mirror of https://github.com/trailofbits/algo
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
204 lines
6.1 KiB
JSON
204 lines
6.1 KiB
JSON
{
|
|
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json",
|
|
"contentVersion": "1.0.0.0",
|
|
"parameters": {
|
|
"sshKeyData": {
|
|
"type": "string"
|
|
},
|
|
"WireGuardPort": {
|
|
"type": "int"
|
|
},
|
|
"vmSize": {
|
|
"type": "string"
|
|
},
|
|
"imageReferenceSku": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"variables": {
|
|
"vnetID": "[resourceId('Microsoft.Network/virtualNetworks', resourceGroup().name)]",
|
|
"subnet1Ref": "[concat(variables('vnetID'),'/subnets/', resourceGroup().name)]"
|
|
},
|
|
"resources": [
|
|
{
|
|
"apiVersion": "2015-06-15",
|
|
"type": "Microsoft.Network/networkSecurityGroups",
|
|
"name": "[resourceGroup().name]",
|
|
"location": "[resourceGroup().location]",
|
|
"properties": {
|
|
"securityRules": [
|
|
{
|
|
"name": "AllowSSH",
|
|
"properties": {
|
|
"description": "Locks inbound down to ssh default port 22.",
|
|
"protocol": "Tcp",
|
|
"sourcePortRange": "*",
|
|
"destinationPortRange": "22",
|
|
"sourceAddressPrefix": "*",
|
|
"destinationAddressPrefix": "*",
|
|
"access": "Allow",
|
|
"priority": 100,
|
|
"direction": "Inbound"
|
|
}
|
|
},
|
|
{
|
|
"name": "AllowIPSEC500",
|
|
"properties": {
|
|
"description": "Allow UDP to port 500",
|
|
"protocol": "Udp",
|
|
"sourcePortRange": "*",
|
|
"destinationPortRange": "500",
|
|
"sourceAddressPrefix": "*",
|
|
"destinationAddressPrefix": "*",
|
|
"access": "Allow",
|
|
"priority": 110,
|
|
"direction": "Inbound"
|
|
}
|
|
},
|
|
{
|
|
"name": "AllowIPSEC4500",
|
|
"properties": {
|
|
"description": "Allow UDP to port 4500",
|
|
"protocol": "Udp",
|
|
"sourcePortRange": "*",
|
|
"destinationPortRange": "4500",
|
|
"sourceAddressPrefix": "*",
|
|
"destinationAddressPrefix": "*",
|
|
"access": "Allow",
|
|
"priority": 120,
|
|
"direction": "Inbound"
|
|
}
|
|
},
|
|
{
|
|
"name": "AllowWireGuard",
|
|
"properties": {
|
|
"description": "Locks inbound down to ssh default port 22.",
|
|
"protocol": "Udp",
|
|
"sourcePortRange": "*",
|
|
"destinationPortRange": "[parameters('WireGuardPort')]",
|
|
"sourceAddressPrefix": "*",
|
|
"destinationAddressPrefix": "*",
|
|
"access": "Allow",
|
|
"priority": 130,
|
|
"direction": "Inbound"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"apiVersion": "2015-06-15",
|
|
"type": "Microsoft.Network/publicIPAddresses",
|
|
"name": "[resourceGroup().name]",
|
|
"location": "[resourceGroup().location]",
|
|
"properties": {
|
|
"publicIPAllocationMethod": "Static"
|
|
}
|
|
},
|
|
{
|
|
"apiVersion": "2015-06-15",
|
|
"type": "Microsoft.Network/virtualNetworks",
|
|
"name": "[resourceGroup().name]",
|
|
"location": "[resourceGroup().location]",
|
|
"properties": {
|
|
"addressSpace": {
|
|
"addressPrefixes": [
|
|
"10.10.0.0/16"
|
|
]
|
|
},
|
|
"subnets": [
|
|
{
|
|
"name": "[resourceGroup().name]",
|
|
"properties": {
|
|
"addressPrefix": "10.10.0.0/24"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"apiVersion": "2015-06-15",
|
|
"type": "Microsoft.Network/networkInterfaces",
|
|
"name": "[resourceGroup().name]",
|
|
"location": "[resourceGroup().location]",
|
|
"dependsOn": [
|
|
"[concat('Microsoft.Network/networkSecurityGroups/', resourceGroup().name)]",
|
|
"[concat('Microsoft.Network/publicIPAddresses/', resourceGroup().name)]",
|
|
"[concat('Microsoft.Network/virtualNetworks/', resourceGroup().name)]"
|
|
],
|
|
"properties": {
|
|
"networkSecurityGroup": {
|
|
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', resourceGroup().name)]"
|
|
},
|
|
"ipConfigurations": [
|
|
{
|
|
"name": "ipconfig1",
|
|
"properties": {
|
|
"privateIPAllocationMethod": "Dynamic",
|
|
"publicIPAddress": {
|
|
"id": "[resourceId('Microsoft.Network/publicIPAddresses', resourceGroup().name)]"
|
|
},
|
|
"subnet": {
|
|
"id": "[variables('subnet1Ref')]"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"apiVersion": "2016-04-30-preview",
|
|
"type": "Microsoft.Compute/virtualMachines",
|
|
"name": "[resourceGroup().name]",
|
|
"location": "[resourceGroup().location]",
|
|
"dependsOn": [
|
|
"[concat('Microsoft.Network/networkInterfaces/', resourceGroup().name)]"
|
|
],
|
|
"properties": {
|
|
"hardwareProfile": {
|
|
"vmSize": "[parameters('vmSize')]"
|
|
},
|
|
"osProfile": {
|
|
"computerName": "[resourceGroup().name]",
|
|
"adminUsername": "ubuntu",
|
|
"linuxConfiguration": {
|
|
"disablePasswordAuthentication": true,
|
|
"ssh": {
|
|
"publicKeys": [
|
|
{
|
|
"path": "/home/ubuntu/.ssh/authorized_keys",
|
|
"keyData": "[parameters('sshKeyData')]"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"storageProfile": {
|
|
"imageReference": {
|
|
"publisher": "Canonical",
|
|
"offer": "UbuntuServer",
|
|
"sku": "[parameters('imageReferenceSku')]",
|
|
"version": "latest"
|
|
},
|
|
"osDisk": {
|
|
"createOption": "FromImage"
|
|
}
|
|
},
|
|
"networkProfile": {
|
|
"networkInterfaces": [
|
|
{
|
|
"id": "[resourceId('Microsoft.Network/networkInterfaces', resourceGroup().name)]"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"outputs": {
|
|
"publicIPAddresses": {
|
|
"type": "string",
|
|
"value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',resourceGroup().name),providers('Microsoft.Network', 'publicIPAddresses').apiVersions[0]).ipAddress]",
|
|
}
|
|
}
|
|
}
|