Merge pull request #9 from efigueroa/claude/karakeep-ollama-configs-011CUqEzDETA2BqAzYUcXtjt

Claude/karakeep ollama configs 011 c uq ez deta2 bq az y uc xtjt

terraform/proxmox-examples/docker-host/README.md

@@ -203,9 +203,58 @@ nano terraform.tfvars
 
 **Required changes:**
 - `pm_api_token_secret` - Your Proxmox API secret
+- `pm_ssh_username` - SSH username for Proxmox host (usually "root")
 - `vm_ssh_keys` - Your SSH public key
 - `vm_password` - Set a secure password
 
+**Important:** Before running terraform, ensure you have SSH access:
+
+**Option A - Root SSH (if enabled):**
+```bash
+# Set in terraform.tfvars
+pm_ssh_username = "root"
+
+# Set up key-based auth
+ssh-copy-id root@proxmox.local
+
+# Start ssh-agent and add your key
+eval "$(ssh-agent -s)"
+ssh-add ~/.ssh/id_rsa  # or id_ed25519, etc.
+
+# Verify
+ssh root@proxmox.local "echo 'SSH works!'"
+```
+
+**Option B - Non-root user with sudo (recommended for security):**
+```bash
+# Set in terraform.tfvars
+pm_ssh_username = "eduardo"  # Your username
+
+# Set up key-based auth for your user
+ssh-copy-id eduardo@proxmox.local
+
+# On Proxmox host, ensure your user can write to snippets directory
+ssh eduardo@proxmox.local
+sudo usermod -aG www-data eduardo  # Add to www-data group
+sudo chmod g+w /var/lib/vz/snippets
+sudo chown root:www-data /var/lib/vz/snippets
+
+# OR set up passwordless sudo for snippet uploads (more secure)
+sudo visudo -f /etc/sudoers.d/terraform-snippets
+# Add this line (replace 'eduardo' with your username):
+# eduardo ALL=(ALL) NOPASSWD: /usr/bin/tee /var/lib/vz/snippets/*
+
+# Exit Proxmox and test locally
+exit
+
+# Start ssh-agent and add your key
+eval "$(ssh-agent -s)"
+ssh-add ~/.ssh/id_rsa  # or id_ed25519, etc.
+
+# Verify SSH and write access
+ssh eduardo@proxmox.local "ls -la /var/lib/vz/snippets"
+```
+
 **Optional changes:**
 - `vm_name` - Change VM name
 - `vm_cores` / `vm_memory` - Adjust resources
@@ -513,27 +562,78 @@ pvesm add dir local-snippets --path /var/lib/vz/snippets --content snippets
 
 ### SSH Authentication Failed
 
-Error: `failed to open SSH client: unable to authenticate`
+Error: `failed to open SSH client: unable to authenticate user "" over SSH`
 
-**Cause:** The Proxmox provider needs SSH access to upload cloud-init files
+**Cause:** The Proxmox provider needs SSH access to upload cloud-init files. This error occurs when:
+1. SSH username is not set
+2. SSH key is not in ssh-agent
+3. SSH key is not authorized on Proxmox host
 
-**Solution 1 - Add SSH key to Proxmox (Recommended):**
+**Solution - Complete SSH Setup:**
+
+**For root user:**
 ```bash
-# On your workstation, generate SSH key if you don't have one
+# 1. Generate SSH key if you don't have one
 ssh-keygen -t ed25519 -C "terraform@homelab"
 
-# Copy to Proxmox host
-ssh-copy-id root@proxmox.local
+# 2. Copy to Proxmox host
+ssh-copy-id root@10.0.0.169
 
-# Add key to ssh-agent
+# 3. Start ssh-agent (REQUIRED!)
 eval "$(ssh-agent -s)"
+
+# 4. Add your key to ssh-agent (REQUIRED!)
 ssh-add ~/.ssh/id_ed25519
 
-# Verify
-ssh-add -L
-ssh root@proxmox.local "echo 'SSH works!'"
+# 5. Test SSH connection
+ssh root@10.0.0.169 "echo 'SSH works!'"
+
+# 6. Set in terraform.tfvars
+pm_ssh_username = "root"
+
+# 7. Run terraform
+./scripts/tf apply
 ```
 
+**For non-root user (if root SSH is disabled):**
+```bash
+# 1. Generate SSH key if you don't have one
+ssh-keygen -t ed25519 -C "terraform@homelab"
+
+# 2. Copy to Proxmox host (use your username)
+ssh-copy-id eduardo@10.0.0.169
+
+# 3. Configure write permissions on Proxmox
+ssh eduardo@10.0.0.169
+sudo usermod -aG www-data eduardo
+sudo chmod g+w /var/lib/vz/snippets
+sudo chown root:www-data /var/lib/vz/snippets
+exit
+
+# 4. Start ssh-agent (REQUIRED!)
+eval "$(ssh-agent -s)"
+
+# 5. Add your key to ssh-agent (REQUIRED!)
+ssh-add ~/.ssh/id_ed25519
+
+# 6. Test SSH and permissions
+ssh eduardo@10.0.0.169 "touch /var/lib/vz/snippets/test.txt && rm /var/lib/vz/snippets/test.txt"
+
+# 7. Set in terraform.tfvars
+pm_ssh_username = "eduardo"  # Your username
+
+# 8. Run terraform
+./scripts/tf apply
+```
+
+**Common Issues:**
+
+- **ssh-agent not running:** Run `eval "$(ssh-agent -s)"` in your current terminal
+- **Key not added:** Run `ssh-add ~/.ssh/id_ed25519` (or id_rsa)
+- **Wrong username:** Check `pm_ssh_username` in terraform.tfvars matches your Proxmox SSH user
+- **Key not authorized:** Run `ssh-copy-id` again to ensure key is in ~/.ssh/authorized_keys on Proxmox
+- **Permission denied writing snippets (non-root user):** Ensure your user has write access to `/var/lib/vz/snippets` (see non-root setup steps above)
+
 **Solution 2 - Use API token only (workaround):**
 
 If SSH is problematic, you can create the cloud-init snippet manually:

terraform/proxmox-examples/docker-host/main.tf

@@ -19,6 +19,7 @@ provider "proxmox" {
 
   ssh {
     agent    = true
+    username = var.pm_ssh_username
   }
 }
 

terraform/proxmox-examples/docker-host/terraform.tfvars.example

@@ -4,6 +4,11 @@ pm_api_token_id     = "root@pam!terraform"
 pm_api_token_secret = "your-secret-here"
 pm_tls_insecure     = true
 
+# SSH username for Proxmox host (for uploading cloud-init snippets)
+# If root SSH is disabled, use your personal user (must have sudo access)
+# Example: pm_ssh_username = "eduardo"
+pm_ssh_username = "root"
+
 # Proxmox Configuration
 proxmox_node = "pve"
 template_vm_id = 9000

terraform/proxmox-examples/docker-host/variables.tf

@@ -22,6 +22,12 @@ variable "pm_tls_insecure" {
   default     = true
 }
 
+variable "pm_ssh_username" {
+  description = "SSH username for Proxmox host (used for uploading cloud-init files). Use your personal user if root SSH is disabled."
+  type        = string
+  default     = "root"
+}
+
 variable "proxmox_node" {
   description = "Proxmox node name"
   type        = string