Initial

.gitignore

@@ -0,0 +1,15 @@
+# OpenTofu / Terraform
+.terraform/
+.opentofu/
+*.tfstate
+*.tfstate.*
+*.backup
+*.log
+
+# Variablen & Geheimnisse
+*.tfvars
+*.tfvars.json
+var_keys.tf
+
+# OS Müll
+.DS_Store

.terraform.lock.hcl

@@ -0,0 +1,25 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/bpg/proxmox" {
+  version     = "0.93.1"
+  constraints = ">= 0.60.0"
+  hashes = [
+    "h1:flRMvV4fFmCmwdn8ln/bBecOOzyEkcM3U0Z5/kYTPXc=",
+    "zh:1d44354d85f11485f0f36af1459470abef215bd26bf6a4a4ad1bada5357c755f",
+    "zh:261905d0aefdcb9861d96fa5071691307a5d8e7d91eeeb3116c6089d66401739",
+    "zh:3b5565bae5b5403e45f876510b2891e4ad04dd4b4848ddf72b2425d167f52d15",
+    "zh:4a87c3dd4acbe6669d79a2950116b8615521107ca692c7a4afe8753b7a9cd960",
+    "zh:50e191384c7a81f993a19174fadf276df23d58985dec63924eac95622e26bf67",
+    "zh:7005dba492a0549531762b4c99b03fd52f5d107b63167730c11a7c3e2a68fa84",
+    "zh:80657cf50e5eb0a2c84b4e56b23945cf63ea726241d1e262556f96d1a77300e9",
+    "zh:853a3ebf49e74b12187250b3a429390088363c8aa320684f22c56cc7a0e79630",
+    "zh:aae9c1c3f0b49f6be3b632fa0320e9213fb5dcc894e9368aff9f18e52a03ca36",
+    "zh:c26b7d9fb3817960a54491be99514143fd55a865435532d4f2da3c1a02290dcd",
+    "zh:de98a5fe0145347cb0756f45e6eb8fd5571c19345a38aa47ea7edf9a959549db",
+    "zh:e9a65c3a8b7954c73e1f3f147aebd48b25671f9a55f02fe0af11481ba03826f8",
+    "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
+    "zh:f27a59e8bc50bab3de3e001b1fe298c43dcc7ab5bdf49977ba9c6cbd5eebc472",
+    "zh:f7cb7cbc72cd0778bbe6d03572a073ca2603bcdc7b124af049aa7bc4bf66e2f5",
+  ]
+}

config

@@ -0,0 +1,15 @@
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = false
+	logallrefupdates = true
+[remote "origin"]
+	url = ssh://git@git.z-iq.de:222/braniz/tofu-base-ubuntu.git
+	fetch = +refs/heads/*:refs/remotes/origin/*
+[branch "master"]
+	remote = origin
+	merge = refs/heads/master
+	vscode-merge-base = origin/master
+[branch "main"]
+	remote = origin
+	merge = refs/heads/main

example_var_keys

@@ -0,0 +1,22 @@
+/*
+Variablen für Proxmox API Zugang und SSH-Schlüssel Anpssen und umbennen nach Bedarf
+var_keys.tf
+*/
+variable "pm_api_url" {
+  type        = string
+  description = "Die URL zur Proxmox API (z.B. https://192.168.xxx.xxx:8006/)"
+  default     = "https://192.168.xxx.xxx:8006/"
+}
+
+variable "pm_api_token" {
+  type        = string
+  description = "Der vollständige API Token (ID=Secret)"
+  sensitive   = true
+  default     = "tofu-user@pve!tofu-token=APITOKENVALUE_HERE"
+}
+
+variable "pm_ssh_public_key" {
+  type        = string
+  description = "Der öffentliche SSH-Schlüssel für den Benutzer in der VM"
+  default     = "SSH_PUBLIC_KEY_HERE" 
+}

main.tf

@@ -0,0 +1,89 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "bpg/proxmox"
+      version = ">= 0.60.0"
+    }
+  }
+}
+
+provider "proxmox" {
+  endpoint  = var.pm_api_url
+  api_token = var.pm_api_token
+  insecure  = var.pm_insecure
+
+  ssh {
+    agent       = false # Auf false, da wir den Pfad direkt angeben
+    username    = "root"
+    private_key = file("/home/braniz/.ssh/prox/id_ed25519")
+  }
+}
+
+resource "proxmox_virtual_environment_vm" "proxmox_vm" {
+  name            = var.pm_vm_name
+  description     = "Erstellt mit OpenTofu"
+  node_name       = var.pm_host
+  vm_id           = var.pm_vm_id
+  stop_on_destroy = true
+
+  agent {
+    enabled = true
+  }
+
+  cpu {
+    cores = 4
+    type  = "host" # 'host' sorgt für bessere Performance bei Ceph/KVM
+  }
+
+  memory {
+    dedicated = 8192
+  }
+
+  # Erste Festplatte (OS) - Ceph RBD
+  disk {
+    datastore_id = "ceph-pool"
+    file_id      = var.pm_cloud_image
+    interface    = "scsi0"
+    size         = 20
+    discard      = "on" # Wichtig für Ceph, um Platz freizugeben (TRIM)
+  }
+
+  # Zweite Festplatte (Daten)
+  disk {
+    datastore_id = "ceph-pool"
+    interface    = "scsi1"
+    size         = 20
+    discard      = "on"
+  }
+
+  network_device {
+    bridge = "vmbr0"
+  }
+
+  initialization {
+    datastore_id = "ceph-pool" # Konsistent zum Disk-Storage
+
+    user_account {
+      username = "braniz"
+      # Hier deinen vollständigen Key einfügen:
+      keys     = [var.pm_ssh_public_key]
+    }
+
+    ip_config {
+      ipv4 {
+        address = "dhcp"
+      }
+    }
+  }
+}
+
+/*
+output "vm_ip" {
+  description = "Die IP der VM"
+  # Wir nehmen das erste Element, das NICHT 127.0.0.1 ist
+  value = try(
+    [for ip in flatten(proxmox_virtual_environment_vm.proxmox_vm.ipv4_addresses) : ip if ip != "127.0.0.1"][0],
+    "Wartet auf DHCP/Agent..."
+  )
+}
+*/

main.tf_org

@@ -0,0 +1,77 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "bpg/proxmox"
+      version = ">= 0.60.0" # Empfohlene Version für OpenTofu
+    }
+  }
+}
+
+provider "proxmox" {
+  endpoint = var.pm_api_url
+  api_token = var.pm_api_token
+  insecure = var.pm_insecure
+
+# SSH-Konfiguration hinzufügen
+  ssh {
+    agent    = true      # Nutzt deinen lokalen ssh-agent
+    username = "root"    # Oder ein anderer User mit Root-Rechten auf dem PVE-Host
+    # Alternativ, falls kein Agent genutzt wird:
+    private_key = file("/home/braniz/.ssh/id_ed25519")
+  }
+}
+
+resource "proxmox_virtual_environment_vm" "proxmox_vm" {
+  name        = var.pm_vm_name
+  description = "Erstellt mit OpenTofu"
+  node_name   = var.pm_host
+  vm_id       = var.pm_vm_id
+
+  # Erzwingt das Stoppen der VM vor dem Löschen (verhindert hängende Locks)
+  stop_on_destroy = true
+
+  cpu {
+    cores = 4
+  }
+
+  memory {
+    dedicated = 8192
+  }
+
+  # Erste Festplatte (20 GB)
+  disk {
+    datastore_id = "ceph-pool"
+    file_id = var.pm_cloud_image
+    size         = 20
+    interface    = "scsi0"
+    file_format  = "raw"
+  }
+
+  # Zweite Festplatte (20 GB)
+  disk {
+    datastore_id = "ceph-pool"
+    size         = 20
+    interface    = "scsi1"
+    file_format  = "raw"
+  }
+
+  initialization {
+    datastore_id = "ceph-pool"
+    user_account {
+      username = "braniz"
+      keys = ["ssh-ed25519 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBh9BFdBV7WrrlOLmNZEe8dXJEOVK2Vc3c/0jLiD27ZD root@iqprox01"]
+    }
+
+    
+    # Aktiviert DHCP über Cloud-Init
+    ip_config {
+      ipv4 {
+        address = "dhcp"
+      }
+    }
+  }
+
+  network_device {
+    bridge = "vmbr0"
+  }
+}

variables.tf

@@ -0,0 +1,37 @@
+/*
+Die Variablen mit sensiblen Daten wurden in die Datei var_keys.tf ausgelagert und sind in der .gitignore eingetragen:
+variable "pm_api_url"
+variable "pm_api_token"
+variable "pm_ssh_public_key"
+*/
+
+variable "pm_insecure" {
+  type        = bool
+  description = "Setze auf false, wenn du ein echtes SSL-Zertifikat hast"
+  default     = true
+}
+
+variable "pm_host" {
+  type        = string
+  description = "Der Hostname oder die IP-Adresse deines Proxmox Servers"
+  default     = "iqprox01"
+  
+}
+
+variable "pm_vm_name" {
+  type        = string
+  description = "Der Name der zu erstellenden VM"
+  default     = "tofu-ubuntu2" 
+}
+
+variable "pm_vm_id" {
+  type        = number
+  description = "Die VM ID der zu erstellenden VM"
+  default     = "10002"
+}
+
+variable "pm_cloud_image" {
+  type        = string
+  description = "Der Name des Cloud-Init Images in Proxmox"
+  default     = "local:iso/noble-server-cloudimg-amd64.img" 
+}