infrastructure/terraform/main.tf

provider "proxmox" {
  pm_api_url      = "https://10.42.42.42:8006/api2/json"
  pm_user         = data.vault_generic_secret.proxmox_auth.data["user"]
  pm_password     = data.vault_generic_secret.proxmox_auth.data["pass"]
  pm_tls_insecure = true
}

# For full info see: https://blog.xirion.net/posts/nixos-proxmox-lxc/
resource "proxmox_lxc" "nixos-template" {
  target_node  = "nuc"
  description  = "NixOS LXC Template"
  hostname     = "nixos-template"
  ostemplate   = "local:vztmpl/nixos-unstable-default_156198829_amd64.tar.xz"
  ostype       = "unmanaged"
  unprivileged = true
  vmid         = 101
  template     = true

  memory = 1024

  features {
    nesting = true
  }

  rootfs {
    storage = "local-zfs"
    size    = "8G"
  }

  network {
    name   = "eth0"
    bridge = "vmbr0"
    ip     = "dhcp"
    hwaddr = "22:D7:C1:FF:9D:5F"
  }
}

resource "proxmox_lxc" "vault" {
  target_node  = "nuc"
  description  = "Vault Secrets Management"
  hostname     = "vault"
  unprivileged = false # needed for mlock
  vmid = 102
  clone = "101"
  memory = 1024

  rootfs {
    storage = "local-zfs"
    size    = "8G"
  }

  network {
    name   = "eth0"
    bridge = "vmbr0"
    ip     = "dhcp"
    hwaddr = "16:2B:87:55:0C:0C"
  }
}

resource "proxmox_lxc" "mosquitto" {
  target_node  = "nuc"
  description  = "mosquitto mqtt broker"
  hostname     = "mosquitto"
  vmid         = 104
  clone        = 101
  unprivileged = true

  memory = 1024

  rootfs {
    storage = "local-zfs"
    size    = "8G"
  }

  network {
    name   = "eth0"
    bridge = "vmbr0"
    ip     = "dhcp"
    hwaddr = "C6:F9:8B:3D:9E:37"
  }
}

resource "proxmox_lxc" "nginx" {
  target_node  = "nuc"
  description  = "nginx reverse proxy"
  hostname     = "nginx"
  vmid         = 106
  clone        = 101
  unprivileged = true

  memory = 512

  rootfs {
    storage = "local-zfs"
    size    = "8G"
  }

  network {
    name   = "eth0"
    bridge = "vmbr0"
    ip     = "dhcp"
    hwaddr = "6A:C2:89:85:CF:A6"
  }
}

resource "proxmox_vm_qemu" "k3s-node1" {
  name        = "k3s-node1"
  target_node = "nuc"
  vmid        = 103
  clone       = "bastion"
  tablet      = false

  memory = 8192
  cores  = 4

  agent = 1
  boot  = "order=scsi0;ide2;net0"

  network {
    model   = "virtio"
    macaddr = "2E:F8:55:23:D9:9B"
    bridge  = "vmbr0"
  }

  disk {
    type    = "scsi"
    storage = "local-zfs"
    size    = "64G"
    ssd     = 1
  }
}

resource "proxmox_lxc" "consul" {
  target_node  = "nuc"
  description  = "consul service mesh"
  hostname     = "consul"
  vmid         = 107
  clone        = 101
  unprivileged = true

  memory = 512

  rootfs {
    storage = "local-zfs"
    size    = "8G"
  }

  network {
    name   = "eth0"
    bridge = "vmbr0"
    ip     = "dhcp"
    hwaddr = "D6:DE:07:41:73:81"
  }
}
Initial commit 2021-10-17 11:11:52 +02:00			`provider "proxmox" {`
add consul node 2021-11-03 22:47:44 +01:00			`pm_api_url = "https://10.42.42.42:8006/api2/json"`
			`pm_user = data.vault_generic_secret.proxmox_auth.data["user"]`
			`pm_password = data.vault_generic_secret.proxmox_auth.data["pass"]`
added: NixOS Template LXC 2021-10-17 12:04:23 +02:00			`pm_tls_insecure = true`
Initial commit 2021-10-17 11:11:52 +02:00			`}`
added: NixOS Template LXC 2021-10-17 12:04:23 +02:00
			`# For full info see: https://blog.xirion.net/posts/nixos-proxmox-lxc/`
			`resource "proxmox_lxc" "nixos-template" {`
add consul node 2021-11-03 22:47:44 +01:00			`target_node = "nuc"`
			`description = "NixOS LXC Template"`
			`hostname = "nixos-template"`
			`ostemplate = "local:vztmpl/nixos-unstable-default_156198829_amd64.tar.xz"`
			`ostype = "unmanaged"`
added: NixOS Template LXC 2021-10-17 12:04:23 +02:00			`unprivileged = true`
terraform: updates 2021-11-21 14:05:15 +01:00			`vmid = 101`
add consul node 2021-11-03 22:47:44 +01:00			`template = true`
deploy vault node 2021-10-17 15:14:29 +02:00
			`memory = 1024`
added: NixOS Template LXC 2021-10-17 12:04:23 +02:00
			`features {`
			`nesting = true`
			`}`

			`rootfs {`
			`storage = "local-zfs"`
add consul node 2021-11-03 22:47:44 +01:00			`size = "8G"`
added: NixOS Template LXC 2021-10-17 12:04:23 +02:00			`}`

			`network {`
add consul node 2021-11-03 22:47:44 +01:00			`name = "eth0"`
added: NixOS Template LXC 2021-10-17 12:04:23 +02:00			`bridge = "vmbr0"`
add consul node 2021-11-03 22:47:44 +01:00			`ip = "dhcp"`
deploy vault node 2021-10-17 15:14:29 +02:00			`hwaddr = "22:D7:C1:FF:9D:5F"`
added: NixOS Template LXC 2021-10-17 12:04:23 +02:00			`}`
			`}`

deploy vault node 2021-10-17 15:14:29 +02:00			`resource "proxmox_lxc" "vault" {`
add consul node 2021-11-03 22:47:44 +01:00			`target_node = "nuc"`
			`description = "Vault Secrets Management"`
			`hostname = "vault"`
configure vault provider 2021-10-17 16:36:51 +02:00			`unprivileged = false # needed for mlock`
terraform: updates 2021-11-21 14:05:15 +01:00			`vmid = 102`
			`clone = "101"`
deploy vault node 2021-10-17 15:14:29 +02:00			`memory = 1024`
more ram for k3s 2021-10-17 23:38:49 +02:00
deploy vault node 2021-10-17 15:14:29 +02:00			`rootfs {`
			`storage = "local-zfs"`
add consul node 2021-11-03 22:47:44 +01:00			`size = "8G"`
deploy vault node 2021-10-17 15:14:29 +02:00			`}`

			`network {`
add consul node 2021-11-03 22:47:44 +01:00			`name = "eth0"`
deploy vault node 2021-10-17 15:14:29 +02:00			`bridge = "vmbr0"`
add consul node 2021-11-03 22:47:44 +01:00			`ip = "dhcp"`
deploy vault node 2021-10-17 15:14:29 +02:00			`hwaddr = "16:2B:87:55:0C:0C"`
			`}`
			`}`
deployed k3s-node1 2021-10-17 21:02:10 +02:00
deploy mosquitto 2021-10-18 18:53:54 +02:00			`resource "proxmox_lxc" "mosquitto" {`
add consul node 2021-11-03 22:47:44 +01:00			`target_node = "nuc"`
			`description = "mosquitto mqtt broker"`
			`hostname = "mosquitto"`
			`vmid = 104`
			`clone = 101`
updated proxmox-terraform to 2.9.0 2021-10-23 12:54:20 +02:00			`unprivileged = true`
deploy mosquitto 2021-10-18 18:53:54 +02:00
			`memory = 1024`

			`rootfs {`
			`storage = "local-zfs"`
add consul node 2021-11-03 22:47:44 +01:00			`size = "8G"`
deploy mosquitto 2021-10-18 18:53:54 +02:00			`}`

			`network {`
add consul node 2021-11-03 22:47:44 +01:00			`name = "eth0"`
deploy mosquitto 2021-10-18 18:53:54 +02:00			`bridge = "vmbr0"`
add consul node 2021-11-03 22:47:44 +01:00			`ip = "dhcp"`
deploy mosquitto 2021-10-18 18:53:54 +02:00			`hwaddr = "C6:F9:8B:3D:9E:37"`
			`}`
			`}`

nginx: deploy 2021-10-19 02:02:56 +02:00			`resource "proxmox_lxc" "nginx" {`
add consul node 2021-11-03 22:47:44 +01:00			`target_node = "nuc"`
			`description = "nginx reverse proxy"`
			`hostname = "nginx"`
			`vmid = 106`
			`clone = 101`
updated proxmox-terraform to 2.9.0 2021-10-23 12:54:20 +02:00			`unprivileged = true`
nginx: deploy 2021-10-19 02:02:56 +02:00
			`memory = 512`

			`rootfs {`
			`storage = "local-zfs"`
add consul node 2021-11-03 22:47:44 +01:00			`size = "8G"`
nginx: deploy 2021-10-19 02:02:56 +02:00			`}`

			`network {`
add consul node 2021-11-03 22:47:44 +01:00			`name = "eth0"`
nginx: deploy 2021-10-19 02:02:56 +02:00			`bridge = "vmbr0"`
add consul node 2021-11-03 22:47:44 +01:00			`ip = "dhcp"`
nginx: deploy 2021-10-19 02:02:56 +02:00			`hwaddr = "6A:C2:89:85:CF:A6"`
			`}`
			`}`

deployed k3s-node1 2021-10-17 21:02:10 +02:00			`resource "proxmox_vm_qemu" "k3s-node1" {`
add consul node 2021-11-03 22:47:44 +01:00			`name = "k3s-node1"`
deployed k3s-node1 2021-10-17 21:02:10 +02:00			`target_node = "nuc"`
add consul node 2021-11-03 22:47:44 +01:00			`vmid = 103`
			`clone = "bastion"`
			`tablet = false`
deployed k3s-node1 2021-10-17 21:02:10 +02:00
more ram for k3s 2021-10-17 23:38:49 +02:00			`memory = 8192`
add consul node 2021-11-03 22:47:44 +01:00			`cores = 4`
deployed k3s-node1 2021-10-17 21:02:10 +02:00
			`agent = 1`
add consul node 2021-11-03 22:47:44 +01:00			`boot = "order=scsi0;ide2;net0"`
deployed k3s-node1 2021-10-17 21:02:10 +02:00
			`network {`
add consul node 2021-11-03 22:47:44 +01:00			`model = "virtio"`
deployed k3s-node1 2021-10-17 21:02:10 +02:00			`macaddr = "2E:F8:55:23:D9:9B"`
add consul node 2021-11-03 22:47:44 +01:00			`bridge = "vmbr0"`
deployed k3s-node1 2021-10-17 21:02:10 +02:00			`}`

			`disk {`
add consul node 2021-11-03 22:47:44 +01:00			`type = "scsi"`
			`storage = "local-zfs"`
			`size = "64G"`
			`ssd = 1`
			`}`
			`}`

			`resource "proxmox_lxc" "consul" {`
			`target_node = "nuc"`
			`description = "consul service mesh"`
			`hostname = "consul"`
			`vmid = 107`
			`clone = 101`
			`unprivileged = true`

			`memory = 512`

			`rootfs {`
deployed k3s-node1 2021-10-17 21:02:10 +02:00			`storage = "local-zfs"`
add consul node 2021-11-03 22:47:44 +01:00			`size = "8G"`
			`}`

			`network {`
			`name = "eth0"`
			`bridge = "vmbr0"`
			`ip = "dhcp"`
			`hwaddr = "D6:DE:07:41:73:81"`
deployed k3s-node1 2021-10-17 21:02:10 +02:00			`}`
			`}`