diff --git a/main.tf b/main.tf index 7550830..b5d3378 100644 --- a/main.tf +++ b/main.tf @@ -1,20 +1,20 @@ provider "proxmox" { - pm_api_url = "https://10.42.42.42:8006/api2/json" - pm_user = data.vault_generic_secret.proxmox_auth.data["user"] - pm_password = data.vault_generic_secret.proxmox_auth.data["pass"] + pm_api_url = "https://10.42.42.42:8006/api2/json" + pm_user = data.vault_generic_secret.proxmox_auth.data["user"] + pm_password = data.vault_generic_secret.proxmox_auth.data["pass"] pm_tls_insecure = true } # For full info see: https://blog.xirion.net/posts/nixos-proxmox-lxc/ resource "proxmox_lxc" "nixos-template" { - target_node = "nuc" - description = "NixOS LXC Template" - hostname = "nixos-template" - ostemplate = "local:vztmpl/nixos-unstable-default_156198829_amd64.tar.xz" - ostype = "unmanaged" + target_node = "nuc" + description = "NixOS LXC Template" + hostname = "nixos-template" + ostemplate = "local:vztmpl/nixos-unstable-default_156198829_amd64.tar.xz" + ostype = "unmanaged" unprivileged = true - vmid = "101" - template = true + vmid = "101" + template = true memory = 1024 @@ -24,109 +24,132 @@ resource "proxmox_lxc" "nixos-template" { rootfs { storage = "local-zfs" - size = "8G" + size = "8G" } network { - name = "eth0" + name = "eth0" bridge = "vmbr0" - ip = "dhcp" + ip = "dhcp" hwaddr = "22:D7:C1:FF:9D:5F" } } resource "proxmox_lxc" "vault" { - target_node = "nuc" - description = "Vault Secrets Management" - hostname = "vault" + target_node = "nuc" + description = "Vault Secrets Management" + hostname = "vault" unprivileged = false # needed for mlock - vmid = "102" - clone = "101" + vmid = "102" + clone = "101" memory = 1024 rootfs { storage = "local-zfs" - size = "8G" + size = "8G" } network { - name = "eth0" + name = "eth0" bridge = "vmbr0" - ip = "dhcp" + ip = "dhcp" hwaddr = "16:2B:87:55:0C:0C" } } resource "proxmox_lxc" "mosquitto" { - target_node = "nuc" - description = "mosquitto mqtt broker" - hostname = "mosquitto" - vmid = 104 - clone = 101 + target_node = "nuc" + description = "mosquitto mqtt broker" + hostname = "mosquitto" + vmid = 104 + clone = 101 unprivileged = true memory = 1024 rootfs { storage = "local-zfs" - size = "8G" + size = "8G" } network { - name = "eth0" + name = "eth0" bridge = "vmbr0" - ip = "dhcp" + ip = "dhcp" hwaddr = "C6:F9:8B:3D:9E:37" } } resource "proxmox_lxc" "nginx" { - target_node = "nuc" - description = "nginx reverse proxy" - hostname = "nginx" - vmid = 106 - clone = 101 + target_node = "nuc" + description = "nginx reverse proxy" + hostname = "nginx" + vmid = 106 + clone = 101 unprivileged = true memory = 512 rootfs { storage = "local-zfs" - size = "8G" + size = "8G" } network { - name = "eth0" + name = "eth0" bridge = "vmbr0" - ip = "dhcp" + ip = "dhcp" hwaddr = "6A:C2:89:85:CF:A6" } } resource "proxmox_vm_qemu" "k3s-node1" { - name = "k3s-node1" + name = "k3s-node1" target_node = "nuc" - vmid = 103 - clone = "bastion" - tablet = false + vmid = 103 + clone = "bastion" + tablet = false memory = 8192 - cores = 4 + cores = 4 agent = 1 - boot = "order=scsi0;ide2;net0" + boot = "order=scsi0;ide2;net0" network { - model = "virtio" + model = "virtio" macaddr = "2E:F8:55:23:D9:9B" - bridge = "vmbr0" + bridge = "vmbr0" } disk { - type = "scsi" + type = "scsi" storage = "local-zfs" - size = "64G" - ssd = 1 + size = "64G" + ssd = 1 + } +} + +resource "proxmox_lxc" "consul" { + target_node = "nuc" + description = "consul service mesh" + hostname = "consul" + vmid = 107 + clone = 101 + unprivileged = true + + memory = 512 + + rootfs { + storage = "local-zfs" + size = "8G" + } + + network { + name = "eth0" + bridge = "vmbr0" + ip = "dhcp" + hwaddr = "D6:DE:07:41:73:81" } }