terraform: refactor cloud-init to use proxmox_cloud_init_disk resource

Replace SSH upload approach with native proxmox_cloud_init_disk resource
for cleaner, more maintainable cloud-init management.

Changes:
- Use proxmox_cloud_init_disk for all VMs (not just branch-specific ones)
- Include SSH keys, network config, and metadata in cloud-init disk
- Conditionally include NIXOS_FLAKE_BRANCH for VMs with flake_branch set
- Replace ide2 cloudinit disk with cdrom reference to cloud-init disk
- Remove built-in cloud-init parameters (ciuser, sshkeys, etc.)
- Remove cicustom parameter (no longer needed)
- Remove proxmox_host variable (no SSH uploads required)
- Remove .gitignore entry for .generated/ directory

Benefits:
- No SSH access to Proxmox required
- All cloud-init config managed in Terraform
- Consistent approach for all VMs
- Cleaner state management

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

terraform/cloud-init.tf

@@ -1,55 +1,51 @@
-# Cloud-init configuration for branch-specific bootstrap
+# Cloud-init configuration for all VMs
 #
-# This file manages custom cloud-init snippets for VMs that need to bootstrap
-# from a specific git branch (non-master). Production VMs omit flake_branch
-# and use the default master branch.
+# This file manages cloud-init disks for all VMs using the proxmox_cloud_init_disk resource.
+# VMs with flake_branch set will include NIXOS_FLAKE_BRANCH environment variable.
 
-# Generate cloud-init snippets for VMs with custom branch configuration
-resource "local_file" "cloud_init_branch" {
-  for_each = {
-    for name, vm in local.vm_configs : name => vm
-    if vm.flake_branch != null
-  }
+resource "proxmox_cloud_init_disk" "ci" {
+  for_each = local.vm_configs
 
-  filename = "${path.module}/.generated/cloud-init-${each.key}.yml"
-  content = yamlencode({
-    # Write NIXOS_FLAKE_BRANCH to /etc/environment
-    # This will be read by bootstrap.nix service via EnvironmentFile
-    write_files = [{
-      path    = "/etc/environment"
-      content = "NIXOS_FLAKE_BRANCH=${each.value.flake_branch}\n"
-      append  = true
+  name     = each.key
+  pve_node = each.value.target_node
+  storage  = each.value.storage
+
+  # User data includes SSH keys and optionally NIXOS_FLAKE_BRANCH
+  user_data = <<-EOT
+  #cloud-config
+  ssh_authorized_keys:
+    - ${each.value.ssh_public_key}
+  ${each.value.flake_branch != null ? <<-BRANCH
+  write_files:
+    - path: /etc/environment
+      content: |
+        NIXOS_FLAKE_BRANCH=${each.value.flake_branch}
+      append: true
+  BRANCH
+: ""}
+  EOT
+
+# Network configuration - static IP or DHCP
+network_config = yamlencode({
+  version = 1
+  config = [{
+    type = "physical"
+    name = "ens18"
+    subnets = each.value.ip != null ? [{
+      type            = "static"
+      address         = each.value.ip
+      gateway         = each.value.gateway
+      dns_nameservers = split(" ", each.value.nameservers)
+      dns_search      = [each.value.search_domain]
+      }] : [{
+      type = "dhcp"
     }]
-  })
+  }]
+})
 
-  file_permission = "0644"
+# Instance metadata
+meta_data = yamlencode({
+  instance_id    = sha1(each.key)
+  local-hostname = each.key
+})
 }
-
-# Upload cloud-init snippets to Proxmox
-# Note: This requires SSH access to the Proxmox host
-# Alternative: Manually copy files or use Proxmox API if available
-resource "null_resource" "upload_cloud_init" {
-  for_each = {
-    for name, vm in local.vm_configs : name => vm
-    if vm.flake_branch != null
-  }
-
-  # Trigger re-upload when content changes
-  triggers = {
-    content_hash = local_file.cloud_init_branch[each.key].content
-  }
-
-  # Upload the cloud-init file to Proxmox snippets directory
-  provisioner "local-exec" {
-    command = <<-EOT
-      scp -o StrictHostKeyChecking=no \
-        ${local_file.cloud_init_branch[each.key].filename} \
-        ${var.proxmox_host}:/var/lib/vz/snippets/cloud-init-${each.key}.yml
-    EOT
-  }
-
-  depends_on = [local_file.cloud_init_branch]
-}
-
-# Ensure VMs depend on cloud-init being uploaded
-# This is handled implicitly by the cicustom reference in vms.tf