it-stack-terraform/vms.tf at main · it-stack-dev/it-stack-terraform · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# 8-VM cluster layout — mirrors the production 8-server layout
#
# Each server has a static private IP in the 10.0.50.0/24 range.
# Only lab-proxy1 gets a public IP (acts as jump host / Traefik entry point).
# All other servers are reachable via:
#   ssh -J itstack@<proxy-public-ip> itstack@10.0.50.11

locals {
  servers = {
    "lab-id1"    = { ip = "10.0.50.11", size = "Standard_D4s_v4", role = "FreeIPA, Keycloak",                public_ip = false }
    "lab-db1"    = { ip = "10.0.50.12", size = "Standard_E8s_v4", role = "PostgreSQL, Redis, Elasticsearch", public_ip = false }
    "lab-app1"   = { ip = "10.0.50.13", size = "Standard_D8s_v4", role = "Nextcloud, Mattermost, Jitsi",     public_ip = false }
    "lab-comm1"  = { ip = "10.0.50.14", size = "Standard_D4s_v4", role = "iRedMail, Zammad, Zabbix",         public_ip = false }
    "lab-proxy1" = { ip = "10.0.50.15", size = "Standard_D2s_v4", role = "Traefik, Graylog",                 public_ip = true  }
    "lab-pbx1"   = { ip = "10.0.50.16", size = "Standard_D2s_v4", role = "FreePBX",                          public_ip = false }
    "lab-biz1"   = { ip = "10.0.50.17", size = "Standard_D8s_v4", role = "SuiteCRM, Odoo, OpenKM",           public_ip = false }
    "lab-mgmt1"  = { ip = "10.0.50.18", size = "Standard_D4s_v4", role = "Taiga, Snipe-IT, GLPI",            public_ip = false }
  }
}

module "vm" {
  for_each = local.servers
  source   = "../../modules/lab-vm"

  vm_name             = each.key
  private_ip          = each.value.ip
  vm_size             = each.value.size
  role                = each.value.role
  public_ip_enabled   = each.value.public_ip
  resource_group_name = azurerm_resource_group.lab.name
  location            = azurerm_resource_group.lab.location
  subnet_id           = azurerm_subnet.servers.id
  nsg_id              = azurerm_network_security_group.lab.id
  admin_username      = var.admin_username
  ssh_public_key      = var.ssh_public_key
  os_disk_size_gb     = var.vm_os_disk_size_gb
  auto_shutdown_time  = var.auto_shutdown_time
  auto_shutdown_tz    = var.auto_shutdown_timezone
  tags                = var.tags
}

# DNS A records for all servers
resource "azurerm_private_dns_a_record" "servers" {
  for_each            = local.servers
  name                = each.key
  zone_name           = azurerm_private_dns_zone.lab.name
  resource_group_name = azurerm_resource_group.lab.name
  ttl                 = 300
  records             = [each.value.ip]
}