project firewall setup

00-provider.tf

@@ -13,7 +13,7 @@ terraform {
   required_providers {
     stackit = {
       source  = "stackitcloud/stackit"
-      version = "0.47.0"
+      version = "0.46.0"
     }
   }
 }

01-config.tf

@@ -29,7 +29,12 @@ variable "flavor" {
 variable "LOCAL_SUBNET" {
   type        = string
   description = ""
-  default     = "10.0.0.0/24"
+  default     = "10.10.0.0/24"
+}
+variable "LOCAL_FIREWALL_IP" {
+  type        = string
+  description = ""
+  default     = "10.10.0.220"
 }
 
 # STACKIT ProjectID

02-pfsense-image.tf

@@ -14,7 +14,10 @@ resource "null_resource" "pfsense_image_file" {
   }
 
   provisioner "local-exec" {
-    command = "curl -o pfsense.qcow2 https://pfsense.object.storage.eu01.onstackit.cloud/pfsense-ce-2.7.2-amd64-10-12-2024.qcow2"
+    command = "curl -o pfsense.qcow2 https://pfsense.object.storage.eu01.onstackit.cloud/pfsense-ce-2.7.2-amd64-29-01-2024.qcow2"
+  }
+  lifecycle {
+    ignore_changes = all
   }
 }
 

03-pfsense-network.tf

@@ -12,13 +12,15 @@ resource "stackit_network" "wan_network" {
   project_id       = var.STACKIT_PROJECT_ID
   name             = "wan_network"
   ipv4_nameservers = ["208.67.222.222", "9.9.9.9"]
-  routed           = false
 }
 
 resource "stackit_network" "lan_network" {
   project_id       = var.STACKIT_PROJECT_ID
   name             = "lan_network"
   ipv4_nameservers = ["208.67.222.222", "9.9.9.9"]
+  ipv4_prefix      = var.LOCAL_SUBNET
+  ipv4_gateway     = var.LOCAL_FIREWALL_IP
+  routed           = false
 }
 
 resource "stackit_network_interface" "nic_wan" {
@@ -30,6 +32,7 @@ resource "stackit_network_interface" "nic_wan" {
 resource "stackit_network_interface" "nic_lan" {
   project_id = var.STACKIT_PROJECT_ID
   network_id = stackit_network.lan_network.network_id
+  ipv4       = var.LOCAL_FIREWALL_IP
   security   = false
 }
 

example.env

@@ -0,0 +1,4 @@
+# STACKIT ProjectID
+export TF_VAR_STACKIT_PROJECT_ID=
+# STACKIT Service Account Token
+export TF_VAR_STACKIT_SERVICE_ACCOUNT_TOKEN=