k3s: debian vm and manifest

2026-02-26 11:43:13 +01:00
parent 0cab06acd4
commit 8ad2c150a4
13 changed files with 267 additions and 27 deletions
--- a/tofu/.gitignore
+++ b/tofu/.gitignore
@@ -1,4 +0,0 @@
-*.tfstate
-*.tfstate.backup
-.terraform/
-terraform.tfvars
--- a/tofu/.terraform.lock.hcl
+++ b/tofu/.terraform.lock.hcl
@@ -23,3 +23,19 @@ provider "registry.opentofu.org/bpg/proxmox" {
    "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
  ]
 }
+
+provider "registry.opentofu.org/hashicorp/random" {
+  version = "3.8.1"
+  hashes = [
+    "h1:EHn3jsqOKhWjbg0X+psk0Ww96yz3N7ASqEKKuFvDFwo=",
+    "zh:25c458c7c676f15705e872202dad7dcd0982e4a48e7ea1800afa5fc64e77f4c8",
+    "zh:2edeaf6f1b20435b2f81855ad98a2e70956d473be9e52a5fdf57ccd0098ba476",
+    "zh:44becb9d5f75d55e36dfed0c5beabaf4c92e0a2bc61a3814d698271c646d48e7",
+    "zh:7699032612c3b16cc69928add8973de47b10ce81b1141f30644a0e8a895b5cd3",
+    "zh:86d07aa98d17703de9fbf402c89590dc1e01dbe5671dd6bc5e487eb8fe87eee0",
+    "zh:8c411c77b8390a49a8a1bc9f176529e6b32369dd33a723606c8533e5ca4d68c1",
+    "zh:a5ecc8255a612652a56b28149994985e2c4dc046e5d34d416d47fa7767f5c28f",
+    "zh:aea3fe1a5669b932eda9c5c72e5f327db8da707fe514aaca0d0ef60cb24892f9",
+    "zh:f56e26e6977f755d7ae56fa6320af96ecf4bb09580d47cb481efbf27f1c5afff",
+  ]
+}
--- a/tofu/drone-runner.tf
+++ b/tofu/drone-runner.tf
@@ -1,15 +1,3 @@
-provider "proxmox" {
-  endpoint = var.proxmox_endpoint
-  username = "root@pam"
-  password = var.proxmox_password
-  insecure = true
-
-  ssh {
-    agent    = true
-    username = "root"
-  }
-}
-
 resource "proxmox_virtual_environment_download_file" "debian_13_lxc_template" {
  content_type = "vztmpl"
  datastore_id = "local"
@@ -73,5 +61,15 @@ resource "proxmox_virtual_environment_container" "drone_runner" {
  startup {
    order = "1"
  }
-
 }
+
+output "drone_runner_id" {
+  description = "VMID of the Drone Runner LXC"
+  value       = proxmox_virtual_environment_container.drone_runner.vm_id
+}
+
+output "drone_runner_ip" {
+  description = "IP address of the Drone Runner LXC"
+  value       = var.drone_runner_ip
+}
+
--- a/tofu/k3s.tf
+++ b/tofu/k3s.tf
@@ -0,0 +1,66 @@
+resource "proxmox_virtual_environment_download_file" "latest_debian_13_trixie_qcow2_img" {
+  content_type = "import"
+  datastore_id = "local"
+  node_name = var.node_name
+  url = "https://cloud.debian.org/images/cloud/trixie/latest/debian-13-genericcloud-amd64.qcow2"
+}
+
+resource "proxmox_virtual_environment_vm" "debian_13_vm_for_k3s" {
+  name        = "k3s"
+  description = "Debian 13 vm for k3s"
+  tags        = ["opentofu", "debian"]
+
+  node_name = var.node_name
+  vm_id     = var.k3s_id
+
+  agent {
+    enabled = false
+  }
+  stop_on_destroy = true
+
+  startup {
+    order      = "3"
+    up_delay   = "60"
+    down_delay = "60"
+  }
+
+  cpu {
+    cores        = 2
+    type         = "host"
+  }
+
+  memory {
+    dedicated = 4096
+    floating  = 4096
+  }
+
+  disk {
+    datastore_id = "local-lvm"
+    import_from  = proxmox_virtual_environment_download_file.latest_debian_13_trixie_qcow2_img.id
+    interface    = "scsi0"
+    size         = 20
+  }
+
+  initialization {
+    ip_config {
+      ipv4 {
+        address = var.k3s_ip
+        gateway = var.gateway
+      }
+    }
+
+    user_account {
+      keys     = [trimspace(file(var.ssh_public_key_path))]
+      password = var.k3s_password
+      username = "debian"
+    }
+  }
+
+  network_device {
+    bridge = "vmbr0"
+  }
+
+  operating_system {
+    type = "l26"
+  }
+}
--- a/tofu/outputs.tf
+++ b/tofu/outputs.tf
@@ -1,9 +0,0 @@
-output "drone_runner_id" {
-  description = "VMID of the Drone Runner LXC"
-  value       = proxmox_virtual_environment_container.drone_runner.vm_id
-}
-
-output "drone_runner_ip" {
-  description = "IP address of the Drone Runner LXC"
-  value       = var.drone_runner_ip
-}
--- a/tofu/provider.tf
+++ b/tofu/provider.tf
@@ -0,0 +1,12 @@
+provider "proxmox" {
+  endpoint = var.proxmox_endpoint
+  username = "root@pam"
+  password = var.proxmox_password
+  insecure = true
+
+  ssh {
+    agent    = true
+    username = "root"
+  }
+}
+
--- a/tofu/terraform.tfvars.example
+++ b/tofu/terraform.tfvars.example
@@ -6,3 +6,6 @@ drone_runner_ip        = "192.168.x.200/24"
 gateway                = "192.168.x.1"
 ssh_public_key_path    = "~/.ssh/id_ed25519.pub"
 drone_runner_password  = "lxc-root-password"
+k3s_id                 = 201
+k3s_ip                 = "192.168.x.201/24"
+k3s_password           = "debian-vm-password"
--- a/tofu/variables.tf
+++ b/tofu/variables.tf
@@ -21,11 +21,22 @@ variable "drone_runner_id" {
  default     = 200
 }

+variable "k3s_id" {
+  description = "VMID for the k3s vm"
+  type        = number
+  default     = 4321
+}
+
 variable "drone_runner_ip" {
  description = "Static IP in CIDR notation"
  type        = string
 }

+variable "k3s_ip" {
+  description = "Static IP in CIDR notation"
+  type        = string
+}
+
 variable "gateway" {
  description = "Network gateway IP"
  type        = string
@@ -42,3 +53,9 @@ variable "drone_runner_password" {
  type        = string
  sensitive   = true
 }
+
+variable "k3s_password" {
+  description = "Password for debian user on the K3s VM"
+  type        = string
+  sensitive   = true
+}
--- a/tofu/versions.tf
+++ b/tofu/versions.tf
@@ -3,7 +3,7 @@ terraform {

  backend "s3" {
    bucket = "tofu-state"
-    key    = "drone-runner/terraform.tfstate"
+    key    = "calchat-pipeline/terraform.tfstate"
    region = "garage"

    endpoints = {