secure-sshd/azuredeploy.json

raw link view readme
1
2 {
3 "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
4 "contentVersion": "1.0.0.0",
5 "parameters": {
6 "admin-username": {
7 "type": "string"
8 },
9 "ssh-public-key": {
10 "type": "string"
11 }
12 },
13 "variables": {
14 "ssh-keypath": "[concat('/home/', parameters('admin-username'), '/.ssh/authorized_keys')]",
15 "unique-prefix": "[concat(replace(resourceGroup().name,'-',''), substring(uniquestring(resourceGroup().name), 0, 5))]",
16 "storage-name": "[variables('unique-prefix')]",
17 "vnet-name": "[concat(resourceGroup().name, '-vnet')]",
18 "ip-prefix": "[concat(resourceGroup().name, '-ip-')]",
19 "nsg-prefix": "[concat(resourceGroup().name, '-nsg')]",
20 "nic-prefix": "[concat(resourceGroup().name, '-nic-')]",
21 "access-nic-internal": "[concat(resourceGroup().name, '-access-nic-internal')]",
22 "access-nic-external": "[concat(resourceGroup().name, '-access-nic-external')]",
23 "vm-prefix": "[concat(resourceGroup().name, '-vm-')]",
24 "names": [ "alpha", "beta", "gamma", "delta", "epsilon", "zeta", "eta", "theta", "iota", "kappa", "lambda", "mu", "nu", "xi", "omicron", "pi", "rho", "sigma", "tau", "upsilon", "phi", "chi", "psi", "omega" ],
25 "private-vm-size": "Standard_DS1_v2",
26 "vnet-address-space": "10.16.0.0/12",
27 "vnet-subnet01-octet": 17,
28 "vnet-subnet02-octet": 18
29 },
30 "resources": [
31 {
32 "comments": "",
33 "type": "Microsoft.Network/publicIPAddresses",
34 "name": "[concat(variables('ip-prefix'), variables('names')[0])]",
35 "apiVersion": "2017-03-01",
36 "location": "[resourceGroup().location]",
37 "properties": {
38 "publicIPAllocationMethod": "Dynamic",
39 "idleTimeoutInMinutes": 4,
40 "dnsSettings": {
41 "domainNameLabel": "[concat(variables('unique-prefix'), '-', variables('names')[0])]"
42 }
43 },
44 "resources": [],
45 "dependsOn": []
46 },
47 {
48 "comments": "",
49 "type": "Microsoft.Network/publicIPAddresses",
50 "name": "[concat(variables('ip-prefix'), variables('names')[1])]",
51 "apiVersion": "2017-03-01",
52 "location": "[resourceGroup().location]",
53 "properties": {
54 "publicIPAllocationMethod": "Dynamic",
55 "idleTimeoutInMinutes": 4,
56 "dnsSettings": {
57 "domainNameLabel": "[concat(variables('unique-prefix'), '-', variables('names')[1])]"
58 }
59 },
60 "resources": [],
61 "dependsOn": []
62 },
63 {
64 "comments": "",
65 "type": "Microsoft.Compute/virtualMachines",
66 "name": "[concat(variables('vm-prefix'), variables('names')[0])]",
67 "apiVersion": "2016-04-30-preview",
68 "location": "[resourceGroup().location]",
69 "properties": {
70 "hardwareProfile": {
71 "vmSize": "Standard_DS2_v2"
72 },
73 "storageProfile": {
74 "imageReference": {
75 "publisher": "OpenLogic",
76 "offer": "CentOS",
77 "sku": "7.2",
78 "version": "latest"
79 },
80 "osDisk": {
81 "name": "[concat(variables('vm-prefix'), variables('names')[0], '-boot')]",
82 "createOption": "FromImage",
83 "vhd": {
84 "uri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('storage-name')), '2015-06-15').primaryEndpoints.blob, 'vhds/', variables('names')[0], '-boot.vhd')]"
85 },
86 "caching": "ReadWrite"
87 }
88 },
89 "osProfile": {
90 "computerName": "[concat(variables('vm-prefix'), variables('names')[0])]",
91 "adminUsername": "[parameters('admin-username')]",
92 "linuxConfiguration": {
93 "disablePasswordAuthentication": true,
94 "ssh": {
95 "publicKeys": [
96 {
97 "path": "[variables('ssh-keypath')]",
98 "keyData": "[parameters('ssh-public-key')]"
99 }
100 ]
101 }
102 }
103 },
104 "networkProfile": {
105 "networkInterfaces": [
106 {
107 "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('nic-prefix'), variables('names')[0]))]",
108 "properties": { "primary": true }
109 },
110 {
111 "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('vm-prefix'), variables('names')[0], '-', variables('names')[1]))]",
112 "properties": { "primary": false }
113 }
114 ]
115 }
116 },
117 "resources": [],
118 "dependsOn": [
119 "[resourceId('Microsoft.Storage/storageAccounts', variables('storage-name'))]",
120 "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('nic-prefix'), variables('names')[0]))]",
121 "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('vm-prefix'), variables('names')[0], '-', variables('names')[1]))]"
122 ]
123 },
124 {
125 "type": "Microsoft.Compute/virtualMachines/extensions",
126 "name": "[concat(variables('vm-prefix'), variables('names')[0], '/', 'script')]",
127 "apiVersion": "2015-05-01-preview",
128 "location": "[resourceGroup().location]",
129 "dependsOn": [
130 "[concat(variables('vm-prefix'), variables('names')[0])]"
131 ],
132 "properties": {
133 "publisher": "Microsoft.Azure.Extensions",
134 "type": "CustomScript",
135 "typeHandlerVersion": "2.0",
136 "autoUpgradeMinorVersion": true,
137 "settings": {
138 "fileUris": [
139 "https://linux.azure.david.betz.space/raw/secure-sshd/client-setup.sh"
140 ],
141 "commandToExecute": "sh client-setup.sh"
142 }
143 }
144 },
145 {
146 "comments": "",
147 "type": "Microsoft.Compute/virtualMachines",
148 "name": "[concat(variables('vm-prefix'), variables('names')[1])]",
149 "apiVersion": "2016-04-30-preview",
150 "location": "[resourceGroup().location]",
151 "properties": {
152 "hardwareProfile": {
153 "vmSize": "[variables('private-vm-size')]"
154 },
155 "storageProfile": {
156 "imageReference": {
157 "publisher": "OpenLogic",
158 "offer": "CentOS",
159 "sku": "7.2",
160 "version": "latest"
161 },
162 "osDisk": {
163 "name": "[concat(concat(variables('vm-prefix'), variables('names')[1]), '-boot')]",
164 "createOption": "FromImage",
165 "vhd": {
166 "uri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('storage-name')), '2015-06-15').primaryEndpoints.blob, 'vhds/', variables('names')[1], '-boot.vhd')]"
167 },
168 "caching": "ReadWrite"
169 }
170 },
171 "osProfile": {
172 "computerName": "[concat(variables('vm-prefix'), variables('names')[0])]",
173 "adminUsername": "[parameters('admin-username')]",
174 "linuxConfiguration": {
175 "disablePasswordAuthentication": true,
176 "ssh": {
177 "publicKeys": [
178 {
179 "path": "[variables('ssh-keypath')]",
180 "keyData": "[parameters('ssh-public-key')]"
181 }
182 ]
183 }
184 }
185 },
186 "networkProfile": {
187 "networkInterfaces": [
188 {
189 "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('vm-prefix'), variables('names')[1]))]"
190 }
191 ]
192 }
193 },
194 "resources": [],
195 "dependsOn": [
196 "[resourceId('Microsoft.Storage/storageAccounts', variables('storage-name'))]",
197 "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('vm-prefix'), variables('names')[1]))]"
198 ]
199 },
200 {
201 "type": "Microsoft.Compute/virtualMachines/extensions",
202 "name": "[concat(variables('vm-prefix'), variables('names')[1], '/', 'script')]",
203 "apiVersion": "2015-05-01-preview",
204 "location": "[resourceGroup().location]",
205 "dependsOn": [
206 "[concat(variables('vm-prefix'), variables('names')[1])]"
207 ],
208 "properties": {
209 "publisher": "Microsoft.Azure.Extensions",
210 "type": "CustomScript",
211 "typeHandlerVersion": "2.0",
212 "autoUpgradeMinorVersion": true,
213 "settings": {
214 "fileUris": [
215 "https://linux.azure.david.betz.space/raw/secure-sshd/sshd-service-setup.sh"
216 ],
217 "commandToExecute": "sh sshd-service-setup.sh"
218 }
219 }
220 },
221 {
222 "comments": "",
223 "type": "Microsoft.Network/networkInterfaces",
224 "name": "[concat(variables('nic-prefix'), variables('names')[0])]",
225 "apiVersion": "2017-03-01",
226 "location": "[resourceGroup().location]",
227 "properties": {
228 "ipConfigurations": [
229 {
230 "name": "ifconfig1",
231 "properties": {
232 "privateIPAddress": "[concat('10.', variables('vnet-subnet01-octet'), '.0.4')]",
233 "privateIPAllocationMethod": "Static",
234 "publicIPAddress": {
235 "id": "[resourceId('Microsoft.Network/publicIPAddresses', concat(variables('ip-prefix'), variables('names')[0]))]"
236 },
237 "subnet": {
238 "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', variables('vnet-name')), '/subnets/subnet01')]"
239 }
240 }
241 }
242 ],
243 "dnsSettings": {
244 "dnsServers": []
245 },
246 "enableIPForwarding": false,
247 "networkSecurityGroup": {
248 "id": "[resourceId('Microsoft.Network/networkSecurityGroups', concat(variables('nsg-prefix'), variables('names')[0]))]"
249 }
250 },
251 "resources": [],
252 "dependsOn": [
253 "[resourceId('Microsoft.Network/publicIPAddresses', concat(variables('ip-prefix'), variables('names')[0]))]",
254 "[resourceId('Microsoft.Network/virtualNetworks', variables('vnet-name'))]",
255 "[resourceId('Microsoft.Network/networkSecurityGroups', concat(variables('nsg-prefix'), variables('names')[0]))]"
256 ]
257 },
258 {
259 "comments": "",
260 "type": "Microsoft.Network/networkInterfaces",
261 "name": "[concat(variables('vm-prefix'), variables('names')[0], '-', variables('names')[1])]",
262 "apiVersion": "2017-03-01",
263 "location": "[resourceGroup().location]",
264 "properties": {
265 "ipConfigurations": [
266 {
267 "name": "ifconfig",
268 "properties": {
269 "privateIPAddress": "[concat('10.', variables('vnet-subnet02-octet'), '.0.4')]",
270 "privateIPAllocationMethod": "Static",
271 "subnet": {
272 "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', variables('vnet-name')), '/subnets/subnet02')]"
273 }
274 }
275 }
276 ],
277 "dnsSettings": {
278 "dnsServers": []
279 },
280 "enableIPForwarding": false,
281 "networkSecurityGroup": {
282 "id": "[resourceId('Microsoft.Network/networkSecurityGroups', concat(variables('nsg-prefix'), variables('names')[0]))]"
283 }
284 },
285 "resources": [],
286 "dependsOn": [
287 "[resourceId('Microsoft.Network/virtualNetworks', variables('vnet-name'))]",
288 "[resourceId('Microsoft.Network/networkSecurityGroups', concat(variables('nsg-prefix'), variables('names')[0]))]"
289 ]
290 },
291 {
292 "comments": "",
293 "type": "Microsoft.Network/networkInterfaces",
294 "name": "[concat(variables('vm-prefix'), variables('names')[1])]",
295 "apiVersion": "2017-03-01",
296 "location": "[resourceGroup().location]",
297 "properties": {
298 "ipConfigurations": [
299 {
300 "name": "ifconfig",
301 "properties": {
302 "privateIPAddress": "[concat('10.', variables('vnet-subnet02-octet'), '.0.5')]",
303 "privateIPAllocationMethod": "Static",
304 "publicIPAddress": {
305 "id": "[resourceId('Microsoft.Network/publicIPAddresses', concat(variables('ip-prefix'), variables('names')[1]))]"
306 },
307 "subnet": {
308 "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', variables('vnet-name')), '/subnets/subnet02')]"
309 }
310 }
311 }
312 ],
313 "dnsSettings": {
314 "dnsServers": []
315 },
316 "enableIPForwarding": false,
317 "networkSecurityGroup": {
318 "id": "[resourceId('Microsoft.Network/networkSecurityGroups', concat(variables('nsg-prefix'), variables('names')[1]))]"
319 }
320 },
321 "resources": [],
322 "dependsOn": [
323 "[resourceId('Microsoft.Network/publicIPAddresses', concat(variables('ip-prefix'), variables('names')[1]))]",
324 "[resourceId('Microsoft.Network/virtualNetworks', variables('vnet-name'))]",
325 "[resourceId('Microsoft.Network/networkSecurityGroups', concat(variables('nsg-prefix'), variables('names')[1]))]"
326 ]
327 },
328 {
329 "comments": "",
330 "type": "Microsoft.Network/virtualNetworks",
331 "name": "[variables('vnet-name')]",
332 "apiVersion": "2017-03-01",
333 "location": "[resourceGroup().location]",
334 "properties": {
335 "addressSpace": {
336 "addressPrefixes": [
337 "[variables('vnet-address-space')]"
338 ]
339 },
340 "subnets": [
341 {
342 "name": "subnet01",
343 "properties": {
344 "addressPrefix": "[concat('10.', variables('vnet-subnet01-octet'), '.0.0/16')]"
345 }
346 },
347 {
348 "name": "subnet02",
349 "properties": {
350 "addressPrefix": "[concat('10.', variables('vnet-subnet02-octet'), '.0.0/16')]"
351 }
352 }
353 ]
354 },
355 "resources": [],
356 "dependsOn": []
357 },
358 {
359 "comments": "",
360 "type": "Microsoft.Network/networkSecurityGroups",
361 "name": "[concat(variables('nsg-prefix'), variables('names')[0])]",
362 "apiVersion": "2017-03-01",
363 "location": "[resourceGroup().location]",
364 "properties": {
365 "securityRules": [
366 {
367 "name": "default-allow-ssh",
368 "properties": {
369 "protocol": "Tcp",
370 "sourcePortRange": "*",
371 "destinationPortRange": "22",
372 "sourceAddressPrefix": "*",
373 "destinationAddressPrefix": "*",
374 "access": "Allow",
375 "priority": 1000,
376 "direction": "Inbound"
377 }
378 },
379 {
380 "name": "http",
381 "properties": {
382 "protocol": "Tcp",
383 "sourcePortRange": "*",
384 "destinationPortRange": "80",
385 "sourceAddressPrefix": "*",
386 "destinationAddressPrefix": "*",
387 "access": "Allow",
388 "priority": 1100,
389 "direction": "Inbound"
390 }
391 },
392 {
393 "name": "https",
394 "properties": {
395 "protocol": "Tcp",
396 "sourcePortRange": "*",
397 "destinationPortRange": "443",
398 "sourceAddressPrefix": "*",
399 "destinationAddressPrefix": "*",
400 "access": "Allow",
401 "priority": 1200,
402 "direction": "Inbound"
403 }
404 }
405 ]
406 },
407 "resources": [],
408 "dependsOn": []
409 },
410 {
411 "comments": "",
412 "type": "Microsoft.Network/networkSecurityGroups",
413 "name": "[concat(variables('nsg-prefix'), variables('names')[1])]",
414 "apiVersion": "2017-03-01",
415 "location": "[resourceGroup().location]",
416 "properties": {
417 "securityRules": [
418 {
419 "name": "default-allow-ssh",
420 "properties": {
421 "protocol": "Tcp",
422 "sourcePortRange": "*",
423 "destinationPortRange": "22",
424 "sourceAddressPrefix": "*",
425 "destinationAddressPrefix": "*",
426 "access": "Allow",
427 "priority": 1000,
428 "direction": "Inbound"
429 }
430 },
431 {
432 "name": "default-allow-sshalt",
433 "properties": {
434 "protocol": "Tcp",
435 "sourcePortRange": "*",
436 "destinationPortRange": "2222",
437 "sourceAddressPrefix": "*",
438 "destinationAddressPrefix": "*",
439 "access": "Allow",
440 "priority": 1100,
441 "direction": "Inbound"
442 }
443 }
444 ]
445 },
446 "resources": [],
447 "dependsOn": []
448 },
449 {
450 "comments": "",
451 "type": "Microsoft.Storage/storageAccounts",
452 "sku": {
453 "name": "Standard_LRS",
454 "tier": "Standard"
455 },
456 "kind": "Storage",
457 "name": "[variables('storage-name')]",
458 "apiVersion": "2016-01-01",
459 "location": "[resourceGroup().location]",
460 "tags": {},
461 "properties": { },
462 "resources": [],
463 "dependsOn": []
464 }
465 ],
466 "outputs": {
467 "alpha": {
468 "type": "string",
469 "value": "[concat('ssh ', variables('unique-prefix'), '-', variables('names')[0], '.', resourceGroup().location, '.cloudapp.azure.com')]"
470 },
471 "beta": {
472 "type": "string",
473 "value": "[concat('ssh ', variables('unique-prefix'), '-', variables('names')[1], '.', resourceGroup().location, '.cloudapp.azure.com')]"
474 }
475 }
476 }
477
478
479
480
481