Restructure into modules to enable persistent disk

This commit is contained in:
2025-10-04 16:57:12 +02:00
parent 3cfe796184
commit 8d2fc90a25
12 changed files with 253 additions and 194 deletions
+2 -2
View File
@@ -4,12 +4,12 @@ This terraform template sets up the infrastructur to enable remote gaming / stre
# TODO # TODO
- [ ] Fix missing audio device on vm - [x] Fix missing audio device on vm
- [ ] Remove Tailscale plaintext auth-key from provisioning scripts and registry run entry - [ ] Remove Tailscale plaintext auth-key from provisioning scripts and registry run entry
- [ ] Replace Tailscale by native VPN - [ ] Replace Tailscale by native VPN
- [ ] Check if public IP is even needed - [ ] Check if public IP is even needed
- [ ] Persist moonlight configuration between deployments - [ ] Persist moonlight configuration between deployments
- [ ] Install Steam - [x] Install Steam
- [ ] Integrate budget watcher into terraform config - [ ] Integrate budget watcher into terraform config
- [ ] Is there a quicker way to download the installers? Invoke-WebRequest is insanely slow - [ ] Is there a quicker way to download the installers? Invoke-WebRequest is insanely slow
- [ ] Skip Windows OOTB tracking bullshit - [ ] Skip Windows OOTB tracking bullshit
+11 -119
View File
@@ -1,125 +1,17 @@
terraform { module "ephemeral" {
required_providers { source = "./modules/ephemeral"
azurerm = {
source = "hashicorp/azurerm"
version = ">= 4.46"
}
}
required_version = ">= 1.0.0"
}
provider "azurerm" {
subscription_id = var.subscription_id subscription_id = var.subscription_id
prefix = var.prefix
features {} location = var.location
tailscale_authkey = var.tailscale_authkey
datadisk_id = module.persistent.datadisk_id
vm_admin_username = var.vm_admin_username
} }
resource "azurerm_resource_group" "rg" { module "persistent" {
name = "${var.prefix}-rg" source = "./modules/persistent"
prefix = var.prefix
location = var.location location = var.location
} }
resource "azurerm_virtual_network" "vnet" {
name = "${var.prefix}-vnet"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
address_space = var.vnet_address_space
}
resource "azurerm_public_ip" "pip" {
name = "${var.prefix}-pip"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_subnet" "workload_subnet" {
name = "${var.prefix}-workload-subnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = var.workload_subnet_address_prefixes
}
resource "azurerm_network_interface" "vm_nic" {
name = "${var.prefix}-vm-nic"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.workload_subnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.pip.id
}
}
resource "azurerm_managed_disk" "data_disk" {
name = "${var.prefix}-winvm-datadisk"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
storage_account_type = "Premium_LRS"
create_option = "Empty"
disk_size_gb = var.datadisk_size_gb
lifecycle {
prevent_destroy = true
}
}
resource "random_password" "admin_password" {
length = 16
special = false
}
resource "azurerm_windows_virtual_machine" "vm" {
name = "${var.prefix}-winvm"
computer_name = var.prefix
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
size = var.vm_size
priority = var.vm_priority
eviction_policy = var.vm_priority == "Spot" ? "Deallocate" : null
admin_username = var.vm_admin_username
admin_password = random_password.admin_password.result
network_interface_ids = [
azurerm_network_interface.vm_nic.id
]
os_disk {
caching = "ReadWrite"
storage_account_type = "Premium_LRS"
}
source_image_reference {
publisher = "MicrosoftWindowsDesktop"
offer = "Windows-10"
sku = "win10-22h2-pro"
version = "latest"
}
}
resource "azurerm_virtual_machine_data_disk_attachment" "data_disk_attachment" {
managed_disk_id = azurerm_managed_disk.data_disk.id
virtual_machine_id = azurerm_windows_virtual_machine.vm.id
lun = var.datadisk_lun
caching = "ReadWrite"
}
resource "azurerm_virtual_machine_extension" "provision_software" {
name = "provision-software"
virtual_machine_id = azurerm_windows_virtual_machine.vm.id
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
type_handler_version = "1.10"
depends_on = [azurerm_virtual_machine_data_disk_attachment.data_disk_attachment]
protected_settings = <<SETTINGS
{
"commandToExecute": "powershell -command \"[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('${base64encode(templatefile("${path.module}/scripts/provision-software.ps1.tpl", { tailscale_authkey = var.tailscale_authkey, datadisk_lun = var.datadisk_lun, datadisk_drive_letter = var.datadisk_drive_letter }))}')) | Out-File -filepath provision-software.ps1\" && powershell -ExecutionPolicy Unrestricted -File provision-software.ps1"
}
SETTINGS
}
+96
View File
@@ -0,0 +1,96 @@
resource "azurerm_resource_group" "rg" {
name = "${var.prefix}-ephemeral-rg"
location = var.location
}
resource "azurerm_virtual_network" "vnet" {
name = "${var.prefix}-vnet"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
address_space = var.vnet_address_space
}
resource "azurerm_public_ip" "pip" {
name = "${var.prefix}-pip"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_subnet" "workload_subnet" {
name = "${var.prefix}-workload-subnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = var.workload_subnet_address_prefixes
}
resource "azurerm_network_interface" "vm_nic" {
name = "${var.prefix}-vm-nic"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.workload_subnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.pip.id
}
}
resource "random_password" "admin_password" {
length = 16
special = false
}
resource "azurerm_windows_virtual_machine" "vm" {
name = "${var.prefix}-winvm"
computer_name = var.prefix
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
size = var.vm_size
priority = var.vm_priority
eviction_policy = var.vm_priority == "Spot" ? "Deallocate" : null
admin_username = var.vm_admin_username
admin_password = random_password.admin_password.result
network_interface_ids = [
azurerm_network_interface.vm_nic.id
]
os_disk {
caching = "ReadWrite"
storage_account_type = "Premium_LRS"
}
source_image_reference {
publisher = "MicrosoftWindowsDesktop"
offer = "Windows-10"
sku = "win10-22h2-pro"
version = "latest"
}
}
resource "azurerm_virtual_machine_data_disk_attachment" "data_disk_attachment" {
managed_disk_id = var.datadisk_id
virtual_machine_id = azurerm_windows_virtual_machine.vm.id
lun = var.datadisk_lun
caching = "ReadWrite"
}
resource "azurerm_virtual_machine_extension" "provision_software" {
name = "provision-software"
virtual_machine_id = azurerm_windows_virtual_machine.vm.id
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
type_handler_version = "1.10"
depends_on = [azurerm_virtual_machine_data_disk_attachment.data_disk_attachment]
protected_settings = <<SETTINGS
{
"commandToExecute": "powershell -command \"[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('${base64encode(templatefile("${path.module}/scripts/provision-software.ps1.tpl", { tailscale_authkey = var.tailscale_authkey, datadisk_lun = var.datadisk_lun, datadisk_drive_letter = var.datadisk_drive_letter }))}')) | Out-File -filepath provision-software.ps1\" && powershell -ExecutionPolicy Unrestricted -File provision-software.ps1"
}
SETTINGS
}
+4
View File
@@ -0,0 +1,4 @@
output "vm_admin_password" {
sensitive = true
value = random_password.admin_password.result
}
@@ -14,6 +14,9 @@ $AmdDriverUri = 'https://download.microsoft.com/download/44ee0d6c-74dd-4214-b6d5
$AmdDriverExe = 'amd-gpu-driver.exe' $AmdDriverExe = 'amd-gpu-driver.exe'
$AmdDriverInstallLog = "$PWD\amd-gpu-driver-install.log" $AmdDriverInstallLog = "$PWD\amd-gpu-driver-install.log"
$VBCableUri = 'https://download.vb-audio.com/Download_CABLE/VBCABLE_Driver_Pack45.zip'
$VBCableZip = 'vbcable.zip'
$SunshineInstallerUri = 'https://github.com/LizardByte/Sunshine/releases/latest/download/Sunshine-Windows-AMD64-installer.exe' $SunshineInstallerUri = 'https://github.com/LizardByte/Sunshine/releases/latest/download/Sunshine-Windows-AMD64-installer.exe'
$SunshineInstallerExe = 'sunshine-installer.exe' $SunshineInstallerExe = 'sunshine-installer.exe'
@@ -71,6 +74,22 @@ Start-Process $AmdDriverExe -ArgumentList '-install', '-log', $AmdDriverInstallL
Write-Host 'Done installing AMD GPU driver' Write-Host 'Done installing AMD GPU driver'
##
# Virtual Cable audio device driver
Write-Host 'Installing Virtual Cable audio device driver'
Write-Host "Downloading VBCable from $VBCableUri to $VBCableZip"
Invoke-WebRequest -UseDefaultCredentials -Uri $VBCableUri -OutFile $VBCableZip
$VBCableExtracted = 'vbcable'
Write-Host "Extracting $VBCableZip to $VBCableExtracted"
Expand-Archive $VBCableZip -DestinationPath 'vbcable'
Write-Host 'Installing VBCable from installer'
Start-Process "vbcable\VBCABLE_Setup_x64.exe" -ArgumentList '-i', '-h' -Wait -NoNewWindow -PassThru
Write-Host 'Done installing Virtual Cable audio device driver'
## ##
# Sunshine # Sunshine
Write-Host "Installing Sunshine" Write-Host "Installing Sunshine"
+67
View File
@@ -0,0 +1,67 @@
variable "subscription_id" {
description = "Subscription ID of the subscription for gaming related stuff"
type = string
}
# The prefix must not be changed, sice the budget watcher deletes the resource group wa5p-gaming-rg when budget is exceeded
variable "prefix" {
description = "Prefix for gaming related ressources"
type = string
}
variable "location" {
description = "Location for gaming related ressources, should be as close as possible for low latency"
type = string
}
variable "vnet_address_space" {
description = "List of IP nets for gaming vnet"
type = list(string)
default = ["10.0.1.0/24"]
}
variable "workload_subnet_address_prefixes" {
description = "IP subnet address prefixes for workload subnet"
type = list(string)
default = ["10.0.1.128/25"]
}
variable "vm_size" {
description = "SKU of the vm to be deployed, should be a GPU optimized vm"
type = string
default = "Standard_NG16ads_V620_v1"
}
variable "vm_priority" {
description = "Priority of the VM, can be Regular or Spot. Spot is cheaper, but can be evicted at any time"
type = string
default = "Regular"
}
variable "vm_admin_username" {
description = "VM admin username, password will be generated randomly"
type = string
}
variable "datadisk_id" {
description = "ID of the persistent datadisk"
type = string
}
variable "datadisk_lun" {
description = "Location identifier, this is used to identify the disk within the VM"
type = string
default = "10"
}
variable "datadisk_drive_letter" {
description = "Drive letter to mount the datadisk to"
type = string
default = "Z"
}
variable "tailscale_authkey" {
description = "Tailscale auth key for unattended login"
type = string
sensitive = true
}
+17
View File
@@ -0,0 +1,17 @@
resource "azurerm_resource_group" "rg" {
name = "${var.prefix}-persistent-rg"
location = var.location
}
resource "azurerm_managed_disk" "data_disk" {
name = "${var.prefix}-winvm-datadisk"
location = var.location
resource_group_name = azurerm_resource_group.rg.name
storage_account_type = "Premium_LRS"
create_option = "Empty"
disk_size_gb = var.datadisk_size_gb
lifecycle {
prevent_destroy = true
}
}
+3
View File
@@ -0,0 +1,3 @@
output "datadisk_id" {
value = azurerm_managed_disk.data_disk.id
}
+16
View File
@@ -0,0 +1,16 @@
# The prefix must not be changed, sice the budget watcher deletes the resource group wa5p-gaming-rg when budget is exceeded
variable "prefix" {
description = "Prefix for gaming related ressources"
type = string
}
variable "location" {
description = "Location of the deployments"
type = string
}
variable "datadisk_size_gb" {
description = "Size of the persisted datadisk in gb"
type = number
default = 1024
}
+1 -5
View File
@@ -1,8 +1,4 @@
output "windows_vm_private_ip" {
value = azurerm_network_interface.vm_nic.private_ip_address
}
output "vm_admin_password" { output "vm_admin_password" {
sensitive = true sensitive = true
value = random_password.admin_password.result value = module.ephemeral.vm_admin_password
} }
+15
View File
@@ -0,0 +1,15 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">= 4.46"
}
}
required_version = ">= 1.0.0"
}
provider "azurerm" {
subscription_id = var.subscription_id
features {}
}
+1 -67
View File
@@ -4,6 +4,7 @@ variable "subscription_id" {
default = "90aed1cc-9b7f-4d3d-b2b9-b3654b49835e" default = "90aed1cc-9b7f-4d3d-b2b9-b3654b49835e"
} }
# The prefix must not be changed, sice the budget watcher deletes the resource group wa5p-gaming-rg when budget is exceeded # The prefix must not be changed, sice the budget watcher deletes the resource group wa5p-gaming-rg when budget is exceeded
variable "prefix" { variable "prefix" {
description = "Prefix for gaming related ressources" description = "Prefix for gaming related ressources"
@@ -17,78 +18,11 @@ variable "location" {
default = "westeurope" default = "westeurope"
} }
variable "vnet_address_space" {
description = "List of IP nets for gaming vnet"
type = list(string)
default = ["10.0.1.0/24"]
}
variable "gateway_subnet_address_prefixes" {
description = "IP prexixes for vpn gateway subnet (currently only one allowed)"
type = list(string)
default = ["10.0.1.0/25"]
}
variable "vpn_gateway_sku" {
description = "SKU of VPN gateway"
type = string
default = "VpnGw1"
}
variable "vpn_client_address_space" {
description = "Private IP addresses to be assigned to the connecting clients, must not overlap with any other assignment (in cloud or on premise)"
type = list(string)
default = ["10.123.1.0/24"]
}
variable "root_certificate_name" {
description = "Name of the root certificate used for vpn authentication (CN in generation command)"
type = string
default = "p2s-root-01"
}
variable "workload_subnet_address_prefixes" {
description = "IP subnet address prefixes for workload subnet, must be in same vnet as gateway subnet"
type = list(string)
default = ["10.0.1.128/25"]
}
variable "vm_size" {
description = "SKU of the vm to be deployed, should be a GPU optimized vm"
type = string
default = "Standard_NG16ads_V620_v1"
}
variable "vm_priority" {
description = "Priority of the VM, can be Regular or Spot. Spot is cheaper, but can be evicted at any time"
type = string
default = "Regular"
}
variable "vm_admin_username" { variable "vm_admin_username" {
description = "VM admin username, password will be generated randomly" description = "VM admin username, password will be generated randomly"
type = string type = string
default = "jona" default = "jona"
} }
variable "datadisk_size_gb" {
description = "Size of the persisted datadisk in gb"
type = number
default = 1024
}
variable "datadisk_lun" {
description = "Location identifier, this is used to identify the disk within the VM"
type = string
default = "10"
}
variable "datadisk_drive_letter" {
description = "Drive letter to mount the datadisk to"
type = string
default = "Z"
}
variable "tailscale_authkey" { variable "tailscale_authkey" {
description = "Tailscale auth key for unattended login" description = "Tailscale auth key for unattended login"
type = string type = string