# Konfiguration einer VM in der Azure Cloud terraform { # Setzen der notwendigen Provider-Informationen required_providers { azurerm = { source = "hashicorp/azurerm" version = "=3.46.0" } cloudflare = { source = "cloudflare/cloudflare" version = "~> 3.0" } } } # Variablen variable "ssh_key" { type = string sensitive = true } variable "azure_subscription_id" { type = string sensitive = true } variable "azure_resource_group" { type = string } variable "azure_location" { type = string } variable "azure_location_ca" { type = string } variable "certbot_email" { type = string sensitive = true } variable "zone_id" { type = string sensitive = true } variable "cloudflare_token" { type = string sensitive = true } resource "random_string" "lower" { length = 16 upper = false lower = true numeric = false special = false } # Azure Provider provider "azurerm" { features {} subscription_id = var.azure_subscription_id } # Cloudflare provider provider "cloudflare" { api_token = var.cloudflare_token } # Resource Group resource "azurerm_resource_group" "example" { name = var.azure_resource_group location = var.azure_location } # Azure Cosmos DB resource "azurerm_cosmosdb_account" "example" { name = "db-${random_string.lower.result}" location = var.azure_location resource_group_name = var.azure_resource_group offer_type = "Standard" kind = "MongoDB" consistency_policy { consistency_level = "BoundedStaleness" max_interval_in_seconds = 300 max_staleness_prefix = 100000 } geo_location { location = "westeurope" failover_priority = 0 } } # Azure Cognitive services resource "azurerm_cognitive_account" "example" { name = "cognitive-account-${random_string.lower.result}" location = var.azure_location_ca resource_group_name = var.azure_resource_group kind = "CognitiveServices" sku_name = "S0" } # Virtual Network resource "azurerm_virtual_network" "example" { name = "virtual-network-${random_string.lower.result}" address_space = ["10.0.0.0/16"] location = var.azure_location resource_group_name = var.azure_resource_group } # Subnet resource "azurerm_subnet" "example" { name = "subnet-${random_string.lower.result}" address_prefixes = ["10.0.1.0/24"] virtual_network_name = azurerm_virtual_network.example.name resource_group_name = var.azure_resource_group } # Network Interface resource "azurerm_network_interface" "example" { name = "nic-${random_string.lower.result}" location = var.azure_location resource_group_name = var.azure_resource_group ip_configuration { name = "ip-configuration-${random_string.lower.result}" subnet_id = azurerm_subnet.example.id private_ip_address_allocation = "Dynamic" public_ip_address_id = azurerm_public_ip.example.id } } # public ip address resource "azurerm_public_ip" "example" { name = "public-ip-${random_string.lower.result}" location = var.azure_location resource_group_name = var.azure_resource_group allocation_method = "Static" } # Set cloudflare dns record resource "cloudflare_record" "example" { zone_id = "${var.zone_id}" name = "translator.dhbw" value = "${azurerm_public_ip.example.ip_address}" type = "A" allow_overwrite = true } # Network security group resource "azurerm_network_security_group" "example" { name = "nsg-${random_string.lower.result}" location = azurerm_resource_group.example.location resource_group_name = azurerm_resource_group.example.name security_rule { name = "SSH" priority = 1001 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" destination_address_prefix = "*" } security_rule { name = "HTTP" priority = 1002 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" destination_address_prefix = "*" } security_rule { name = "HTTPS" priority = 1003 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" destination_address_prefix = "*" } } # Attach network security group resource "azurerm_network_interface_security_group_association" "example" { network_interface_id = azurerm_network_interface.example.id network_security_group_id = azurerm_network_security_group.example.id } # Virtual maschine resource "azurerm_linux_virtual_machine" "example" { name = "vm-${random_string.lower.result}" location = var.azure_location resource_group_name = var.azure_resource_group size = "Standard_B1s" admin_username = "adminuser" network_interface_ids = [ azurerm_network_interface.example.id, ] os_disk { caching = "ReadWrite" storage_account_type = "Standard_LRS" } source_image_reference { publisher = "Canonical" offer = "0001-com-ubuntu-server-jammy" sku = "22_04-lts-gen2" version = "latest" } admin_ssh_key { username = "adminuser" public_key = file("~/.ssh/id_rsa.pub") } # Ansible provisioner "local-exec" { command = "ansible-playbook --ssh-common-args='-o StrictHostKeyChecking=no' --extra-vars CERTBOT_EMAIL='${var.certbot_email}' --extra-vars AZURE_KEY='${azurerm_cognitive_account.example.primary_access_key}' --extra-vars AZURE_LOCATION='${var.azure_location_ca}' --extra-vars DATABASE_URL='${azurerm_cosmosdb_account.example.connection_strings.0}' -i adminuser@'${azurerm_public_ip.example.ip_address}', ../ansible/provision.yml" } }