From d8debf1239bb4f45545b1c262541c96bbf38a18b Mon Sep 17 00:00:00 2001
From: BackInBash <48181660+BackInBash@users.noreply.github.com>
Date: Wed, 2 Apr 2025 16:18:04 +0200
Subject: [PATCH] project firewall setup

---
 00-provider.tf        | 2 +-
 01-config.tf          | 7 ++++++-
 02-pfsense-image.tf   | 5 ++++-
 03-pfsense-network.tf | 5 ++++-
 example.env           | 4 ++++
 5 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/00-provider.tf b/00-provider.tf
index 27e01ac..15829c9 100644
--- a/00-provider.tf
+++ b/00-provider.tf
@@ -13,7 +13,7 @@ terraform {
   required_providers {
     stackit = {
       source  = "stackitcloud/stackit"
-      version = "0.47.0"
+      version = "0.46.0"
     }
   }
 }
diff --git a/01-config.tf b/01-config.tf
index d40505c..8ccc46b 100644
--- a/01-config.tf
+++ b/01-config.tf
@@ -29,7 +29,12 @@ variable "flavor" {
 variable "LOCAL_SUBNET" {
   type        = string
   description = ""
-  default     = "10.0.0.0/24"
+  default     = "10.10.0.0/24"
+}
+variable "LOCAL_FIREWALL_IP" {
+  type        = string
+  description = ""
+  default     = "10.10.0.220"
 }
 
 # STACKIT ProjectID
diff --git a/02-pfsense-image.tf b/02-pfsense-image.tf
index b0555b0..5d51461 100644
--- a/02-pfsense-image.tf
+++ b/02-pfsense-image.tf
@@ -14,7 +14,10 @@ resource "null_resource" "pfsense_image_file" {
   }
 
   provisioner "local-exec" {
-    command = "curl -o pfsense.qcow2 https://pfsense.object.storage.eu01.onstackit.cloud/pfsense-ce-2.7.2-amd64-10-12-2024.qcow2"
+    command = "curl -o pfsense.qcow2 https://pfsense.object.storage.eu01.onstackit.cloud/pfsense-ce-2.7.2-amd64-29-01-2024.qcow2"
+  }
+  lifecycle {
+    ignore_changes = all
   }
 }
 
diff --git a/03-pfsense-network.tf b/03-pfsense-network.tf
index 2e997a4..a37705b 100644
--- a/03-pfsense-network.tf
+++ b/03-pfsense-network.tf
@@ -12,13 +12,15 @@ resource "stackit_network" "wan_network" {
   project_id       = var.STACKIT_PROJECT_ID
   name             = "wan_network"
   ipv4_nameservers = ["208.67.222.222", "9.9.9.9"]
-  routed           = false
 }
 
 resource "stackit_network" "lan_network" {
   project_id       = var.STACKIT_PROJECT_ID
   name             = "lan_network"
   ipv4_nameservers = ["208.67.222.222", "9.9.9.9"]
+  ipv4_prefix      = var.LOCAL_SUBNET
+  ipv4_gateway     = var.LOCAL_FIREWALL_IP
+  routed           = false
 }
 
 resource "stackit_network_interface" "nic_wan" {
@@ -30,6 +32,7 @@ resource "stackit_network_interface" "nic_wan" {
 resource "stackit_network_interface" "nic_lan" {
   project_id = var.STACKIT_PROJECT_ID
   network_id = stackit_network.lan_network.network_id
+  ipv4       = var.LOCAL_FIREWALL_IP
   security   = false
 }
 
diff --git a/example.env b/example.env
index e69de29..2cabc6e 100644
--- a/example.env
+++ b/example.env
@@ -0,0 +1,4 @@
+# STACKIT ProjectID
+export TF_VAR_STACKIT_PROJECT_ID=
+# STACKIT Service Account Token
+export TF_VAR_STACKIT_SERVICE_ACCOUNT_TOKEN=
\ No newline at end of file