sophos-iaas-review/05-sophos-appliance1.tf

# -----------------------------------------------------------------------------
# Volumes Sophos 1
# -----------------------------------------------------------------------------
resource "stackit_volume" "sophos_primary_vol1" {
  project_id        = var.project_id
  name              = "sophos-primary-disk1"
  availability_zone = var.default_az
  size              = 150
  performance_class = "storage_premium_perf4"
  source = {
    id    = stackit_image.sophos_primary_image.image_id
    type  = "image"
  }
}

resource "stackit_volume" "sophos_data_vol1" {
  project_id        = var.project_id
  name              = "sophos-data-disk1"
  availability_zone = var.default_az
  size              = 100
  performance_class = "storage_premium_perf4"
  source = {
    id    = stackit_image.sophos_secondary_image.image_id
    type  = "image"
  }
}

# -----------------------------------------------------------------------------
# Sophos VM 1 
# -----------------------------------------------------------------------------

resource "stackit_server" "sophos_appliance1" {
  project_id      = var.project_id
  name            = "Sophos-Appliance1"
  boot_volume = {
    source_type   = "volume"
    source_id     = stackit_volume.sophos_primary_vol1.volume_id
  }
  availability_zone = var.default_az
  machine_type      = var.flavor
}

resource "stackit_server_volume_attach" "sophos_data_attachment1" {
  project_id   = var.project_id
  server_id    = stackit_server.sophos_appliance1.server_id 
  volume_id    = stackit_volume.sophos_data_vol1.volume_id
  depends_on = [ stackit_server.sophos_appliance1 ] 
}

# -----------------------------------------------------------------------------
# Interfaces Sophos 1
# -----------------------------------------------------------------------------

resource "stackit_network_interface" "nic_mgmt_sophos1" {
  project_id = var.project_id
  network_id = stackit_network.sophos_mgmt_net.network_id
  name       = "nic_mgmt_sophos1"
  security   = false
  ipv4       = var.sophos1_mgmt_ip
}

resource "stackit_network_interface" "nic_wan_sophos1" {
  project_id         = var.project_id
  network_id         = stackit_network.sophos_wan_net.network_id
  security           = true
  name               = "nic_wan_sophos1"
  allowed_addresses  = ["${stackit_network_interface.vip.ipv4}/32", "0.0.0.0/0"]
  security_group_ids = [stackit_security_group.sophos.security_group_id]
  ipv4               = var.sophos1_wan_ip
}

resource "stackit_network_interface" "nic_lan_sophos1" {
  project_id = var.project_id
  network_id = stackit_network.sophos_lan_net.network_id
  security   = false
  name       = "nic_lan_sophos1"
  ipv4       = var.sophos1_lan_ip
}

resource "stackit_network_interface" "nic_sync_sophos1" {
  project_id = var.project_id
  network_id = stackit_network.sophos_sync_net.network_id
  security   = false
  #security_group_ids = [ stackit_security_group.sophos.security_group_id ]
  name       = "nic_sync_sophos1"
}

# -----------------------------------------------------------------------------
# Interface Attachements 1
# -----------------------------------------------------------------------------

resource "stackit_server_network_interface_attach" "nic-attachment-mgmt1" {
  project_id           = var.project_id
  server_id            = stackit_server.sophos_appliance1.server_id
  network_interface_id = stackit_network_interface.nic_mgmt_sophos1.network_interface_id
}

resource "stackit_server_network_interface_attach" "nic-attachment-wan1" {
  project_id           = var.project_id
  server_id            = stackit_server.sophos_appliance1.server_id
  network_interface_id = stackit_network_interface.nic_wan_sophos1.network_interface_id
  depends_on           = [stackit_server_network_interface_attach.nic-attachment-mgmt1]
}

resource "stackit_server_network_interface_attach" "nic-attachment-lan1" {
  project_id           = var.project_id
  server_id            = stackit_server.sophos_appliance1.server_id
  network_interface_id = stackit_network_interface.nic_lan_sophos1.network_interface_id
  depends_on           = [stackit_server_network_interface_attach.nic-attachment-wan1]
}

resource "stackit_server_network_interface_attach" "nic-attachment-sync1" {
  project_id           = var.project_id
  server_id            = stackit_server.sophos_appliance1.server_id
  network_interface_id = stackit_network_interface.nic_sync_sophos1.network_interface_id
  depends_on           = [stackit_server_network_interface_attach.nic-attachment-lan1]
}