interim commit

netevert · netevert · commit 1d12eef93fd9 · 2021-02-01T00:01:04.000+01:00
diff --git a/lab/files/create-ad.ps1 b/lab/files/create-ad.ps1
@@ -1,3 +1,7 @@
+$adminpassword=$args[0]
+$domain=$args[1]
+$netname=$args[2]
+
 # Making sure all names are resolved
 Resolve-DnsName github.com
 Resolve-DnsName raw.githubusercontent.com
@@ -39,7 +43,6 @@ Start-Process -FilePath "$sysmonPath" -ArgumentList "-accepteula -i $sysmonConfi
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Verifying that the Sysmon service is running..."
 Start-Sleep 5 # Give the service time to start
 
-
 # Purpose: Installs chocolatey package manager, then installs custom utilities from Choco and adds syntax highlighting for Powershell, Batch, and Docker. Also installs Mimikatz into c:\Tools\Mimikatz.
 
 If (-not (Test-Path "C:\ProgramData\chocolatey")) {
@@ -106,18 +109,9 @@ c:\Windows\SysWOW64\OneDriveSetup.exe /uninstall
 Write-Host "Running Update-Help..."
 Update-Help -Force -ErrorAction SilentlyContinue
 
-Write-Host "Removing Microsoft Store, Mail, and Edge shortcuts from the taskbar..."
-$appname = "Microsoft Edge"
-((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
-$appname = "Microsoft Store"
-((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
-$appname = "Mail"
-((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
-
-
 # Provision domain
 Import-Module ADDSDeployment
-$password = ConvertTo-SecureString "{your_admin_password}" -AsPlainText -Force
+$password = ConvertTo-SecureString $adminpassword -AsPlainText -Force
 Add-WindowsFeature -name ad-domain-services -IncludeManagementTools
-Install-ADDSForest -CreateDnsDelegation:$false -DomainMode Win2012R2 -DomainName "{your_domain}" -DomainNetbiosName "{your_netbios_name}" -ForestMode Win2012R2 -InstallDns:$true -SafeModeAdministratorPassword $password -Force:$true
+Install-ADDSForest -CreateDnsDelegation:$false -DomainMode Win2012R2 -DomainName $domain -DomainNetbiosName $netname -ForestMode Win2012R2 -InstallDns:$true -SafeModeAdministratorPassword $password -Force:$true
 shutdown -r -t 10
diff --git a/lab/files/install-utilities.ps1 b/lab/files/install-utilities.ps1
@@ -1,3 +1,7 @@
+$fulldomain=$args[0]
+$adminpassword=$args[1]
+$adminusername=$args[2]
+
 # Making sure all names are resolved
 Resolve-DnsName github.com
 Resolve-DnsName raw.githubusercontent.com
@@ -114,8 +118,8 @@ $appname = "Microsoft Store"
 $appname = "Mail"
 ((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
 
-$domain = "{your_domain}"
-$password = "{your_admin_password}" | ConvertTo-SecureString -asPlainText -Force
-$username = "$domain\{your_admin_user}" 
+$domain = $fulldomain
+$password = $adminpassword | ConvertTo-SecureString -asPlainText -Force
+$username = $adminusername 
 $credential = New-Object System.Management.Automation.PSCredential($username,$password)
 Add-Computer -DomainName $domain -Credential $credential
diff --git a/lab/main.tf b/lab/main.tf
@@ -1,6 +1,5 @@
 provider "azurerm" {
-    version = "=1.38.0"
-
+    features {}
     subscription_id = var.authentication.subscription_id
     client_id       = var.authentication.client_id
     client_secret   = var.authentication.client_secret
@@ -12,15 +11,15 @@ resource "azurerm_virtual_network" "vnet" {
     name                = "${var.prefix}-vnet"
     address_space       = ["10.0.0.0/16"]
     location            = var.location
-    resource_group_name = "${var.prefix}"
+    resource_group_name = var.prefix
     tags                = var.tags
 }
 
 # Create network security group and rules
 resource "azurerm_network_security_group" "nsg" {
     name                = "${var.prefix}-nsg"
     location            = var.location
-    resource_group_name = "${var.prefix}"
+    resource_group_name = var.prefix
     tags                = var.tags
     depends_on          = [azurerm_virtual_network.vnet]
 
@@ -100,67 +99,28 @@ resource "azurerm_network_security_group" "nsg" {
 # Create lab subnet
 resource "azurerm_subnet" "subnet" {
     name                        = "${var.prefix}-subnet"
-    resource_group_name         = "${var.prefix}"
+    resource_group_name         = var.prefix
     virtual_network_name        = azurerm_virtual_network.vnet.name
-    address_prefix              = "10.0.1.0/24"
-    network_security_group_id   = azurerm_network_security_group.nsg.id
+    address_prefixes            = ["10.0.1.0/24"]
     depends_on                  = [azurerm_network_security_group.nsg]
 }
 
-# Create storage account
-resource "azurerm_storage_account" "storageaccount" {
-  name                     = "${var.prefix}sablobstrg01"
-  resource_group_name      = "${var.prefix}"
-  location                 = var.location
-  account_tier             = "Standard"
-  account_replication_type = "GRS"
-  depends_on               = [azurerm_subnet.subnet]
-}
-
-# Create blob storage container for post configuration files
-resource "azurerm_storage_container" "blobstorage" {
-  name                  = "${var.prefix}-store1"
-  storage_account_name  = azurerm_storage_account.storageaccount.name
-  container_access_type = "blob"
-  depends_on            = [azurerm_storage_account.storageaccount]
-}
-
-# Create storage blob for install-utilities.ps1 file
-resource "azurerm_storage_blob" "utilsblob" {
-  depends_on             = [azurerm_storage_container.blobstorage]
-  name                   = "install-utilities.ps1"
-  storage_account_name   = azurerm_storage_account.storageaccount.name
-  storage_container_name = azurerm_storage_container.blobstorage.name
-  type                   = "block"
-  source                 =  "./files/install-utilities.ps1"
-}
-
-# Create storage blob for create-ad.ps1 file
-resource "azurerm_storage_blob" "adblob" {
-  depends_on             = [azurerm_storage_blob.utilsblob]
-  name                   = "create-ad.ps1"
-  storage_account_name   = azurerm_storage_account.storageaccount.name
-  storage_container_name = azurerm_storage_container.blobstorage.name
-  type                   = "block"
-  source                 =  "./files/create-ad.ps1"
-}
-
 # Create public ip for domain controller 1
 resource "azurerm_public_ip" "dc1_publicip" {
     name                         = "${var.workstations.dc1}-external"
     location                     = var.location
-    resource_group_name          = "${var.prefix}"
+    resource_group_name          = var.prefix
     allocation_method            = "Dynamic"
     tags                         = var.tags
-    depends_on                   = [azurerm_storage_blob.adblob]
+    depends_on                   = [azurerm_subnet.subnet]
+    // depends_on                   = [azurerm_storage_blob.adblob]
 }
 
 # Create network interface for domain controller 1
 resource "azurerm_network_interface" "dc1_nic" {
     name                      = "${var.workstations.dc1}-primary"
     location                  = var.location
-    resource_group_name       = "${var.prefix}"
-    network_security_group_id = azurerm_network_security_group.nsg.id
+    resource_group_name       = var.prefix
     tags                      = var.tags
 
     ip_configuration {
@@ -176,8 +136,8 @@ resource "azurerm_network_interface" "dc1_nic" {
 resource "azurerm_virtual_machine" "dc1" {
   name                          = var.workstations.dc1
   location                      = var.location
-  resource_group_name           = "${var.prefix}"
-  network_interface_ids         = ["${azurerm_network_interface.dc1_nic.id}"]
+  resource_group_name           = var.prefix
+  network_interface_ids         = [azurerm_network_interface.dc1_nic.id]
   vm_size                       = var.workstations.vm_size
   tags                          = var.tags
 
@@ -222,38 +182,36 @@ resource "azurerm_virtual_machine" "dc1" {
 # Create active directory domain forest
 resource "azurerm_virtual_machine_extension" "create_ad" {
   name                 = "create_ad"
-  location             = var.location
-  resource_group_name  = "${var.prefix}"
-  virtual_machine_name = azurerm_virtual_machine.dc1.name
+  virtual_machine_id   = azurerm_virtual_machine.dc1.id
   publisher            = "Microsoft.Compute"
   type                 = "CustomScriptExtension"
   type_handler_version = "1.9"
   tags                 = var.tags
-  settings = <<SETTINGS
+  protected_settings = <<PROT
     {
-        "fileUris": ["https://${azurerm_storage_account.storageaccount.name}.blob.core.windows.net/${azurerm_storage_container.blobstorage.name}/create-ad.ps1"],
-        "commandToExecute": "powershell -ExecutionPolicy Unrestricted -File create-ad.ps1"
+      "fileUris": ["https://raw.githubusercontent.com/netevert/scripts/master/create-ad.ps1"],
+      "commandToExecute": "powershell -ExecutionPolicy Unrestricted -File create-ad.ps1 ${var.accounts.dc1_admin_password} ${var.prefix}.com ${var.prefix}"
     }
-SETTINGS
+  PROT
   depends_on = [azurerm_virtual_machine.dc1]
 }
  
 # Create public IP for workstation 1
 resource "azurerm_public_ip" "pc1_publicip" {
   name                         = "${var.workstations.pc1}-external"
   location                     = var.location
-  resource_group_name          = "${var.prefix}"
+  resource_group_name          = var.prefix
   allocation_method            = "Dynamic"
   tags                         = var.tags
+  // depends_on                   = [azurerm_virtual_machine.dc1]
   depends_on                   = [azurerm_virtual_machine_extension.create_ad]
 }
 
 # Create network interface for workstation 1
 resource "azurerm_network_interface" "pc1_nic" {
   name                      = "${var.workstations.pc1}-primary"
   location                  = var.location
-  resource_group_name       = "${var.prefix}"
-  network_security_group_id = azurerm_network_security_group.nsg.id
+  resource_group_name       = var.prefix
   tags                      = var.tags#
   ip_configuration {
       name                          = "${var.workstations.pc1}-nic-conf"
@@ -268,8 +226,8 @@ resource "azurerm_network_interface" "pc1_nic" {
 resource "azurerm_virtual_machine" "pc1" {
   name                  = var.workstations.pc1
   location              = var.location
-  resource_group_name   = "${var.prefix}"
-  network_interface_ids = ["${azurerm_network_interface.pc1_nic.id}"]
+  resource_group_name   = var.prefix
+  network_interface_ids = [azurerm_network_interface.pc1_nic.id]
   vm_size               = var.workstations.vm_size
   tags                  = var.tags
 
@@ -314,17 +272,15 @@ resource "azurerm_virtual_machine" "pc1" {
 # Install utilities on workstation 1 and join domain
 resource "azurerm_virtual_machine_extension" "utils_pc1" {
   name                 = "utils_pc1"
-  location             = var.location
-  resource_group_name  = "${var.prefix}"
-  virtual_machine_name = azurerm_virtual_machine.pc1.name
+  virtual_machine_id = azurerm_virtual_machine.pc1.id
   publisher            = "Microsoft.Compute"
   type                 = "CustomScriptExtension"
   type_handler_version = "1.9"
   tags                 = var.tags
   settings = <<SETTINGS
     {
         "fileUris": ["https://${azurerm_storage_account.storageaccount.name}.blob.core.windows.net/${azurerm_storage_container.blobstorage.name}/install-utilities.ps1"],
-        "commandToExecute": "powershell -ExecutionPolicy Unrestricted -File install-utilities.ps1"
+        "commandToExecute": "powershell -ExecutionPolicy Unrestricted -File install-utilities.ps1 ${var.prefix}.com ${var.accounts.dc1_admin_password} ${var.prefix}.com\${var.accounts.dc1_admin_user}
     }
 SETTINGS
   depends_on = [azurerm_storage_blob.utilsblob]
diff --git a/lab/variables.tf b/lab/variables.tf
@@ -1,5 +1,15 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "=2.40.0"
+    }
+  }
+}
+
+
 variable "authentication" {
-  type = "map"
+  type = map(string)
 
   default = {
     subscription_id = ""
@@ -12,7 +22,7 @@ variable "authentication" {
 variable "location" {}
 
 variable "accounts" {
-    type = "map"
+    type = map(string)
 
     default = {
       # workstation accounts
@@ -22,7 +32,7 @@ variable "accounts" {
 }
 
 variable "workstations" {
-    type = "map"
+    type = map(string)
 
     default = {
       # Image configurations
@@ -38,12 +48,12 @@ variable "workstations" {
 }
 
 variable "prefix" {
-    type = "string"
+    type = string
     default = "testlab"
 }
 
 variable "tags" {
-    type = "map"
+    type = map(string)
 
     default = {
         environment = "testing"
