This is Architect/DevOps/Cybersecurity project all in one. I wanted to build a cybersecurity homelab, but I wanted to utilize terraform and ansible to provision all the resources and practice the overall creation of it. THis has been a valauble learning experience so far, as I've learned a decent amount of terraform's HCL and ansible, and I had to learn some iptables to make it work.
We only need one manual intervention regarding a VM so far and that's the use of VyOS, since I couldn't find a reliable cloud iamge to utilize cloudinit with. I tried building one, but I was having some issues and that wasn't where I wanted to troubleshoot yet. Whenever I refine this, I'll tackle it. So in the mean time,
What you need is libvirtd and qemu, as well as terraform and ansible.
Install VyOS and just enable your first interface and enable ssh. This allows us to connect later when terraform is "provisioning it"
Once you have your images, stick them in a common directory all with the base-names "fedora.qcow2", "ubuntu.qcow2", etc.. You then spin up a python web-server.
python -m http.server -D <IMAGE_DIRECTORY>Ideally, you can then just run the deploy.sh Alternatively, you can do it all incrementally, by navigating into the respective numbered folders,
terraform init
terraform applyOnce they all run, you'll have a firewall configured with 3 vnets, an ubuntu server running the Wazuh-Server and a Fedora client running an agent. That you can then use for monitoring.
I plan on extending this quite a bit more and adding in more pre-configured rules, and defaulting to auditd for the agents so we have command monitoring. As well as adding in a windows-server, however configuring the networking on that has been a nuisance so far, so it's still a work in progress.