infrastructure/terraform/main.tf

resource "proxmox_vm_qemu" "vm_deployment" {
  for_each = local.vms

  target_node = var.pm_node
  
  name        = "${each.key}.stabify.de"
  vmid        = each.value.id
  
  description = "Managed by Terraform. VLAN: ${each.value.vlan} Role: ${each.value.tags} IP: ${each.value.ip}"
  clone       = var.template_name
  full_clone  = true
  agent       = 1

  start_at_node_boot = true
  define_connection_info = false

  cpu {
    cores   = each.value.cores
    sockets = 1
  }

  memory  = each.value.memory
  balloon = 0 
  scsihw  = "virtio-scsi-pci"
  boot    = "order=scsi0;net0"
  
  serial {
    id   = 0
    type = "socket"
  }

  disk {
    slot     = "scsi0"
    size     = "32G"
    type     = "disk"
    storage  = "local-lvm"
    iothread = true
  }
  
  disk {
    slot    = "ide2"
    type    = "cloudinit"
    storage = "local-lvm"
  }

  network {
    id     = 0
    model  = "virtio"
    bridge = "vmbr1"
    tag    = each.value.vlan
  }

  os_type = "cloud-init"
  
  searchdomain = "stabify.de"
  nameserver   = each.value.gw

  ciuser     = local.ci_user
  cipassword = local.ci_password
  sshkeys    = local.ssh_key
  
  ipconfig0  = "ip=${each.value.ip}/24,gw=${each.value.gw}"

  tags = each.value.tags

  lifecycle {
    ignore_changes = [ 
      network, 
      sshkeys,
      ciuser,
      cipassword
    ]
  }
}

resource "opnsense_unbound_host_override" "dns_entries" {
  for_each = merge(
    { for k, v in local.vms : k => { ip = v.ip, tags = v.tags } },
    local.extra_dns
  )

  enabled     = true
  hostname    = each.key
  domain      = "stabify.de"
  description = "Managed by Terraform: ${each.value.tags}"
  server      = each.value.ip
}

# Wildcard DNS record for K3s Ingress
resource "opnsense_unbound_host_override" "dns_wildcard_k3s" {
  enabled     = true
  hostname    = "*"
  domain      = "k3s.stabify.de"
  description = "Managed by Terraform: Wildcard for K3s Ingress VIP"
  server      = local.extra_dns["k3s-ingress"].ip
}