windows compatibility

CHANGELOG.md

@@ -0,0 +1,12 @@
+# Changelog
+
+## 2026-02-21
+
+### Changed
+- VM module (`terraform/modules/vm/main.tf`): CPU, memory, and disk blocks are now conditional on `os_type == "linux"` via dynamic blocks — Windows clones inherit all hardware from the template
+- VM module: added `lifecycle { ignore_changes = [efi_disk, tpm_state, disk, cpu, memory] }` to prevent Terraform from managing hardware inherited from Windows templates
+- VM module: removed `efi_disk` dynamic block (EFI disk is inherited from template, not created by Terraform)
+- rds01 specs adjusted to 2 cores / 6144 MB / 50 GB (documentation only — inherited from template)
+
+### Removed
+- ca01 VM (VMID 1005) — AD Certificate Authority removed from management tier

terraform/management.tf

@@ -4,12 +4,11 @@
 # Lighthouse and DNS should be provisioned first.
 #
 # VMs:
-#   1000  lighthouse  192.168.100.10  - Nebula lighthouse/relay
+#   1000  lighthouse  192.168.100.10  - Nebula lighthouse/relay (not yet defined)
 #   1001  dns         192.168.100.11  - Internal DNS server
 #   1002  caddy       192.168.100.12  - Reverse proxy
 #   1003  dc01        192.168.100.13  - AD domain controller (manual)
-#   1005  ca01        192.168.100.15  - AD Certificate Authority
+#   1006  rds01       192.168.100.16  - File Server + Light RDS
-#   1006  rds01       192.168.100.16  - Remote Desktop Services + File Server
 
 module "dns" {
   source       = "./modules/vm"
@@ -39,20 +38,6 @@ module "caddy" {
   ssh_key_path = var.ssh_key_path
 }
 
-module "ca01" {
-  source       = "./modules/vm"
-  name         = "ca01"
-  vmid         = 1005
-  node_name    = var.proxmox_node
-  bridge_ip    = "192.168.100.15"
-  os_type      = "windows"
-  datastore_id = var.datastore_id
-  clone_vmid   = var.windows_template_vmid
-  cores        = 2
-  memory       = 4096
-  disk_size    = 60
-}
-
 module "rds01" {
   source       = "./modules/vm"
   name         = "rds01"
@@ -62,7 +47,7 @@ module "rds01" {
   os_type      = "windows"
   datastore_id = var.datastore_id
   clone_vmid   = var.windows_template_vmid
-  cores        = 4
+  cores        = 2       # Inherited from template (documentation only)
-  memory       = 8192
+  memory       = 6144    # Inherited from template (documentation only)
-  disk_size    = 100
+  disk_size    = 50      # Inherited from template (documentation only)
 }

terraform/modules/vm/main.tf

@@ -18,34 +18,44 @@ resource "proxmox_virtual_environment_vm" "vm" {
     vm_id = var.clone_vmid
   }
 
-  cpu {
+  # Hardware configuration — Linux only.
+  # Windows clones inherit CPU, memory, and disk from the template unchanged.
+  # These dynamic blocks use for_each as a conditional: [1] = include, [] = skip.
+  dynamic "cpu" {
+    for_each = var.os_type == "linux" ? [1] : []
+    content {
       cores = var.cores
     }
+  }
 
-  memory {
+  dynamic "memory" {
+    for_each = var.os_type == "linux" ? [1] : []
+    content {
       dedicated = var.memory
       floating  = var.memory_floating
     }
+  }
 
-  disk {
+  dynamic "disk" {
+    for_each = var.os_type == "linux" ? [1] : []
+    content {
       datastore_id = var.datastore_id
       interface    = "scsi0"
       iothread     = true
       discard      = "on"
       size         = var.disk_size
     }
-
-  dynamic "efi_disk" {
-    for_each = var.os_type == "windows" ? [1] : []
-    content {
-      datastore_id = var.datastore_id
-    }
   }
 
   network_device {
     bridge = var.network_bridge
   }
 
+  # Windows template (10000) includes EFI disk + TPM that clones inherit.
+  lifecycle {
+    ignore_changes = [efi_disk, tpm_state, disk, cpu, memory]
+  }
+
   dynamic "initialization" {
     for_each = var.os_type == "linux" ? [1] : []
     content {