74eeabb354
Some checks failed
PR Checks / tofu-checks (pull_request) Failing after 2s
1/1 projects applied successfully.
Reusable OpenTofu module for creating isolated tenant VMs with: - Public IP on vmbr1 (bridged, firewall=true) - Cloud-init: password auth, fail2ban, UFW hardening - Per-VM Proxmox firewall (IN: SSH+ICMP, OUT: allow, block SMTP) Includes test-tenant VM (185.47.204.227) for verification. Changes: - modules/tenant-vm/ — reusable module (VM + FW + cloud-init) - environments/production/tenant-vms.tf — tenant VM definitions - policies/security.rego — require firewall=true on vmbr1 - atlantis.yaml — trigger on module file changes - main.tf — updated host prerequisites comment Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
78 lines
1.6 KiB
HCL
78 lines
1.6 KiB
HCL
# Tenant VM module — variables
|
|
# Used by VM-as-a-Service (Phase 5) to create isolated VMs with public IPs
|
|
|
|
variable "name" {
|
|
description = "VM name (used in Proxmox and hostname)"
|
|
type = string
|
|
}
|
|
|
|
variable "vm_id" {
|
|
description = "Proxmox VMID (201-210 for tenant VMs)"
|
|
type = number
|
|
}
|
|
|
|
variable "public_ip" {
|
|
description = "Public IP from /28 subnet (185.47.204.227-236)"
|
|
type = string
|
|
}
|
|
|
|
variable "password" {
|
|
description = "User password for SSH access"
|
|
type = string
|
|
sensitive = true
|
|
}
|
|
|
|
variable "cpu_cores" {
|
|
description = "Number of CPU cores"
|
|
type = number
|
|
default = 1
|
|
}
|
|
|
|
variable "ram_mb" {
|
|
description = "RAM in MB"
|
|
type = number
|
|
default = 1024
|
|
}
|
|
|
|
variable "disk_gb" {
|
|
description = "Disk size in GB"
|
|
type = number
|
|
default = 20
|
|
}
|
|
|
|
variable "started" {
|
|
description = "Whether the VM should be started after creation"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "ssh_public_key" {
|
|
description = "SSH public key for monitoring access (Claude control plane)"
|
|
type = string
|
|
default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDO+Y8ns0RgUfR21POlIVsHD+Lp+x7cUBupqXsyMeVNZ claude@control-plane"
|
|
}
|
|
|
|
variable "username" {
|
|
description = "Default user account name"
|
|
type = string
|
|
default = "user"
|
|
}
|
|
|
|
variable "node_name" {
|
|
description = "Proxmox node name"
|
|
type = string
|
|
default = "georgeops"
|
|
}
|
|
|
|
variable "gateway" {
|
|
description = "Network gateway"
|
|
type = string
|
|
default = "185.47.204.225"
|
|
}
|
|
|
|
variable "subnet_mask" {
|
|
description = "Subnet mask in CIDR notation"
|
|
type = string
|
|
default = "28"
|
|
}
|