Fediversity/deployment/run/tf-proxmox-template/main.tf

terraform {
  required_providers {
    proxmox = {
      source  = "bpg/proxmox"
      version = "= 0.81.0"
    }
  }
  backend "http" {
  }
}

locals {
  dump_name = "qemu-nixos-fediversity-${var.category}.qcow2"
}

# https://registry.terraform.io/providers/bpg/proxmox/latest/docs
provider "proxmox" {
  endpoint = "https://${var.host}:8006/"

  # used for upload
  ssh {
    agent = true
    username = "root"
  }
}

# hash of our code directory, used to trigger re-deploy
# FIXME calculate separately to reduce false positives
data "external" "hash" {
  program = ["sh", "-c", "echo \"{\\\"hash\\\":\\\"$(nix-hash ../../..)\\\"}\""]
}

# FIXME (un)stream
# FIXME handle known-hosts in TF state
# FIXME move to host
# FIXME switch to base image shared between jobs as upload seems a bottleneck? e.g. by:
# - recursive TF
# - hash in name over overwrite
# won't notice file changes: https://github.com/bpg/terraform-provider-proxmox/issues/677
resource "proxmox_virtual_environment_file" "upload" {
  depends_on = [
    data.external.hash,
  ]
  content_type = "import"
  # https://192.168.51.81:8006/#v1:0:=storage%2Fnode051%2Flocal:4::=contentIso:::::
  # PVE -> Datacenter -> Storage -> local -> Edit -> General -> Content -> check Import + Disk Images -> OK
  # that UI action also adds it in `/etc/pve/storage.cfg`
  datastore_id = var.image_datastore_id
  node_name    = var.node_name
  overwrite = true
  timeout_upload = 500

  source_file {
    path = var.image
    file_name = local.dump_name
    # FIXME compute and pass hash (so identical builds don't trigger drift)
    # checksum = "sha256"
  }
}

output "id" {
  value = proxmox_virtual_environment_file.upload.id
}
output "path" {
  value = proxmox_virtual_environment_file.upload.source_file[0].file_name
}