From 5245fdff625dc40043ad07e4515dc77e71ea580b Mon Sep 17 00:00:00 2001
From: arcter <varga.mate@kszk.bme.hu>
Date: Sat, 9 Oct 2021 21:03:43 +0000
Subject: [PATCH] Add Terraform

---
 Ansible/install.yml |  4 ++--
 Terraform/init.sh   | 17 +++++++++++++++
 Terraform/main.tf   | 30 ++++++++++++++++++++++++++
 Terraform/mgmt.tf   | 35 ++++++++++++++++++++++++++++++
 Terraform/test.tf   | 52 +++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 136 insertions(+), 2 deletions(-)
 create mode 100644 Terraform/init.sh
 create mode 100644 Terraform/main.tf
 create mode 100644 Terraform/mgmt.tf
 create mode 100644 Terraform/test.tf

diff --git a/Ansible/install.yml b/Ansible/install.yml
index 2a2122573..9dc822239 100644
--- a/Ansible/install.yml
+++ b/Ansible/install.yml
@@ -10,5 +10,5 @@
   tasks:
     - name: Install Wazuh
       import_tasks: tasks/Security/wazuh.yml
-    - name: Install OSquery
-      import_tasks: tasks/Security/osquery.yml
+    # - name: Install OSquery
+    #   import_tasks: tasks/Security/osquery.yml
diff --git a/Terraform/init.sh b/Terraform/init.sh
new file mode 100644
index 000000000..8e2b1bf72
--- /dev/null
+++ b/Terraform/init.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+source secret/login.sh
+
+PROJ_ID="3547"
+STATE_NAME="hacktivity"
+
+terraform init \
+    -backend-config="address=https://git.sch.bme.hu/api/v4/projects/${PROJ_ID}/terraform/state/${STATE_NAME}" \
+    -backend-config="lock_address=https://git.sch.bme.hu/api/v4/projects/${PROJ_ID}/terraform/state/${STATE_NAME}/lock" \
+    -backend-config="unlock_address=https://git.sch.bme.hu/api/v4/projects/${PROJ_ID}/terraform/state/${STATE_NAME}/lock" \
+    -backend-config="username=${GITLAB_USER}" \
+    -backend-config="password=${GITLAB_REPO_PAT}" \
+    -backend-config="lock_method=POST" \
+    -backend-config="unlock_method=DELETE" \
+    -backend-config="retry_wait_min=5" \
+    -reconfigure
diff --git a/Terraform/main.tf b/Terraform/main.tf
new file mode 100644
index 000000000..73980e795
--- /dev/null
+++ b/Terraform/main.tf
@@ -0,0 +1,30 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "Telmate/proxmox"
+      version = "2.8.0"
+    }
+  }
+  backend "http" {
+  }
+}
+
+provider "proxmox" {
+  pm_api_url      = "https://10.151.107.183:8006/api2/json"
+  pm_tls_insecure = true
+}
+
+locals {
+  ssh_keys = <<EOF
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDa9S7IvNGXgliDMwqSquPg7qXh88sCuX5ZhrYgN/m/rBCNp4mWVzocI29AGreEsSfyQ/SVah7KUrVzVJPFgQOAruq47k0+EyzCp41Y26+cDeGY75aNeLeqLy6YU+pyujaSzVyluZvkPM7Ia8Oo2QoDZuyR/km58z7XenAhj9oZxXy8Jh1qhut6eMLSf8gAdXTUd9KlY02SUpS7bjLl/nfpSjMF7l0fC9ftSIsVhY3CZSKv3P0I4oLF1lH2A2taILuM4tJXjOZ3QkTaCY0Gv59O8telD9R0r/qO4dDShXvI2wF0qe8Qi5MbdrJxLjZcIfIQcV6zXZPsdWQ+JUvKdLjDIA9R4AbYO47yogAZL3F1hfmjyPTVLgZpsD1ZGl04VsynV659mA4eeYyAENnsVOviuLdIQR4ie7sMO/FaORCQ4GXnmM3Cbf/wIW7QWPNGCpE9CQSc3WBlWieU/Yw9sAzSeqHqqVtRly/+Xz2Y0qOm2Y/LpYJrZ+rMUCw8gUhnNvE= arcter (git.sch.bme.hu)
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZ9AKKGaAi+ymkFejNXmU6tynDIEjuCCioGgXHdFqbc5qzam6uFTzADiilNAVkfXWjpgjs0S88IXgMCU1R/lMKvfOWLQpGIxme8xyJeZpzvODNbC3B2WUpPtFXTZALP3lhPHyqYeAFGmr+XlWdyZfWA/uoHe209hJVY1SKkJcN8KSOfbIEF57HzZ960nYWNdKELXBxJlkgWYv+hYRCVZdAMP3m7mGAzMSqPAF2p2VI4b50hLLWRlUay1ejqb8VDhupK+hJmynr05Q8riOXJ7clJYDoDUyqZQhKgvJrUMSB39ZDSFSBF6z0KgdjPQL7JL/gu4NYcQWqRqdCGH3Wv5Nf6Y5CDxLx2+6KZYJBlqBnHQCZwJfASmGMJbeI//b3wANwg4XCH0cugqblqFFaB3H2IrmONnsWtBx4eZTaKAsENOoRcFoDFwQHbq6bLpelZtiwzknswYhnK8wae11uyRQUYk4sQG3BF/0yVnLjY2PtrxmApv3Up6FhXDFCxNiV/yE= arcter (git.sch.bme.hu)
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC84290weXRp0ySrumW5ojOFI1LVQPj3t6RvJHn5C4uJ52087PJ+8kIoek92tCMcS3gKr636CXO3Rr1nTbuSeAhdPbpVmYU6KyGfD63UMavq+BAmAOBj+Ol7c4DxJRkSxalh9Rr3cxdanRlGfd482Yo/OvCK8GNDRtfGqSpFDnTRHj0BJmoFm1HkZUJnRfNN4cNWFwG5OfUiXQ4HU90+77LGvOBwInc/C+hSNl4X5+ZrC1dpedKReSBHl+u2CqxjOT3qowYCruLJwd7QfzCp8i36RtYP+J9hSW7UxEoRxbFY2iAXSzeQZwFTYmUIPMa91/pvAL++ddUyN8Uvky5HAiPS28aWhwhcARYyleKLPv88NGtbHr5tfgkCSjuJVAD9DH+UT6qDbsP+T3Iqy68ufasAPxxyvh9vOc8IqvKBXs/MTc5j8gfO6k48mDXMfhqXC6Cn8sEumB8dR+3X/qGVJbONvDvwf5XrednDThqoOYuiOtzJQfge6e0Eac99W7WrqU= arcter (git.sch.bme.hu)
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDO7xrj6r82D6e8cEAgAomrZ5ln5KQGaCKfGh8eRKRRYZzVW7r16pThZMfq98Klh1fMFD9sGYqaOZSPTkd3HchePDd+YddFJPW8xArVoZ9MmnkEXMA/GJ3632FOEmmYhW2+SvVjtaEw7CnTAWvL6rEmHFJ8F4RIC4z1Vc4tJU5mVs8sKSCEZSSGTepb76LkbEYQ6Gew7x5uvq1WBqbY4MpyLmvZ62cAHVGAwfqbpsCUhkm/WIq7E28RNkjy8L+YeD8Zlil4l+KP2H9ceUC8Oh863HD2ktvXiahTkUnlUaCv+c3ETLG+hnjb0inCv13OJ/lhFrJjIJ+Bq9M1l//8MI4a1/AOlWoLTa8f0FVU3BdjYUY8xLwg2AILluya3VzeAHPnjdFq5SCZFa7ofC+XpY3Lnpj2eB76++1ys0Nf97/rsfhiDbCNZghaeSzhKiv3agzRGyEnwmUvurQL3NNkPPmUBSLxtUsrN+zo8amEiL0rKnctvPEXN1DzGtxcrdhnwIU= arcter (git.sch.bme.hu)
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPnAs56C2B5lGxAWnVV99i9voYRTtFsBEu7Co96d2e2HDpxcKfqi1VKEDZuysb8lSfyWAxt3R0g45hjx3j4W9JLnvdaq/WGjZls0NiIf80QjIwlRgL/3S7Xie1PFN0q2eeMc9rQ0kYYlPwCJ5jJ3jOEhzLSb/vHlsiXSwPZMOfumeq0OSPQxvk5xJiWRgyIwR6MCszZrCD3+kswIG51HPc61WJAcScjAyEyEswu3gP+UQRSrQuHTqdtMi37Q/0x6x/MqOWvNDeaxlwY/u/8FKSYxrkp8X5BBo+NyZvNLDBwjloeelnRUNZYplJUnH1j1+pRDzET/UBh/UIvi4wXvDbHhg7dB4obWVRm5sp9DqE3je6vD8TuyGQM55Uciq4l734FcDTWDHuM8mQIo3cMTCBPZdpUdWcUPx+2ojAV+PvD0nB5dHNFUyT6lLqToNUzKelQzf+dJSCUwENUfz6Y+l5q2fhfEv4MZFGtNgruWvAmuJcRd0XE6NreP7F1CWKuXU= arcter (git.sch.bme.hu)
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCx8uMS5W6eNADzGA+S3Do4nlvvzS0XxawmTvfrKNs8y5w68pFMjslHdJ845jxLE9u6RwIn21elkFeyVOpGMkHpDIordfQN0zMTGlfRGAT8eIbmE4r0i2nNn1Hj9ed1d9SYQvFTO8XG1gg+Wq46ETIg9ytnjy98eLoJmpBsySU6TPKRo2phIPa7kZV9mrDTWKRkEOWJkA9CvexVPNUCsrhmAnHlb4y8dMtG+4w9GkEdQvc6BRoLDqRFKGncUf+fH0mat+931mwJnO8GAkFzCLdF8XV/mtMGg7ljrIGO2ujLsKjpwT6qlyCtSuxdHc+8O7ma9O2Hsei4n5gtVWrO8vPE6bFS9YwZVqXD1mM2XuD/CswhxjWV8H9ryfXP8GA8GKwPgNykUwszxR/RdeI95vgwO2+5SVN6c+dAbMg/ytwd2NyZUMxqLbfsC6x81+nlG1wSSH7UBh6gXPdkvqUOL89Z2s/ufysWsKbn9kKRzE9WkYaMq4OTHvRjSTUUtTkDOi8= arcter (git.sch.bme.hu)
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpH+TNAwcmxYc5cVctH04wUU83Pba6s/AkKXOnhDn+m rlacko@zen
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVgmVcgX3ByTCYidHRLOrskd9GusNr7YYuHL6MGQMAp7E5h6kl+/UIF3bIOLVoIk9pmx6JMAPSqlsvZSz9jID4e0dgjMRjvBJUpvS3EfPeym/ry6tpOqEBDg+sSrfhVzrcM9h+mMY0/7d75ZeDuomwYrvXeVj5lY/DeNw202iyqSowAo2wENy/XswAm45c6t/cIuNzrWEOVJbqu0Gjr3s8Sh3+sy/iJ95ld83G3x58SV/fXB61WcRf/BDxxo0H84CqTGzJNYgf0gG+3yGJEixf2tS+OAi/tVZkjWEr2ApTJkZ5D3O/igtXEGrhQmtUemny1CwEoZ+Any0gipjeLAGCS3kVgMPMmAANtBtCoiz6oHJxDqPFkWv33sfZ4okxdHZePB22LR7NB7sngUjMbJErEGRg6gEw0Tah+5Cj5uJK6UAN5Uzb7dMSI0nFM2Ws/SYouXT8NtexG7MdJ6q+Wkq85iS8nwc0x3hVFk9/XeJJHgaMJZPyDN7pFuqKJRvetp0= radlaci97 (git.sch.bme.hu)
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD1g7etLbSwoKR6nr9t4e/ZJSGGf7xydXVo+T4hJOEFPxaN86rKd11KibRYOA34DbMRS7IGM2uqYzHMGQ+58QOu+33fJm3uwGgRmpM9Me4CVMSp3oI0CrXsmvER8UrfP/p9imHuYa0xwJIzOVvh9zYn2bLHIuOwSKyDZR+7FsTyiIYpiCs2c6AkiKK444N499YARtIEgHFmkcxPqX1jQnl3WlIbTw73Y7+fKhhyGwKkdg+4IpPhZ2OSe/+tzYsvBX5Yh49iAM3+RMPeedeOX9kjj9sypVTK+Y7XecCdFocsrKXWSTBk7w37fnv3+UeWqFrAJv29z0Fc3CGUTEHq77i0WscbbFFZwWPbxgV+9AQc9Alg/V640oe9Xmx1NnoQiC90zCAA2la1snsNkCAKbRfTjsX26Hkw20cWDaKaC5Rdt7MqrE2PZWuLOLCnztIKClatR6BFBZo4YUZEUN7rXKr+JsA43XOqbzgKVACOXsewl3hIsc9CJga2rYOONPSjZh0= josh@thinkpad
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCpD1A/0eucBJLcZB7Ehf2M3HQRrhMIQFVmPJJ4+olK+4UaBi7cqbdJUvRISUxMrlJpJDnktyezA4oC7FiDSVcnQ7zASFJDvA/qMLKlyYv2NqHiIxadKbesRysQnQV+G2x7is3pJOuhsnnHEQlNkk7752vrMuWnN58Yb+O38s7PW+S7bxJUSLyfYdbciGhdPHhzRT3C28tPNViTGUFj3CQEGbbt3MmzZijwjrTKrdMGWx3qVfYPXnZEcZ017HbgO3M9vNcfbWPQrENsIv1k+AcvlSZkvJ4v5amViNS+O3PrT2C6qH30qzGD5Qjv4CthgheUY3IGKbfASbmp4w871uGcqbfH92UfIMUy2w2khCf4qq9Xrs53VgARGJClV9/cd0yMG5caVSBBNRbuRUgVKIULIDIPXg9HyE6+l4JUxDrIhoFhafYV52xzP33q6FO99CI71+gyX8ZlOZeHUyQ0lcGb+WlCSlRnwToCIlzreppNl9faHmh0pt+ns0q+eCSC3TU= josh@thinkpad
+EOF
+}
diff --git a/Terraform/mgmt.tf b/Terraform/mgmt.tf
new file mode 100644
index 000000000..9ef86fb13
--- /dev/null
+++ b/Terraform/mgmt.tf
@@ -0,0 +1,35 @@
+resource "proxmox_lxc" "mgmt" {
+  target_node  = "tempest"
+  hostname     = "mgmt"
+  ostemplate   = "ISOSTORE:vztmpl/ubuntu-20.04-standard_20.04-1_amd64.tar.gz"
+  password     = "KWL6v4rJoxcc36"
+  vmid         = 250
+  start        = true
+  memory       = 2048
+  cores        = 2
+  onboot       = true
+  startup      = "order=1"
+  unprivileged = true
+
+  ssh_public_keys = local.ssh_keys
+
+  rootfs {
+    storage = "local-lvm"
+    size    = "10G"
+  }
+
+  network {
+    name   = "eth0"
+    bridge = "vmbr2"
+    ip     = "192.168.255.200/24"
+    gw     = "192.168.255.254"
+    hwaddr = "7A:1A:00:4A:0D:FA"
+  }
+
+  network {
+    name   = "eth1"
+    bridge = "vmbr3"
+    ip     = "192.168.254.254/24"
+    hwaddr = "6E:58:E9:78:FD:87"
+  }
+}
diff --git a/Terraform/test.tf b/Terraform/test.tf
new file mode 100644
index 000000000..3126115bb
--- /dev/null
+++ b/Terraform/test.tf
@@ -0,0 +1,52 @@
+locals {
+    challenges = {
+        challenge-01 = {
+            vmid = 141
+        }
+        challenge-02 = {
+            vmid = 142
+        }
+        challenge-03 = {
+            vmid = 143
+        }
+        challenge-04 = {
+            vmid = 144
+        }
+    }
+}
+
+resource "proxmox_vm_qemu" "challenge" {
+  for_each = { for k, v in local.challenges : k => v }
+
+  name = each.key
+  desc = "Wargame 2021"
+  vmid = each.value.vmid
+
+  target_node = "tempest"
+
+  clone = "ubuntu-cloudinit-20.04"
+
+  agent = 1
+
+  cores   = 2
+  sockets = 1
+  vcpus   = 0
+  memory  = 1024
+
+  os_type = "cloud-init"
+
+  disk {
+    size    = "20G"
+    type    = "virtio"
+    storage = "local-lvm"
+  }
+
+  network {
+    model   = "virtio"
+    bridge  = "vmbr2"
+  }
+
+  nameserver = "8.8.8.8"
+  ipconfig0  = "ip=192.168.255.${each.value.vmid}/24,gw=192.168.255.254"
+  sshkeys    = local.ssh_keys
+}
-- 
GitLab