From 1940865502cd8dfadfe7d91be3ae601deff24fe3 Mon Sep 17 00:00:00 2001
From: sarna <P.Sarna@f5.com>
Date: Thu, 6 Mar 2025 14:57:28 -0800
Subject: [PATCH] Seed standalone NGINXaaS deployment

This is meant to be a single file that has
necessary stuff to create a deployment and a
default conf.
---
 terraform/deployments/standalone/main.tf | 169 +++++++++++++++++++++++
 1 file changed, 169 insertions(+)
 create mode 100644 terraform/deployments/standalone/main.tf

diff --git a/terraform/deployments/standalone/main.tf b/terraform/deployments/standalone/main.tf
new file mode 100644
index 0000000..fcc4cd0
--- /dev/null
+++ b/terraform/deployments/standalone/main.tf
@@ -0,0 +1,169 @@
+terraform {
+  required_version = "~> 1.3"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 4.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  # Add your subscription ID here.
+  subscription_id = ""
+  features {}
+}
+
+# VARIABLES
+variable "location" {
+  description = "Azure location name for NGINXaaS deployment."
+  default     = "eastus"
+}
+
+variable "name" {
+  description = "Name of NGINXaaS deployment and related resources."
+  default     = "example-dev"
+}
+
+variable "sku" {
+  description = "SKU of NGINXaaS deployment."
+  default     = "standardv2_Monthly"
+}
+
+variable "tags" {
+  description = "Tags for NGINXaaS deployment and related resources."
+  type        = map(any)
+  default = {
+    env = "dev"
+  }
+}
+
+# Azure Resources
+resource "azurerm_resource_group" "example" {
+  name     = var.name
+  location = var.location
+
+  tags = var.tags
+}
+
+resource "azurerm_public_ip" "example" {
+  name                = var.name
+  resource_group_name = azurerm_resource_group.example.name
+  location            = azurerm_resource_group.example.location
+  sku                 = "Standard"
+  allocation_method   = "Static"
+}
+
+resource "azurerm_virtual_network" "example" {
+  name                = var.name
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  address_space       = ["10.0.0.0/27"]
+
+  tags = var.tags
+}
+
+resource "azurerm_subnet" "example" {
+  name                 = var.name
+  resource_group_name  = azurerm_resource_group.example.name
+  virtual_network_name = azurerm_virtual_network.example.name
+  address_prefixes     = ["10.0.0.0/27"]
+
+  delegation {
+    name = "nginx"
+    service_delegation {
+      name = "NGINX.NGINXPLUS/nginxDeployments"
+      actions = [
+        "Microsoft.Network/virtualNetworks/subnets/join/action"
+      ]
+    }
+  }
+}
+
+# WARNING: This opens up the NSG to allow traffic to deployment from anywhere.
+resource "azurerm_network_security_group" "example" {
+  name                = var.name
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+
+  security_rule {
+    name                       = var.name
+    priority                   = 100
+    direction                  = "Inbound"
+    access                     = "Allow"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "*"
+    source_address_prefix      = "*"
+    destination_address_prefix = "*"
+  }
+
+  tags = var.tags
+}
+
+resource "azurerm_subnet_network_security_group_association" "example" {
+  subnet_id                 = azurerm_subnet.example.id
+  network_security_group_id = azurerm_network_security_group.example.id
+}
+
+resource "azurerm_nginx_deployment" "example" {
+  name                      = var.name
+  resource_group_name       = azurerm_resource_group.example.name
+  sku                       = var.sku
+  location                  = var.location
+  capacity                  = 20
+  automatic_upgrade_channel = "stable"
+  diagnose_support_enabled  = true
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+  frontend_public {
+    ip_address = [azurerm_public_ip.example.id]
+  }
+  network_interface {
+    subnet_id = azurerm_subnet.example.id
+  }
+
+  tags = var.tags
+}
+
+resource "azurerm_nginx_configuration" "example-config" {
+  nginx_deployment_id = azurerm_nginx_deployment.example.id
+  root_file           = "/etc/nginx/nginx.conf"
+
+  config_file {
+    content = base64encode(<<-EOT
+user nginx;
+worker_processes auto;
+worker_rlimit_nofile 8192;
+pid /run/nginx/nginx.pid;
+
+events {
+    worker_connections 4000;
+}
+
+error_log /var/log/nginx/error.log error;
+
+http {
+    server {
+        listen 80 default_server;
+        server_name localhost;
+        location / {
+            return 200 'Hello World';
+        }
+    }
+}
+EOT
+    )
+    virtual_path = "/etc/nginx/nginx.conf"
+  }
+}
+
+# OUTPUTS
+
+output "ip_address" {
+  description = "IP address of NGINXaaS deployment."
+  value       = azurerm_nginx_deployment.example.ip_address
+}