{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.42.1.51946", "templateHash": "11016456605839320550" } }, "parameters": { "adminPassword": { "type": "securestring", "minLength": 12, "maxLength": 123, "metadata": { "description": "Password for the VM admin account. Use a long unique password; the VM uses this only for initial appliance bootstrap." } }, "agentIngressMode": { "type": "string", "defaultValue": "hybrid", "allowedValues": [ "private", "hybrid", "public_agent" ], "metadata": { "description": "Agent API public ingress mode. private blocks public agent ingress; hybrid/public_agent open the fixed port through the NSG." } }, "adminSourceAddressPrefix": { "type": "string", "defaultValue": "*", "metadata": { "description": "CIDR prefix allowed to SSH to the VM and, when public portal ingress is enabled, reach the portal/downloads. Use your admin public IP /32 for tighter deployments." } } }, "variables": { "location": "[resourceGroup().location]", "applianceName": "tvrmm", "adminUsername": "azureuser", "vmSize": "Standard_D2s_v3", "osDiskSizeGB": 64, "assignPublicIP": true, "publicPortalIngress": true, "agentPublicPort": 18443, "tags": { "project": "tvrmm", "deployment": "single-tenant-vm" }, "safeName": "[variables('applianceName')]", "prefix": "[variables('applianceName')]", "nameSuffix": "[take(uniqueString(subscription().subscriptionId, resourceGroup().id, variables('applianceName')), 5)]", "publicDnsLabel": "[toLower(format('{0}-{1}', variables('applianceName'), variables('nameSuffix')))]", "kvName": "[toLower(format('tvrmm-{0}-{1}-kv', variables('safeName'), variables('nameSuffix')))]", "vnetName": "[format('{0}-vnet', variables('prefix'))]", "subnetName": "app-subnet", "nsgName": "[format('{0}-nsg', variables('prefix'))]", "pipName": "[format('{0}-pip', variables('prefix'))]", "nicName": "[format('{0}-nic', variables('prefix'))]", "vmName": "[format('{0}-vm', variables('prefix'))]", "identityName": "[format('{0}-id', variables('prefix'))]", "laName": "[format('{0}-logs', variables('prefix'))]", "agentPublicEnabled": "[not(equals(parameters('agentIngressMode'), 'private'))]", "adminSourceAddressPrefixes": [ "[parameters('adminSourceAddressPrefix')]" ], "agentSourceAddressPrefixes": [ "*" ] }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2025-04-01", "name": "single-tenant-vm", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { "location": { "value": "[variables('location')]" }, "tags": { "value": "[variables('tags')]" }, "kvName": { "value": "[variables('kvName')]" }, "vnetName": { "value": "[variables('vnetName')]" }, "subnetName": { "value": "[variables('subnetName')]" }, "nsgName": { "value": "[variables('nsgName')]" }, "pipName": { "value": "[variables('pipName')]" }, "nicName": { "value": "[variables('nicName')]" }, "vmName": { "value": "[variables('vmName')]" }, "identityName": { "value": "[variables('identityName')]" }, "laName": { "value": "[variables('laName')]" }, "adminUsername": { "value": "[variables('adminUsername')]" }, "adminPassword": { "value": "[parameters('adminPassword')]" }, "vmSize": { "value": "[variables('vmSize')]" }, "osDiskSizeGB": { "value": "[variables('osDiskSizeGB')]" }, "assignPublicIP": { "value": "[variables('assignPublicIP')]" }, "publicDnsLabel": { "value": "[variables('publicDnsLabel')]" }, "publicPortalIngress": { "value": "[variables('publicPortalIngress')]" }, "agentPublicEnabled": { "value": "[variables('agentPublicEnabled')]" }, "agentPublicPort": { "value": "[variables('agentPublicPort')]" }, "sshSourceAddressPrefixes": { "value": "[variables('adminSourceAddressPrefixes')]" }, "portalSourceAddressPrefixes": { "value": "[variables('adminSourceAddressPrefixes')]" }, "agentSourceAddressPrefixes": { "value": "[variables('agentSourceAddressPrefixes')]" } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.42.1.51946", "templateHash": "1201598324799743225" } }, "parameters": { "location": { "type": "string", "metadata": { "description": "Azure region." } }, "tags": { "type": "object", "metadata": { "description": "Tags applied to all resources." } }, "kvName": { "type": "string" }, "vnetName": { "type": "string" }, "subnetName": { "type": "string" }, "nsgName": { "type": "string" }, "pipName": { "type": "string" }, "nicName": { "type": "string" }, "vmName": { "type": "string" }, "identityName": { "type": "string" }, "laName": { "type": "string" }, "adminUsername": { "type": "string" }, "adminPassword": { "type": "securestring" }, "vmSize": { "type": "string" }, "osDiskSizeGB": { "type": "int" }, "assignPublicIP": { "type": "bool" }, "publicDnsLabel": { "type": "string" }, "publicPortalIngress": { "type": "bool" }, "agentPublicEnabled": { "type": "bool" }, "agentPublicPort": { "type": "int" }, "sshSourceAddressPrefixes": { "type": "array" }, "portalSourceAddressPrefixes": { "type": "array" }, "agentSourceAddressPrefixes": { "type": "array" } }, "variables": { "normalizedSshSourcePrefixes": "[if(empty(parameters('sshSourceAddressPrefixes')), createArray('*'), parameters('sshSourceAddressPrefixes'))]", "normalizedPortalSourcePrefixes": "[if(empty(parameters('portalSourceAddressPrefixes')), createArray('*'), parameters('portalSourceAddressPrefixes'))]", "normalizedAgentSourcePrefixes": "[if(empty(parameters('agentSourceAddressPrefixes')), createArray('*'), parameters('agentSourceAddressPrefixes'))]", "sshSourceAny": "[and(equals(length(variables('normalizedSshSourcePrefixes')), 1), equals(variables('normalizedSshSourcePrefixes')[0], '*'))]", "portalSourceAny": "[and(equals(length(variables('normalizedPortalSourcePrefixes')), 1), equals(variables('normalizedPortalSourcePrefixes')[0], '*'))]", "agentSourceAny": "[and(equals(length(variables('normalizedAgentSourcePrefixes')), 1), equals(variables('normalizedAgentSourcePrefixes')[0], '*'))]", "portalHttpSourceAny": "[or(not(empty(parameters('publicDnsLabel'))), variables('portalSourceAny'))]", "serviceReadyCommand": "[format('bash -lc \"set -euo pipefail; echo Waiting for TvRMM cloud-init bootstrap; if command -v cloud-init >/dev/null 2>&1; then cloud-init status --wait --long; fi; echo Waiting for TvRMM portal, agent API, and installer cache; i=1; while [ \\$i -le 180 ]; do if curl -fsS http://127.0.0.1/healthz >/dev/null && curl -fksS https://127.0.0.1:{0}/healthz >/dev/null && curl -fsS http://127.0.0.1/installers/versions-linux-amd64.json >/dev/null; then echo TvRMM appliance is ready; docker compose -f /opt/tvrmm/compose.yml ps || true; exit 0; fi; if [ \\$((i % 12)) -eq 0 ]; then echo Still waiting for TvRMM appliance readiness; docker compose -f /opt/tvrmm/compose.yml ps || true; tail -n 20 /var/log/cloud-init-output.log || true; fi; i=\\$((i + 1)); sleep 10; done; echo TvRMM appliance did not become ready in time; docker compose -f /opt/tvrmm/compose.yml ps || true; docker compose -f /opt/tvrmm/compose.yml logs --tail=200 || true; tail -n 200 /var/log/cloud-init-output.log || true; exit 1\"', parameters('agentPublicPort'))]", "cloudInitTemplate": "#cloud-config\npackage_update: true\npackage_upgrade: false\npackages:\n - ca-certificates\n - curl\n - gnupg\n - jq\n - openssl\n - rsync\n - unzip\nwrite_files:\n - path: /opt/tvrmm/bootstrap.env\n permissions: '0600'\n content: |\n TVRMM_RELEASE_BASE_URL=https://releases.tvrmm.com\n AZURE_CLIENT_ID=__AZURE_CLIENT_ID__\n RMM_KEYVAULT_URL=__KEYVAULT_URI__\n RMM_AGENT_PUBLIC_PORT=__AGENT_PUBLIC_PORT__\n RMM_PUBLIC_IP=__PUBLIC_IP__\n RMM_PUBLIC_FQDN=__PUBLIC_FQDN__\nruncmd:\n - mkdir -p /opt/tvrmm/bin /opt/tvrmm/www/installers /opt/tvrmm/postgres /opt/tvrmm/caddy-data /opt/tvrmm/caddy-config\n - chown -R root:root /opt/tvrmm\n - curl -fsSL https://get.docker.com | sh\n - systemctl enable --now docker\n - curl -sL https://aka.ms/InstallAzureCLIDeb | bash\n - usermod -aG docker __ADMIN_USERNAME__\n - curl -fsSL https://releases.tvrmm.com/appliance/bootstrap.sh -o /opt/tvrmm/bin/tvrmm-bootstrap.sh\n - chmod 0755 /opt/tvrmm/bin/tvrmm-bootstrap.sh\n - /opt/tvrmm/bin/tvrmm-bootstrap.sh\n" }, "resources": [ { "type": "Microsoft.OperationalInsights/workspaces", "apiVersion": "2023-09-01", "name": "[parameters('laName')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", "properties": { "sku": { "name": "PerGB2018" }, "retentionInDays": 30, "workspaceCapping": { "dailyQuotaGb": "[json('0.1')]" } } }, { "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2023-01-31", "name": "[parameters('identityName')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]" }, { "type": "Microsoft.KeyVault/vaults", "apiVersion": "2023-07-01", "name": "[parameters('kvName')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", "properties": { "tenantId": "[subscription().tenantId]", "sku": { "family": "A", "name": "standard" }, "enableRbacAuthorization": true, "enableSoftDelete": true, "softDeleteRetentionInDays": 30, "publicNetworkAccess": "Enabled", "networkAcls": { "defaultAction": "Allow", "bypass": "AzureServices" } } }, { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "scope": "[resourceId('Microsoft.KeyVault/vaults', parameters('kvName'))]", "name": "[guid(resourceId('Microsoft.KeyVault/vaults', parameters('kvName')), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), 'secrets-officer')]", "properties": { "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b86a8fe4-44ce-4948-aee5-eccb2c155cd7')]", "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2023-01-31').principalId]", "principalType": "ServicePrincipal" }, "dependsOn": [ "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]", "[resourceId('Microsoft.KeyVault/vaults', parameters('kvName'))]" ] }, { "type": "Microsoft.KeyVault/vaults/secrets", "apiVersion": "2023-07-01", "name": "[format('{0}/{1}', parameters('kvName'), 'initial-admin-password')]", "properties": { "value": "[parameters('adminPassword')]" }, "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', parameters('kvName'))]" ] }, { "type": "Microsoft.Network/networkSecurityGroups", "apiVersion": "2024-01-01", "name": "[parameters('nsgName')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", "properties": { "securityRules": "[concat(createArray(createObject('name', 'Allow-SSH-Admin', 'properties', createObject('priority', 100, 'direction', 'Inbound', 'access', 'Allow', 'protocol', 'Tcp', 'sourcePortRange', '*', 'destinationPortRange', '22', 'sourceAddressPrefix', if(variables('sshSourceAny'), '*', null()), 'sourceAddressPrefixes', if(variables('sshSourceAny'), null(), variables('normalizedSshSourcePrefixes')), 'destinationAddressPrefix', '*'))), if(parameters('publicPortalIngress'), createArray(createObject('name', 'Allow-HTTP-Portal-Downloads', 'properties', createObject('priority', 110, 'direction', 'Inbound', 'access', 'Allow', 'protocol', 'Tcp', 'sourcePortRange', '*', 'destinationPortRange', '80', 'sourceAddressPrefix', if(variables('portalHttpSourceAny'), '*', null()), 'sourceAddressPrefixes', if(variables('portalHttpSourceAny'), null(), variables('normalizedPortalSourcePrefixes')), 'destinationAddressPrefix', '*')), createObject('name', 'Allow-HTTPS-Portal-Downloads', 'properties', createObject('priority', 120, 'direction', 'Inbound', 'access', 'Allow', 'protocol', 'Tcp', 'sourcePortRange', '*', 'destinationPortRange', '443', 'sourceAddressPrefix', if(variables('portalSourceAny'), '*', null()), 'sourceAddressPrefixes', if(variables('portalSourceAny'), null(), variables('normalizedPortalSourcePrefixes')), 'destinationAddressPrefix', '*'))), createArray()), if(parameters('agentPublicEnabled'), createArray(createObject('name', 'Allow-Agent-API', 'properties', createObject('priority', 130, 'direction', 'Inbound', 'access', 'Allow', 'protocol', 'Tcp', 'sourcePortRange', '*', 'destinationPortRange', string(parameters('agentPublicPort')), 'sourceAddressPrefix', if(variables('agentSourceAny'), '*', null()), 'sourceAddressPrefixes', if(variables('agentSourceAny'), null(), variables('normalizedAgentSourcePrefixes')), 'destinationAddressPrefix', '*'))), createArray()))]" } }, { "type": "Microsoft.Network/virtualNetworks", "apiVersion": "2024-01-01", "name": "[parameters('vnetName')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", "properties": { "addressSpace": { "addressPrefixes": [ "10.73.0.0/16" ] }, "subnets": [ { "name": "[parameters('subnetName')]", "properties": { "addressPrefix": "10.73.1.0/24", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]" } } } ] }, "dependsOn": [ "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]" ] }, { "condition": "[parameters('assignPublicIP')]", "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2024-01-01", "name": "[parameters('pipName')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", "sku": { "name": "Standard" }, "properties": { "publicIPAllocationMethod": "Static", "dnsSettings": "[if(empty(parameters('publicDnsLabel')), null(), createObject('domainNameLabel', parameters('publicDnsLabel')))]" } }, { "type": "Microsoft.Network/networkInterfaces", "apiVersion": "2024-01-01", "name": "[parameters('nicName')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", "properties": { "ipConfigurations": [ { "name": "primary", "properties": { "privateIPAllocationMethod": "Dynamic", "subnet": { "id": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')), '2024-01-01').subnets[0].id]" }, "publicIPAddress": "[if(parameters('assignPublicIP'), createObject('id', resourceId('Microsoft.Network/publicIPAddresses', parameters('pipName'))), null())]" } } ] }, "dependsOn": [ "[resourceId('Microsoft.Network/publicIPAddresses', parameters('pipName'))]", "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))]" ] }, { "type": "Microsoft.Compute/virtualMachines", "apiVersion": "2024-03-01", "name": "[parameters('vmName')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", "identity": { "type": "UserAssigned", "userAssignedIdentities": { "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')))]": {} } }, "properties": { "hardwareProfile": { "vmSize": "[parameters('vmSize')]" }, "osProfile": { "computerName": "[parameters('vmName')]", "adminUsername": "[parameters('adminUsername')]", "adminPassword": "[parameters('adminPassword')]", "customData": "[base64(replace(replace(replace(replace(replace(replace(variables('cloudInitTemplate'), '__ADMIN_USERNAME__', parameters('adminUsername')), '__AZURE_CLIENT_ID__', reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2023-01-31').clientId), '__KEYVAULT_URI__', reference(resourceId('Microsoft.KeyVault/vaults', parameters('kvName')), '2023-07-01').vaultUri), '__AGENT_PUBLIC_PORT__', string(parameters('agentPublicPort'))), '__PUBLIC_IP__', if(parameters('assignPublicIP'), reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('pipName')), '2024-01-01').ipAddress, '')), '__PUBLIC_FQDN__', if(parameters('assignPublicIP'), if(empty(parameters('publicDnsLabel')), '', reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('pipName')), '2024-01-01').dnsSettings.fqdn), '')))]", "linuxConfiguration": { "disablePasswordAuthentication": false } }, "storageProfile": { "imageReference": { "publisher": "Canonical", "offer": "0001-com-ubuntu-server-jammy", "sku": "22_04-lts-gen2", "version": "latest" }, "osDisk": { "createOption": "FromImage", "diskSizeGB": "[parameters('osDiskSizeGB')]", "managedDisk": { "storageAccountType": "Premium_LRS" } } }, "networkProfile": { "networkInterfaces": [ { "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))]", "properties": { "primary": true } } ] }, "diagnosticsProfile": { "bootDiagnostics": { "enabled": true } } }, "dependsOn": [ "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]", "[resourceId('Microsoft.KeyVault/vaults/secrets', parameters('kvName'), 'initial-admin-password')]", "[resourceId('Microsoft.KeyVault/vaults', parameters('kvName'))]", "[extensionResourceId(resourceId('Microsoft.KeyVault/vaults', parameters('kvName')), 'Microsoft.Authorization/roleAssignments', guid(resourceId('Microsoft.KeyVault/vaults', parameters('kvName')), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), 'secrets-officer'))]", "[resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))]", "[resourceId('Microsoft.Network/publicIPAddresses', parameters('pipName'))]" ] }, { "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2024-03-01", "name": "[format('{0}/{1}', parameters('vmName'), 'tvrmm-service-ready')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", "properties": { "publisher": "Microsoft.Azure.Extensions", "type": "CustomScript", "typeHandlerVersion": "2.1", "autoUpgradeMinorVersion": true, "protectedSettings": { "commandToExecute": "[variables('serviceReadyCommand')]" } }, "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]" ] } ], "outputs": { "vmName": { "type": "string", "value": "[parameters('vmName')]" }, "publicIPAddress": { "type": "string", "value": "[if(parameters('assignPublicIP'), reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('pipName')), '2024-01-01').ipAddress, '')]" }, "publicFqdn": { "type": "string", "value": "[if(parameters('assignPublicIP'), if(empty(parameters('publicDnsLabel')), '', reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('pipName')), '2024-01-01').dnsSettings.fqdn), '')]" }, "privateIPAddress": { "type": "string", "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', parameters('nicName')), '2024-01-01').ipConfigurations[0].properties.privateIPAddress]" }, "keyVaultName": { "type": "string", "value": "[parameters('kvName')]" }, "keyVaultUri": { "type": "string", "value": "[reference(resourceId('Microsoft.KeyVault/vaults', parameters('kvName')), '2023-07-01').vaultUri]" }, "managedIdentityClientId": { "type": "string", "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2023-01-31').clientId]" }, "managedIdentityPrincipalId": { "type": "string", "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2023-01-31').principalId]" }, "serviceReadyExtensionName": { "type": "string", "value": "tvrmm-service-ready" } } } } } ], "outputs": { "resourceGroupName": { "type": "string", "value": "[resourceGroup().name]" }, "vmName": { "type": "string", "value": "[reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.vmName.value]" }, "adminUsername": { "type": "string", "value": "[variables('adminUsername')]" }, "publicIPAddress": { "type": "string", "value": "[reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.publicIPAddress.value]" }, "publicFqdn": { "type": "string", "value": "[reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.publicFqdn.value]" }, "portalURL": { "type": "string", "value": "[if(empty(reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.publicFqdn.value), format('http://{0}/ui/login', reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.publicIPAddress.value), format('https://{0}/ui/login', reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.publicFqdn.value))]" }, "downloadsURL": { "type": "string", "value": "[if(empty(reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.publicFqdn.value), format('http://{0}/installers', reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.publicIPAddress.value), format('https://{0}/installers', reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.publicFqdn.value))]" }, "agentApiURL": { "type": "string", "value": "[format('https://{0}:{1}', if(empty(reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.publicFqdn.value), reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.publicIPAddress.value, reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.publicFqdn.value), variables('agentPublicPort'))]" }, "internalAgentApiURL": { "type": "string", "value": "[format('https://{0}:{1}', reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.privateIPAddress.value, variables('agentPublicPort'))]" }, "privateIPAddress": { "type": "string", "value": "[reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.privateIPAddress.value]" }, "keyVaultName": { "type": "string", "value": "[reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.keyVaultName.value]" }, "keyVaultUri": { "type": "string", "value": "[reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.keyVaultUri.value]" }, "managedIdentityClientId": { "type": "string", "value": "[reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.managedIdentityClientId.value]" }, "managedIdentityPrincipalId": { "type": "string", "value": "[reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.managedIdentityPrincipalId.value]" }, "serviceReadyExtensionName": { "type": "string", "value": "[reference(resourceId('Microsoft.Resources/deployments', 'single-tenant-vm'), '2025-04-01').outputs.serviceReadyExtensionName.value]" }, "agentPublicPort": { "type": "int", "value": "[variables('agentPublicPort')]" }, "publicPortalIngress": { "type": "bool", "value": "[variables('publicPortalIngress')]" }, "agentIngressMode": { "type": "string", "value": "[parameters('agentIngressMode')]" }, "nameSuffix": { "type": "string", "value": "[variables('nameSuffix')]" } } }