Altinn · arealmaas · Aug 5, 2024 · Aug 1, 2024 · Aug 2, 2024 · Aug 2, 2024
@@ -150,6 +150,20 @@ var srcKeyVault = {
   resourceGroupName: secrets.sourceKeyVaultResourceGroup
 }
 
+module sshJumper '../modules/ssh-jumper/main.bicep' = {
+  scope: resourceGroup
+  name: 'sshJumper'
+  params: {
+    namePrefix: namePrefix
+    location: location
+    subnetId: vnet.outputs.defaultSubnetId
+    tags: tags
+    srcKeyVaultName: secrets.sourceKeyVaultName
+    srcKeyVaultSubId: secrets.sourceKeyVaultSubscriptionId
+    srcKeyVaultRGNName: secrets.sourceKeyVaultResourceGroup
+  }
+}
+
 module postgresql '../modules/postgreSql/create.bicep' = {
   scope: resourceGroup
   name: 'postgresql'

@@ -0,0 +1,143 @@
+@description('The name prefix to be used for the resource')
+param namePrefix string
+
+@description('The location to deploy the resource to')
+param location string
+
+@description('The subnet to deploy the network interface to')
+param subnetId string
+
+@description('Tags to be applied to the resource')
+param tags object
+
+@description('The name of the source Key Vault')
+param srcKeyVaultName string
+
+@description('The subscription ID of the source Key Vault')
+param srcKeyVaultSubId string
+
+@description('The resource group name of the source Key Vault')
+param srcKeyVaultRGNName string
+
+var name = '${namePrefix}-jumper'
+
+resource srcKeyVaultResource 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
+  name: srcKeyVaultName
+  scope: resourceGroup(srcKeyVaultSubId, srcKeyVaultRGNName)
+}
+
+resource publicIp 'Microsoft.Network/publicIPAddresses@2023-11-01' = {
+  name: '${name}-ip'
+  location: location
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+  zones: [
+    '1'
+  ]
+  properties: {
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+    idleTimeoutInMinutes: 4
+    ipTags: []
+  }
+  tags: tags
+}
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2023-11-01' = {
+  name: name
+  location: location
+  properties: {
+    ipConfigurations: [
+      {
+        name: '${name}-ipconfig'
+        type: 'Microsoft.Network/networkInterfaces/ipConfigurations'
+        properties: {
+          privateIPAddress: '10.0.0.5'
+          privateIPAllocationMethod: 'Dynamic'
+          publicIPAddress: {
+            id: publicIp.id
+            properties: {
+              deleteOption: 'Delete'
+            }
+          }
+          subnet: {
+            id: subnetId
+          }
+          primary: true
+          privateIPAddressVersion: 'IPv4'
+        }
+      }
+    ]
+    dnsSettings: {
+      dnsServers: []
+    }
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    disableTcpStateTracking: false
+    nicType: 'Standard'
+    auxiliaryMode: 'None'
+    auxiliarySku: 'None'
+  }
+}
+
+module virtualMachine '../../modules/virtualMachine/main.bicep' = {
+  name: name
+  params: {
+    name: name
+    // todo: remove hardcoded environment, use naming convention here. 
+    sshKeyData: srcKeyVaultResource.getSecret('dialogportenJumperTestSSH')
+    location: location
+    tags: tags
+    hardwareProfile: {
+      vmSize: 'Standard_B1s'
+    }
+    additionalCapabilities: {
+      hibernationEnabled: false
+    }
+    storageProfile: {
+      imageReference: {
+        publisher: 'canonical'
+        offer: '0001-com-ubuntu-server-focal'
+        sku: '20_04-lts-gen2'
+        version: 'latest'
+      }
+      osDisk: {
+        osType: 'Linux'
+        name: '${name}-osdisk'
+        createOption: 'FromImage'
+        caching: 'ReadWrite'
+        managedDisk: {
+          storageAccountType: 'Premium_LRS'
+        }
+        deleteOption: 'Delete'
+        diskSizeGB: 30
+      }
+      dataDisks: []
+      diskControllerType: 'SCSI'
+    }
+    securityProfile: {
+      uefiSettings: {
+        secureBootEnabled: true
+        vTpmEnabled: true
+      }
+      securityType: 'TrustedLaunch'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            deleteOption: 'Delete'
+          }
+        }
+      ]
+    }
+    diagnosticsProfile: {
+      bootDiagnostics: {
+        enabled: true
+      }
+    }
+  }
+}
@@ -0,0 +1,117 @@
+param name string
+param location string
+param tags object
+
+type HardwareProfile = {
+  vmSize: string
+}
+@description('Specifies the hardware profile for the virtual machine')
+param hardwareProfile HardwareProfile
+
+type AdditionalCapabilities = {
+  hibernationEnabled: bool
+}
+@description('Specifies the additional capabilities for the virtual machine')
+param additionalCapabilities AdditionalCapabilities
+
+type SecurityProfile = {
+  uefiSettings: {
+    secureBootEnabled: bool
+    vTpmEnabled: bool
+  }
+  securityType: string
+}
+@description('Specifies the security profile for the virtual machine')
+param securityProfile SecurityProfile
+
+type NetworkInterface = {
+  id: string
+  properties: {
+    deleteOption: string
+  }
+}
+type NetworkProfile = {
+  networkInterfaces: NetworkInterface[]
+}
+@description('Specifies the network profile for the virtual machine')
+param networkProfile NetworkProfile
+
+type DiagnosticsProfile = {
+  bootDiagnostics: {
+    enabled: bool
+  }
+}
+@description('Specifies the diagnostics profile for the virtual machine')
+param diagnosticsProfile DiagnosticsProfile
+
+type StorageProfile = {
+  imageReference: {
+    publisher: string
+    offer: string
+    sku: string
+    version: string
+  }
+  osDisk: {
+    osType: string
+    name: string
+    createOption: string
+    caching: string
+    managedDisk: {
+      storageAccountType: string
+    }
+    deleteOption: string
+    diskSizeGB: int
+  }
+  dataDisks: array
+  diskControllerType: string
+}
+@description('Specifies the storage profile for the virtual machine')
+param storageProfile StorageProfile
+
+@description('Specifies the SSH key data for the virtual machine')
+@secure()
+param sshKeyData string
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2024-03-01' = {
+  name: name
+  location: location
+  zones: [
+    '1'
+  ]
+  properties: {
+    hardwareProfile: hardwareProfile
+    additionalCapabilities: additionalCapabilities
+    storageProfile: storageProfile
+    osProfile: {
+      computerName: name
+      adminUsername: name
+      linuxConfiguration: {
+        disablePasswordAuthentication: true
+        ssh: {
+          publicKeys: [
+            {
+              path: '/home/${name}/.ssh/authorized_keys'
+              keyData: sshKeyData
+            }
+          ]
+        }
+        provisionVMAgent: true
+        patchSettings: {
+          patchMode: 'AutomaticByPlatform'
+          automaticByPlatformSettings: {
+            rebootSetting: 'IfRequired'
+            bypassPlatformSafetyChecksOnUserSchedule: false
+          }
+          assessmentMode: 'ImageDefault'
+        }
+      }
+      secrets: []
+      allowExtensionOperations: true
+      requireGuestProvisionSignal: true
+    }
+    securityProfile: securityProfile
+    networkProfile: networkProfile
+    diagnosticsProfile: diagnosticsProfile
+  }
+  tags: tags
+}