terraform-modules/network/main.tf

locals {
  sg_rule_list = flatten([
    for sg_key, sg in var.security_groups : [
      for idx, r in sg.rules : merge(r, {
        sg_key = sg_key
        uniq   = "${sg_key}-${idx}"
      })
    ]
  ])

  flattened_sg_rules = { for r in local.sg_rule_list : r.uniq => r }

  created_sg_ids = values(stackit_security_group.sg)[*].id
  all_sg_ids     = concat(
                     local.created_sg_ids,
                     var.nic_security_group_ids != null ? var.nic_security_group_ids : []
                   )
}

resource "stackit_network" "this" {
  project_id = var.project_id
  name       = var.name

  ipv4_gateway        = var.routed == false ? var.ipv4_gateway : null
  ipv4_nameservers    = var.ipv4_nameservers
  ipv4_prefix         = var.ipv4_prefix
  ipv4_prefix_length  = var.ipv4_prefix_length
  ipv6_gateway        = var.routed == false ? var.ipv6_gateway : null
  ipv6_nameservers    = var.ipv6_nameservers
  ipv6_prefix         = var.ipv6_prefix
  ipv6_prefix_length  = var.ipv6_prefix_length
  labels              = var.labels
  no_ipv4_gateway     = var.no_ipv4_gateway
  no_ipv6_gateway     = var.no_ipv6_gateway
  routed              = var.routed
}

resource "stackit_security_group" "sg" {
  for_each   = var.security_groups

  project_id = var.project_id
  name       = each.value.name
  description = each.value.description
  labels      = each.value.labels
  stateful    = each.value.stateful
}

resource "stackit_security_group_rule" "rule" {
  for_each         = local.flattened_sg_rules

  project_id       = var.project_id
  security_group_id = stackit_security_group.sg[each.value.sg_key].id
  direction        = each.value.direction
  description      = each.value.description
  ether_type       = each.value.ether_type
  ip_range         = each.value.ip_range
  protocol         = each.value.protocol
  port_range       = each.value.port_range
  remote_security_group_id = each.value.remote_security_group_id
}

resource "stackit_network_interface" "static" {
  count = var.nic_ipv4 == null ? 0 : 1

  network_id = stackit_network.this.network_id
  project_id = var.project_id

  ipv4               = var.nic_ipv4
  labels             = var.nic_labels
  name               = var.nic_name != null ? var.nic_name : "${var.name}-nic"
  security           = var.nic_security
  security_group_ids = var.nic_security ? local.all_sg_ids : null
  allowed_addresses  = var.nic_security ? var.nic_allowed_addresses : null
}