revert: insecure to false

README.md

@@ -1,3 +1,20 @@
-# Homelab
+# 🧪 Homelab
 
-Hello world !
+> ⚠️ **Work in Progress** – This repository is actively evolving as I automate and expand my homelab.
+
+Welcome to my homelab repository! This is where I manage and document the infrastructure powering my personal lab environment using modern DevOps tools and best practices.
+
+## 🚀 Goals
+
+- Automate VM and infrastructure deployment with **Terraform**
+- Configure systems and services using **Ansible**
+- Deploy and manage Kubernetes with **Flux CD** using a **GitOps** approach
+- Keep everything **declarative**, **reproducible**, and **version-controlled**
+
+## 📌 Notes
+
+This repository is intended for **educational and experimental purposes**. Feel free to explore, fork, and adapt ideas for your own homelab setup.
+
+---
+
+Stay tuned — more coming soon! 🚧

ansible/ansiform/playbooks/install_nginx.yml

@@ -0,0 +1,35 @@
+---
+- name: Demo Playbook - Install Nginx and Serve Hostname Page
+  hosts: all
+  become: true
+
+  tasks:
+    - name: Ensure apt cache is updated
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 3600
+
+    - name: Install nginx
+      ansible.builtin.apt:
+        name: nginx
+        state: present
+
+    - name: Create index.html with hostname
+      ansible.builtin.copy:
+        dest: /var/www/html/index.html
+        content: |
+          <html>
+          <head><title>Demo</title></head>
+          <body>
+              <h1>Hostname: {{ inventory_hostname }}</h1>
+          </body>
+          </html>
+        owner: www-data
+        group: www-data
+        mode: "0644"
+
+    - name: Ensure nginx is running
+      ansible.builtin.service:
+        name: nginx
+        state: started
+        enabled: true

ansible/proxmox/terraform_user.yml

@@ -0,0 +1,20 @@
+---
+- name: Create Terraform local user for Proxmox
+  hosts: nodes
+  become: true
+  tasks:
+  
+    - name: Create terraform user
+      ansible.builtin.user:
+        name: "{{ terraform_user }}"
+        password: "{{ terraform_password | password_hash('sha512') }}"
+        shell: /bin/bash
+
+    - name: Create sudoers file for terraform user
+      ansible.builtin.copy:
+        dest: /etc/sudoers.d/{{ terraform_user }}
+        mode: '0440'
+        content: |
+          {{ terraform_user }} ALL=(root) NOPASSWD: /sbin/pvesm
+          {{ terraform_user }} ALL=(root) NOPASSWD: /sbin/qm
+          {{ terraform_user }} ALL=(root) NOPASSWD: /usr/bin/tee /var/lib/vz/*

terraform/modules/pve_vm/main.tf

@@ -1,93 +1,107 @@
+# Retrieve VM templates available in Proxmox that match the specified name
 data "proxmox_virtual_environment_vms" "template" {
   filter {
     name   = "name"
-    values = ["${var.vm_template}"]
+    values = ["${var.vm_template}"] # The name of the template to clone from
   }
 }
 
+# Create a cloud-init configuration file as a Proxmox snippet
 resource "proxmox_virtual_environment_file" "cloud_config" {
-  content_type = "snippets"
-  datastore_id = "local"
-  node_name    = var.node_name
+  content_type = "snippets"        # Cloud-init files are stored as snippets in Proxmox
+  datastore_id = "local"           # Local datastore used to store the snippet
+  node_name    = var.node_name     # The Proxmox node where the file will be uploaded
+
   source_raw {
-    file_name = "${var.vm_name}.cloud-config.yaml"
+    file_name = "${var.vm_name}.cloud-config.yaml" # The name of the snippet file
     data      = <<-EOF
     #cloud-config
     hostname: ${var.vm_name}
     package_update: true
     package_upgrade: true
     packages:
-      - qemu-guest-agent
+      - qemu-guest-agent           # Ensures the guest agent is installed
     users:
       - default
       - name: ${var.vm_user}
         groups: sudo
         shell: /bin/bash
-        ssh-authorized-keys:
-          - "${var.vm_user_sshkey}"
+        ssh-authorized-keys: ${jsonencode(var.vm_user_sshkeys)} # Inject user's SSH key
         sudo: ALL=(ALL) NOPASSWD:ALL
     runcmd:
       - systemctl enable qemu-guest-agent 
-      - reboot
+      - reboot                     # Reboot the VM after provisioning
     EOF
   }
 }
 
+# Define and provision a new VM by cloning the template and applying initialization
 resource "proxmox_virtual_environment_vm" "vm" {
-  name      = var.vm_name
-  node_name = var.node_name
-  tags      = var.vm_tags
+  name      = var.vm_name           # VM name
+  node_name = var.node_name         # Proxmox node to deploy the VM
+  tags      = var.vm_tags           # Optional VM tags for categorization
+
   agent {
-    enabled = true
+    enabled = true                  # Enable the QEMU guest agent
   }
-  stop_on_destroy = true
+
+  stop_on_destroy = true            # Ensure VM is stopped gracefully when destroyed
+
   clone {
-    vm_id     = data.proxmox_virtual_environment_vms.template.vms[0].vm_id
-    node_name = data.proxmox_virtual_environment_vms.template.vms[0].node_name
+    vm_id     = data.proxmox_virtual_environment_vms.template.vms[0].vm_id     # ID of the source template
+    node_name = data.proxmox_virtual_environment_vms.template.vms[0].node_name # Node of the source template
   }
-  bios    = var.vm_bios
-  machine = var.vm_machine
+
+  bios    = var.vm_bios             # BIOS type (e.g., seabios or ovmf)
+  machine = var.vm_machine          # Machine type (e.g., q35)
+
   cpu {
-    cores = var.vm_cpu
-    type  = "host"
+    cores = var.vm_cpu              # Number of CPU cores
+    type  = "host"                  # Use host CPU type for best compatibility/performance
   }
+
   memory {
-    dedicated = var.vm_ram
+    dedicated = var.vm_ram          # RAM in MB
   }
+
   disk {
-    datastore_id = var.node_datastore
-    interface    = "scsi0"
-    size         = 4
+    datastore_id = var.node_datastore  # Datastore to hold the disk
+    interface    = "scsi0"             # Primary disk interface
+    size         = var.vm_disk_size    # Disk size in GB
   }
+
   initialization {
-    user_data_file_id = proxmox_virtual_environment_file.cloud_config.id
+    user_data_file_id = proxmox_virtual_environment_file.cloud_config.id # Link the cloud-init file
     datastore_id      = var.node_datastore
-    interface         = "scsi1"
+    interface         = "scsi1"             # Separate interface for cloud-init
     ip_config {
       ipv4 {
-        address = "dhcp"
+        address = "dhcp"            # Get IP via DHCP
       }
     }
   }
+
   network_device {
-    bridge  = "vmbr0"
-    vlan_id = var.vm_vlan
+    bridge  = "vlan${var.vm_vlan}"  # VNet used with VLAN ID
   }
+
   operating_system {
-    type = "l26"
+    type = "l26"                    # Linux 2.6+ kernel
   }
+
   vga {
-    type = "std"
+    type = "std"                    # Standard VGA type
   }
+
   lifecycle {
-    ignore_changes = [
+    ignore_changes = [              # Ignore initialization section after first depoloyment for idempotency
       initialization
     ]
   }
 }
 
+# Output the assigned IP address of the VM after provisioning
 output "vm_ip" {
-  value       = proxmox_virtual_environment_vm.vm.ipv4_addresses[1][0]
+  value       = proxmox_virtual_environment_vm.vm.ipv4_addresses[1][0] # Second network interface's first IP
   description = "VM IP"
-}
-
+}

terraform/modules/pve_vm/variables.tf

@@ -26,10 +26,13 @@ variable "vm_user" {
   default     = "vez"
 }
 
-variable "vm_user_sshkey" {
-  description = "Admin user SSH key of the VM"
-  type        = string
-  default     = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID62LmYRu1rDUha3timAIcA39LtcIOny1iAgFLnxoBxm vez@bastion"
+variable "vm_user_sshkeys" {
+  description = "Admin user SSH keys of the VM"
+  type        = list(string)
+  default     = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID62LmYRu1rDUha3timAIcA39LtcIOny1iAgFLnxoBxm vez@bastion",
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHovfHKpqTvwj5zrcSuSZALa8iiH6qBvE5dyJCz9eQ2k vez@surface"
+  ]
 }
 
 variable "vm_cpu" {
@@ -44,6 +47,12 @@ variable "vm_ram" {
   default     = 2048
 }
 
+variable "vm_disk_size" {
+  description = "Size of the disk (GB) of the VM"
+  type        = number
+  default     = 10
+}
+
 variable "vm_bios" {
   description = "Type of BIOS used for the VM"
   type        = string

terraform/projects/multiple-vm/main.tf

@@ -19,7 +19,7 @@ locals {
       for node in data.proxmox_virtual_environment_nodes.pve_nodes.names : [
         for role, config in local.vm_attr : {
           node_name = node
-          vm_name   = "${role}-${node}"
+          vm_name   = "${node}-${role}"
           vm_cpu    = config.cpu
           vm_ram    = config.ram
           vm_vlan   = config.vlan

terraform/projects/semaphore-vms/main.tf

@@ -0,0 +1,33 @@
+module "pve_vm" {
+  source    = "../../modules/pve_vm"
+  for_each  = local.vm_list
+
+  node_name = each.value.node_name
+  vm_name   = each.value.vm_name
+  vm_cpu    = each.value.vm_cpu
+  vm_ram    = each.value.vm_ram
+  vm_vlan   = each.value.vm_vlan
+}
+
+locals {
+  # Ordered list of VM hostnames
+  sem_hosts = ["sem01", "sem02", "sem03"]
+
+  # Create a map: host -> node
+  vm_list = {
+    for idx, host in local.sem_hosts :
+    host => {
+      node_name = data.proxmox_virtual_environment_nodes.pve_nodes.names[idx]
+      vm_name   = host
+      vm_cpu    = 1
+      vm_ram    = 2048
+      vm_vlan   = 66
+    }
+  }
+}
+
+data "proxmox_virtual_environment_nodes" "pve_nodes" {}
+
+output "vm_ip" {
+  value = { for k, v in module.pve_vm : k => v.vm_ip }
+}

terraform/projects/semaphore-vms/provider.tf

@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source = "bpg/proxmox"
+    }
+  }
+}
+
+provider "proxmox" {
+  endpoint  = var.proxmox_endpoint
+  api_token = var.proxmox_api_token
+  insecure  = false
+  ssh {
+    agent       = false
+    # private_key = file("~/.ssh/id_ed25519")
+    username    = var.proxmox_ssh_username
+    password    = var.proxmox_ssh_password
+  }
+}

terraform/projects/semaphore-vms/variables.tf

@@ -0,0 +1,22 @@
+variable "proxmox_endpoint" {
+  description = "Proxmox URL endpoint"
+  type        = string
+}
+
+variable "proxmox_api_token" {
+  description = "Proxmox API token"
+  type        = string
+  sensitive   = true
+}
+
+variable "proxmox_ssh_username" {
+  description = "Proxmox SSH username"
+  type        = string
+  sensitive   = true
+}
+
+variable "proxmox_ssh_password" {
+  description = "Proxmox SSH password"
+  type        = string
+  sensitive   = true
+}

terraform/projects/simple-vm-with-module/variables.tf

@@ -7,4 +7,4 @@ variable "proxmox_api_token" {
   description = "Proxmox API token"
   type        = string
   sensitive   = true
-}
+}

terraform/projects/simple-vm/main.tf

@@ -83,8 +83,7 @@ resource "proxmox_virtual_environment_vm" "vm" {
   }
 
   network_device {
-    bridge  = "vmbr0"               # Use the default bridge
-    vlan_id = var.vm_vlan           # VLAN tagging if used
+    bridge  = "vlan${var.vm_vlan}"  # VNet used with VLAN ID
   }
 
   operating_system {