docs: README.md et CLAUDE.md

2026-04-30 10:15:18 +02:00 · 2026-04-30 10:15:18 +02:00 · 1bcd191e19
commit 1bcd191e19
parent f49559c19b
3 changed files with 169 additions and 122 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -0,0 +1,47 @@
 # CLAUDE.md
 ## Commandes Ansible
 Toujours `--ask-vault-pass`, jamais `--vault-password-file`.
 ```bash
 # Déployer tout
 ansible-playbook -i ansible/inventory/hosts.yml ansible/site.yml --ask-vault-pass
 # Un seul playbook
 ansible-playbook -i ansible/inventory/hosts.yml ansible/playbooks/forgejo.yml --ask-vault-pass
 # Éditer le vault
 ansible-vault edit ansible/inventory/group_vars/all/vault.yml --ask-vault-pass
 ```
 ## SSH agent (obligatoire avant Ansible)
 ```bash
 eval $(ssh-agent -s) && ssh-add ~/.ssh/homelab
 ```
 ## Infrastructure
 | Hôte | IP | Rôle |
 |------|----|------|
 | Proxmox | 192.168.1.242 | Hyperviseur |
 | vm-gateway | 192.168.1.254 | WireGuard |
 | vm-forgejo | 192.168.1.50 | Forgejo :3000 |
 | vm-nextcloud | 192.168.1.51 | Nextcloud :8080 |
 | vm-tools | 192.168.1.52 | Stirling PDF :8081 |
 | VPS Scaleway | 51.158.126.113 | Caddy + WireGuard |
 | QNAP | 192.168.1.208 | NAS NFS/SMB |
 ## Vault — variables clés
 `vault_forgejo_db_password`, `vault_forgejo_domain`, `vault_nextcloud_db_password`,
 `vault_nextcloud_admin_user`, `vault_nextcloud_admin_password`, `vault_nextcloud_domain`,
 `vault_admin_password`, `vault_wg_*`
 ## Pièges connus
 - Les VMs Rocky Linux utilisent `firewalld`, le VPS Debian utilise `ufw`
 - Docker gère lui-même les règles firewalld — ne pas les gérer dans les playbooks
 - `NEXTCLOUD_TRUSTED_DOMAINS` n'est lu qu'au premier démarrage — utiliser `occ` pour modifier après install
 - Le VPS a `ansible_user: Elewyn` (root SSH désactivé)
--- a/homelab.md
+++ b/homelab.md
--- a/terraform/proxmox/main.tf
+++ b/terraform/proxmox/main.tf
@ -1,122 +1,122 @@
-# Provider Proxmox (bpg) - plus moderne, pas le bug user list de telmate
+# Provider Proxmox (bpg)
-terraform {
+terraform {
-  required_providers {
+  required_providers {
-    proxmox = {
+    proxmox = {
-      source  = "bpg/proxmox"
+      source  = "bpg/proxmox"
-      version = "~> 0.78"
+      version = "~> 0.78"
-    }
+    }
-  }
+  }
-}
+}
-
+
-provider "proxmox" {
+provider "proxmox" {
-  endpoint  = var.proxmox_url
+  endpoint  = var.proxmox_url
-  api_token = var.proxmox_api_token
+  api_token = var.proxmox_api_token
-  insecure  = true
+  insecure  = true
-
+
-  ssh {
+  ssh {
-    agent = false
+    agent = false
-  }
+  }
-}
+}
-
+
-# --- Locals : configuration centralisee des VMs ---
+# --- Locals : configuration centralisee des VMs ---
-locals {
+locals {
-  vms = {
+  vms = {
-    gateway = {
+    gateway = {
-      vmid    = 200
+      vmid    = 200
-      cores   = 1
+      cores   = 1
-      memory  = 512
+      memory  = 512
-      balloon = 256
+      balloon = 256
-      disk    = 10
+      disk    = 10
-      ip      = var.gateway_ip
+      ip      = var.gateway_ip
-    }
+    }
-    forgejo = {
+    forgejo = {
-      vmid    = 201
+      vmid    = 201
-      cores   = 2
+      cores   = 2
-      memory  = 1024
+      memory  = 1024
-      balloon = 512
+      balloon = 512
-      disk    = 20
+      disk    = 20
-      ip      = var.forgejo_ip
+      ip      = var.forgejo_ip
-    }
+    }
-    nextcloud = {
+    nextcloud = {
-      vmid    = 202
+      vmid    = 202
-      cores   = 4
+      cores   = 4
-      memory  = 6144
+      memory  = 6144
-      balloon = 2048
+      balloon = 2048
-      disk    = 20
+      disk    = 20
-      ip      = var.nextcloud_ip
+      ip      = var.nextcloud_ip
-    }
+    }
-    tools = {
+    tools = {
-      vmid    = 203
+      vmid    = 203
-      cores   = 2
+      cores   = 2
-      memory  = 2048
+      memory  = 2048
-      balloon = 1024
+      balloon = 1024
-      disk    = 10
+      disk    = 10
-      ip      = var.tools_ip
+      ip      = var.tools_ip
-    }
+    }
-  }
+  }
-}
+}
-
+
-# --- VMs generees dynamiquement par clonage du template ---
+# --- VMs generees dynamiquement par clonage du template ---
-resource "proxmox_virtual_environment_vm" "vm" {
+resource "proxmox_virtual_environment_vm" "vm" {
-  for_each = local.vms
+  for_each = local.vms
-
+
-  name      = each.key
+  name      = each.key
-  node_name = var.proxmox_node
+  node_name = var.proxmox_node
-  vm_id     = each.value.vmid
+  vm_id     = each.value.vmid
-
+
-  clone {
+  clone {
-    vm_id = var.template_vmid
+    vm_id = var.template_vmid
-  }
+  }
-
+
-  scsi_hardware = "virtio-scsi-single"
+  scsi_hardware = "virtio-scsi-single"
-
+
-  cpu {
+  cpu {
-    cores   = each.value.cores
+    cores   = each.value.cores
-    sockets = 1
+    sockets = 1
-    type    = "x86-64-v2-AES"
+    type    = "x86-64-v2-AES"
-  }
+  }
-
+
-  memory {
+  memory {
-    dedicated = each.value.memory
+    dedicated = each.value.memory
-    floating  = each.value.balloon
+    floating  = each.value.balloon
-  }
+  }
-
+
-  agent {
+  agent {
-    enabled = true
+    enabled = true
-    timeout = "10s"
+    timeout = "10s"
-  }
+  }
-
+
-  disk {
+  disk {
-    interface    = "scsi0"
+    interface    = "scsi0"
-    size         = each.value.disk
+    size         = each.value.disk
-    datastore_id = var.storage_name
+    datastore_id = var.storage_name
-  }
+  }
-
+
-  network_device {
+  network_device {
-    bridge = var.network_bridge
+    bridge = var.network_bridge
-    model  = "virtio"
+    model  = "virtio"
-  }
+  }
-
+
-  initialization {
+  initialization {
-    ip_config {
+    ip_config {
-      ipv4 {
+      ipv4 {
-        address = "${each.value.ip}/24"
+        address = "${each.value.ip}/24"
-        gateway = var.network_gateway
+        gateway = var.network_gateway
-      }
+      }
-    }
+    }
-    dns {
+    dns {
-      servers = [var.dns_server]
+      servers = [var.dns_server]
-    }
+    }
-    user_account {
+    user_account {
-      username = var.ci_user
+      username = var.ci_user
-      keys     = [var.ssh_public_key]
+      keys     = [var.ssh_public_key]
-    }
+    }
-  }
+  }
-
+
-  lifecycle {
+  lifecycle {
-    ignore_changes = [
+    ignore_changes = [
-      initialization,
+      initialization,
-      network_device
+      network_device
-    ]
+    ]
-  }
+  }
-}
+}