ToolJet/terraform/Azure_VM/main.tf

# Define the Azure provider
provider "azurerm" {
  features {}
  subscription_id = var.subscription_id
  client_id       = var.client_id
  client_secret   = var.client_secret
  tenant_id       = var.tenant_id

}

# Generate a TLS private key for SSH access
resource "tls_private_key" "tooljet_key" {
  algorithm = "RSA"
  rsa_bits  = 2048
}

# Resource Group
resource "azurerm_resource_group" "tooljet_rg" {
  name     = var.resource_group_name
  location = var.location
}

# Virtual Network
resource "azurerm_virtual_network" "tooljet_vnet" {
  name                = "TooljetVNet"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.tooljet_rg.location
  resource_group_name = azurerm_resource_group.tooljet_rg.name
}

# Subnet
resource "azurerm_subnet" "tooljet_subnet" {
  name                 = "TooljetSubnet"
  resource_group_name  = azurerm_resource_group.tooljet_rg.name
  virtual_network_name = azurerm_virtual_network.tooljet_vnet.name
  address_prefixes     = ["10.0.1.0/24"]
}

# Public IP
resource "azurerm_public_ip" "tooljet_public_ip" {
  name                = "TooljetPublicIP"
  resource_group_name = azurerm_resource_group.tooljet_rg.name
  location            = azurerm_resource_group.tooljet_rg.location
  allocation_method   = "Static"
  sku                 = "Standard"
}

# # Network Security Group (NSG) with Ingress Rules
# resource "azurerm_network_security_group" "tooljet_nsg" {
#   name                = "TooljetNSG"
#   location            = azurerm_resource_group.tooljet_rg.location
#   resource_group_name = azurerm_resource_group.tooljet_rg.name

#   dynamic "security_rule" {
#     for_each = zip(tolist(["22", "80", "443", "3000"]), range(length(["22", "80", "443", "3000"])))
#     content {
#       name                       = "AllowPort-${security_rule.value}"
#       priority                   = 100 + (security_rule.value * 10) 
#       direction                  = "Inbound"
#       access                     = "Allow"
#       protocol                   = "Tcp"
#       source_port_range          = "*"
#       destination_port_range     = security_rule.value
#       source_address_prefix      = "*"
#       destination_address_prefix = "*"
#     }
#   }
# }

resource "azurerm_network_security_group" "tooljet_nsg" {
  name                = "TooljetNSG"
  location            = azurerm_resource_group.tooljet_rg.location
  resource_group_name = azurerm_resource_group.tooljet_rg.name

  dynamic "security_rule" {
    for_each = {
      "22"   = 100,
      "80"   = 110,
      "443"  = 120,
      "3000" = 130
    }
    content {
      name                       = "AllowPort-${security_rule.key}"
      priority                   = security_rule.value  # Assign priority from the map
      direction                  = "Inbound"
      access                     = "Allow"
      protocol                   = "Tcp"
      source_port_range          = "*"
      destination_port_range     = security_rule.key
      source_address_prefix      = "*"
      destination_address_prefix = "*"
    }
  }
}


# Network Interface with NSG
resource "azurerm_network_interface" "tooljet_nic" {
  name                = "TooljetNIC"
  location            = azurerm_resource_group.tooljet_rg.location
  resource_group_name = azurerm_resource_group.tooljet_rg.name

  ip_configuration {
    name                          = "TooljetIPConfig"
    subnet_id                     = azurerm_subnet.tooljet_subnet.id
    private_ip_address_allocation = "Dynamic"
    public_ip_address_id          = azurerm_public_ip.tooljet_public_ip.id
  }

}

# Associate NSG with Subnet 
resource "azurerm_subnet_network_security_group_association" "tooljet_nsg_association" {
  subnet_id                 = azurerm_subnet.tooljet_subnet.id
  network_security_group_id = azurerm_network_security_group.tooljet_nsg.id
}

# Virtual Machine
resource "azurerm_linux_virtual_machine" "tooljet_vm" {
  name                = "TooljetVM"
  location            = azurerm_resource_group.tooljet_rg.location
  resource_group_name = azurerm_resource_group.tooljet_rg.name
  size                = var.vm_size
  admin_username      = var.vm_admin_username
  network_interface_ids = [azurerm_network_interface.tooljet_nic.id]

  admin_ssh_key {
    username   = var.vm_admin_username
    public_key = tls_private_key.tooljet_key.public_key_openssh
  }

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
    disk_size_gb         = 16
  }

  source_image_reference {
    publisher = "Canonical"
    offer     = "UbuntuServer"
    sku       = "24_04-lts" # equivalent to a recent Ubuntu LTS version
    version   = "latest"
  }


  custom_data = base64encode(file("${path.module}/install_tooljet.sh")) # Assuming the script is in the module path

  tags = {
    Name = "TooljetAppServer"
  }
}