resource "stackit_network" "this" {
  project_id = var.project_id
  name       = var.name
  labels     = var.labels

  # IPv4 settings
  ipv4_gateway       = var.ipv4_gateway
  ipv4_nameservers   = var.ipv4_nameservers
  ipv4_prefix        = var.ipv4_prefix
  ipv4_prefix_length = var.ipv4_prefix_length

  # IPv6 settings
  ipv6_gateway       = var.ipv6_gateway
  ipv6_nameservers   = var.ipv6_nameservers
  ipv6_prefix        = var.ipv6_prefix
  ipv6_prefix_length = var.ipv6_prefix_length

  no_ipv4_gateway = var.no_ipv4_gateway
  no_ipv6_gateway = var.no_ipv6_gateway
  routed          = var.routed
}

resource "stackit_network_interface" "nics" {
  for_each = var.nics != null ? var.nics : {}

  project_id = var.project_id
  network_id = stackit_network.this.network_id

  name              = each.value.nic_name
  ipv4              = each.value.nic_ipv4
  allowed_addresses = each.value.nic_allowed_addresses
  labels            = each.value.nic_labels
  security          = each.value.nic_security
  security_group_ids = (
    each.value.nic_security_group_ids != null ? each.value.nic_security_group_ids :
    each.value.nic_security_group_names != null ?
    [for name in each.value.nic_security_group_names : var.security_group_ids_by_name[name]]
    : []
  )
  
  lifecycle {
    precondition {
      condition = alltrue([
        for sg_name in try(each.value.nic_security_group_names, []) :
        contains(keys(var.security_group_ids_by_name), sg_name)
      ])
      error_message = "NIC '${each.key}' references unknown security group name(s)."
    }
  }
}