IaC

targetScope = 'subscription'
param location string = deployment().location
param name string

resource rg 'Microsoft.Resources/resourceGroups@2018-05-01' = {
  location: location
  name: name
}

az deployment sub create \
  --location switzerlandnorth \
  --template-file main.bicep \
  --parameters name=my-resource-group

resource cr 'Microsoft.ContainerRegistry/registries@2025-04-01' = {
  name: 'levexiscr'
  location: 'switzerlandnorth'
  sku: {
    name: 'Basic'
  }
  properties: {
    publicNetworkAccess: 'Enabled'
  }
}

az deployment group create \
  --resource-group my-resource-group \
  --template-file main.bicep

@description('Username for the Virtual Machine.')
param adminUsername string

@description('Password for the Virtual Machine.')
@secure()
param adminPassword string

resource networkInterface 'Microsoft.Network/networkInterfaces@2024-05-01' = {
  name: 'sbaenl-nic'
  location: 'switzerlandnorth'
  properties: {
    ipConfigurations: [
      {
        name: 'ipconfig1'
        properties: {
          subnet: {
            id: virtualNetwork.properties.subnets[0].id
          }
          privateIPAllocationMethod: 'Dynamic'
          publicIPAddress: {
            id: publicIPAddress.id
          }
        }
      }
    ]
    networkSecurityGroup: {
      id: networkSecurityGroup.id
    }
  }
}

resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2023-09-01' = {
  name: 'sbaenl-nsg'
  location: 'switzerlandnorth'
  properties: {
    securityRules: [
      {
        name: 'SSH'
        properties: {
          priority: 1000
          protocol: 'Tcp'
          access: 'Allow'
          direction: 'Inbound'
          sourceAddressPrefix: '*'
          sourcePortRange: '*'
          destinationAddressPrefix: '*'
          destinationPortRange: '22'
        }
      }
    ]
  }
}

resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
  name: 'sbaenl-vnet'
  location: 'switzerlandnorth'
  properties: {
    addressSpace: {
      addressPrefixes: [
        '10.1.0.0/16'
      ]
    }
    subnets:[
      {
        name: 'sbaenl-subnet'
        properties: {
          addressPrefix: '10.1.0.0/24'
          privateEndpointNetworkPolicies: 'Enabled'
          privateLinkServiceNetworkPolicies: 'Enabled'
          networkSecurityGroup: {
            id: networkSecurityGroup.id
          }
        }
      }
    ]
  }
}

resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2024-05-01' = {
  name: 'sbaenl-pip'
  location: 'switzerlandnorth'
  sku: {
    name: 'Basic'
  }
  properties: {
    publicIPAllocationMethod: 'Dynamic'
    publicIPAddressVersion: 'IPv4'
    dnsSettings: {
      domainNameLabel: toLower('sbaenl-vm-${uniqueString(resourceGroup().id)}')
    }
    idleTimeoutInMinutes: 4
  }
}

resource vm 'Microsoft.Compute/virtualMachines@2024-11-01' = {
  name: 'sbaenl-vm'
  location: 'switzerlandnorth'
  properties: {
    hardwareProfile: {
      vmSize: 'Standard_D2s_v3'
    }
    osProfile: {
      computerName: 'sbaenl-vm'
      adminUsername: adminUsername
      adminPassword: adminPassword
    }
    storageProfile: {
      imageReference: {
        publisher: 'Canonical'
        offer: '0001-com-ubuntu-server-jammy'
        sku: '22_04-lts-gen2'
        version: 'latest'
      }
      osDisk: {
        createOption: 'FromImage'
        managedDisk: {
          storageAccountType: 'StandardSSD_LRS'
        }
      }
      dataDisks: [
        {
          diskSizeGB: 64
          lun: 0
          createOption: 'Empty'
        }
      ]
    }
    networkProfile: {
      networkInterfaces: [
        {
          id: networkInterface.id
        }
      ]
    }
  }
}

az deployment group create \
  --resource-group my-resource-group \
  --template-file main.bicep
  --parameters adminUsername=sbaenl adminPassword={RHbKa}!iQvL.^S