working and a bit modular

2025-03-27 22:42:49 +01:00
commit 2df3f3636c
6 changed files with 214 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,86 @@
 ####################
 # ---> Terraform
 # Local .terraform directories
 **/.terraform/*
 # .tfstate files
 *.tfstate
 *.tfstate.*
 # Crash log files
 crash.log
 crash.*.log
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
 # password, private keys, and other secrets. These should not be part of version 
 # control as they are data points which are potentially sensitive and subject 
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
 override.tf
 override.tf.json
 *_override.tf
 *_override.tf.json
 # Ignore transient lock info files created by terraform apply
 .terraform.tfstate.lock.info
 # Include override files you do wish to add to version control using negated pattern
 # !example_override.tf
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
 # ---> OpenTofu
 # Local .terraform directories
 **/.terraform/*
 # .tfstate files
 *.tfstate
 *.tfstate.*
 # Crash log files
 crash.log
 crash.*.log
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
 # password, private keys, and other secrets. These should not be part of version 
 # control as they are data points which are potentially sensitive and subject 
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
 override.tf
 override.tofu
 override.tf.json
 override.tofu.json
 *_override.tf
 *_override.tofu
 *_override.tf.json
 *_override.tofu.json
 # Ignore transient lock info files created by tofu apply
 .terraform.tfstate.lock.info
 # Include override files you do wish to add to version control using negated pattern
 # !example_override.tf
 # !example_override.tofu
 # Include tfplan files to ignore the plan output of command: tofu plan -out=tfplan
 # example: *tfplan*
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
 # ---> Ansible
 *.retry
--- a/tf_code/.terraform.lock.hcl
+++ b/tf_code/.terraform.lock.hcl
@@ -0,0 +1,25 @@
 # This file is maintained automatically by "tofu init".
 # Manual edits may be lost in future updates.
 provider "registry.opentofu.org/bpg/proxmox" {
  version     = "0.73.1"
  constraints = "0.73.1"
  hashes = [
    "h1:mJqYDYee5WnL6Nejrzk4xRWB5ozbgLtGIDBagldpoj8=",
    "zh:094ee6bcd664890918e30ff602d9042a94d6c9e7e687ecd76ccaf39f6019d32f",
    "zh:09fd81a2088e280a4947ce7aa6de97612129befccedcbe12ba74ffb8f77c547b",
    "zh:488c284e1aed1ef9ed6587956b84ad96433cbecb6c373998a594febac206df5f",
    "zh:52668ff9af14662f06fc0bdaeb633fe76d6c4bfbe0024b447d32ca3424b2c136",
    "zh:548e7889b0d32d11a4c18aa4c5444291086010eef62d952f84740669788d8bc8",
    "zh:5fcaf8ea3e2f0657947394993a5e1f41f4e21f0676a408624c9fc44489e5d59f",
    "zh:67949764ca14d110aa94ea92d54e9e337f382932454e28d0ded389bd65d8d0fd",
    "zh:7d8263ecdd98f558e88afa95628b3c4e0b8480aa77b470bbc5695fd8e5206109",
    "zh:95d9615af70eb73eeb0f1d895baf8c8d9f9c71e7f40143dcb0bf1aa4c792fde4",
    "zh:af8c3d8289cfd02ba7e2fcf73e325d7950cba113775139b3123d2cdd806c3cdd",
    "zh:ba5b81aeab7a9e84bcbffea4b372252088add1ad6af0a34f0702c0fc0abdf04b",
    "zh:d94842ce37447c2cf8981ad602ab4d2f410ee5e724a78611472c87f791f4458d",
    "zh:da2d5adc66d7b305ca114ceeecf5133f32211640c9870c4b5e7c7782982a40e3",
    "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
    "zh:fb762b9c687fb143116bda5f8a29ca8d61d65a2fcf1bed772828d1b3ff91db5e",
  ]
 }
--- a/tf_code/conteneurs.auto.tfvars
+++ b/tf_code/conteneurs.auto.tfvars
@@ -0,0 +1,5 @@
 unciel_eu = {
  "ct01" = { vm_id = 1, memory = 256, tags = ["lxc01", "ram256"], mount_points = { "/tmp" = {}, "/zfs-usb" = { volume = "ZFS-USB" } } }
  "ct02" = { vm_id = 2, memory = 128, tags = ["lxc02", "ram128"], mount_points = { "/tmp" = {} } }
 }
--- a/tf_code/main.tf
+++ b/tf_code/main.tf
@@ -0,0 +1,18 @@
 terraform {
  required_providers {
    proxmox = {
      source  = "bpg/proxmox"
      version = "0.73.1"
    }
  }
 }
 provider "proxmox" {
  # Configuration options
  endpoint  = var.PROXMOX_VE_ENDPOINT
  api_token = var.PROXMOX_VE_API_TOKEN
 }
 output "unciel_eu_value" {
  value = {for k,v in var.unciel_eu: k => v...}
 }
--- a/tf_code/provisionning.tf
+++ b/tf_code/provisionning.tf
@@ -0,0 +1,58 @@
 resource "proxmox_virtual_environment_container" "container" {
  for_each = var.unciel_eu
  console {
    enabled = true
    type    = "shell"
  }
  disk {
    datastore_id = "local-lvm"
    size         = 4
  }
  initialization {
    hostname = each.key
    ip_config {
      ipv4 {
        address = "dhcp"
      }
    }
    user_account {
      keys = ["ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACQkZ+kKXD4f/wSySiQMVEG9PwX0CBdPry8x3ilv35sjf81awhVaErcTJm+ZGTZ0ucunVjLlXKEf442d0HvNGkrMwB2ci+OCPQgyjKtN0KoItPFuRBEwo/V6PDjY6KOjUmw93ekOove3lp7LRn1bShmyya7blxZHJP0cIP4m4IDzvuzsA=="]
    }
  }
  memory {
    dedicated = each.value["memory"]
    swap      = each.value["memory"]
  }
  dynamic "mount_point" {
    for_each = each.value["mount_points"]
    content {
      path = each.key
      size = mount_point.value["size"]
      volume = mount_point.value["volume"]
      backup = true
    }
  }
  network_interface {
    name = "eth0"
  }
  node_name = "pxmx"
  operating_system {
    template_file_id = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
  }
  started = true
  start_on_boot = true
  tags = each.value.tags
  unprivileged = true
  vm_id = each.value.vm_id + 1000
 }
--- a/tf_code/variables.tf
+++ b/tf_code/variables.tf
@@ -0,0 +1,22 @@
 variable "PROXMOX_VE_ENDPOINT" {
  type = string
  default = "https://FQDN/api2/json"
 }
 variable "PROXMOX_VE_API_TOKEN" {
  type = string
  default = "user@pam!token-name=xxx-xxx-xxx-xxx"
 }
 variable "unciel_eu" {
  description = "Parent map key is container hostname. mount_points map key is container's path mount_point."
  type = map(object({
    vm_id = number
    memory = optional(number, 512)
    tags = optional(set(string))
    mount_points = map(object({
      size = optional(string, "2G")
      volume = optional(string, "local-lvm")
    }))
  }))
 }