professional-service-best-practices/terraform-strongswan-deployment
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
terraform-strongswan-deploy.../02-main.tf
Mauritz Uphoff 9007bbcc08
All checks were successful
CI / TruffleHog Secrets Scan (push) Successful in 5s
Details
CI / Terraform Format & Validate (push) Successful in 6s
Details
update code
2025-07-04 11:03:18 +02:00

138 lines
No EOL
4 KiB
HCL
Raw Blame History

resource "random_pet" "pet01" {}
resource "stackit_key_pair" "admin_keypair" {
name = "${random_pet.pet01.id}-keypair"
public_key = chomp(file("~/.ssh/id_rsa.pub"))
}
resource "stackit_network" "machine01" {
project_id = var.stackit_project_id_machine01
ipv4_prefix = "10.1.1.0/24"
name = "network-machine01"
ipv4_nameservers = ["9.9.9.9", "1.1.1.1"]
}
resource "stackit_network" "machine02" {
project_id = var.stackit_project_id_machine02
ipv4_prefix = "10.2.2.0/24"
name = "network-machine02"
ipv4_nameservers = ["9.9.9.9", "1.1.1.1"]
}
resource "stackit_network_interface" "machines" {
for_each = {
machine01 = {
network_id = stackit_network.machine01.network_id
ipv4 = "10.1.1.10"
project_id = var.stackit_project_id_machine01
}
machine02 = {
network_id = stackit_network.machine02.network_id
ipv4 = "10.2.2.10"
project_id = var.stackit_project_id_machine02
}
}
project_id = each.value.project_id
network_id = each.value.network_id
ipv4 = each.value.ipv4
security = false
}
resource "stackit_public_ip" "wan_ips" {
for_each = {
machine01 = {
network_interface_id = stackit_network_interface.machines["machine01"].network_interface_id
project_id = var.stackit_project_id_machine01
}
machine02 = {
network_interface_id = stackit_network_interface.machines["machine02"].network_interface_id
project_id = var.stackit_project_id_machine02
}
}
project_id = each.value.project_id
network_interface_id = each.value.network_interface_id
}
locals {
machine_ips = {
machine01 = {
local_ip = "10.1.1.10"
local_subnet = "10.1.1.0/24"
}
machine02 = {
local_ip = "10.2.2.10"
local_subnet = "10.2.2.0/24"
}
}
vpn_config = {
machine01 = {
local_ip = local.machine_ips.machine01.local_ip
remote_ip = stackit_public_ip.wan_ips["machine02"].ip
local_subnet = local.machine_ips.machine01.local_subnet
remote_subnet = local.machine_ips.machine02.local_subnet
leftid = stackit_public_ip.wan_ips["machine01"].ip
rightid = stackit_public_ip.wan_ips["machine02"].ip
}
machine02 = {
local_ip = local.machine_ips.machine02.local_ip
remote_ip = stackit_public_ip.wan_ips["machine01"].ip
local_subnet = local.machine_ips.machine02.local_subnet
remote_subnet = local.machine_ips.machine01.local_subnet
leftid = stackit_public_ip.wan_ips["machine02"].ip
rightid = stackit_public_ip.wan_ips["machine01"].ip
}
}
init_config = {
machine01 = templatefile("${path.module}/cloud-init.yaml", merge(local.vpn_config["machine01"], {
psk = var.vpn_psk
}))
machine02 = templatefile("${path.module}/cloud-init.yaml", merge(local.vpn_config["machine02"], {
psk = var.vpn_psk
}))
}
}
resource "stackit_server" "machines" {
for_each = {
machine01 = {
project_id = var.stackit_project_id_machine01
availability_zone = "eu01-1"
}
machine02 = {
project_id = var.stackit_project_id_machine02
availability_zone = "eu01-2"
}
}
project_id = each.value.project_id
name = each.key
availability_zone = each.value.availability_zone
machine_type = "c1.4"
keypair_name = stackit_key_pair.admin_keypair.name
user_data = local.init_config[each.key]
boot_volume = {
size = 64
source_type = "image"
source_id = var.debian_image_id
performance_class = "storage_premium_perf6"
delete_on_termination = true
}
network_interfaces = [
stackit_network_interface.machines[each.key].network_interface_id
]
}
output "machine01_public_ip" {
value = stackit_public_ip.wan_ips["machine01"].ip
}
output "machine02_public_ip" {
value = stackit_public_ip.wan_ips["machine02"].ip
}
Reference in a new issue View git blame Copy permalink