eddie/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
homelab/terraform/proxmox-examples/docker-host/terraform.tfvars.example
Claude 9109712b59
feat: Add SOPS state management and fix Terraform deployment issues 
SOPS State Management:
- Implemented Git + SOPS + age encryption for Terraform state files
- Added .gitignore files to prevent committing unencrypted secrets
- Created .sops.yaml.example template for age encryption configuration
- Created helper scripts for automated encryption/decryption workflow:
  - scripts/tf: Wrapper script with auto-encrypt/decrypt
  - scripts/tf-encrypt: Manual encryption of state files
  - scripts/tf-decrypt: Manual decryption of state files
- Added comprehensive STATE_MANAGEMENT.md documentation covering:
  - Installation of age and SOPS
  - Initial setup and key generation
  - Daily workflow examples
  - Security best practices
  - Troubleshooting common issues
  - Multi-user key management
  - Backup strategies

Terraform Deployment Fixes:
- Added snippets_storage variable for cloud-init snippet storage
- Fixed datastore error: "local" does not support snippets
- Updated README with solutions for datastore and SSH issues
- Added troubleshooting for:
  - Enabling snippets on existing storage (pvesm set)
  - Creating dedicated directory storage for snippets
  - SSH authentication setup with ssh-agent
  - Manual cloud-init snippet creation workaround

Files modified:
- terraform/proxmox-examples/docker-host/main.tf
- terraform/proxmox-examples/docker-host/variables.tf
- terraform/proxmox-examples/docker-host/terraform.tfvars.example
- terraform/proxmox-examples/docker-host/README.md

Files added:
- .gitignore (root level)
- terraform/proxmox-examples/docker-host/.gitignore
- terraform/proxmox-examples/docker-host/.sops.yaml.example
- terraform/proxmox-examples/docker-host/STATE_MANAGEMENT.md
- terraform/proxmox-examples/docker-host/scripts/tf
- terraform/proxmox-examples/docker-host/scripts/tf-encrypt
- terraform/proxmox-examples/docker-host/scripts/tf-decrypt
2025-11-11 05:55:07 +00:00

71 lines
2 KiB
Text
Raw Blame History

# Proxmox Connection
pm_api_url = "https://proxmox.local:8006"
pm_api_token_id = "root@pam!terraform"
pm_api_token_secret = "your-secret-here"
pm_tls_insecure = true
# Proxmox Configuration
proxmox_node = "pve"
template_vm_id = 9000
storage = "local-lvm"
# Storage for cloud-init snippets (must support 'snippets' content type)
# Common options: "local" (directory storage), or create a directory storage
# See README.md for setup instructions if you get datastore errors
snippets_storage = "local"
network_bridge = "vmbr0"
# VM Configuration
vm_name = "docker-host"
vm_cores = 4
vm_memory = 8192
disk_size = "50"
# Network Configuration
vm_ip_address = "dhcp" # Or "192.168.1.100" for static
vm_ip_netmask = 24
vm_gateway = "192.168.1.1"
# User Configuration
vm_username = "ubuntu"
vm_password = "changeme_please_set_secure_password"
vm_ssh_keys = [
"ssh-rsa AAAAB3NzaC1yc2E... your-key-here"
]
# Optional
vm_timezone = "America/Los_Angeles"
clone_homelab_repo = true
github_username = "efigueroa"
# Operating System
# Options: "ubuntu", "almalinux", "debian"
vm_os_type = "almalinux"
# GPU Passthrough (NVIDIA GTX 1070)
# Enable GPU passthrough for services like Jellyfin, Ollama, Immich
# Requires: AMD IOMMU enabled in Proxmox host GRUB
# Set to true to enable GPU passthrough
enable_gpu_passthrough = false
# GPU PCI ID - Find with: lspci | grep -i nvidia
# Example: 0000:01:00 (use .0 for GPU, .1 for audio)
gpu_pci_id = "0000:01:00"
# Media Directory Mounts via NFS
# Mount media directories from Proxmox host to VM
# Requires NFS server configured on Proxmox host
mount_media_directories = true
# Proxmox host IP for NFS mounts (not the API URL)
# This is the IP address the VM will use to connect to NFS
proxmox_host_ip = "192.168.1.1"
# Source path on Proxmox host for media directories
# Subdirectories: audiobooks, books, comics, complete, downloads,
# homemovies, incomplete, movies, music, photos, tv
media_source_path = "/data/media"
# Mount path in VM (where media directories will be accessible)
media_mount_path = "/media"
Reference in a new issue View git blame Copy permalink