# Wazuh Proxmox Lab (Single VM, reuse VMID/IP)

Run from:

`/home/nikola/codex-cli/projects/wazuh-proxmox-iac/terraform`

Target:
- VMID `104`
- IP `10.1.50.125/24`
- Node `rbmk2`
- OS source: Ubuntu 22.04 cloud-init template
- SSH policy target: user `devops`, port `42315`, key-only auth

## 0) One-time on Proxmox: Ubuntu 22.04 template

You need one Ubuntu 22.04 cloud-init template in Proxmox first.
After that, Terraform does the rest.

Example on Proxmox node (adjust storage/bridge if needed):

```bash
wget https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img -O /tmp/jammy.img
qm create 9000 --name ubuntu-2204-cloudinit --memory 2048 --cores 2 --net0 virtio,bridge=vmbr0
qm importdisk 9000 /tmp/jammy.img local-lvm
qm set 9000 --scsihw virtio-scsi-single --scsi0 local-lvm:vm-9000-disk-0
qm set 9000 --ide2 local-lvm:cloudinit
qm set 9000 --boot c --bootdisk scsi0
qm set 9000 --serial0 socket --vga serial0
qm template 9000
```

- pravi Ubuntu 22.04 template VMID `9000`

## 1) Obrisi postojeci test VM 104 (ako nista ne radi na njemu)

On Proxmox node:

```bash
qm stop 104 || true
qm destroy 104 --purge 1 --destroy-unreferenced-disks 1
```

- gasi i brise stari VM 104

## 2) Priprema Terraform fajlova

```bash
cd /home/nikola/codex-cli/projects/wazuh-proxmox-iac/terraform
mkdir -p .secrets
cp terraform.tfvars.example terraform.tfvars
```

- ulaz u projekat + vars + secret folder

```bash
nano terraform.tfvars
```

- proveri `vm_id=104`, `vm_ipv4_cidr=10.1.50.125/24`, `proxmox_template_vm_id=9000`

```bash
nano .secrets/api_token
chmod 600 .secrets/api_token
```

- upisi Proxmox API token

## 3) Podizanje novog Ubuntu VM-a na isto mesto

```bash
terraform init
terraform fmt -recursive
terraform validate
terraform plan -out tfplan
terraform apply tfplan
terraform output
```

- kreira novi VM 104 sa istim IP
- ovaj Terraform ne pokrece Docker/workload automatski; podize clean Ubuntu VM.
- kontrola resursa je kroz `vm_cpu_cores` i `vm_memory_mb` u `terraform.tfvars`.

## 4) Instalacija Wazuh na novom VM-u

```bash
chmod +x scripts/company-bootstrap-ubuntu.sh scripts/install-wazuh-aio.sh scripts/verify-wazuh.sh
# ako SSH na 22 nije dostupan, zameni -P22/-p22 sa -P42315/-p42315
scp -P22 scripts/company-bootstrap-ubuntu.sh devops@10.1.50.125:/tmp/
ssh devops@10.1.50.125 -p22 "sudo bash /tmp/company-bootstrap-ubuntu.sh devops 42315 \"$(cat ~/.ssh/id_ed25519.pub)\""
ssh devops@10.1.50.125 -p42315 "echo ssh baseline ok"
scp -P42315 scripts/install-wazuh-aio.sh devops@10.1.50.125:/tmp/
ssh devops@10.1.50.125 -p42315 "sudo bash /tmp/install-wazuh-aio.sh"
```

- primeni company SSH baseline pa instaliraj Wazuh

## 5) Verifikacija

```bash
./scripts/verify-wazuh.sh 10.1.50.125
```

- provera dashboard + portovi 1514/1515

## Key pravilo (preporuka)

- Ne bake-uj licni SSH key u template.
- Key ubacuj po VM-u kroz Terraform `vm_ssh_public_key` i/ili bootstrap skriptu.
- Template neka ostane genericki, bez personalnih kljuceva.