Merge pull request 'feat: add VM 202 for report-generator PG + MinIO' (#75) from feat/vm-202-reportgen into main

2026-02-20 09:54:09 +01:00 · 2026-02-20 09:54:09 +01:00 · 49372454f2
commit 49372454f2
parent 45806bc13f 011bbf52f4
3 changed files with 53 additions and 1 deletions
--- a/environments/production/tenant-vms.tf
+++ b/environments/production/tenant-vms.tf
@ -8,7 +8,33 @@

 locals {
  tenant_vms = {
-    # No VMs currently provisioned
+    "vm-202-reportgen" = {
+      vm_id     = 202
+      public_ip = "185.47.204.228"
+      password  = "ir61mXhg7czPsdgf/ZHOom3j"
+      cpu_cores = 4
+      ram_mb    = 8192
+      disk_gb   = 100
+      started   = true
+      extra_firewall_rules = [
+        {
+          type    = "in"
+          action  = "ACCEPT"
+          proto   = "tcp"
+          dport   = "5432"
+          source  = "185.47.204.226"
+          comment = "PostgreSQL from K8s (bare_srv_1)"
+        },
+        {
+          type    = "in"
+          action  = "ACCEPT"
+          proto   = "tcp"
+          dport   = "9000"
+          source  = "185.47.204.226"
+          comment = "MinIO from K8s (bare_srv_1)"
+        },
+      ]
+    }
  }
 }

@ -24,6 +50,7 @@ module "tenant_vm" {
  ram_mb    = lookup(each.value, "ram_mb", 4096)
  disk_gb   = lookup(each.value, "disk_gb", 50)
  started   = lookup(each.value, "started", true)
+  extra_firewall_rules = lookup(each.value, "extra_firewall_rules", [])

  depends_on = [proxmox_virtual_environment_download_file.ubuntu_2404_cloud]
 }
--- a/modules/tenant-vm/main.tf
+++ b/modules/tenant-vm/main.tf
@ -152,4 +152,16 @@ resource "proxmox_virtual_environment_firewall_rules" "tenant" {
    dport   = "25"
    comment = "Block SMTP (anti-spam)"
  }
+
+  dynamic "rule" {
+    for_each = var.extra_firewall_rules
+    content {
+      type    = rule.value.type
+      action  = rule.value.action
+      proto   = rule.value.proto
+      dport   = rule.value.dport
+      source  = rule.value.source
+      comment = rule.value.comment
+    }
+  }
 }
--- a/modules/tenant-vm/variables.tf
+++ b/modules/tenant-vm/variables.tf
@ -75,3 +75,16 @@ variable "subnet_mask" {
  type        = string
  default     = "28"
 }
+
+variable "extra_firewall_rules" {
+  description = "Additional Proxmox firewall rules (added after default SSH/ICMP/monitoring rules)"
+  type = list(object({
+    type    = string
+    action  = string
+    proto   = string
+    dport   = optional(string)
+    source  = optional(string)
+    comment = optional(string)
+  }))
+  default = []
+}