fix: tweaks to new switch

kid · kid · commit e404dc522eac · 2025-05-19T22:57:04.000+02:00
diff --git a/terraform/modules/ros-management-config/oob.tf b/terraform/modules/ros-management-config/oob.tf
@@ -0,0 +1,16 @@
+locals {
+  oob_mgmt_cidr = "${var.oob_mgmt_cidr_prefix}/${var.oob_mgmt_cidr_bits}"
+}
+
+resource "routeros_ip_address" "oob" {
+  interface = var.oob_mgmt_port
+  address   = "${cidrhost(local.oob_mgmt_cidr, 1)}/${var.oob_mgmt_cidr_bits}"
+}
+
+module "oob_dhcp" {
+  source = "../ros-dhcp"
+
+  interface   = var.oob_mgmt_port
+  cidr_prefix = var.oob_mgmt_cidr_prefix
+  cidr_bits   = var.oob_mgmt_cidr_bits
+}
diff --git a/terraform/modules/ros-management-config/services.tf b/terraform/modules/ros-management-config/services.tf
@@ -0,0 +1,34 @@
+locals {
+  enabled_services = [
+    "ssh",
+    "www",
+    # TODO: setup TLS certs
+    # "www-ssl",
+    "winbox"
+  ]
+}
+
+data "routeros_ip_services" "self" {}
+
+resource "routeros_ip_service" "self" {
+  depends_on = [
+    routeros_ip_address.oob,
+    routeros_ip_address.mgmt
+  ]
+
+  for_each = { for _, v in data.routeros_ip_services.self.services : v.name => v }
+  numbers  = each.key
+  port     = each.value.port
+  disabled = !contains(local.enabled_services, each.key)
+  address = contains(local.enabled_services, each.key) ? join(",", [
+    local.oob_mgmt_cidr,
+    local.mgmt_cidr,
+  ]) : null
+}
+
+resource "routeros_ip_ssh_server" "self" {
+  always_allow_password_login = false
+  strong_crypto               = true
+  forwarding_enabled          = "remote"
+  host_key_type               = "ed25519"
+}
