# Provider Proxmox (bpg) terraform { required_providers { proxmox = { source = "bpg/proxmox" version = "~> 0.78" } } } provider "proxmox" { endpoint = var.proxmox_url api_token = var.proxmox_api_token # insecure = true : Proxmox expose un certificat auto-signé sur le LAN. # Pas de CA interne ni de cert Let's Encrypt sur IP privée — vérification TLS impossible. insecure = true ssh { agent = false } } # --- Locals : configuration centralisee des VMs --- locals { vms = { gateway = { vmid = 200 cores = 1 memory = 512 balloon = 256 disk = 10 ip = var.gateway_ip } forgejo = { vmid = 201 cores = 2 memory = 1024 balloon = 512 disk = 20 ip = var.forgejo_ip } nextcloud = { vmid = 202 cores = 4 memory = 6144 balloon = 2048 disk = 20 ip = var.nextcloud_ip } tools = { vmid = 203 cores = 2 memory = 2048 balloon = 1024 disk = 10 ip = var.tools_ip } runner = { vmid = 204 cores = 4 memory = 4096 balloon = 2048 disk = 20 ip = var.runner_ip } } } # --- VMs generees dynamiquement par clonage du template --- resource "proxmox_virtual_environment_vm" "vm" { for_each = local.vms name = each.key node_name = var.proxmox_node vm_id = each.value.vmid clone { vm_id = var.template_vmid datastore_id = var.storage_name } scsi_hardware = "virtio-scsi-single" cpu { cores = each.value.cores sockets = 1 type = "x86-64-v2-AES" } memory { dedicated = each.value.memory floating = each.value.balloon } agent { enabled = true timeout = "10s" } disk { interface = "scsi0" size = each.value.disk datastore_id = var.storage_name } network_device { bridge = var.network_bridge model = "virtio" } initialization { datastore_id = var.storage_name ip_config { ipv4 { address = "${each.value.ip}/24" gateway = var.network_gateway } } dns { servers = [var.dns_server] } user_account { username = var.ci_user keys = [var.ssh_public_key] } } lifecycle { ignore_changes = [ initialization, network_device, clone, ] } }