# Module: networking

Creates the internal Linux bridge network segments on a Proxmox node. These bridges are purely virtual — no physical NIC is attached. All inter-segment traffic is routed through a firewall VM (OPNsense).

## Segments

| Bridge | CIDR | Purpose |
|--------|------|---------|
| management | 10.10.10.0/24 | Proxmox API access and admin tools. Proxmox host holds 10.10.10.1. |
| services | 10.10.20.0/24 | General workload VMs and containers. |
| dmz | 10.10.30.0/24 | Externally exposed workloads (e.g. web servers). |
| isolated | 10.10.40.0/24 | Lab and test workloads. No outbound access by default. |

The Proxmox host has no IP on services, dmz, or isolated — VMs on those segments have no direct path to the hypervisor.

## Usage

```hcl
module "networking" {
  source = "../../modules/networking"

  proxmox_node_name = "pve"
}
```

## Inputs

| Name | Type | Description |
|------|------|-------------|
| proxmox_node_name | string | Name of the Proxmox node to create bridges on. |

## Notes

- After apply, Proxmox automatically reloads the network configuration — no manual intervention required.
- `Sys.Modify` must be granted to the Terraform API token role to manage node network interfaces.