fix: more tweaks

kid · kid · commit 52aeba31060f · 2025-05-30T10:45:06.000+02:00
diff --git a/terraform/modules/ros-management-config/services.tf b/terraform/modules/ros-management-config/services.tf
@@ -6,6 +6,17 @@ locals {
     # "www-ssl",
     "winbox"
   ]
+
+  services = {
+    ftp     = { port = 21 }
+    ssh     = { port = 22 }
+    telnet  = { port = 23 }
+    www     = { port = 80 }
+    www-ssl = { port = 443 }
+    winbox  = { port = 8291 }
+    api     = { port = 8728 }
+    api-ssl = { port = 8729 }
+  }
 }
 
 data "routeros_ip_services" "self" {}
@@ -16,7 +27,9 @@ resource "routeros_ip_service" "self" {
     routeros_ip_address.mgmt
   ]
 
-  for_each = { for _, v in data.routeros_ip_services.self.services : v.name => v }
+  # for_each = { for _, v in data.routeros_ip_services.self.services : v.name => v }
+  # FIXME: the data source now includes dynamic services, so we get duplicate names
+  for_each = local.services
   numbers  = each.key
   port     = each.value.port
   disabled = !contains(local.enabled_services, each.key)
@@ -32,3 +45,7 @@ resource "routeros_ip_ssh_server" "self" {
   forwarding_enabled          = "remote"
   host_key_type               = "ed25519"
 }
+
+output "debug" {
+  value = data.routeros_ip_services.self.services
+}
diff --git a/terraform/stacks/network-new/main.tf b/terraform/stacks/network-new/main.tf
@@ -10,11 +10,25 @@ module "crs320_bridge" {
     sfp-sfpplus1 = {
       vlan_ids = [99, 10, 30, 100, 101]
     }
+    sfp-sfpplus3 = {
+      comment  = "pve0"
+      vlan_ids = [30, 100, 101]
+    }
+    sfp-sfpplus4 = {
+      comment = "pve1"
+      pvid    = 10
+      # FIXME: tag 10 is only there for home-assistant
+      vlan_ids = [30, 100, 101]
+    }
     ether1 = {
       comment  = "office-east"
       pvid     = 100
       vlan_ids = [99]
     }
+    ether2 = {
+      commment = "rb5009"
+      pvid     = 99
+    }
     ether3 = {
       comment = "office-west"
       pvid    = 100
@@ -44,12 +58,15 @@ module "crs320_bridge" {
       pvid    = 99
     }
     ether15 = {
-      comment = "pve1-ipmi"
+      comment = "pve1"
       pvid    = 99
+      # pvid = 10
+      # # FIXME: tag 10 is only there for home-assistant
+      # vlan_ids = [30, 100, 101]
     }
     ether16 = {
-      commment = "mgmt"
-      pvid     = 99
+      comment = "pve1-ipmi"
+      pvid    = 99
     }
   }
 
@@ -63,11 +80,20 @@ module "crs320_management_config" {
 
   source = "../../modules/ros-management-config"
 
-  bridge_name        = module.crs320_bridge.bridge_name
-  mgmt_vlan_id       = 99
-  oob_mgmt_interface = "ether17"
+  hostname    = "crs320"
+  bridge_name = module.crs320_bridge.bridge_name
+
+  mgmt_cidr_prefix = "10.99.0.0"
+  mgmt_cidr_bits   = 16
+  mgmt_hostnum     = 2
+  mgmt_vlan_id     = 99
+
+  oob_mgmt_port = "ether17"
 }
 
 output "debug" {
-  value = var.debug ? module.crs320_bridge.debug : null
+  value = var.debug ? {
+    bridge = module.crs320_bridge.debug
+    mgmt = module.crs320_management_config.debug
+  }: null
 }
