Scaffold incremental Terraform foundations for docker and proxmox

2026-04-14 18:08:56 +10:00
parent 7279ade925
commit 228413d780
18 changed files with 301 additions and 15 deletions
@@ -0,0 +1,36 @@
+# Proxmox Terraform scaffold
+
+This directory is a **placeholder scaffold** for future Proxmox Terraform adoption.
+
+## What this directory is for
+
+- Prepare provider/version/variable structure now.
+- Delay real Proxmox resource management until import strategy is validated.
+
+## Initialize
+
+From this directory:
+
+```bash
+terraform init
+```
+
+## Current status
+
+- No live Proxmox resources are defined yet.
+- Provider auth variables are placeholders only.
+- Import IDs and resource schemas must be verified against provider docs before adding resources.
+
+## Future safe workflow
+
+1. Add one resource block for an existing VM/object.
+2. Import it with the provider-specific ID format.
+3. Inspect with `terraform state show`.
+4. Reconcile `.tf` arguments until `terraform plan` is clean.
+5. Repeat incrementally.
+
+## Safety notes
+
+- Do not commit real credentials in `.tf` files or tracked `.tfvars`.
+- State files are ignored by the Terraform-level `.gitignore`.
+- Do not run `terraform apply` until plan is intentionally no-op for existing resources.
@@ -0,0 +1,14 @@
+# Proxmox scaffold only.
+#
+# IMPORTANT:
+# - Resource blocks are intentionally omitted for now.
+# - Before adding resources, confirm:
+#   1) provider resource schemas,
+#   2) exact import ID formats,
+#   3) non-destructive reconciliation strategy for existing VMs.
+#
+# Suggested future workflow mirrors docker/:
+# - Define one resource for an existing object.
+# - Import it.
+# - Use `terraform state show` to reconcile config.
+# - Proceed incrementally.
@@ -0,0 +1,9 @@
+output "proxmox_scaffold_ready" {
+  description = "Indicates this directory is a placeholder scaffold for future Proxmox adoption."
+  value       = true
+}
+
+output "proxmox_endpoint_configured" {
+  description = "Whether a non-empty endpoint has been provided."
+  value       = var.proxmox_endpoint != ""
+}
@@ -0,0 +1,11 @@
+provider "proxmox" {
+  # Placeholder-only scaffold.
+  # Confirm exact provider auth mode and endpoint details before real use.
+  endpoint = var.proxmox_endpoint
+  insecure = var.proxmox_insecure
+
+  username = var.proxmox_username
+  password = var.proxmox_password
+
+  api_token = var.proxmox_api_token
+}
@@ -0,0 +1,9 @@
+# Example placeholders only. Do not commit real credentials.
+
+proxmox_endpoint = "https://pve.example.local:8006/api2/json"
+proxmox_insecure = false
+
+# Use either username/password or API token based on your chosen auth flow.
+proxmox_username  = "root@pam"
+proxmox_password  = "REPLACE_ME"
+proxmox_api_token = "REPLACE_ME"
@@ -0,0 +1,31 @@
+variable "proxmox_endpoint" {
+  description = "Proxmox API endpoint URL, for example https://pve.example.local:8006/api2/json"
+  type        = string
+  default     = ""
+}
+
+variable "proxmox_insecure" {
+  description = "Set true only for local testing with self-signed TLS; prefer false in stable environments."
+  type        = bool
+  default     = false
+}
+
+variable "proxmox_username" {
+  description = "Username for password-based auth (placeholder; optional if token auth is used)."
+  type        = string
+  default     = ""
+}
+
+variable "proxmox_password" {
+  description = "Password for password-based auth (placeholder; optional if token auth is used)."
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
+variable "proxmox_api_token" {
+  description = "API token for token-based auth (placeholder; optional if username/password is used)."
+  type        = string
+  default     = ""
+  sensitive   = true
+}
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.6.0"
+
+  required_providers {
+    proxmox = {
+      source  = "bpg/proxmox"
+      version = "0.68.0"
+    }
+  }
+}