diff --git a/.forgejo/worfkows/lxc-creator.yml b/.forgejo/worfkows/lxc-creator.yml new file mode 100644 index 0000000..399b8ee --- /dev/null +++ b/.forgejo/worfkows/lxc-creator.yml @@ -0,0 +1,33 @@ +name: Lxc Creation + +on: + workflow_dispatch: + +jobs: + terraform: + runs-on: self-hosted + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: "1.9.0" + + - name: Terraform Init + run: terraform init + working-directory: ./terrafrom + + - name: Terraform Plan + run: terraform plan + working-directory: ./terrafrom + env: + TF_VAR_pm_api_token_secret: ${{ secrets.PM_API_TOKEN_SECRET }} + + - name: Terraform Apply + if: github.ref == 'refs/heads/main' + run: terraform apply -auto-approve + working-directory: ./terrafrom + env: + TF_VAR_pm_api_token_secret: ${{ secrets.PM_API_TOKEN_SECRET }} diff --git a/terraform/main.tf b/terraform/main.tf new file mode 100644 index 0000000..b3edcad --- /dev/null +++ b/terraform/main.tf @@ -0,0 +1,116 @@ +terraform { + required_providers { + proxmox = { + source = "bpg/proxmox" + version = "~> 0.66.0" + } + random = { + source = "hashicorp/random" + version = "~> 3.6" + } + } +} + +provider "proxmox" { + endpoint = var.pm_api_url + api_token = "${var.pm_api_token_id}=${var.pm_api_token_secret}" + insecure = var.pm_tls_insecure +} + +resource "random_integer" "vm_id" { + min = 200 + max = 9999 +} + +resource "random_password" "root_password" { + length = 16 + special = true + override_special = "!#$%&*()-_=+[]?" +} + +resource "random_password" "user_password" { + length = 16 + special = true + override_special = "!#$%&*()-_=+[]?" +} + +resource "proxmox_virtual_environment_container" "debian_container" { + node_name = var.target_node + vm_id = random_integer.vm_id.result + started = true + unprivileged = true + start_on_boot = true + + description = <<-EOT + Managed by Terraform + Container ID: ${random_integer.vm_id.result} + Hostname : lxc-${random_integer.vm_id.result} + Root user : root + Root pass : ${random_password.root_password.result} + User : ${var.container_user} + User pass : ${random_password.user_password.result} + EOT + + initialization { + hostname = "lxc-${random_integer.vm_id.result}" + + ip_config { + ipv4 { + address = "dhcp" + } + } + + user_account { + password = random_password.root_password.result + } + } + + cpu { + cores = var.container_cores + } + + memory { + dedicated = var.container_memory + } + + disk { + datastore_id = var.container_storage + size = var.container_disk_size + } + + network_interface { + name = "eth0" + bridge = "vmbr0" + } + + operating_system { + template_file_id = var.container_template + type = "debian" + } + + features { + nesting = true + } +} + +output "container_id" { + description = "Proxmox container ID" + value = random_integer.vm_id.result +} + +output "container_name" { + description = "Container hostname" + value = "lxc-${random_integer.vm_id.result}" +} + +output "root_password" { + description = "Auto-generated root password" + value = random_password.root_password.result + sensitive = true +} + +output "user_password" { + description = "Auto-generated user password" + value = random_password.user_password.result + sensitive = true +} diff --git a/terraform/run b/terraform/run new file mode 100644 index 0000000..538db3c --- /dev/null +++ b/terraform/run @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +terraform init +export TF_VAR_pm_api_token_secret="" +terraform plan +terraform apply -auto-approve +#terraform output root_password +#terraform output user_password diff --git a/terraform/terraform.tfvars b/terraform/terraform.tfvars new file mode 100644 index 0000000..b534978 --- /dev/null +++ b/terraform/terraform.tfvars @@ -0,0 +1,17 @@ +pm_api_url = "https://192.168.8.119:8006/api2/json" +pm_api_token_id = "root@pam!terraform" +# The token secret will be read from environment variable TF_VAR_pm_api_token_secret +pm_tls_insecure = true # Set to true to skip certificate validation for self-signed certificates + +# Container configuration +target_node = "pve" +#container_hostname = "debian-lxc" +container_template = "local:vztmpl/debian-13-standard_13.1-2_amd64.tar.zst" +# Root password will be read from environment variable TF_VAR_container_root_password +# User password will be read from environment variable TF_VAR_container_user_password + +# Resources +container_cores = 1 +container_memory = 1028 +container_storage = "local-lvm" +container_disk_size = 8 diff --git a/terraform/variables.tf b/terraform/variables.tf new file mode 100644 index 0000000..0e52caa --- /dev/null +++ b/terraform/variables.tf @@ -0,0 +1,64 @@ +variable "pm_api_url" { + description = "Proxmox API URL" + type = string + default = "https://your-proxmox-ip:8006/api2/json" +} + +variable "pm_api_token_id" { + description = "Proxmox API token ID" + type = string + default = "root@pam!your-token-name" +} + +variable "pm_api_token_secret" { + description = "Proxmox API token secret" + type = string +} + +variable "pm_tls_insecure" { + description = "Disable TLS verification" + type = bool + default = true +} + +variable "target_node" { + description = "Proxmox target node" + type = string + default = "your-node-name" +} + +variable "container_template" { + description = "OS template for the container" + type = string + default = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" +} + +variable "container_user" { + description = "Username for the custom user" + type = string + default = "myuser" +} + +variable "container_cores" { + description = "Number of CPU cores for the container" + type = number + default = 1 +} + +variable "container_memory" { + description = "Memory in MB for the container" + type = number + default = 512 +} + +variable "container_storage" { + description = "Storage name for the container" + type = string + default = "local-lvm" +} + +variable "container_disk_size" { + description = "Disk size for the container in GB" + type = number + default = 8 +}