refactor

.gitignore

@@ -1,4 +1,5 @@
 .DS*
 .terraform*
 terraform*
-./id_rsa*
+id_*
+.vs*

README.md

@@ -5,7 +5,10 @@
 ![](https://img.shields.io/github/stars/michalswi/xrdp-gcp-ce)
 ![](https://img.shields.io/github/last-commit/michalswi/xrdp-gcp-ce)
 
-GCP Compute Enging (VM) with enabled xrdp. Access to VM from the specific IP only. For simplicty I am using the same user for **ssh** and for **rdp**.
+GCP Compute Enging (VM) with enabled xrdp.  
+
+Access to VM from the specific IP only [preferred way].   
+For simplicty I am using the same user for **ssh** and for **rdp**.
 
 On VM are pre-installed (scroll down for details):
 - **firefox**
@@ -15,7 +18,8 @@ On VM are pre-installed (scroll down for details):
 ```
 > adjust 'region' in variables.tf
 > adjust 'machine_type' in main.tf
-> adjust 'source_ranges' in fw_rules.tf (instead of <your_ip> you can use '0.0.0.0' although it's not recommended)
+> adjust 'source_ranges' in fw_rules.tf 
+(instead of <your_ip> you can use '0.0.0.0' although it's not recommended)
 
 ```
 
@@ -24,8 +28,7 @@ On VM are pre-installed (scroll down for details):
 ```
 export GOOGLE_APPLICATION_CREDENTIALS=<service_account_key_name>.json
 
-export RDPUSER=foo
-export RDPPASS=bar
+export RDPUSER=foo && export RDPPASS=bar
 
 terraform init
 terraform plan -var project=<project_name> -var user=$RDPUSER
@@ -51,20 +54,15 @@ setup.yml -i inventory/hosts.ini -vv
 
 sudo nmap -v -Pn -p 22,3389 <vm_pip>
 
-> to connect you can use 'Microsoft Remote Desktop'
+> to connect you can use any RDP app (e.g. Windows App)
 ```
 
 After you connect you can **cancel** this:  
 *"Authentication Required to Create Managed Color Device"*
 
 ![auth](./img/auth.png)
 
-**Firefox** you can find in `Applications / Internet`:
-
-![fx1](./img/fx1.png)
-![fx2](./img/fx2.png)
-
-**Caido** you can find in `Applications / Development`:
+**Firefox** and **Caido** you can find in `Applications / Internet`:
 
-![c1](./img/c1.png)
-![c2](./img/c2.png)
+![apps](./img/apps.png)
+![apps](./img/caido.png)

fw_rules.tf

@@ -1,7 +1,7 @@
 resource "google_compute_firewall" "allow_ssh" {
   name        = "allow-ssh-fw"
-  project     = var.project
-  network     = google_compute_network.vpc_network.name
+  project     = local.project
+  network     = google_compute_network.this.name
   target_tags = ["allow-ssh"]
   source_ranges = [
     "<your_ip>",
@@ -14,8 +14,8 @@ resource "google_compute_firewall" "allow_ssh" {
 
 resource "google_compute_firewall" "allow_rdp" {
   name        = "allow-rdp-fw"
-  project     = var.project
-  network     = google_compute_network.vpc_network.name
+  project     = local.project
+  network     = google_compute_network.this.name
   target_tags = ["allow-rdp"]
   source_ranges = [
     "<your_ip>",

main.tf

@@ -1,36 +1,43 @@
-resource "google_compute_network" "vpc_network" {
-  name                    = "${var.name}-network"
-  project                 = var.project
+locals {
+  name    = var.name
+  project = var.project
+  region  = var.region
+  user    = var.user
+}
+
+resource "google_compute_network" "this" {
+  name                    = "${local.name}-vpc"
+  project                 = local.project
   auto_create_subnetworks = false
 }
 
-resource "google_compute_subnetwork" "subnet" {
-  name          = "${var.name}-subnet"
-  project       = var.project
+resource "google_compute_subnetwork" "this" {
+  name          = "${local.name}-subnet"
+  project       = local.project
   ip_cidr_range = "10.10.0.0/16"
-  region        = var.region
-  network       = google_compute_network.vpc_network.id
+  region        = local.region
+  network       = google_compute_network.this.id
 }
 
-resource "google_compute_address" "static_ip" {
-  name    = "${var.name}-pip"
-  region  = var.region
-  project = var.project
+resource "google_compute_address" "this" {
+  name    = "${local.name}-pip"
+  region  = local.region
+  project = local.project
 }
 
 data "google_compute_image" "debian_image" {
   family  = "ubuntu-pro-2204-lts"
   project = "ubuntu-os-pro-cloud"
 }
 
-resource "google_compute_instance" "vm" {
-  name    = "${var.name}-vm"
-  project = var.project
+resource "google_compute_instance" "this" {
+  name    = "${local.name}-vm"
+  project = local.project
   # machine types
   # https://cloud.google.com/compute/docs/general-purpose-machines#e2_machine_types_table
   machine_type = "e2-highcpu-4"
   # machine_type = "e2-medium"
-  zone = "${var.region}-b"
+  zone = "${local.region}-a"
 
   tags = [
     "allow-ssh",
@@ -46,31 +53,31 @@ resource "google_compute_instance" "vm" {
   }
 
   network_interface {
-    network    = google_compute_network.vpc_network.name
-    subnetwork = google_compute_subnetwork.subnet.id
+    network    = google_compute_network.this.name
+    subnetwork = google_compute_subnetwork.this.id
     access_config {
-      nat_ip = google_compute_address.static_ip.address
+      nat_ip = google_compute_address.this.address
     }
   }
 
   metadata = {
-    ssh-keys = "${var.user}:${tls_private_key.private_key.public_key_openssh}"
+    ssh-keys = "${var.user}:${tls_private_key.this.public_key_openssh}"
   }
 }
 
-resource "tls_private_key" "private_key" {
+resource "tls_private_key" "this" {
   algorithm = "RSA"
   rsa_bits  = 4096
 }
 
 resource "local_file" "ssh_private_key" {
-  content         = tls_private_key.private_key.private_key_pem
+  content         = tls_private_key.this.private_key_pem
   filename        = "./id_rsa"
   file_permission = "0600"
 }
 
 resource "local_file" "ssh_public_key" {
-  content         = tls_private_key.private_key.public_key_openssh
+  content         = tls_private_key.this.public_key_openssh
   filename        = "./id_rsa.pub"
   file_permission = "0644"
 }

output.tf

@@ -1,14 +1,15 @@
 output "vm_pip" {
-  value       = google_compute_address.static_ip.address
   description = "The public IP address of the virtual machine."
+  value       = google_compute_address.this.address
 }
 
 output "user" {
-  value       = var.user
   description = "The username used for the virtual machine."
+  value       = local.user
 }
 
 output "ssh" {
-  value       = join("", ["ssh -i ", local_file.ssh_private_key.filename, " ", var.user, "@", google_compute_address.static_ip.address, " -vv"])
   description = "The SSH command to connect to the virtual machine."
+  value       = join("", ["ssh -i ", local_file.ssh_private_key.filename, " ", local.user, "@", google_compute_address.this.address, ""])
+  # value       = join("", ["ssh -i ", local_file.ssh_private_key.filename, " ", local.user, "@", google_compute_address.this.address, " -vv"])
 }

providers.tf

@@ -7,7 +7,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = "=4.84.0"
+      version = "=4.85.0"
       # version = "~>4.0"
     }
     tls = {
@@ -17,5 +17,5 @@ terraform {
     }
   }
   # terraform version
-  required_version = "~>1.3.0"
+  required_version = "~>1.5.0"
 }

roles/apply/tasks/caido.yml

@@ -3,7 +3,8 @@
   # https://github.com/caido/caido/releases
   shell: |
     wget https://storage.googleapis.com/caido-releases/"{{ caido_version }}"/caido-desktop-"{{ caido_version }}"-linux-x86_64.deb
+    sudo apt install xdg-utils -y
     sudo dpkg -i caido-desktop-"{{ caido_version }}"-linux-x86_64.deb
-  register: caido
+  register: caido_results
 - debug:
-    msg: "{{ caido.stdout }}"
+    msg: "{{ caido_results.stdout }}"

roles/apply/tasks/firefox.yml

@@ -1,6 +1,6 @@
 ---
 - name: install firefox
   command: sudo snap install firefox
-  register: firefox
+  register: firefox_results
 - debug:
-    msg: "{{ firefox.stdout }}"
+    msg: "{{ firefox_results.stdout }}"

roles/apply/tasks/pass.yml

@@ -2,6 +2,6 @@
 - name: change user password
   shell: |
     echo "{{ rdp_user }}:{{ rdp_pass }}" | sudo chpasswd
-  register: rdp_user
+  register: rdp_user_results
 - debug:
-    msg: "{{ rdp_user.stdout }}"
+    msg: "{{ rdp_user_results.stdout }}"

roles/apply/tasks/xrdp.yml

@@ -5,15 +5,15 @@
     sudo DEBIAN_FRONTEND=noninteractive apt-get -y install xfce4
     sudo apt install xfce4-session
     echo xfce4-session >~/.xsession
-  register: xfce4
+  register: xfce4_results
 - debug:
-    msg: "{{ xfce4.stdout }}"
+    msg: "{{ xfce4_results.stdout }}"
 
 - name: install and configure xrdp
   shell: |
     sudo apt-get -y install {{ xrdp_package }}
     sudo systemctl enable {{ xrdp_package }}
     sudo systemctl restart {{ xrdp_package }}
-  register: xrdp
+  register: xrdp_results
 - debug:
-    msg: "{{ xrdp.stdout }}"
+    msg: "{{ xrdp_results.stdout }}"

setup.yml

@@ -5,6 +5,6 @@
   vars:
     rdp_user: "{{ RDP_USER }}"
     rdp_pass: "{{ RDP_PASS }}"
-    caido_version: "v0.33.0"
+    caido_version: "v0.43.1"
   roles:
     - role: apply

variables.tf

@@ -1,21 +1,21 @@
 variable "name" {
+  description = "The name to be used for resources that will be created."
   type        = string
   default     = "rdp"
-  description = "The name to be used for resources that will be created."
 }
 
 variable "project" {
-  type        = string
   description = "The ID of the project in which resources will be managed."
+  type        = string
 }
 
 variable "region" {
-  type        = string
-  default     = "us-central1"
   description = "The region in which resources will be created."
+  type        = string
+  default     = "europe-central2"
 }
 
 variable "user" {
-  type        = string
   description = "The username to be used for the resources."
+  type        = string
 }