professional-service-best-practices/landingzone_ipsec
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
landingzone_ipsec/01-network.tf

171 lines
6.1 KiB
HCL
Raw Blame History

// ------- project 1 - landingzone ------------
// This file defines the network setup for the first project landingzone.
resource "stackit_network" "wan_network" {
project_id = module.project.project_info["project1"].project_id
name = "wan_network"
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
ipv4_prefix = "10.220.0.0/24"
routed = true
}
resource "stackit_network" "lan_network1" {
project_id = module.project.project_info["project1"].project_id
name = "lan_network1"
ipv4_prefix = "10.220.1.0/24"
routed = true
}
resource "stackit_network_interface" "wan" {
project_id = module.project.project_info["project1"].project_id
network_id = stackit_network.wan_network.network_id
security = false
name = "MGMT"
ipv4 = "10.220.0.254"
}
resource "stackit_network_interface" "lan1" {
project_id = module.project.project_info["project1"].project_id
network_id = stackit_network.lan_network1.network_id
security = false
name = "LAN1"
}
# ---------- project 2 core ------------------
// This file defines the network setup for the second project (core).
resource "stackit_network" "p2_lan_network1" {
project_id = module.project.project_info["project2"].project_id
name = "p2_lan_network"
ipv4_prefix = "10.220.5.0/24"
routed = true
}
resource "stackit_network_interface" "p2_lan1" {
project_id = module.project.project_info["project2"].project_id
network_id = stackit_network.p2_lan_network1.network_id
security = false
name = "P2LAN1"
//security_group_ids = [ stackit_security_group.example.security_group_id ]
}
// this is for adding a second network interface to the core project (for WAN access).
/* resource "stackit_network" "p2_wan_network1" {
project_id = module.project.project_info["project2"].project_id
name = "wan"
ipv4_prefix = "10.220.50.0/24"
routed = true
}
resource "stackit_network_interface" "p2_wan_interface1" {
project_id = module.project.project_info["project2"].project_id
network_id = stackit_network.p2_wan_network1.network_id
security = false
name = "wan_if"
}
*/
# ---------- project 3 backup ------------------
// This file defines the network setup for the third project (backup).
resource "stackit_network" "p3_lan_network1" {
project_id = module.project.project_info["project3"].project_id
name = "p3_lan_network"
ipv4_prefix = "10.220.6.0/24"
routed = true
}
resource "stackit_network_interface" "p3_lan1" {
project_id = module.project.project_info["project3"].project_id
network_id = stackit_network.p3_lan_network1.network_id
security = false
name = "P3LAN1"
//security_group_ids = [ stackit_security_group.example.security_group_id ]
}
// project 4 for SKE, so no configuration necessary here
// ------- project 5 - vpn ------------
// This file defines the network setup for the fifth project (vpn).
resource "stackit_network" "wan_network_beta" {
project_id = module.project.project_info["project5"].project_id
name = "wan_network_beta"
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
ipv4_prefix = "10.230.0.0/24"
routed = true
}
resource "stackit_network" "lan_network_beta" {
project_id = module.project.project_info["project5"].project_id
name = "lan_network_beta"
ipv4_prefix = "10.230.1.0/24"
routed = true
}
resource "stackit_network_interface" "wan_beta" {
project_id = module.project.project_info["project5"].project_id
network_id = stackit_network.wan_network_beta.network_id
security = false
name = "MGMT"
ipv4 = "10.230.0.254"
}
resource "stackit_network_interface" "lan_beta" {
project_id = module.project.project_info["project5"].project_id
network_id = stackit_network.lan_network_beta.network_id
security = false
name = "LAN1"
}
# ---------- project 6 infra ------------------
// This file defines the network setup for the sixth project (infra).
resource "stackit_network" "p6_lan_network1" {
project_id = module.project.project_info["project6"].project_id
name = "p6_lan_network"
ipv4_prefix = "10.230.5.0/24"
routed = true
}
resource "stackit_network_interface" "p6_lan1" {
project_id = module.project.project_info["project6"].project_id
network_id = stackit_network.p6_lan_network1.network_id
security = false
name = "P6LAN1"
//security_group_ids = [ stackit_security_group.example_beta.security_group_id ]
}
// ---------- public IPs ------------------
// This file defines the public IPs for the projects.
resource "stackit_public_ip" "wan_ip" {
project_id = module.project.project_info["project1"].project_id
network_interface_id = stackit_network_interface.wan.network_interface_id
}
resource "stackit_public_ip" "wan_ip_beta" {
project_id = module.project.project_info["project5"].project_id
network_interface_id = stackit_network_interface.wan_beta.network_interface_id
}
// this is for adding a public IP to the second project (core) for WAN access.
/*resource "stackit_public_ip" "wan_server" {
project_id = module.project.project_info["project2"].project_id
network_interface_id = stackit_network_interface.p2_wan_interface1.network_interface_id
}
*/
// Output the public IPs for both projects
output "public_ips" {
value = {
"pfsense-alpha" = stackit_public_ip.wan_ip.ip
"pfsense-beta" = stackit_public_ip.wan_ip_beta.ip
//"wan_server" = stackit_public_ip.wan_server.ip
}
}
output "private_ips" {
value = {
"linux-alpha" = stackit_network_interface.p2_lan1.ipv4
"linux-beta" = stackit_network_interface.p6_lan1.ipv4
}
}
Reference in a new issue View git blame Copy permalink