From dd875a9fa14cc17016ad5cf9203cd0b03a295be7 Mon Sep 17 00:00:00 2001 From: Greg Matoga Date: Sun, 2 Jun 2024 23:36:27 +0200 Subject: [PATCH] Terraform + proxmox + sops: init --- .gitignore | 13 ++++++++ .sops.yaml | 2 ++ .terraform.lock.hcl | 39 +++++++++++++++++++++++ README.md | 7 ++++ main.tf | 78 +++++++++++++++++++++++++++++++++++++++++++++ tf-secret.enc.json | 25 +++++++++++++++ 6 files changed, 164 insertions(+) create mode 100644 .gitignore create mode 100644 .sops.yaml create mode 100644 .terraform.lock.hcl create mode 100644 README.md create mode 100644 main.tf create mode 100644 tf-secret.enc.json diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a3ddbdb --- /dev/null +++ b/.gitignore @@ -0,0 +1,13 @@ +# managed by sops +terraform.tvars + +# https://developer.hashicorp.com/terraform/language/style#gitignore +.terraform +terraform.tfstate +terraform.tfstate.* +.terraform.tfstate.lock.info +.terraform/ +!.terraform.lock.hcl + +# debug +terraform-plugin-proxmox.log \ No newline at end of file diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..a8fd8d4 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,2 @@ +creation_rules: + - pgp: D4EACAC991E3DF53D9E39FE0CB9CF7B8A8A86318 \ No newline at end of file diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 0000000..520772c --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,39 @@ +# This file is maintained automatically by "tofu init". +# Manual edits may be lost in future updates. + +provider "registry.opentofu.org/carlpett/sops" { + version = "0.7.2" + constraints = "~> 0.5" + hashes = [ + "h1:+A1/RJ3eNVQHDFHjol70EfC5Yh9e78WMXxh1uoxlAYQ=", + "zh:43f218054ea3a72c9756bf989aeebb9d0f23b66fd08e9fb4ae75d4f921295e82", + "zh:57fd326388042a6b7ecd60f740f81e5ef931546c4f068f054e7df34acf65d190", + "zh:87b970db8c137f4c2fcbff7a5705419a0aea9268ae0ac94f1ec5b978e42ab0d2", + "zh:9e3b67b89ac919f01731eb0466baa08ce0721e6cf962fe6752e7cc526ac0cba0", + "zh:c028f67ef330be0d15ce4d7ac7649a2e07a98ed3003fca52e0c72338b5f481f8", + "zh:c29362e36a44480d0d9cb7d90d1efba63fe7e0e94706b2a07884bc067c46cbc7", + "zh:d5bcfa836244718a1d564aa96eb7d733b4d361b6ecb961f7c5bcd0cadb1dfd05", + ] +} + +provider "registry.opentofu.org/telmate/proxmox" { + version = "3.0.1-rc2" + constraints = "3.0.1-rc2" + hashes = [ + "h1:y8H14NlOdJnm3saCxuepUukL1gOPlZCg/tTp6GvwPS8=", + "zh:0158ecead8265f79ca069fcb7e9c07283545f90a09abe8a28a5944c2c9b8dc89", + "zh:04731d141b77b0072bf650ee91670594f3ec93cf01c2612a5a3eecbda01e745e", + "zh:06460b2b32b06684f3ce8416d328868cdc26f88c1e0379522fdf797ba7072ccf", + "zh:15e9ece8a8106e32fa842f84494952298a24883b6dc164acdc375594ed4c3840", + "zh:2ff19ed9d1b36d4890b3c036fa027f831889535e9e9c6bf7aa185423e620d93c", + "zh:45efb6d48df0cab681677fa58557b964cbaec6b5a5acc5ff19f446760670c4ea", + "zh:554351399ef605a708653d7d716ecc36d39e85088c37435b7f391a841e1bee93", + "zh:5b78fe1f4e796cb56cbc6fc7e43e95d2ad0f46f86cb2a4795c617c73681f5374", + "zh:61a379c5380f69d474b8a22fedd68f34e7df57ab24fdfcd0336a3a88e9d1706a", + "zh:73cf31280728ee48b645c537de89881788c6e6aa6a9a2a9a09ec4510f594db2e", + "zh:85e2f22617fa1450deeaefffe6d455f26054ab8a9a6a1eb1a5c50b51703304ec", + "zh:a0cc2bd9581fcddc1f64692c9c431c652e4e0edc035a357aa1279788a8d580d0", + "zh:b99a25084d77075dce5b32604953e4266fc8cdda9ec00cbb06f886331743b492", + "zh:bcaace9bec999f869ecc308075c98139a5762b4a4f45541c7b59aa3df4f7484d", + ] +} diff --git a/README.md b/README.md new file mode 100644 index 0000000..f6b6204 --- /dev/null +++ b/README.md @@ -0,0 +1,7 @@ +# Terraform/OpenTofu Proxmox vm manager + +Sample SOPS integration https://github.com/carlpett/terraform-provider-sops to manage secrets. + +Working VM cloning sample taken from: https://github.com/Telmate/terraform-provider-proxmox/issues/935 + +https://developer.hashicorp.com/terraform/language/style#gitignore diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..af12dc7 --- /dev/null +++ b/main.tf @@ -0,0 +1,78 @@ +terraform { + required_providers { + proxmox = { + source = "Telmate/proxmox" + version = "3.0.1-rc2" + } + + sops = { + source = "carlpett/sops" + version = "~> 0.5" + } + } +} + +data "sops_file" "tf-secret" { + source_file = "tf-secret.enc.json" +} + +provider "proxmox" { + pm_api_url = "https://192.168.50.182:8006/api2/json" + pm_user = "root@pam" + pm_password = data.sops_file.tf-secret.data["proxmox_password"] + pm_tls_insecure = true + pm_log_enable = true + pm_log_file = "terraform-plugin-proxmox.log" + pm_debug = true + pm_log_levels = { + _default = "debug" + _capturelog = "" + } + } + + +# https://registry.terraform.io/providers/Telmate/proxmox/latest/docs/resources/vm_qemu#attribute-reference +resource "proxmox_vm_qemu" "test_server" { + count = 1 + name = "test-vm-${count.index + 1}" + target_node = "pve" + clone = "debian-cloud" + agent = 1 + os_type = "cloud-init" + cores = 2 + sockets = 1 + cpu = "host" + memory = 1024 + scsihw = "virtio-scsi-pci" + bootdisk = "scsi0" + + disks { + scsi { + scsi0 { + disk { + size = 10 + storage = "local-lvm" + } + } + } + ide { + ide3 { + cloudinit { + storage = "local-lvm" + } + } + } + } + + network { + model = "virtio" + bridge = "vmbr0" + } + + ipconfig0 = "ip=192.168.50.222/24,gw=192.168.50.1" + + ssh_user = "root" + sshkeys = <