.network_interface_id
}
/* this is for adding a public IP to the second project (core) for WAN access. */
resource "stackit_public_ip" "core_wan" {
project_id = module.project.project_info["core"].project_id
network_interface_id = stackit_network_interface.core_wan.network_interface_id
}
/* Output the public IPs for both projects */
output "public_ips" {
value = {
"pfsense-alpha" = stackit_public_ip.landingzone_wan.ip
"pfsense-beta" = stackit_public_ip.vpn_wan.ip
"wan_server" = stackit_public_ip.core_wan.ip
}
}
output "private_ips" {
value = {
"linux-alpha" = stackit_network_interface.core_lan.ipv4
"linux-beta" = stackit_network_interface.infra_lan.ipv4
}
}
Reference in a new issue View git blame Copy permalink