Updated terraform configurations

infrastructure/terraform/proxmox/.terraform.lock.hcl

@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/bpg/proxmox" {
+  version     = "0.68.0"
+  constraints = "0.68.0"
+  hashes = [
+    "h1:4Q+bUZoRz7o2ij/oPS3SsAy1D2CDdIMasegk+ll7oho=",
+    "zh:012f3fce033a7921335576edba0f2d2dad7dcaec2e5ed3b68ced692845131656",
+    "zh:1853ddbaef049b14e738bf8531a2c8e45d9ac409676a7f7f997d40ae794db783",
+    "zh:2a284f49f95bfe022f8b5bfed6ae56df5577f590ff26ae12322767f23e3b6c50",
+    "zh:491a7d5a3cf47fc3016213ca047fcf20288200901f5c0195314c32925fcd36c0",
+    "zh:4a198ab0b40b02a35955156d9a195c76a22f92d4078195ce94316b793d0d58d4",
+    "zh:63f0e62c5805b48893f9a106ed11e628f1a3bc3d34360a2bb31a88cfcc2051dd",
+    "zh:64cdc6a3bdd56e2285a2d65a17d87ee284fcdbbe69246baed4aeaf465a955007",
+    "zh:6721eaaa4998795c0caed3225aa2bc8ff796a6de86114431194b9770f98e2600",
+    "zh:79ef8a813d1b3d5ef69f2a00a3160fde9ca65c541db42c998c69db6dea66558f",
+    "zh:96aa2d4a6cdac17dcccbb76a1ef0afc15052c3f13fa3bb0f3f44b385272405d4",
+    "zh:9e1e18b04f228d671e1653294828021e672dab6635a309e72b2da4ba3b9f07e9",
+    "zh:a91b69c6df914f8f0504d0f0d25af6a870b79befe6ae11d39a1bd8b879871084",
+    "zh:bc618ee4f85b8c5db0e1494d207d2a6170ca08dad5ce9844866550a94dd56bea",
+    "zh:ea85f7e5dbbe768e2e15e0cafacee1c94e319d04c1835db1984a6ce79674c8e4",
+    "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
+  ]
+}

infrastructure/terraform/proxmox/docker.tf

@@ -0,0 +1,76 @@
+# proxmox_virtual_environment_vm.docker:
+resource "proxmox_virtual_environment_vm" "docker" {
+    name                    = "docker"
+    node_name               = "pve"
+    scsi_hardware           = "virtio-scsi-single"
+    vm_id                   = 103
+
+    agent {
+        enabled = true
+        timeout = "15m"
+        trim    = false
+    }
+
+    cpu {
+        cores        = 4
+        numa         = false
+        sockets      = 1
+        type         = "host"
+        units        = 1024
+    }
+
+    disk {
+        backup            = true
+        cache             = "none"
+        datastore_id      = "local-lvm"
+        discard           = "ignore"
+        file_format       = "raw"
+        interface         = "scsi0"
+        iothread          = false
+        path_in_datastore = "vm-103-disk-0"
+        replicate         = true
+        size              = 120
+        ssd               = false
+    }
+    disk {
+        backup            = true
+        cache             = "none"
+        datastore_id      = "local-lvm"
+        discard           = "ignore"
+        file_format       = "raw"
+        interface         = "scsi1"
+        iothread          = false
+        path_in_datastore = "vm-103-disk-1"
+        replicate         = true
+        size              = 250
+        ssd               = false
+    }
+
+    memory {
+        dedicated      = 8192
+        floating       = 4096
+        keep_hugepages = false
+        shared         = 0
+    }
+
+    network_device {
+        bridge       = "vmbr0"
+        disconnected = false
+        enabled      = true
+        firewall     = true
+    }
+
+    operating_system {
+        type = "l26"
+    }
+
+  lifecycle {
+    ignore_changes = [
+      vga,
+      keyboard_layout,
+      tablet_device,
+      agent,
+    ]
+  }
+
+}

infrastructure/terraform/proxmox/main.tf

@@ -1,14 +1,51 @@
-# Proxmox scaffold only.
+# Proxmox import-first workflow
 #
+# 1) Add one minimal resource block for one existing VM.
+# 2) Add an import block for that VM using the provider's required import ID format.
+# 3) Run:
+#      terraform init
+#      terraform plan
+#   or:
+#      ../scripts/reconcile_from_plan.sh -- -var-file=terraform.tfvars
+# 4) Review generated config carefully.
+# 5) Move only the useful arguments into a hand-maintained .tf file.
+# 6) Repeat until `terraform plan` is a no-op.
+
 # IMPORTANT:
-# - Resource blocks are intentionally omitted for now.
-# - Before adding resources, confirm:
-#   1) provider resource schemas,
-#   2) exact import ID formats,
-#   3) non-destructive reconciliation strategy for existing VMs.
+# - Start with exactly ONE existing VM.
+# - Do not apply until plan is clean.
+# - Confirm the provider's exact import ID format before running import/plan.
+# - Do not import your whole environment at once.
+
+# Example placeholder for one existing VM
+#resource "proxmox_virtual_environment_vm" "server-nixos" {
+#  name      = "server-nixos"
+#  node_name = "pve"
+#}
+
+# Example import block
+# REPLACE the id below with the exact import ID format required by your provider.
+# This is provider-specific and must be confirmed before use.
 #
-# Suggested future workflow mirrors docker/:
-# - Define one resource for an existing object.
-# - Import it.
-# - Use `terraform state show` to reconcile config.
-# - Proceed incrementally.
+# Commonly this will involve the Proxmox node name and VM ID in some form.
+#
+import {
+  to = proxmox_virtual_environment_vm.nix-cache
+  id = "pve/105"
+}
+import {
+  to = proxmox_virtual_environment_vm.server-nixos
+  id = "pve/104"
+}
+import {
+  to = proxmox_virtual_environment_vm.pihole
+  id = "pve/108"
+}
+import {
+  to = proxmox_virtual_environment_vm.pbs
+  id = "pve/106"
+}
+import {
+  to = proxmox_virtual_environment_vm.docker
+  id = "pve/103"
+}

infrastructure/terraform/proxmox/nix-cache.tf

@@ -0,0 +1,63 @@
+# proxmox_virtual_environment_vm.nix-cache:
+resource "proxmox_virtual_environment_vm" "nix-cache" {
+  name          = "nix-cache"
+  node_name     = "pve"
+  scsi_hardware = "virtio-scsi-single"
+  vm_id         = 105
+
+  agent {
+    enabled = true
+    timeout = "15m"
+    trim    = false
+  }
+
+  cpu {
+    cores   = 2
+    numa    = false
+    sockets = 1
+    type    = "x86-64-v2-AES"
+    units   = 1024
+  }
+
+  disk {
+    backup            = true
+    cache             = "none"
+    datastore_id      = "local-lvm"
+    discard           = "ignore"
+    file_format       = "raw"
+    interface         = "scsi0"
+    iothread          = false
+    path_in_datastore = "vm-105-disk-0"
+    replicate         = true
+    size              = 100
+    ssd               = false
+  }
+
+  memory {
+    dedicated      = 2048
+    floating       = 0
+    keep_hugepages = false
+    shared         = 0
+  }
+
+  network_device {
+    bridge       = "vmbr0"
+    disconnected = false
+    enabled      = true
+    firewall     = true
+  }
+
+  operating_system {
+    type = "l26"
+  }
+  lifecycle {
+    ignore_changes = [
+      vga,
+      keyboard_layout,
+      tablet_device,
+      agent,
+    ]
+  }
+
+}
+

infrastructure/terraform/proxmox/pbs.tf

@@ -0,0 +1,72 @@
+# __generated__ by Terraform
+# Please review these resources and move them into your main configuration files.
+
+# __generated__ by Terraform
+resource "proxmox_virtual_environment_vm" "pbs" {
+  name                = "pbs"
+  node_name           = "pve"
+  scsi_hardware       = "virtio-scsi-single"
+  vm_id               = 106
+  agent {
+    enabled = true
+    timeout = "15m"
+    trim    = false
+  }
+  cpu {
+    cores        = 4
+    numa         = false
+    sockets      = 1
+    type         = "x86-64-v2-AES"
+    units        = 1024
+  }
+  disk {
+    backup            = true
+    cache             = "none"
+    datastore_id      = "local-lvm"
+    discard           = "ignore"
+    file_format       = "raw"
+    interface         = "scsi0"
+    iothread          = false
+    path_in_datastore = "vm-106-disk-0"
+    replicate         = true
+    size              = 100
+    ssd               = false
+  }
+  disk {
+    backup            = true
+    cache             = "none"
+    datastore_id      = "local-lvm"
+    discard           = "ignore"
+    file_format       = "raw"
+    interface         = "scsi1"
+    iothread          = false
+    path_in_datastore = "vm-106-disk-1"
+    replicate         = true
+    size              = 700
+    ssd               = false
+  }
+  memory {
+    dedicated      = 8192
+    floating       = 4096
+    keep_hugepages = false
+    shared         = 0
+  }
+  network_device {
+    bridge       = "vmbr0"
+    disconnected = false
+    enabled      = true
+    firewall     = true
+  }
+  operating_system {
+    type = "l26"
+  }
+  lifecycle {
+    ignore_changes = [
+      vga,
+      keyboard_layout,
+      tablet_device,
+      agent,
+    ]
+  }
+
+}

infrastructure/terraform/proxmox/pihole.tf

@@ -0,0 +1,63 @@
+# proxmox_virtual_environment_vm.pihole:
+resource "proxmox_virtual_environment_vm" "pihole" {
+    name                    = "pihole"
+    node_name               = "pve"
+    scsi_hardware           = "virtio-scsi-single"
+    vm_id                   = 108
+
+    agent {
+        enabled = true
+        timeout = "15m"
+        trim    = false
+    }
+
+    cpu {
+        cores        = 2
+        numa         = false
+        sockets      = 1
+        type         = "x86-64-v2-AES"
+        units        = 1024
+    }
+
+    disk {
+        backup            = true
+        cache             = "none"
+        datastore_id      = "local-lvm"
+        discard           = "ignore"
+        file_format       = "raw"
+        interface         = "sata0"
+        iothread          = false
+        path_in_datastore = "vm-108-disk-0"
+        replicate         = true
+        size              = 32
+        ssd               = false
+    }
+
+    memory {
+        dedicated      = 2048
+        floating       = 0
+        keep_hugepages = false
+        shared         = 0
+    }
+
+    network_device {
+        bridge       = "vmbr0"
+        disconnected = false
+        enabled      = true
+        firewall     = true
+    }
+
+    operating_system {
+        type = "l26"
+    }
+
+  lifecycle {
+    ignore_changes = [
+      vga,
+      keyboard_layout,
+      tablet_device,
+      agent,
+    ]
+  }
+
+}

infrastructure/terraform/proxmox/providers.tf

@@ -4,8 +4,8 @@ provider "proxmox" {
   endpoint = var.proxmox_endpoint
   insecure = var.proxmox_insecure
 
-  username = var.proxmox_username
-  password = var.proxmox_password
+  #  username = var.proxmox_username
+  #  password = var.proxmox_password
 
-  api_token = var.proxmox_api_token
+  api_token = "${var.proxmox_api_token_id}=${var.proxmox_api_token_secret}"
 }

infrastructure/terraform/proxmox/server-nixos.tf

@@ -0,0 +1,88 @@
+# __generated__ by Terraform
+# Please review these resources and move them into your main configuration files.
+
+# __generated__ by Terraform
+resource "proxmox_virtual_environment_vm" "server-nixos" {
+  name          = "server-nixos"
+  node_name     = "pve"
+  scsi_hardware = "virtio-scsi-single"
+  vm_id         = 104
+  agent {
+    enabled = true
+    timeout = "15m"
+    trim    = false
+  }
+  cpu {
+    cores   = 4
+    numa    = false
+    sockets = 1
+    type    = "x86-64-v2-AES"
+    units   = 1024
+  }
+  disk {
+    aio               = "io_uring"
+    backup            = true
+    cache             = "none"
+    datastore_id      = "local-lvm"
+    discard           = "ignore"
+    file_format       = "raw"
+    interface         = "scsi0"
+    iothread          = false
+    path_in_datastore = "vm-104-disk-0"
+    replicate         = true
+    size              = 32
+    ssd               = false
+  }
+  disk {
+    aio               = "io_uring"
+    backup            = true
+    cache             = "none"
+    datastore_id      = "local-lvm"
+    discard           = "ignore"
+    file_format       = "raw"
+    interface         = "scsi1"
+    iothread          = false
+    path_in_datastore = "vm-104-disk-1"
+    replicate         = true
+    size              = 200
+    ssd               = false
+  }
+  disk {
+    aio               = "io_uring"
+    backup            = true
+    cache             = "none"
+    datastore_id      = "local-lvm"
+    discard           = "ignore"
+    file_format       = "raw"
+    interface         = "scsi2"
+    iothread          = false
+    path_in_datastore = "vm-104-disk-2"
+    replicate         = true
+    size              = 200
+    ssd               = false
+  }
+  memory {
+    dedicated      = 4096
+    floating       = 2048
+    keep_hugepages = false
+    shared         = 0
+  }
+  network_device {
+    bridge       = "vmbr0"
+    disconnected = false
+    enabled      = true
+    firewall     = true
+  }
+  operating_system {
+    type = "l26"
+  }
+  lifecycle {
+    ignore_changes = [
+      vga,
+      keyboard_layout,
+      tablet_device,
+      agent,
+    ]
+  }
+
+}

infrastructure/terraform/proxmox/variables.tf

@@ -10,20 +10,26 @@ variable "proxmox_insecure" {
   default     = false
 }
 
-variable "proxmox_username" {
-  description = "Username for password-based auth (placeholder; optional if token auth is used)."
-  type        = string
-  default     = ""
-}
+#variable "proxmox_username" {
+#  description = "Username for password-based auth (placeholder; optional if token auth is used)."
+#  type        = string
+#  default     = ""
+#}
 
-variable "proxmox_password" {
-  description = "Password for password-based auth (placeholder; optional if token auth is used)."
+#variable "proxmox_password" {
+#  description = "Password for password-based auth (placeholder; optional if token auth is used)."
+#  type        = string
+#  default     = ""
+#  sensitive   = true
+#}
+
+variable "proxmox_api_token_id" {
   type        = string
-  default     = ""
+  description = "Proxmox API token ID, e.g. terraform@pve!tf"
   sensitive   = true
 }
 
-variable "proxmox_api_token" {
+variable "proxmox_api_token_secret" {
   description = "API token for token-based auth (placeholder; optional if username/password is used)."
   type        = string
   default     = ""