feat: trying to automate creating lxc container

.forgejo/worfkows/lxc-creator.yml

@@ -0,0 +1,33 @@
+name: Lxc Creation
+
+on:
+  workflow_dispatch:
+
+jobs:
+  terraform:
+    runs-on: self-hosted
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.9.0"
+
+      - name: Terraform Init
+        run: terraform init
+        working-directory: ./terrafrom
+
+      - name: Terraform Plan
+        run: terraform plan
+        working-directory: ./terrafrom
+        env:
+          TF_VAR_pm_api_token_secret: ${{ secrets.PM_API_TOKEN_SECRET }}
+
+      - name: Terraform Apply
+        if: github.ref == 'refs/heads/main'
+        run: terraform apply -auto-approve
+        working-directory: ./terrafrom
+        env:
+          TF_VAR_pm_api_token_secret: ${{ secrets.PM_API_TOKEN_SECRET }}

terraform/main.tf

@@ -0,0 +1,116 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "bpg/proxmox"
+      version = "~> 0.66.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.6"
+    }
+  }
+}
+
+provider "proxmox" {
+  endpoint  = var.pm_api_url
+  api_token = "${var.pm_api_token_id}=${var.pm_api_token_secret}"
+  insecure  = var.pm_tls_insecure
+}
+
+resource "random_integer" "vm_id" {
+  min = 200
+  max = 9999
+}
+
+resource "random_password" "root_password" {
+  length           = 16
+  special          = true
+  override_special = "!#$%&*()-_=+[]?"
+}
+
+resource "random_password" "user_password" {
+  length           = 16
+  special          = true
+  override_special = "!#$%&*()-_=+[]?"
+}
+
+resource "proxmox_virtual_environment_container" "debian_container" {
+  node_name     = var.target_node
+  vm_id         = random_integer.vm_id.result
+  started       = true
+  unprivileged  = true
+  start_on_boot = true
+
+  description = <<-EOT
+    Managed by Terraform
+    Container ID: ${random_integer.vm_id.result}
+    Hostname    : lxc-${random_integer.vm_id.result}
+    Root user   : root
+    Root pass   : ${random_password.root_password.result}
+    User        : ${var.container_user}
+    User pass   : ${random_password.user_password.result}
+  EOT
+
+  initialization {
+    hostname = "lxc-${random_integer.vm_id.result}"
+
+    ip_config {
+      ipv4 {
+        address = "dhcp"
+      }
+    }
+
+    user_account {
+      password = random_password.root_password.result
+    }
+  }
+
+  cpu {
+    cores = var.container_cores
+  }
+
+  memory {
+    dedicated = var.container_memory
+  }
+
+  disk {
+    datastore_id = var.container_storage
+    size         = var.container_disk_size
+  }
+
+  network_interface {
+    name   = "eth0"
+    bridge = "vmbr0"
+  }
+
+  operating_system {
+    template_file_id = var.container_template
+    type             = "debian"
+  }
+
+  features {
+    nesting = true
+  }
+}
+
+output "container_id" {
+  description = "Proxmox container ID"
+  value       = random_integer.vm_id.result
+}
+
+output "container_name" {
+  description = "Container hostname"
+  value       = "lxc-${random_integer.vm_id.result}"
+}
+
+output "root_password" {
+  description = "Auto-generated root password"
+  value       = random_password.root_password.result
+  sensitive   = true
+}
+
+output "user_password" {
+  description = "Auto-generated user password"
+  value       = random_password.user_password.result
+  sensitive   = true
+}

terraform/run

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+terraform init
+export TF_VAR_pm_api_token_secret=""
+terraform plan
+terraform apply -auto-approve
+#terraform output root_password
+#terraform output user_password

terraform/terraform.tfvars

@@ -0,0 +1,17 @@
+pm_api_url          = "https://192.168.8.119:8006/api2/json"
+pm_api_token_id     = "root@pam!terraform"
+# The token secret will be read from environment variable TF_VAR_pm_api_token_secret
+pm_tls_insecure     = true  # Set to true to skip certificate validation for self-signed certificates
+
+# Container configuration
+target_node        = "pve"
+#container_hostname = "debian-lxc"
+container_template = "local:vztmpl/debian-13-standard_13.1-2_amd64.tar.zst"
+# Root password will be read from environment variable TF_VAR_container_root_password
+# User password will be read from environment variable TF_VAR_container_user_password
+
+# Resources
+container_cores     = 1
+container_memory    = 1028
+container_storage   = "local-lvm"
+container_disk_size = 8

terraform/variables.tf

@@ -0,0 +1,64 @@
+variable "pm_api_url" {
+  description = "Proxmox API URL"
+  type        = string
+  default     = "https://your-proxmox-ip:8006/api2/json"
+}
+
+variable "pm_api_token_id" {
+  description = "Proxmox API token ID"
+  type        = string
+  default     = "root@pam!your-token-name"
+}
+
+variable "pm_api_token_secret" {
+  description = "Proxmox API token secret"
+  type        = string
+}
+
+variable "pm_tls_insecure" {
+  description = "Disable TLS verification"
+  type        = bool
+  default     = true
+}
+
+variable "target_node" {
+  description = "Proxmox target node"
+  type        = string
+  default     = "your-node-name"
+}
+
+variable "container_template" {
+  description = "OS template for the container"
+  type        = string
+  default     = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
+}
+
+variable "container_user" {
+  description = "Username for the custom user"
+  type        = string
+  default     = "myuser"
+}
+
+variable "container_cores" {
+  description = "Number of CPU cores for the container"
+  type        = number
+  default     = 1
+}
+
+variable "container_memory" {
+  description = "Memory in MB for the container"
+  type        = number
+  default     = 512
+}
+
+variable "container_storage" {
+  description = "Storage name for the container"
+  type        = string
+  default     = "local-lvm"
+}
+
+variable "container_disk_size" {
+  description = "Disk size for the container in GB"
+  type        = number
+  default     = 8
+}