112 lines
No EOL
3.2 KiB
HCL
112 lines
No EOL
3.2 KiB
HCL
# -----------------------------------------------------------------------------
|
|
# Network
|
|
# -----------------------------------------------------------------------------
|
|
|
|
resource "stackit_network" "sophos_lan_net" {
|
|
project_id = var.project_id
|
|
name = "sophos_lan_net"
|
|
ipv4_nameservers = var.sophos_default_nameservers
|
|
ipv4_prefix = var.sophos_lan_net_range
|
|
routed = var.sophos_nets_routed
|
|
}
|
|
|
|
resource "stackit_network" "sophos_wan_net" {
|
|
project_id = var.project_id
|
|
name = "sophos_wan_net"
|
|
ipv4_prefix = var.sophos_wan_net_range
|
|
ipv4_nameservers = var.sophos_wan_nameservers
|
|
routed = var.sophos_nets_routed
|
|
}
|
|
|
|
resource "stackit_network" "sophos_mgmt_net" {
|
|
project_id = var.project_id
|
|
name = "sophos_mgmt_net"
|
|
ipv4_prefix = var.sophos_mgmt_net_range
|
|
ipv4_nameservers = var.sophos_default_nameservers
|
|
routed = var.sophos_nets_routed
|
|
}
|
|
|
|
resource "stackit_network" "sophos_sync_net" {
|
|
project_id = var.project_id
|
|
name = "sophos_sync_net"
|
|
ipv4_prefix = var.sophos_sync_net_range
|
|
ipv4_nameservers = var.sophos_default_nameservers
|
|
routed = var.sophos_nets_routed
|
|
}
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# VIP Interface - others are located directly at the appliances
|
|
# -----------------------------------------------------------------------------
|
|
|
|
resource "stackit_network_interface" "vip" {
|
|
project_id = var.project_id
|
|
network_id = stackit_network.sophos_wan_net.network_id
|
|
security = true
|
|
name = "VIP"
|
|
ipv4 = var.sophos_wan_vip
|
|
security_group_ids = [ stackit_security_group.sophos.security_group_id ]
|
|
}
|
|
|
|
resource "stackit_public_ip" "public-vip" {
|
|
project_id = var.project_id
|
|
network_interface_id = stackit_network_interface.vip.network_interface_id
|
|
}
|
|
|
|
output "public-vip" {
|
|
value = {
|
|
"public_ip_sophos" = stackit_public_ip.public-vip.ip
|
|
}
|
|
}
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# Security Groups / Rules
|
|
# -----------------------------------------------------------------------------
|
|
|
|
resource "stackit_security_group" "sophos" {
|
|
project_id = var.project_id
|
|
name = "Sophos"
|
|
}
|
|
|
|
resource "stackit_security_group_rule" "tcp-ingress" {
|
|
project_id = var.project_id
|
|
security_group_id = stackit_security_group.sophos.security_group_id
|
|
direction = "ingress"
|
|
protocol = {
|
|
name = "tcp"
|
|
}
|
|
}
|
|
|
|
resource "stackit_security_group_rule" "icmp-ingress" {
|
|
project_id = var.project_id
|
|
security_group_id = stackit_security_group.sophos.security_group_id
|
|
direction = "ingress"
|
|
protocol = {
|
|
name = "icmp"
|
|
}
|
|
icmp_parameters = {
|
|
code = 0
|
|
type = 8
|
|
}
|
|
}
|
|
|
|
resource "stackit_security_group_rule" "tcp-egress" {
|
|
project_id = var.project_id
|
|
security_group_id = stackit_security_group.sophos.security_group_id
|
|
direction = "egress"
|
|
protocol = {
|
|
name = "tcp"
|
|
}
|
|
}
|
|
|
|
resource "stackit_security_group_rule" "icmp-egress" {
|
|
project_id = var.project_id
|
|
security_group_id = stackit_security_group.sophos.security_group_id
|
|
direction = "egress"
|
|
protocol = {
|
|
name = "icmp"
|
|
}
|
|
icmp_parameters = {
|
|
code = 0
|
|
type = 8
|
|
}
|
|
} |