Add tf VM setup to hello world.

.gitignore

@@ -26,3 +26,4 @@ terraform.rc
 main.destroy.tfplan
 main.tfplan
 azurek8s
+.terraform.lock.hcl

tofu-aks/main.tf

@@ -1,10 +1,6 @@
-resource "random_pet" "rg_name" {
-  prefix = var.resource_group_name_prefix
-}
-
 resource "azurerm_resource_group" "rg" {
   location = var.resource_group_location
-  name     = random_pet.rg_name.id
+  name     = var.resource_group_name
 }
 
 resource "random_pet" "azurerm_kubernetes_cluster_name" {

tofu-aks/variables.tf

@@ -4,6 +4,12 @@ variable "resource_group_location" {
   description = "Location of the resource group."
 }
 
+variable "resource_group_name" {
+  type        = string
+  default     = "tofu-aks-bespinina-labs"
+  description = "Name of the resource group."
+}
+
 variable "resource_group_name_prefix" {
   type        = string
   default     = "rg"

tofu-vm/main.tf

@@ -0,0 +1,128 @@
+resource "azurerm_resource_group" "rg" {
+  location = var.resource_group_location
+  name     = var.resource_group_name
+}
+
+# Create virtual network
+resource "azurerm_virtual_network" "bespinian_tf_network" {
+  name                = "bespinianVnet"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+# Create subnet
+resource "azurerm_subnet" "bespinian_tf_subnet" {
+  name                 = "bespinianSubnet"
+  resource_group_name  = azurerm_resource_group.rg.name
+  virtual_network_name = azurerm_virtual_network.bespinian_tf_network.name
+  address_prefixes     = ["10.0.1.0/24"]
+}
+
+# Create public IPs
+resource "azurerm_public_ip" "bespinian_tf_public_ip" {
+  name                = "bespinianPublicIP"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  allocation_method   = "Dynamic"
+}
+
+# Create Network Security Group and rule
+resource "azurerm_network_security_group" "bespinian_tf_nsg" {
+  name                = "bespinianNetworkSecurityGroup"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+
+  security_rule {
+    name                       = "SSH"
+    priority                   = 1001
+    direction                  = "Inbound"
+    access                     = "Allow"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "22"
+    source_address_prefix      = "*"
+    destination_address_prefix = "*"
+  }
+
+  security_rule {
+    name                       = "HTTP"
+    priority                   = 1002
+    direction                  = "Inbound"
+    access                     = "Allow"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "80"
+    source_address_prefix      = "*"
+    destination_address_prefix = "*"
+  }
+}
+
+# Create network interface
+resource "azurerm_network_interface" "bespinian_tf_nic" {
+  name                = "bespinianNIC"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+
+  ip_configuration {
+    name                          = "bespinian_nic_configuration"
+    subnet_id                     = azurerm_subnet.bespinian_tf_subnet.id
+    private_ip_address_allocation = "Dynamic"
+    public_ip_address_id          = azurerm_public_ip.bespinian_tf_public_ip.id
+  }
+}
+
+# Connect the security group to the network interface
+resource "azurerm_network_interface_security_group_association" "example" {
+  network_interface_id      = azurerm_network_interface.bespinian_tf_nic.id
+  network_security_group_id = azurerm_network_security_group.bespinian_tf_nsg.id
+}
+
+data "template_file" "script" {
+  template = file("scripts/cloud-init.yaml")
+  vars = {
+    username = var.username
+  }
+}
+
+# Import cloud-init.yaml
+data "template_cloudinit_config" "config" {
+  gzip          = true
+  base64_encode = true
+
+  part {
+    content_type = "text/cloud-config"
+    content      = data.template_file.script.rendered
+  }
+}
+
+# Create virtual machine
+resource "azurerm_linux_virtual_machine" "bespinian_tf_vm" {
+  name                  = "bespinianVM"
+  location              = azurerm_resource_group.rg.location
+  resource_group_name   = azurerm_resource_group.rg.name
+  network_interface_ids = [azurerm_network_interface.bespinian_tf_nic.id]
+  size                  = "Standard_DS1_v2"
+  custom_data           = data.template_cloudinit_config.config.rendered
+
+  os_disk {
+    name                 = "bespinianOsDisk"
+    caching              = "ReadWrite"
+    storage_account_type = "Premium_LRS"
+  }
+
+  source_image_reference {
+    publisher = "Canonical"
+    offer     = "0001-com-ubuntu-server-jammy"
+    sku       = "22_04-lts-gen2"
+    version   = "latest"
+  }
+
+  computer_name  = "hostname"
+  admin_username = var.username
+
+  admin_ssh_key {
+    username   = var.username
+    public_key = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey
+  }
+}

tofu-vm/outputs.tf

@@ -0,0 +1,7 @@
+output "resource_group_name" {
+  value = azurerm_resource_group.rg.name
+}
+
+#output "public_ip_address" {
+#  value = azurerm_linux_virtual_machine.bespinian_tf_vm.public_ip_address
+#}

tofu-vm/providers.tf

@@ -0,0 +1,22 @@
+terraform {
+  required_version = ">=0.12"
+
+  required_providers {
+    azapi = {
+      source  = "azure/azapi"
+      version = "~>1.5"
+    }
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>2.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}

tofu-vm/scripts/cloud-init.yaml

@@ -0,0 +1,34 @@
+package_update: true
+package_upgrade: true
+
+groups:
+  - docker
+
+system_info:
+  default_user:
+    groups: [docker]
+
+packages:
+  - nginx
+  - docker.io
+  - unattended-upgrades
+
+write_files:
+  - owner: www-data:www-data
+    path: /etc/nginx/sites-available/default
+    content: |
+      server {
+        listen 80;
+        location / {
+          proxy_pass http://localhost:3000;
+          proxy_http_version 1.1;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection keep-alive;
+          proxy_set_header Host $host;
+          proxy_cache_bypass $http_upgrade;
+        }
+      }
+
+runcmd:
+  - service nginx restart
+  - docker run -d -p 3000:3000 ghcr.io/bespinian/bespinian-ts-hello-world:main

tofu-vm/ssh.tf

@@ -0,0 +1,28 @@
+resource "random_pet" "ssh_key_name" {
+  prefix    = "ssh"
+  separator = ""
+}
+
+resource "azapi_resource_action" "ssh_public_key_gen" {
+  type        = "Microsoft.Compute/sshPublicKeys@2022-11-01"
+  resource_id = azapi_resource.ssh_public_key.id
+  action      = "generateKeyPair"
+  method      = "POST"
+
+  response_export_values = ["publicKey", "privateKey"]
+}
+
+resource "azapi_resource" "ssh_public_key" {
+  type      = "Microsoft.Compute/sshPublicKeys@2022-11-01"
+  name      = random_pet.ssh_key_name.id
+  location  = azurerm_resource_group.rg.location
+  parent_id = azurerm_resource_group.rg.id
+}
+
+output "key_data" {
+  value = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey
+}
+
+output "ssh_private_key" {
+  value = jsondecode(azapi_resource_action.ssh_public_key_gen.output).privateKey
+}

tofu-vm/variables.tf

@@ -0,0 +1,17 @@
+variable "resource_group_location" {
+  type        = string
+  default     = "westeurope"
+  description = "Location of the resource group."
+}
+
+variable "resource_group_name" {
+  type        = string
+  default     = "tofu-vm-bespinian-labs"
+  description = "Name of the resource group."
+}
+
+variable "username" {
+  type        = string
+  description = "The username for the local account that will be created on the new VM."
+  default     = "azureadmin"
+}