beatzaplenty/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated terraform configurations

Browse Source
This commit is contained in:
git
2026-04-20 22:23:20 +10:00
parent b6d2e4ee62
commit b422a55c02
19 changed files with 845 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infrastructure/terraform/docker/.terraform.lock.hcl
Generated
+17 -16
View File
@@ -2,22 +2,23 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/kreuzwerker/docker" {
version = "3.9.0"
constraints = "~> 3.0"
version = "3.0.2"
constraints = "3.0.2"
hashes = [
"h1:EAdNh5KgGPJT5jm848MRIfNfHUVJeTBdKKcFLax5g38=",
"zh:0ead8281830e9b9496651282235d9a139ba1b1b6ff79e395eb8c78658dc446b9",
"zh:0f17d37d8d3872df3fb75c68b5272e0c981343f53b506a9675b4405191edd3ef",
"zh:11d50b37323874427c6d2a08b737d3c7707c8301fdd236c94485cf2828d0b14b",
"zh:32f6f9b847446054e2db3d72886ef2f1d1aa51a6d0dac42340b07dad18e3f28f",
"zh:5ea5c67668b5dcbda560dc6104b788a9bfc974d52f02f7886889b77cc0e5d248",
"zh:5fb19a0b07edc344cd3ddeeb9cfb3d183089deb7a6a94a7b22a583aa1712596b",
"zh:602a7ece444e2a142ec5245abb98e7a1a990a68afae2df63b6c85ec084f0c5d7",
"zh:693dce278524ad8a6d6c9dd7a01bcd63bb85189639198f8d0b044ab0e5099401",
"zh:72e9911568103576c6a78fa38841cfd45eeb88ad22a2c649eb140a377a5b3c26",
"zh:956b62b6857cbb467b50158601f01b1203daa34cbd447dcc7f044c327e878b68",
"zh:9d372bac0d4479868b34485fb4966ba7bb525938f818b6a625f4977004ea83f9",
"zh:e06658a51427f9f53dbdb06263406fc1bc56d1a4fb5e7eb660d7cdfc22f596bd",
"zh:eee38dadf672b946419af25160eae7c03fc2afbb14f39f2f1d2a7404d647e2f7",
"h1:cT2ccWOtlfKYBUE60/v2/4Q6Stk1KYTNnhxSck+VPlU=",
"zh:15b0a2b2b563d8d40f62f83057d91acb02cd0096f207488d8b4298a59203d64f",
"zh:23d919de139f7cd5ebfd2ff1b94e6d9913f0977fcfc2ca02e1573be53e269f95",
"zh:38081b3fe317c7e9555b2aaad325ad3fa516a886d2dfa8605ae6a809c1072138",
"zh:4a9c5065b178082f79ad8160243369c185214d874ff5048556d48d3edd03c4da",
"zh:5438ef6afe057945f28bce43d76c4401254073de01a774760169ac1058830ac2",
"zh:60b7fadc287166e5c9873dfe53a7976d98244979e0ab66428ea0dea1ebf33e06",
"zh:61c5ec1cb94e4c4a4fb1e4a24576d5f39a955f09afb17dab982de62b70a9bdd1",
"zh:a38fe9016ace5f911ab00c88e64b156ebbbbfb72a51a44da3c13d442cd214710",
"zh:c2c4d2b1fd9ebb291c57f524b3bf9d0994ff3e815c0cd9c9bcb87166dc687005",
"zh:d567bb8ce483ab2cf0602e07eae57027a1a53994aba470fa76095912a505533d",
"zh:e83bf05ab6a19dd8c43547ce9a8a511f8c331a124d11ac64687c764ab9d5a792",
"zh:e90c934b5cd65516fbcc454c89a150bfa726e7cf1fe749790c7480bbeb19d387",
"zh:f05f167d2eaf913045d8e7b88c13757e3cf595dd5cd333057fdafc7c4b7fed62",
"zh:fcc9c1cea5ce85e8bcb593862e699a881bd36dffd29e2e367f82d15368659c3d",
]
}
infrastructure/terraform/docker/main.tf
+9
View File
@@ -15,3 +15,12 @@
# # Add additional arguments based on `terraform state show` output.
# # Keep values aligned with the live container so plan is a no-op.
# }
#resource "docker_container" "searxng-webapp" {
# name = "searxng-webapp"
# image = "searxng/searxng"
#}
#import {
# to = docker_container.searxng-webapp
# id = "5e755fc8478a3d088be12a1bb26df78e2f1990c56e1f7671f0cbf9761330092b"
#}
infrastructure/terraform/docker/searxng-webapp.tf
+54
View File
@@ -0,0 +1,54 @@
# -----------------------------------------------------------------------------
# AUTO-GENERATED BY reconcile_from_plan.sh
# Generated: 2026-04-14T10:53:00Z
# Source: terraform plan -generate-config-out
# Review carefully before apply.
# -----------------------------------------------------------------------------
# __generated__ by Terraform
# Please review these resources and move them into your main configuration files.
# __generated__ by Terraform from "5e755fc8478a3d088be12a1bb26df78e2f1990c56e1f7671f0cbf9761330092b"
resource "docker_container" "searxng-webapp" {
entrypoint = ["/usr/local/searxng/entrypoint.sh"]
hostname = "searxng.lan.ddnsgeek.com"
image = "sha256:6a9a175cd122c005abe2dc15d7cbfcd5109619e9dcccb511c34be244e10f49bc"
must_run = true
name = "searxng-webapp"
network_mode = "core_traefik"
read_only = true
restart = "always"
tmpfs = {
"/run" = ""
"/tmp" = ""
"/var" = ""
}
wait = false
wait_timeout = 60
working_dir = "/usr/local/searxng"
healthcheck {
interval = "20s"
retries = 8
start_period = "30s"
test = ["CMD-SHELL", "python3 -c \"import urllib.request,sys; r=urllib.request.urlopen('http://127.0.0.1:8080/', timeout=3); sys.exit(0 if 200<=r.status<400 else 1)\""]
timeout = "5s"
}
mounts {
read_only = false
source = "2255bde19ed136d348d29ada3d274eb3dbcb8aede13b246bbc9bac19fa38b37d"
target = "/var/cache/searxng"
type = "volume"
}
mounts {
read_only = false
source = "e7a1475c1265b7d1c15f7c4da10e93461f6f1bcf50fe8030131a6398509e2e48"
target = "/etc/searxng"
type = "volume"
}
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/variables.tf
+1 -1
View File
@@ -7,5 +7,5 @@ variable "docker_host" {
variable "managed_container_names" {
description = "Human-maintained list of containers intentionally tracked in Terraform docs/outputs."
type = list(string)
default = []
default = ["searxng-webapp"]
}
infrastructure/terraform/proxmox/.terraform.lock.hcl
Generated
+25
View File
@@ -0,0 +1,25 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/bpg/proxmox" {
version = "0.68.0"
constraints = "0.68.0"
hashes = [
"h1:4Q+bUZoRz7o2ij/oPS3SsAy1D2CDdIMasegk+ll7oho=",
"zh:012f3fce033a7921335576edba0f2d2dad7dcaec2e5ed3b68ced692845131656",
"zh:1853ddbaef049b14e738bf8531a2c8e45d9ac409676a7f7f997d40ae794db783",
"zh:2a284f49f95bfe022f8b5bfed6ae56df5577f590ff26ae12322767f23e3b6c50",
"zh:491a7d5a3cf47fc3016213ca047fcf20288200901f5c0195314c32925fcd36c0",
"zh:4a198ab0b40b02a35955156d9a195c76a22f92d4078195ce94316b793d0d58d4",
"zh:63f0e62c5805b48893f9a106ed11e628f1a3bc3d34360a2bb31a88cfcc2051dd",
"zh:64cdc6a3bdd56e2285a2d65a17d87ee284fcdbbe69246baed4aeaf465a955007",
"zh:6721eaaa4998795c0caed3225aa2bc8ff796a6de86114431194b9770f98e2600",
"zh:79ef8a813d1b3d5ef69f2a00a3160fde9ca65c541db42c998c69db6dea66558f",
"zh:96aa2d4a6cdac17dcccbb76a1ef0afc15052c3f13fa3bb0f3f44b385272405d4",
"zh:9e1e18b04f228d671e1653294828021e672dab6635a309e72b2da4ba3b9f07e9",
"zh:a91b69c6df914f8f0504d0f0d25af6a870b79befe6ae11d39a1bd8b879871084",
"zh:bc618ee4f85b8c5db0e1494d207d2a6170ca08dad5ce9844866550a94dd56bea",
"zh:ea85f7e5dbbe768e2e15e0cafacee1c94e319d04c1835db1984a6ce79674c8e4",
"zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
]
}
infrastructure/terraform/proxmox/docker.tf
+76
View File
@@ -0,0 +1,76 @@
# proxmox_virtual_environment_vm.docker:
resource "proxmox_virtual_environment_vm" "docker" {
name = "docker"
node_name = "pve"
scsi_hardware = "virtio-scsi-single"
vm_id = 103
agent {
enabled = true
timeout = "15m"
trim = false
}
cpu {
cores = 4
numa = false
sockets = 1
type = "host"
units = 1024
}
disk {
backup = true
cache = "none"
datastore_id = "local-lvm"
discard = "ignore"
file_format = "raw"
interface = "scsi0"
iothread = false
path_in_datastore = "vm-103-disk-0"
replicate = true
size = 120
ssd = false
}
disk {
backup = true
cache = "none"
datastore_id = "local-lvm"
discard = "ignore"
file_format = "raw"
interface = "scsi1"
iothread = false
path_in_datastore = "vm-103-disk-1"
replicate = true
size = 250
ssd = false
}
memory {
dedicated = 8192
floating = 4096
keep_hugepages = false
shared = 0
}
network_device {
bridge = "vmbr0"
disconnected = false
enabled = true
firewall = true
}
operating_system {
type = "l26"
}
lifecycle {
ignore_changes = [
vga,
keyboard_layout,
tablet_device,
agent,
]
}
}
infrastructure/terraform/proxmox/main.tf
+48 -11
View File
@@ -1,14 +1,51 @@
# Proxmox scaffold only.
# Proxmox import-first workflow
#
# 1) Add one minimal resource block for one existing VM.
# 2) Add an import block for that VM using the provider's required import ID format.
# 3) Run:
# terraform init
# terraform plan
# or:
# ../scripts/reconcile_from_plan.sh -- -var-file=terraform.tfvars
# 4) Review generated config carefully.
# 5) Move only the useful arguments into a hand-maintained .tf file.
# 6) Repeat until `terraform plan` is a no-op.
# IMPORTANT:
# - Resource blocks are intentionally omitted for now.
# - Before adding resources, confirm:
# 1) provider resource schemas,
# 2) exact import ID formats,
# 3) non-destructive reconciliation strategy for existing VMs.
# - Start with exactly ONE existing VM.
# - Do not apply until plan is clean.
# - Confirm the provider's exact import ID format before running import/plan.
# - Do not import your whole environment at once.
# Example placeholder for one existing VM
#resource "proxmox_virtual_environment_vm" "server-nixos" {
# name = "server-nixos"
# node_name = "pve"
#}
# Example import block
# REPLACE the id below with the exact import ID format required by your provider.
# This is provider-specific and must be confirmed before use.
#
# Suggested future workflow mirrors docker/:
# - Define one resource for an existing object.
# - Import it.
# - Use `terraform state show` to reconcile config.
# - Proceed incrementally.
# Commonly this will involve the Proxmox node name and VM ID in some form.
#
import {
to = proxmox_virtual_environment_vm.nix-cache
id = "pve/105"
}
import {
to = proxmox_virtual_environment_vm.server-nixos
id = "pve/104"
}
import {
to = proxmox_virtual_environment_vm.pihole
id = "pve/108"
}
import {
to = proxmox_virtual_environment_vm.pbs
id = "pve/106"
}
import {
to = proxmox_virtual_environment_vm.docker
id = "pve/103"
}
infrastructure/terraform/proxmox/nix-cache.tf
+63
View File
@@ -0,0 +1,63 @@
# proxmox_virtual_environment_vm.nix-cache:
resource "proxmox_virtual_environment_vm" "nix-cache" {
name = "nix-cache"
node_name = "pve"
scsi_hardware = "virtio-scsi-single"
vm_id = 105
agent {
enabled = true
timeout = "15m"
trim = false
}
cpu {
cores = 2
numa = false
sockets = 1
type = "x86-64-v2-AES"
units = 1024
}
disk {
backup = true
cache = "none"
datastore_id = "local-lvm"
discard = "ignore"
file_format = "raw"
interface = "scsi0"
iothread = false
path_in_datastore = "vm-105-disk-0"
replicate = true
size = 100
ssd = false
}
memory {
dedicated = 2048
floating = 0
keep_hugepages = false
shared = 0
}
network_device {
bridge = "vmbr0"
disconnected = false
enabled = true
firewall = true
}
operating_system {
type = "l26"
}
lifecycle {
ignore_changes = [
vga,
keyboard_layout,
tablet_device,
agent,
]
}
}
infrastructure/terraform/proxmox/pbs.tf
+72
View File
@@ -0,0 +1,72 @@
# __generated__ by Terraform
# Please review these resources and move them into your main configuration files.
# __generated__ by Terraform
resource "proxmox_virtual_environment_vm" "pbs" {
name = "pbs"
node_name = "pve"
scsi_hardware = "virtio-scsi-single"
vm_id = 106
agent {
enabled = true
timeout = "15m"
trim = false
}
cpu {
cores = 4
numa = false
sockets = 1
type = "x86-64-v2-AES"
units = 1024
}
disk {
backup = true
cache = "none"
datastore_id = "local-lvm"
discard = "ignore"
file_format = "raw"
interface = "scsi0"
iothread = false
path_in_datastore = "vm-106-disk-0"
replicate = true
size = 100
ssd = false
}
disk {
backup = true
cache = "none"
datastore_id = "local-lvm"
discard = "ignore"
file_format = "raw"
interface = "scsi1"
iothread = false
path_in_datastore = "vm-106-disk-1"
replicate = true
size = 700
ssd = false
}
memory {
dedicated = 8192
floating = 4096
keep_hugepages = false
shared = 0
}
network_device {
bridge = "vmbr0"
disconnected = false
enabled = true
firewall = true
}
operating_system {
type = "l26"
}
lifecycle {
ignore_changes = [
vga,
keyboard_layout,
tablet_device,
agent,
]
}
}
infrastructure/terraform/proxmox/pihole.tf
+63
View File
@@ -0,0 +1,63 @@
# proxmox_virtual_environment_vm.pihole:
resource "proxmox_virtual_environment_vm" "pihole" {
name = "pihole"
node_name = "pve"
scsi_hardware = "virtio-scsi-single"
vm_id = 108
agent {
enabled = true
timeout = "15m"
trim = false
}
cpu {
cores = 2
numa = false
sockets = 1
type = "x86-64-v2-AES"
units = 1024
}
disk {
backup = true
cache = "none"
datastore_id = "local-lvm"
discard = "ignore"
file_format = "raw"
interface = "sata0"
iothread = false
path_in_datastore = "vm-108-disk-0"
replicate = true
size = 32
ssd = false
}
memory {
dedicated = 2048
floating = 0
keep_hugepages = false
shared = 0
}
network_device {
bridge = "vmbr0"
disconnected = false
enabled = true
firewall = true
}
operating_system {
type = "l26"
}
lifecycle {
ignore_changes = [
vga,
keyboard_layout,
tablet_device,
agent,
]
}
}
infrastructure/terraform/proxmox/providers.tf
+3 -3
View File
@@ -4,8 +4,8 @@ provider "proxmox" {
endpoint = var.proxmox_endpoint
insecure = var.proxmox_insecure
username = var.proxmox_username
password = var.proxmox_password
# username = var.proxmox_username
# password = var.proxmox_password
api_token = var.proxmox_api_token
api_token = "${var.proxmox_api_token_id}=${var.proxmox_api_token_secret}"
}
infrastructure/terraform/proxmox/server-nixos.tf
+88
View File
@@ -0,0 +1,88 @@
# __generated__ by Terraform
# Please review these resources and move them into your main configuration files.
# __generated__ by Terraform
resource "proxmox_virtual_environment_vm" "server-nixos" {
name = "server-nixos"
node_name = "pve"
scsi_hardware = "virtio-scsi-single"
vm_id = 104
agent {
enabled = true
timeout = "15m"
trim = false
}
cpu {
cores = 4
numa = false
sockets = 1
type = "x86-64-v2-AES"
units = 1024
}
disk {
aio = "io_uring"
backup = true
cache = "none"
datastore_id = "local-lvm"
discard = "ignore"
file_format = "raw"
interface = "scsi0"
iothread = false
path_in_datastore = "vm-104-disk-0"
replicate = true
size = 32
ssd = false
}
disk {
aio = "io_uring"
backup = true
cache = "none"
datastore_id = "local-lvm"
discard = "ignore"
file_format = "raw"
interface = "scsi1"
iothread = false
path_in_datastore = "vm-104-disk-1"
replicate = true
size = 200
ssd = false
}
disk {
aio = "io_uring"
backup = true
cache = "none"
datastore_id = "local-lvm"
discard = "ignore"
file_format = "raw"
interface = "scsi2"
iothread = false
path_in_datastore = "vm-104-disk-2"
replicate = true
size = 200
ssd = false
}
memory {
dedicated = 4096
floating = 2048
keep_hugepages = false
shared = 0
}
network_device {
bridge = "vmbr0"
disconnected = false
enabled = true
firewall = true
}
operating_system {
type = "l26"
}
lifecycle {
ignore_changes = [
vga,
keyboard_layout,
tablet_device,
agent,
]
}
}
infrastructure/terraform/proxmox/variables.tf
+15 -9
View File
@@ -10,20 +10,26 @@ variable "proxmox_insecure" {
default = false
}
variable "proxmox_username" {
description = "Username for password-based auth (placeholder; optional if token auth is used)."
type = string
default = ""
}
#variable "proxmox_username" {
# description = "Username for password-based auth (placeholder; optional if token auth is used)."
# type = string
# default = ""
#}
variable "proxmox_password" {
description = "Password for password-based auth (placeholder; optional if token auth is used)."
#variable "proxmox_password" {
# description = "Password for password-based auth (placeholder; optional if token auth is used)."
# type = string
# default = ""
# sensitive = true
#}
variable "proxmox_api_token_id" {
type = string
default = ""
description = "Proxmox API token ID, e.g. terraform@pve!tf"
sensitive = true
}
variable "proxmox_api_token" {
variable "proxmox_api_token_secret" {
description = "API token for token-based auth (placeholder; optional if username/password is used)."
type = string
default = ""