From 23d9cd8ee7e3698f0c0ec5bc129a288b96fcd300 Mon Sep 17 00:00:00 2001 From: mustard Date: Fri, 3 Oct 2025 23:26:26 +0200 Subject: [PATCH 1/4] chore: add .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..03bd412 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.env From e50e451b1b9a2783c68b5a0594471e1915130268 Mon Sep 17 00:00:00 2001 From: mustard Date: Fri, 3 Oct 2025 23:37:28 +0200 Subject: [PATCH 2/4] chore: add variables.tf to .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 03bd412..2775171 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ *.env +variables.tf From c49042f10871787014e169a9b48d1609b8883584 Mon Sep 17 00:00:00 2001 From: mustard Date: Fri, 3 Oct 2025 23:42:03 +0200 Subject: [PATCH 3/4] chore: create /srv dir --- provision.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/provision.yaml b/provision.yaml index 33b9d35..ded0f3d 100644 --- a/provision.yaml +++ b/provision.yaml @@ -57,4 +57,8 @@ state: started enabled: true - + - name: Add /srv dir + ansible.builtin.file: + path: /src + state: directory + mode: '0644' From 3da750878dbd36f8eb4d7d2829e1e7407e757dc4 Mon Sep 17 00:00:00 2001 From: mustard Date: Fri, 3 Oct 2025 23:43:00 +0200 Subject: [PATCH 4/4] feat: add opentofu config with API endpoint and token redacted --- main.tofu | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 main.tofu diff --git a/main.tofu b/main.tofu new file mode 100644 index 0000000..743c681 --- /dev/null +++ b/main.tofu @@ -0,0 +1,127 @@ +terraform { + required_providers { + proxmox = { + source = "bpg/proxmox" + version = "0.81.0" + } + } +} + +provider "proxmox" { + # Configuration options + endpoint = var.virtual_environment_endpoint + api_token = var.virtual_environment_token + ssh { + agent = false + username = "root" + private_key = file("~/.ssh/id_ed25519") + } +} + +resource "proxmox_virtual_environment_file" "cloud_config" { + content_type = "snippets" + datastore_id = "local" + node_name = "homelab-one" + + source_raw { + data = <<-EOF + #cloud-config + package_update: true + package_upgrade: true + package_reboot_if_required: true + packages: + - firewalld + - dnf-automatic + runcmd: + - sed -i 's/btrfs defaults/btrfs defaults,nodatacow/g' /etc/fstab + - chattr -R +C / + - systemctl enable firewalld + - reboot + allow_public_ssh_keys: true + disable_root: false + users: + - name: root + lock_passwd: false + hashed_passwd: $6$rounds=4096$pKmTfNGyUfTZamCD$IQV05ysDl2fRReYawsKq6CH/FKH.eOtERtjZ7AQ/XG0ivh/rstZidIqIRRXuTEgXOFNR1Mq8pMCcoFSmABqPd0 + ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIArO9Yty0QuX7jZhDeL6MrZwH+6dbbcidYWWo0qawivb user@homelab-mgmt + ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIArO9Yty0QuX7jZhDeL6MrZwH+6dbbcidYWWo0qawivb user@homelab-mgmt + EOF + file_name = "user-data-cloud-config.yaml" + } +} +resource "proxmox_virtual_environment_vm" "jellyfin" { + node_name = "homelab-one" + name = "jellyfin" + acpi = true + bios = "ovmf" + boot_order = ["scsi0"] + machine = "q35" + stop_on_destroy = true + scsi_hardware = "virtio-scsi-single" + + operating_system { + type = "l26" + } + + agent { + enabled = true + trim = true + } + + efi_disk { + datastore_id = "spinny-zfs" + file_format = "raw" + type = "4m" + } + + serial_device {} + + vga { + type = "virtio" + } + + tpm_state { + datastore_id = "spinny-zfs" + version = "v2.0" + } + + cpu { + cores = 4 + sockets = 1 + type = "host" + } + + memory { + dedicated = 4096 + floating = 2048 + } + + initialization { + datastore_id = "spinny-zfs" + user_data_file_id = proxmox_virtual_environment_file.cloud_config.id + } + + # boot disk + disk { + cache = "none" + datastore_id = "spinny-zfs" + discard = "on" + file_id = "local:iso/Fedora-Cloud-Base-UEFI-UKI-42-1.1.x86_64.img" + interface = "scsi0" + iothread = true + replicate = false + size = 32 + } + + network_device { + bridge = "vmbr2" + vlan_id = 100 + enabled = true + firewall = true + mac_address = "BC:24:11:21:6F:61" + } +} + +