183 lines
No EOL
5.5 KiB
HCL
183 lines
No EOL
5.5 KiB
HCL
resource "random_pet" "pet01" {}
|
|
|
|
resource "stackit_key_pair" "admin_keypair" {
|
|
name = "${random_pet.pet01.id}-keypair"
|
|
public_key = chomp(file("~/.ssh/id_rsa.pub"))
|
|
}
|
|
|
|
resource "stackit_routing_table" "rt1" {
|
|
name = "routing-table01"
|
|
network_area_id = local.sna_id
|
|
organization_id = var.stackit_organization_id
|
|
}
|
|
|
|
resource "stackit_routing_table_route" "vpn" {
|
|
organization_id = var.stackit_organization_id
|
|
network_area_id = local.sna_id
|
|
routing_table_id = stackit_routing_table.rt1.routing_table_id
|
|
next_hop = {
|
|
type = "ipv4"
|
|
value = "10.1.1.10"
|
|
}
|
|
destination = {
|
|
type = "cidrv4"
|
|
value = "192.168.1.0/24"
|
|
}
|
|
}
|
|
|
|
resource "stackit_routing_table_route" "blackhole_route" {
|
|
organization_id = var.stackit_organization_id
|
|
network_area_id = local.sna_id
|
|
routing_table_id = stackit_routing_table.rt1.routing_table_id
|
|
|
|
destination = {
|
|
type = "cidrv4"
|
|
// ip of stackit.de
|
|
value = "45.129.42.3/32"
|
|
}
|
|
|
|
next_hop = {
|
|
type = "internet"
|
|
}
|
|
}
|
|
|
|
resource "stackit_network" "cloud_network01" {
|
|
project_id = stackit_resourcemanager_project.cloud.project_id
|
|
ipv4_prefix = "10.1.1.0/24"
|
|
name = "cloud-network-01"
|
|
ipv4_nameservers = ["9.9.9.9", "1.1.1.1"]
|
|
routing_table_id = stackit_routing_table.rt1.routing_table_id
|
|
}
|
|
|
|
resource "stackit_network" "cloud_network02" {
|
|
project_id = stackit_resourcemanager_project.cloud.project_id
|
|
ipv4_prefix = "10.1.2.0/24"
|
|
name = "cloud-network-02"
|
|
ipv4_nameservers = ["9.9.9.9", "1.1.1.1"]
|
|
routing_table_id = stackit_routing_table.rt1.routing_table_id
|
|
}
|
|
|
|
resource "stackit_network" "onprem_network01" {
|
|
project_id = stackit_resourcemanager_project.onprem.project_id
|
|
ipv4_prefix = "192.168.1.0/24"
|
|
name = "onprem-network-02"
|
|
ipv4_nameservers = ["9.9.9.9", "1.1.1.1"]
|
|
}
|
|
|
|
resource "stackit_network_interface" "appliances" {
|
|
for_each = {
|
|
appliance01 = {
|
|
network_id = stackit_network.cloud_network01.network_id
|
|
ipv4 = "10.1.1.10"
|
|
project_id = stackit_resourcemanager_project.cloud.project_id
|
|
}
|
|
appliance02 = {
|
|
network_id = stackit_network.onprem_network01.network_id
|
|
ipv4 = "192.168.1.10"
|
|
project_id = stackit_resourcemanager_project.onprem.project_id
|
|
}
|
|
}
|
|
|
|
project_id = each.value.project_id
|
|
network_id = each.value.network_id
|
|
ipv4 = each.value.ipv4
|
|
security = false
|
|
}
|
|
|
|
resource "stackit_public_ip" "wan_ips_appliances" {
|
|
for_each = {
|
|
appliance01 = {
|
|
network_interface_id = stackit_network_interface.appliances["appliance01"].network_interface_id
|
|
project_id = stackit_resourcemanager_project.cloud.project_id
|
|
}
|
|
appliance02 = {
|
|
network_interface_id = stackit_network_interface.appliances["appliance02"].network_interface_id
|
|
project_id = stackit_resourcemanager_project.onprem.project_id
|
|
}
|
|
}
|
|
|
|
project_id = each.value.project_id
|
|
network_interface_id = each.value.network_interface_id
|
|
}
|
|
|
|
locals {
|
|
appliance_ips = {
|
|
appliance01 = {
|
|
local_ip = "10.1.1.10"
|
|
local_subnet = "10.1.0.0/16" # Allow both 10.1.1.0 and 10.1.2.0 via VPN
|
|
}
|
|
appliance02 = {
|
|
local_ip = "192.168.1.10"
|
|
local_subnet = "192.168.1.0/24"
|
|
}
|
|
}
|
|
|
|
vpn_config = {
|
|
appliance01 = {
|
|
local_ip = local.appliance_ips.appliance01.local_ip
|
|
remote_ip = stackit_public_ip.wan_ips_appliances["appliance02"].ip
|
|
local_subnet = local.appliance_ips.appliance01.local_subnet
|
|
remote_subnet = local.appliance_ips.appliance02.local_subnet
|
|
leftid = stackit_public_ip.wan_ips_appliances["appliance01"].ip
|
|
rightid = stackit_public_ip.wan_ips_appliances["appliance02"].ip
|
|
}
|
|
appliance02 = {
|
|
local_ip = local.appliance_ips.appliance02.local_ip
|
|
remote_ip = stackit_public_ip.wan_ips_appliances["appliance01"].ip
|
|
local_subnet = local.appliance_ips.appliance02.local_subnet
|
|
remote_subnet = local.appliance_ips.appliance01.local_subnet
|
|
leftid = stackit_public_ip.wan_ips_appliances["appliance02"].ip
|
|
rightid = stackit_public_ip.wan_ips_appliances["appliance01"].ip
|
|
}
|
|
}
|
|
|
|
init_config = {
|
|
appliance01 = templatefile("${path.module}/cloud-init.yaml", merge(local.vpn_config["appliance01"], {
|
|
psk = var.vpn_psk
|
|
}))
|
|
appliance02 = templatefile("${path.module}/cloud-init.yaml", merge(local.vpn_config["appliance02"], {
|
|
psk = var.vpn_psk
|
|
}))
|
|
}
|
|
}
|
|
|
|
resource "stackit_server" "appliances" {
|
|
for_each = {
|
|
appliance01 = {
|
|
project_id = stackit_resourcemanager_project.cloud.project_id
|
|
availability_zone = "eu01-1"
|
|
}
|
|
appliance02 = {
|
|
project_id = stackit_resourcemanager_project.onprem.project_id
|
|
availability_zone = "eu01-2"
|
|
}
|
|
}
|
|
|
|
project_id = each.value.project_id
|
|
name = each.key
|
|
availability_zone = each.value.availability_zone
|
|
machine_type = "c1.4"
|
|
keypair_name = stackit_key_pair.admin_keypair.name
|
|
|
|
user_data = local.init_config[each.key]
|
|
|
|
boot_volume = {
|
|
size = 64
|
|
source_type = "image"
|
|
source_id = var.debian_image_id
|
|
performance_class = "storage_premium_perf6"
|
|
delete_on_termination = true
|
|
}
|
|
|
|
network_interfaces = [
|
|
stackit_network_interface.appliances[each.key].network_interface_id
|
|
]
|
|
}
|
|
|
|
output "appliance01_cloud01_public_ip" {
|
|
value = stackit_public_ip.wan_ips_appliances["appliance01"].ip
|
|
}
|
|
|
|
output "appliance02_onprem01_public_ip" {
|
|
value = stackit_public_ip.wan_ips_appliances["appliance02"].ip
|
|
} |