Use Tailscale and Moonlight to enable remote gaming
This commit is contained in:
@@ -26,53 +26,14 @@ resource "azurerm_virtual_network" "vnet" {
|
||||
address_space = var.vnet_address_space
|
||||
}
|
||||
|
||||
# IMPORTANT: GatewaySubnet must be named "GatewaySubnet"
|
||||
resource "azurerm_subnet" "gateway_subnet" {
|
||||
name = "GatewaySubnet"
|
||||
resource_group_name = azurerm_resource_group.rg.name
|
||||
virtual_network_name = azurerm_virtual_network.vnet.name
|
||||
address_prefixes = var.gateway_subnet_address_prefixes
|
||||
}
|
||||
|
||||
resource "azurerm_public_ip" "vpn_gateway_pip" {
|
||||
name = "${var.prefix}-vpn-gw-pip"
|
||||
resource "azurerm_public_ip" "pip" {
|
||||
name = "${var.prefix}-pip"
|
||||
resource_group_name = azurerm_resource_group.rg.name
|
||||
location = azurerm_resource_group.rg.location
|
||||
allocation_method = "Static"
|
||||
sku = "Standard"
|
||||
}
|
||||
|
||||
data "local_sensitive_file" "root_certificate" {
|
||||
filename = "${path.module}/certificates/vpn-root.crt"
|
||||
}
|
||||
|
||||
resource "azurerm_virtual_network_gateway" "vpn_gw" {
|
||||
name = "${var.prefix}-vpngw"
|
||||
location = azurerm_resource_group.rg.location
|
||||
resource_group_name = azurerm_resource_group.rg.name
|
||||
|
||||
type = "Vpn"
|
||||
vpn_type = "RouteBased"
|
||||
|
||||
sku = var.vpn_gateway_sku
|
||||
|
||||
ip_configuration {
|
||||
name = "vpngw-ipcfg"
|
||||
public_ip_address_id = azurerm_public_ip.vpn_gateway_pip.id
|
||||
subnet_id = azurerm_subnet.gateway_subnet.id
|
||||
}
|
||||
|
||||
# Point-to-site configuration using certificate auth
|
||||
vpn_client_configuration {
|
||||
address_space = var.vpn_client_address_space
|
||||
|
||||
root_certificate {
|
||||
name = var.root_certificate_name
|
||||
public_cert_data = data.local_sensitive_file.root_certificate.content
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "azurerm_subnet" "workload_subnet" {
|
||||
name = "${var.prefix}-workload-subnet"
|
||||
resource_group_name = azurerm_resource_group.rg.name
|
||||
@@ -80,25 +41,6 @@ resource "azurerm_subnet" "workload_subnet" {
|
||||
address_prefixes = var.workload_subnet_address_prefixes
|
||||
}
|
||||
|
||||
resource "azurerm_network_security_group" "vm_nsg" {
|
||||
name = "${var.prefix}-vm-nsg"
|
||||
location = azurerm_resource_group.rg.location
|
||||
resource_group_name = azurerm_resource_group.rg.name
|
||||
|
||||
# Allow RDP from VPN client address pool
|
||||
security_rule {
|
||||
name = "Allow-RDP-From-VPN"
|
||||
priority = 100
|
||||
direction = "Inbound"
|
||||
access = "Allow"
|
||||
protocol = "Tcp"
|
||||
source_port_range = "*"
|
||||
destination_port_range = "3389"
|
||||
source_address_prefixes = var.vpn_client_address_space
|
||||
destination_address_prefix = "*"
|
||||
}
|
||||
}
|
||||
|
||||
resource "azurerm_network_interface" "vm_nic" {
|
||||
name = "${var.prefix}-vm-nic"
|
||||
location = azurerm_resource_group.rg.location
|
||||
@@ -108,14 +50,10 @@ resource "azurerm_network_interface" "vm_nic" {
|
||||
name = "internal"
|
||||
subnet_id = azurerm_subnet.workload_subnet.id
|
||||
private_ip_address_allocation = "Dynamic"
|
||||
public_ip_address_id = azurerm_public_ip.pip.id
|
||||
}
|
||||
}
|
||||
|
||||
resource "azurerm_network_interface_security_group_association" "vm_nsg_assoc" {
|
||||
network_interface_id = azurerm_network_interface.vm_nic.id
|
||||
network_security_group_id = azurerm_network_security_group.vm_nsg.id
|
||||
}
|
||||
|
||||
resource "random_password" "admin_password" {
|
||||
length = 16
|
||||
special = false
|
||||
@@ -126,7 +64,7 @@ resource "azurerm_windows_virtual_machine" "vm" {
|
||||
computer_name = var.prefix
|
||||
resource_group_name = azurerm_resource_group.rg.name
|
||||
location = azurerm_resource_group.rg.location
|
||||
size = "Standard_NG8ads_V620_v1"
|
||||
size = var.vm_size
|
||||
|
||||
admin_username = var.vm_admin_username
|
||||
admin_password = random_password.admin_password.result
|
||||
@@ -141,9 +79,23 @@ resource "azurerm_windows_virtual_machine" "vm" {
|
||||
}
|
||||
|
||||
source_image_reference {
|
||||
publisher = "MicrosoftWindowsServer"
|
||||
offer = "WindowsServer"
|
||||
sku = "2019-Datacenter"
|
||||
publisher = "MicrosoftWindowsDesktop"
|
||||
offer = "Windows-10"
|
||||
sku = "win10-22h2-pro"
|
||||
version = "latest"
|
||||
}
|
||||
}
|
||||
|
||||
resource "azurerm_virtual_machine_extension" "provision_software" {
|
||||
name = "provision-software"
|
||||
virtual_machine_id = azurerm_windows_virtual_machine.vm.id
|
||||
publisher = "Microsoft.Compute"
|
||||
type = "CustomScriptExtension"
|
||||
type_handler_version = "1.10"
|
||||
|
||||
protected_settings = <<SETTINGS
|
||||
{
|
||||
"commandToExecute": "powershell -command \"[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('${base64encode(templatefile("${path.module}/scripts/provision-software.ps1.tpl", {tailscale_authkey = var.tailscale_authkey}))}')) | Out-File -filepath provision-software.ps1\" && powershell -ExecutionPolicy Unrestricted -File provision-software.ps1"
|
||||
}
|
||||
SETTINGS
|
||||
}
|
||||
Reference in New Issue
Block a user