MikroTik CRS + Proxmox + NetBox — IaC Starter (Generated)

This repository contains a proof-of-concept Infrastructure-as-Code layout to manage:

• MikroTik CRS switch (CRS354-48P-4S+2Q+RM) named gigabit-backbone at 192.168.0.32
• MikroTik CRS switch (CRS510-8XS-2XQ-IN) named ultrafast at 192.168.0.33
• Proxmox host ltegatewaypmx (https://ltegatewaypmx.simcop2387.net/) with interface enp6s0f0 on 192.168.0.2/24
• NetBox instance at https://netbox.simcop2387.net/

What is included

• network.tf — Main Terraform file to configure the MikroTik switches via the RouterOS Terraform provider.\n- modules/ — Directory containing reusable Terraform modules for switch, VLAN, and VM configurations
• virtualization/ — Terraform code to create/manage VMs on Proxmox via the Telmate Proxmox provider.
• netbox/ — YAML import file with the initial NetBox objects for this PoC.
• bootstrap/ — Ansible playbook to bootstrap RouterOS for API/REST access and create an automation user.
• webhook/ — Simple Flask webhook receiver to trigger CI runs.
• .github/workflows/terraform.yml — GitHub Actions workflow for plan/apply (example).

Infrastructure Overview

This setup manages a complex network infrastructure with multiple VLANs and switch configurations:

MikroTik Switches Configuration

The infrastructure includes two MikroTik switches:

1. gigabit-backbone (192.168.0.32)

   • CRS354-48P-4S+2Q+RM switch model
   • 48 Ethernet ports (ether1-ether48) with various configurations
   • 4 SFP+ ports for fiber connections
   • 2 QSFP+ ports for high-speed connections
   • VLAN tagging and trunking capabilities

2. ultrafast (192.168.0.33)

   • CRS312+4C+8XG-RM switch model
   • 8 Ethernet ports with PoE support
   • Bonding interfaces for link aggregation
   • Jumbo frame support for high-performance networking

Network VLANs

The network is organized into multiple VLANs with different security levels:

• Secure VLANs: LAN (VLAN 1), PRIVATE (VLAN 17)
• Insecure VLANs: IoT (VLAN 8), MEDIA (VLAN 6), CAMSEC (VLAN 20), WORK (VLAN 72)
• Special purpose VLANs: LTE (VLAN 3), HIGHAV (VLAN 4), JUMBO (VLAN 129)

Modules Directory Structure

The modules/ directory contains reusable Terraform modules:

switch Module

Configures MikroTik switches with complex bridge and VLAN functionality:

• Bridge creation and configuration
• Bridge port management with tagging and untagging
• Ethernet interface configuration (PoE, MTU, flow control)
• Bonding interface setup
• VLAN filtering capabilities

vlan Module

Defines VLAN configurations for network segmentation:

• VLAN ID assignment
• VLAN name and description
• Network subnet definitions
• Reusable across multiple switch configurations

vm Module

Manages Proxmox virtual machines:

• VM creation with specified resources (cores, memory)
• Network interface configuration with VLAN tagging
• Disk configuration
• VM naming and node assignment

Key Features

• Complex bridge configurations with VLAN filtering
• Bonding interfaces for redundancy and increased bandwidth
• Ethernet port configuration with MTU and PoE settings
• Trunking of VLANs between switches using tagged port configurations
• Integration with NetBox for network management

Important: This is a starting point. Do not store secrets in the repository. Use GitHub Secrets / Vault / SOPS / Ansible Vault to protect credentials. Test in a lab before applying to production.

Quickstart (local/lab)

1. Update variables and provider credentials in the Terraform *.tfvars or environment variables. The files use variables and placeholders.
2. Run the Ansible playbook in bootstrap/ to configure the switch so the RouterOS API/REST is available to Terraform.
3. From the root directory run terraform init and terraform plan (or use CI).

See each directory for further notes and config examples.