professional-service-best-practices/landingzone_ipsec
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
landingzone_ipsec/01-network.tf
Michael Sodan 70320aed9a change comments
2025-08-21 09:21:31 +00:00

163 lines
5.7 KiB
HCL
Raw Blame History

/* ------- project 1 - landingzone ------------ */
resource "stackit_network" "wan_network" {
project_id = module.project.project_info["project1"].project_id
name = "wan_network"
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
ipv4_prefix = "10.220.0.0/24"
routed = true
}
resource "stackit_network" "lan_network1" {
project_id = module.project.project_info["project1"].project_id
name = "lan_network1"
ipv4_prefix = "10.220.1.0/24"
routed = true
}
resource "stackit_network_interface" "wan" {
project_id = module.project.project_info["project1"].project_id
network_id = stackit_network.wan_network.network_id
security = false
name = "MGMT"
ipv4 = "10.220.0.254"
}
resource "stackit_network_interface" "lan1" {
project_id = module.project.project_info["project1"].project_id
network_id = stackit_network.lan_network1.network_id
security = false
name = "LAN1"
}
/* ---------- project 2 core ------------------ */
resource "stackit_network" "p2_lan_network1" {
project_id = module.project.project_info["project2"].project_id
name = "p2_lan_network"
ipv4_prefix = "10.220.5.0/24"
routed = true
}
resource "stackit_network_interface" "p2_lan1" {
project_id = module.project.project_info["project2"].project_id
network_id = stackit_network.p2_lan_network1.network_id
security = false
name = "P2LAN1"
//security_group_ids = [ stackit_security_group.example.security_group_id ]
}
/* this is for adding a second network interface to the core project (for WAN access).
resource "stackit_network" "p2_wan_network1" {
project_id = module.project.project_info["project2"].project_id
name = "wan"
ipv4_prefix = "10.220.50.0/24"
routed = true
}
resource "stackit_network_interface" "p2_wan_interface1" {
project_id = module.project.project_info["project2"].project_id
network_id = stackit_network.p2_wan_network1.network_id
security = false
name = "wan_if"
}
*/
/* ---------- project 3 backup ------------------ */
resource "stackit_network" "p3_lan_network1" {
project_id = module.project.project_info["project3"].project_id
name = "p3_lan_network"
ipv4_prefix = "10.220.6.0/24"
routed = true
}
resource "stackit_network_interface" "p3_lan1" {
project_id = module.project.project_info["project3"].project_id
network_id = stackit_network.p3_lan_network1.network_id
security = false
name = "P3LAN1"
//security_group_ids = [ stackit_security_group.example.security_group_id ]
}
/* project 4 for SKE, so no configuration necessary here */
/* ------- project 5 - vpn ------------ */
resource "stackit_network" "wan_network_beta" {
project_id = module.project.project_info["project5"].project_id
name = "wan_network_beta"
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
ipv4_prefix = "10.230.0.0/24"
routed = true
}
resource "stackit_network" "lan_network_beta" {
project_id = module.project.project_info["project5"].project_id
name = "lan_network_beta"
ipv4_prefix = "10.230.1.0/24"
routed = true
}
resource "stackit_network_interface" "wan_beta" {
project_id = module.project.project_info["project5"].project_id
network_id = stackit_network.wan_network_beta.network_id
security = false
name = "MGMT"
ipv4 = "10.230.0.254"
}
resource "stackit_network_interface" "lan_beta" {
project_id = module.project.project_info["project5"].project_id
network_id = stackit_network.lan_network_beta.network_id
security = false
name = "LAN1"
}
/* ---------- project 6 infra ------------------ */
resource "stackit_network" "p6_lan_network1" {
project_id = module.project.project_info["project6"].project_id
name = "p6_lan_network"
ipv4_prefix = "10.230.5.0/24"
routed = true
}
resource "stackit_network_interface" "p6_lan1" {
project_id = module.project.project_info["project6"].project_id
network_id = stackit_network.p6_lan_network1.network_id
security = false
name = "P6LAN1"
//security_group_ids = [ stackit_security_group.example_beta.security_group_id ]
}
/* ---------- public IP configuration------------- */
resource "stackit_public_ip" "wan_ip" {
project_id = module.project.project_info["project1"].project_id
network_interface_id = stackit_network_interface.wan.network_interface_id
}
resource "stackit_public_ip" "wan_ip_beta" {
project_id = module.project.project_info["project5"].project_id
network_interface_id = stackit_network_interface.wan_beta.network_interface_id
}
*/ this is for adding a public IP to the second project (core) for WAN access.
resource "stackit_public_ip" "wan_server" {
project_id = module.project.project_info["project2"].project_id
network_interface_id = stackit_network_interface.p2_wan_interface1.network_interface_id
}
*/
/* Output the public IPs for both projects */
output "public_ips" {
value = {
"pfsense-alpha" = stackit_public_ip.wan_ip.ip
"pfsense-beta" = stackit_public_ip.wan_ip_beta.ip
//"wan_server" = stackit_public_ip.wan_server.ip
}
}
output "private_ips" {
value = {
"linux-alpha" = stackit_network_interface.p2_lan1.ipv4
"linux-beta" = stackit_network_interface.p6_lan1.ipv4
}
}
Reference in a new issue View git blame Copy permalink