proxmox: add VM automation with OpenTofu and Ansible
Add automated workflow for building and deploying NixOS VMs on Proxmox including template2 host configuration, Ansible playbook for image building/deployment, and OpenTofu configuration for VM provisioning with cloud-init. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
60
CLAUDE.md
60
CLAUDE.md
@@ -44,6 +44,15 @@ nix develop
|
||||
|
||||
Secrets are handled by sops. Do not edit any `.sops.yaml` or any file within `secrets/`. Ask the user to modify if necessary.
|
||||
|
||||
### Git Commit Messages
|
||||
|
||||
Commit messages should follow the format: `topic: short description`
|
||||
|
||||
Examples:
|
||||
- `flake: add opentofu to devshell`
|
||||
- `template2: add proxmox image configuration`
|
||||
- `terraform: add VM deployment configuration`
|
||||
|
||||
## Architecture
|
||||
|
||||
### Directory Structure
|
||||
@@ -143,6 +152,57 @@ Configured in `/system/autoupgrade.nix`:
|
||||
- Auto-reboot after successful upgrade
|
||||
- Systemd service: `nixos-upgrade.service`
|
||||
|
||||
### Proxmox VM Provisioning with OpenTofu
|
||||
|
||||
The repository includes automated workflows for building Proxmox VM templates and deploying VMs using OpenTofu (Terraform).
|
||||
|
||||
#### Building and Deploying Templates
|
||||
|
||||
Template VMs are built from `hosts/template2` and deployed to Proxmox using Ansible:
|
||||
|
||||
```bash
|
||||
# Build NixOS image and deploy to Proxmox as template
|
||||
nix develop -c ansible-playbook -i playbooks/inventory.ini playbooks/build-and-deploy-template.yml
|
||||
```
|
||||
|
||||
This playbook:
|
||||
1. Builds the Proxmox image using `nixos-rebuild build-image --image-variant proxmox`
|
||||
2. Uploads the `.vma.zst` image to Proxmox at `/var/lib/vz/dump`
|
||||
3. Restores it as VM ID 9000
|
||||
4. Converts it to a template
|
||||
|
||||
Template configuration (`hosts/template2`):
|
||||
- Minimal base system with essential packages (age, vim, wget, git)
|
||||
- Cloud-init configured for NoCloud datasource (no EC2 metadata timeout)
|
||||
- DHCP networking on ens18
|
||||
- SSH key-based root login
|
||||
- `prepare-host.sh` script for cleaning machine-id, SSH keys, and regenerating age keys
|
||||
|
||||
#### Deploying VMs with OpenTofu
|
||||
|
||||
VMs are deployed from templates using OpenTofu in the `/terraform` directory:
|
||||
|
||||
```bash
|
||||
cd terraform
|
||||
tofu init # First time only
|
||||
tofu apply # Deploy VMs
|
||||
```
|
||||
|
||||
Configuration files:
|
||||
- `main.tf` - Proxmox provider configuration
|
||||
- `variables.tf` - Provider variables (API credentials)
|
||||
- `vm.tf` - VM resource definitions
|
||||
- `terraform.tfvars` - Actual credentials (gitignored)
|
||||
|
||||
Example VM deployment includes:
|
||||
- Clone from template VM
|
||||
- Cloud-init configuration (SSH keys, network, DNS)
|
||||
- Custom CPU/memory/disk sizing
|
||||
- VLAN tagging
|
||||
- QEMU guest agent
|
||||
|
||||
OpenTofu outputs the VM's IP address after deployment for easy SSH access.
|
||||
|
||||
### Adding a New Host
|
||||
|
||||
1. Create `/hosts/<hostname>/` directory
|
||||
|
||||
Reference in New Issue
Block a user