100 lines
2.4 KiB
HCL
100 lines
2.4 KiB
HCL
terraform {
|
|
required_providers {
|
|
proxmox = {
|
|
source = "bpg/proxmox"
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "proxmox_virtual_environment_vm" "vm" {
|
|
name = var.name
|
|
node_name = var.node_name
|
|
vm_id = var.vmid
|
|
|
|
machine = var.os_type == "windows" ? "q35" : null
|
|
bios = var.os_type == "windows" ? "ovmf" : null
|
|
|
|
clone {
|
|
vm_id = var.clone_vmid
|
|
}
|
|
|
|
# Hardware configuration — Linux only.
|
|
# Windows clones inherit CPU, memory, and disk from the template unchanged.
|
|
# These dynamic blocks use for_each as a conditional: [1] = include, [] = skip.
|
|
dynamic "cpu" {
|
|
for_each = var.os_type == "linux" ? [1] : []
|
|
content {
|
|
cores = var.cores
|
|
}
|
|
}
|
|
|
|
dynamic "memory" {
|
|
for_each = var.os_type == "linux" ? [1] : []
|
|
content {
|
|
dedicated = var.memory
|
|
floating = var.memory_floating
|
|
}
|
|
}
|
|
|
|
dynamic "disk" {
|
|
for_each = var.os_type == "linux" ? [1] : []
|
|
content {
|
|
datastore_id = var.datastore_id
|
|
interface = "scsi0"
|
|
iothread = true
|
|
discard = "on"
|
|
size = var.disk_size
|
|
}
|
|
}
|
|
|
|
network_device {
|
|
bridge = var.network_bridge
|
|
}
|
|
|
|
# Windows template (10000) includes EFI disk + TPM that clones inherit.
|
|
lifecycle {
|
|
ignore_changes = [efi_disk, tpm_state, disk, cpu, memory]
|
|
}
|
|
|
|
dynamic "initialization" {
|
|
for_each = var.os_type == "linux" ? [1] : []
|
|
content {
|
|
datastore_id = var.datastore_id
|
|
ip_config {
|
|
ipv4 {
|
|
address = "${var.bridge_ip}/24"
|
|
gateway = var.gateway
|
|
}
|
|
}
|
|
user_account {
|
|
username = var.username
|
|
password = var.password
|
|
keys = [trimspace(file(var.ssh_key_path))]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
# Firewall configuration - always manage options to explicitly enable/disable
|
|
resource "proxmox_virtual_environment_firewall_options" "vm" {
|
|
node_name = var.node_name
|
|
vm_id = proxmox_virtual_environment_vm.vm.vm_id
|
|
|
|
enabled = var.firewall_enabled
|
|
input_policy = var.firewall_enabled ? var.firewall_input_policy : "ACCEPT"
|
|
output_policy = var.firewall_enabled ? var.firewall_output_policy : "ACCEPT"
|
|
}
|
|
|
|
resource "proxmox_virtual_environment_firewall_rules" "vm" {
|
|
count = var.firewall_enabled ? 1 : 0
|
|
|
|
node_name = var.node_name
|
|
vm_id = proxmox_virtual_environment_vm.vm.vm_id
|
|
|
|
rule {
|
|
security_group = var.firewall_security_group
|
|
}
|
|
|
|
depends_on = [proxmox_virtual_environment_firewall_options.vm]
|
|
}
|