kritikos-io/homelab-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add initial Terraform configuration for Azure and Proxmox resources

Browse Source
This commit is contained in:
Alexandros Kritikos
2026-03-01 14:16:44 +02:00
parent 44d658745e
commit b11172504d
17 changed files with 869 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
modules/pangolin/firewall.tf Normal file
View File

@@ -0,0 +1,100 @@
resource "azurerm_network_security_group" "nsg" {
name = "${var.vm_name}-nsg"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
tags = var.tags
}
resource "azurerm_network_interface_security_group_association" "nic_nsg" {
network_interface_id = azurerm_network_interface.nic.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
resource "azurerm_network_security_rule" "allow_udp_51820" {
name = "Allow-Wireguard"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Udp"
source_port_range = "*"
destination_port_range = "51820"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = azurerm_network_security_group.nsg.name
}
resource "azurerm_network_security_rule" "allow_ssh_vps" {
name = "Allow-SSH-VPS"
priority = 110
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "2222"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = azurerm_network_security_group.nsg.name
source_address_prefix = length(var.allowed_ssh_cidrs_ipv4) == 0 ? "*" : null
source_address_prefixes = length(var.allowed_ssh_cidrs_ipv4) > 0 ? var.allowed_ssh_cidrs_ipv4 : null
}
resource "azurerm_network_security_rule" "allow_ssh_proxy" {
name = "Allow-SSH-Proxy"
priority = 120
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = azurerm_network_security_group.nsg.name
source_address_prefix = "*"
source_address_prefixes = null
}
resource "azurerm_network_security_rule" "allow_postgres" {
name = "Allow-Postgres"
priority = 130
direction = "Inbound"
access = "Deny"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "5432"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = azurerm_network_security_group.nsg.name
}
resource "azurerm_network_security_rule" "allow_http" {
name = "Allow-HTTP"
priority = 140
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = azurerm_network_security_group.nsg.name
}
resource "azurerm_network_security_rule" "allow_https" {
name = "Allow-HTTPS"
priority = 150
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = azurerm_network_security_group.nsg.name
}

116
modules/pangolin/main.tf Normal file
View File

@@ -0,0 +1,116 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
}
}
}
resource "azurerm_resource_group" "rg" {
location = var.location
name = "rg-pangolin-${var.environment}-${var.location}-${var.instance}"
}
resource "azurerm_linux_virtual_machine" "vm" {
name = var.vm_name
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
size = var.vm_size
admin_username = var.admin_username
disable_password_authentication = true
admin_ssh_key {
username = var.admin_username
public_key = var.ssh_pubkey
}
os_disk {
name = "${var.vm_name}-osdisk"
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "ubuntu-24_04-lts"
sku = "server-gen1"
version = "latest"
}
network_interface_ids = [azurerm_network_interface.nic.id]
tags = var.tags
}
resource "azurerm_virtual_network" "vnet" {
name = "${var.vm_name}-vnet"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
address_space = [var.vnet_cidr_ipv4, var.vnet_cidr_ipv6]
tags = var.tags
}
resource "azurerm_subnet" "subnet" {
name = "${var.vm_name}-subnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = [var.subnet_cidr_ipv4, var.subnet_cidr_ipv6]
}
resource "azurerm_network_interface" "nic" {
name = "${var.vm_name}-nic"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
tags = var.tags
ip_forwarding_enabled = true
ip_configuration {
name = "ipconfig-v4"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
private_ip_address_version = "IPv4"
public_ip_address_id = azurerm_public_ip.pip_v4.id
primary = true
}
ip_configuration {
name = "ipconfig-v6"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
private_ip_address_version = "IPv6"
public_ip_address_id = azurerm_public_ip.pip_v6.id
}
}
resource "azurerm_public_ip" "pip_v4" {
name = "pip-pangolin-${var.environment}-${var.location}-${var.instance}-v4"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
allocation_method = "Static"
sku = "Standard"
ip_version = "IPv4"
tags = var.tags
}
resource "azurerm_public_ip" "pip_v6" {
name = "pip-pangolin-${var.environment}-${var.location}-${var.instance}-v6"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
allocation_method = "Static"
sku = "Standard"
ip_version = "IPv6"
tags = var.tags
}

11
modules/pangolin/outputs.tf Normal file
View File

@@ -0,0 +1,11 @@
output "public_ipv4" {
value = azurerm_public_ip.pip_v4.ip_address
}
output "public_ipv6" {
value = azurerm_public_ip.pip_v6.ip_address
}
output "ssh_ipv4" {
value = "ssh ${var.admin_username}@${azurerm_public_ip.pip_v4.ip_address}"
}

68
modules/pangolin/variables.tf Normal file
View File

@@ -0,0 +1,68 @@
variable "location" {
type = string
default = "westeurope"
}
variable "environment" {
type = string
default = "prod"
}
variable "instance" {
type = string
default = "homelab"
}
variable "tags" {
type = map(string)
default = {
project = "pangolin"
env = "prod"
}
}
variable "vm_name" {
type = string
default = "pangolin-proxy"
}
variable "vm_size" {
type = string
default = "Standard_A2_v2"
}
variable "admin_username" {
type = string
default = "azureuser"
}
variable "ssh_pubkey" {
type = string
}
variable "vnet_cidr_ipv4" {
type = string
default = "10.50.0.0/16"
}
variable "vnet_cidr_ipv6" {
type = string
default = "fd7d:bb99:1da4::/48"
}
variable "subnet_cidr_ipv4" {
type = string
default = "10.50.1.0/24"
}
variable "subnet_cidr_ipv6" {
type = string
default = "fd7d:bb99:1da4:195::/64"
}
variable "allowed_ssh_cidrs_ipv4" {
type = list(string)
description = "IPv4 CIDRs allowed to SSH (22/tcp). Empty list means allow from anywhere."
default = []
}