Disclaimer: This is a community-provided module and is currently unsupported by the Firezone team.
Terraform module to deploy a Firezone VPN server in Azure. For more information on Firezone visit https://firezone.dev
module "azure-terraform-firezone" {
source = "github.com/mwstamant/azure-terraform-firezone"
location = "Canada Central"
resource_group_name = "firezone-dev-rg"
hostname = "firezone"
domain_name = "example.com"
admin_email = "admin@example.com"
subnet_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/network-rg/providers/Microsoft.Network/virtualNetworks/default-vnet/subnets/default-snet"
keyvault_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/keyvault-rg/providers/Microsoft.KeyVault/vaults/myexamplekv"
dns_resource_group_name = "dns-rg"
resource_tags = {
"Owner" = "John Smith"
"Contact" = "jsmith@example.com"
"Environment" = "Production"
}
}
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| admin_email | Administrator email address. | string |
n/a | yes |
| dns_resource_group_name | Resource group name containing the Azure DNS zone. | string |
n/a | if enable_az_dns=true |
| domain_name | Root Domain for Firezone VPN VM. (Domain root name only, ex. example.com) | string |
n/a | yes |
| enable_aad_app | Enable Azure AD App registration for Firezone VPN | bool |
false |
no |
| enable_az_dns | Enable Azure DNS registration for Firezone VPN | bool |
true |
no |
| enable_az_keyvault | Enable Azure Keyvault storage of Firezone secrets | bool |
true |
no |
| firezone_allowed_ips | Default allowed ip addresses and/or ranges (IPv4 and/or IPv6) used in Firezone client configurations. | string |
"0.0.0.0, ::/0" |
no |
| firezone_dns | Default DNS servers used in Firezone client configurations. | string |
"1.1.1.1, 1.0.0.1" |
no |
| firezone_ipv4_address | Tunnel-side IPv4 address of Firezone. | string |
"10.3.2.1" |
no |
| firezone_ipv4_network | Tunnel-side IPv4 network for Firezone to use. | string |
"10.3.2.0/24" |
no |
| hostname | Hostname for Firezone. (name only, not FQDN) | string |
"firezone" |
no |
| keyvault_id | ID of the Keyvault to store the Firezone secrets. | string |
n/a | yes |
| location | Azure region name in standard format to create resources. | string |
n/a | yes |
| resource_group_name | Resource group name to be created. | string |
n/a | yes |
| resource_tags | A map of tags to add to all resources | map(string) |
{} |
no |
| subnet_id | ID of the subnet for the Firezone VM network interface. | string |
n/a | yes |
| vm_size | VM Size to use for the Firezone VM | string |
"Standard_B1ms" |
no |
| Name | Description |
|---|---|
| firezone_admin_password | Password for the Firezone default admin account. |
| firezone_db_password | Password for the Firezone 'firezone' postgres database 'postgres' user. |
| vm_id | ID of the Firezone virtual machine. |
| vm_identity | Managed Identity of the Firezone virtual machine. |
| vm_nic_id | ID of the Firezone virtual machine NIC. |
| vm_password | Password for the 'firezone' user account on the Firezone virtual machine. |
| vm_private_ip | Private IP Address of the Firezone virtual machine primary NIC. |
| vm_public_ip | Public IP Address of the Firezone virtual machine primary NIC. |