commit f9ec0b4202fff50257dbc0afe3d9020e4ea1795f Author: braniz Date: Sun Feb 1 14:37:19 2026 +0000 Initial diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..17b694d --- /dev/null +++ b/.gitignore @@ -0,0 +1,15 @@ +# OpenTofu / Terraform +.terraform/ +.opentofu/ +*.tfstate +*.tfstate.* +*.backup +*.log + +# Variablen & Geheimnisse +*.tfvars +*.tfvars.json +var_keys.tf + +# OS Müll +.DS_Store diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 0000000..b0a327d --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "tofu init". +# Manual edits may be lost in future updates. + +provider "registry.opentofu.org/bpg/proxmox" { + version = "0.93.1" + constraints = ">= 0.60.0" + hashes = [ + "h1:flRMvV4fFmCmwdn8ln/bBecOOzyEkcM3U0Z5/kYTPXc=", + "zh:1d44354d85f11485f0f36af1459470abef215bd26bf6a4a4ad1bada5357c755f", + "zh:261905d0aefdcb9861d96fa5071691307a5d8e7d91eeeb3116c6089d66401739", + "zh:3b5565bae5b5403e45f876510b2891e4ad04dd4b4848ddf72b2425d167f52d15", + "zh:4a87c3dd4acbe6669d79a2950116b8615521107ca692c7a4afe8753b7a9cd960", + "zh:50e191384c7a81f993a19174fadf276df23d58985dec63924eac95622e26bf67", + "zh:7005dba492a0549531762b4c99b03fd52f5d107b63167730c11a7c3e2a68fa84", + "zh:80657cf50e5eb0a2c84b4e56b23945cf63ea726241d1e262556f96d1a77300e9", + "zh:853a3ebf49e74b12187250b3a429390088363c8aa320684f22c56cc7a0e79630", + "zh:aae9c1c3f0b49f6be3b632fa0320e9213fb5dcc894e9368aff9f18e52a03ca36", + "zh:c26b7d9fb3817960a54491be99514143fd55a865435532d4f2da3c1a02290dcd", + "zh:de98a5fe0145347cb0756f45e6eb8fd5571c19345a38aa47ea7edf9a959549db", + "zh:e9a65c3a8b7954c73e1f3f147aebd48b25671f9a55f02fe0af11481ba03826f8", + "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597", + "zh:f27a59e8bc50bab3de3e001b1fe298c43dcc7ab5bdf49977ba9c6cbd5eebc472", + "zh:f7cb7cbc72cd0778bbe6d03572a073ca2603bcdc7b124af049aa7bc4bf66e2f5", + ] +} diff --git a/config b/config new file mode 100644 index 0000000..b7b0df3 --- /dev/null +++ b/config @@ -0,0 +1,15 @@ +[core] + repositoryformatversion = 0 + filemode = true + bare = false + logallrefupdates = true +[remote "origin"] + url = ssh://git@git.z-iq.de:222/braniz/tofu-base-ubuntu.git + fetch = +refs/heads/*:refs/remotes/origin/* +[branch "master"] + remote = origin + merge = refs/heads/master + vscode-merge-base = origin/master +[branch "main"] + remote = origin + merge = refs/heads/main diff --git a/example_var_keys b/example_var_keys new file mode 100644 index 0000000..4bda03f --- /dev/null +++ b/example_var_keys @@ -0,0 +1,22 @@ +/* +Variablen für Proxmox API Zugang und SSH-Schlüssel Anpssen und umbennen nach Bedarf +var_keys.tf +*/ +variable "pm_api_url" { + type = string + description = "Die URL zur Proxmox API (z.B. https://192.168.xxx.xxx:8006/)" + default = "https://192.168.xxx.xxx:8006/" +} + +variable "pm_api_token" { + type = string + description = "Der vollständige API Token (ID=Secret)" + sensitive = true + default = "tofu-user@pve!tofu-token=APITOKENVALUE_HERE" +} + +variable "pm_ssh_public_key" { + type = string + description = "Der öffentliche SSH-Schlüssel für den Benutzer in der VM" + default = "SSH_PUBLIC_KEY_HERE" +} diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..a259519 --- /dev/null +++ b/main.tf @@ -0,0 +1,89 @@ +terraform { + required_providers { + proxmox = { + source = "bpg/proxmox" + version = ">= 0.60.0" + } + } +} + +provider "proxmox" { + endpoint = var.pm_api_url + api_token = var.pm_api_token + insecure = var.pm_insecure + + ssh { + agent = false # Auf false, da wir den Pfad direkt angeben + username = "root" + private_key = file("/home/braniz/.ssh/prox/id_ed25519") + } +} + +resource "proxmox_virtual_environment_vm" "proxmox_vm" { + name = var.pm_vm_name + description = "Erstellt mit OpenTofu" + node_name = var.pm_host + vm_id = var.pm_vm_id + stop_on_destroy = true + + agent { + enabled = true + } + + cpu { + cores = 4 + type = "host" # 'host' sorgt für bessere Performance bei Ceph/KVM + } + + memory { + dedicated = 8192 + } + + # Erste Festplatte (OS) - Ceph RBD + disk { + datastore_id = "ceph-pool" + file_id = var.pm_cloud_image + interface = "scsi0" + size = 20 + discard = "on" # Wichtig für Ceph, um Platz freizugeben (TRIM) + } + + # Zweite Festplatte (Daten) + disk { + datastore_id = "ceph-pool" + interface = "scsi1" + size = 20 + discard = "on" + } + + network_device { + bridge = "vmbr0" + } + + initialization { + datastore_id = "ceph-pool" # Konsistent zum Disk-Storage + + user_account { + username = "braniz" + # Hier deinen vollständigen Key einfügen: + keys = [var.pm_ssh_public_key] + } + + ip_config { + ipv4 { + address = "dhcp" + } + } + } +} + +/* +output "vm_ip" { + description = "Die IP der VM" + # Wir nehmen das erste Element, das NICHT 127.0.0.1 ist + value = try( + [for ip in flatten(proxmox_virtual_environment_vm.proxmox_vm.ipv4_addresses) : ip if ip != "127.0.0.1"][0], + "Wartet auf DHCP/Agent..." + ) +} +*/ \ No newline at end of file diff --git a/main.tf_org b/main.tf_org new file mode 100644 index 0000000..15e71ec --- /dev/null +++ b/main.tf_org @@ -0,0 +1,77 @@ +terraform { + required_providers { + proxmox = { + source = "bpg/proxmox" + version = ">= 0.60.0" # Empfohlene Version für OpenTofu + } + } +} + +provider "proxmox" { + endpoint = var.pm_api_url + api_token = var.pm_api_token + insecure = var.pm_insecure + +# SSH-Konfiguration hinzufügen + ssh { + agent = true # Nutzt deinen lokalen ssh-agent + username = "root" # Oder ein anderer User mit Root-Rechten auf dem PVE-Host + # Alternativ, falls kein Agent genutzt wird: + private_key = file("/home/braniz/.ssh/id_ed25519") + } +} + +resource "proxmox_virtual_environment_vm" "proxmox_vm" { + name = var.pm_vm_name + description = "Erstellt mit OpenTofu" + node_name = var.pm_host + vm_id = var.pm_vm_id + + # Erzwingt das Stoppen der VM vor dem Löschen (verhindert hängende Locks) + stop_on_destroy = true + + cpu { + cores = 4 + } + + memory { + dedicated = 8192 + } + + # Erste Festplatte (20 GB) + disk { + datastore_id = "ceph-pool" + file_id = var.pm_cloud_image + size = 20 + interface = "scsi0" + file_format = "raw" + } + + # Zweite Festplatte (20 GB) + disk { + datastore_id = "ceph-pool" + size = 20 + interface = "scsi1" + file_format = "raw" + } + + initialization { + datastore_id = "ceph-pool" + user_account { + username = "braniz" + keys = ["ssh-ed25519 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBh9BFdBV7WrrlOLmNZEe8dXJEOVK2Vc3c/0jLiD27ZD root@iqprox01"] + } + + + # Aktiviert DHCP über Cloud-Init + ip_config { + ipv4 { + address = "dhcp" + } + } + } + + network_device { + bridge = "vmbr0" + } +} \ No newline at end of file diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..9a6af70 --- /dev/null +++ b/variables.tf @@ -0,0 +1,37 @@ +/* +Die Variablen mit sensiblen Daten wurden in die Datei var_keys.tf ausgelagert und sind in der .gitignore eingetragen: +variable "pm_api_url" +variable "pm_api_token" +variable "pm_ssh_public_key" +*/ + +variable "pm_insecure" { + type = bool + description = "Setze auf false, wenn du ein echtes SSL-Zertifikat hast" + default = true +} + +variable "pm_host" { + type = string + description = "Der Hostname oder die IP-Adresse deines Proxmox Servers" + default = "iqprox01" + +} + +variable "pm_vm_name" { + type = string + description = "Der Name der zu erstellenden VM" + default = "tofu-ubuntu2" +} + +variable "pm_vm_id" { + type = number + description = "Die VM ID der zu erstellenden VM" + default = "10002" +} + +variable "pm_cloud_image" { + type = string + description = "Der Name des Cloud-Init Images in Proxmox" + default = "local:iso/noble-server-cloudimg-amd64.img" +}