counterweight/personal_infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
personal_infra/tofu/nodito
History
counterweight 79e6a1a543
more stuff
2025-12-01 11:17:02 +01:00
..
main.tf more stuff 2025-12-01 11:17:02 +01:00
provider.tf tf defined vms 2025-10-31 08:54:18 +01:00
README.md more stuff 2025-12-01 11:17:02 +01:00
terraform.tfvars.example more stuff 2025-12-01 11:17:02 +01:00
variables.tf stuff 2025-11-14 23:36:00 +01:00
versions.tf tf defined vms 2025-10-31 08:54:18 +01:00

README.md

Nodito VMs with OpenTofu (Proxmox)

This directory lets you declare VMs on the nodito Proxmox node and apply with OpenTofu. It clones the Ansible-built template debian-13-cloud-init and places disks on the ZFS pool proxmox-tank-1.

Prereqs

  • Proxmox API token with VM privileges. Example: user root@pam, token name tofu.
  • OpenTofu installed. 
    sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl gnupg

sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://get.opentofu.org/opentofu.gpg | sudo tee /etc/apt/keyrings/opentofu.gpg >/dev/null
curl -fsSL https://packages.opentofu.org/opentofu/tofu/gpgkey | sudo gpg --no-tty --batch --dearmor -o /etc/apt/keyrings/opentofu-repo.gpg >/dev/null
sudo chmod a+r /etc/apt/keyrings/opentofu.gpg /etc/apt/keyrings/opentofu-repo.gpg

echo \
  "deb [signed-by=/etc/apt/keyrings/opentofu.gpg,/etc/apt/keyrings/opentofu-repo.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main
deb-src [signed-by=/etc/apt/keyrings/opentofu.gpg,/etc/apt/keyrings/opentofu-repo.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" | \
  sudo tee /etc/apt/sources.list.d/opentofu.list > /dev/null
sudo chmod a+r /etc/apt/sources.list.d/opentofu.list

sudo apt-get update
sudo apt-get install -y tofu
tofu version
  • The Ansible template exists: debian-13-cloud-init (VMID 9001 by default).

Provider Auth

Create a terraform.tfvars (copy from terraform.tfvars.example) and set:

  • proxmox_api_url (e.g. https://nodito:8006/api2/json)
  • proxmox_api_token_id (e.g. root@pam!tofu)
  • proxmox_api_token_secret
  • ssh_authorized_keys (your public key content)

Alternatively, you can export env vars and reference them in a tfvars file.

Declare VMs

Edit terraform.tfvars and fill the vms map. Example entry:

vms = {
  web1 = {
    name         = "web1"
    cores        = 2
    memory_mb    = 2048
    disk_size_gb = 20
    ipconfig0    = "ip=dhcp" # or "ip=192.168.1.50/24,gw=192.168.1.1"
    data_disks = [
      {
        size_gb = 50
        # storage defaults to var.zfs_storage_name (proxmox-tank-1)
        # optional: slot = "scsi2"
      }
    ]
  }
}

All VM disks are created on zfs_storage_name (defaults to proxmox-tank-1). Network attaches to vmbr0. VLAN can be set per-VM with vlan_tag.

Usage

tofu init
tofu plan -var-file=terraform.tfvars
tofu apply -var-file=terraform.tfvars

VMs are created once and then protected: the module sets lifecycle.prevent_destroy = true and ignores subsequent config changes. After the initial apply, manage day2 changes directly in Proxmox (or remove the lifecycle block if you need OpenTofu to own ongoing updates).

Notes

  • Clones are full clones by default (full_clone = true).
  • Cloud-init injects cloud_init_user and ssh_authorized_keys.
  • Disks use scsi0 on ZFS with discard enabled.