sjat/boma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
boma/terraform/environments/production/variables.tf
sjat 9e0c264658 docs: reconcile lower-severity review findings (O9-O24) 
- ADR-007: document ubongo on the legacy V4 net at 10.20.10.151 (transitional,
  outside the planned srv /24 until the LAN is re-cut) (O10); single authoritative
  boma.baobab.band -> boma.wingu.me transition note already added earlier
- terraform tfvars.example + variables.tf (both envs): pve01 -> pve0 and
  <host>.boma.baobab.band per ADR-007 naming (O11)
- ADR-012/013/015/016/017/018: convert "See also:" prose to `## Related` sections
  placed after Consequences, matching ADR-014/019-023 (O13)
- docs/README + inventories/README: list the missing subdirs / offsite_hosts +
  offsite.yml merge behaviour (O14, O29 note)
- ADR-009: drop the retired `nyumbani` example; use vaultwarden.wingu.me split-horizon (O19)
- ROADMAP M2: askari shipped as cx23/x86 (CAX11/ARM out of stock) (O20)
- ADR-020: 80/443/3478 opened in M4a (past tense); coordinator role is M4b (O21)
- netbird -> netbird_coordinator across ROADMAP M4b, the M4b plan, ADR-024 (O23)
- ADR-024: align the M1 DNS-01 wildcard scope wording with ROADMAP (O24)
- capacity-scan.py: read the inventory directory so offsite.yml (askari) is seen (O28)
- tf_to_inventory.py: generated header now warns it overwrites the manual control node (O9)
- tests/tags.yml: proxy concern comment Traefik -> Caddy (missed in the O3 sweep)

O9's existing stub hosts.yml header stays as-is (generator-owned, hook-protected);
the fix lives in the generator for the next regeneration. make lint + pytest (57) green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-14 19:31:40 +02:00

64 lines
1.9 KiB
HCL
Raw Blame History

# ── Proxmox ───────────────────────────────────────────────────────────────────
variable "proxmox_endpoint" {
description = "Proxmox API URL, e.g. https://pve0.boma.baobab.band:8006/"
type = string
}
variable "proxmox_api_token" {
description = "Proxmox API token (user@realm!tokenid=secret) set via TF_VAR_proxmox_api_token"
type = string
sensitive = true
}
variable "proxmox_insecure" {
description = "Skip TLS verification for the Proxmox API (true while using a self-signed cert)"
type = bool
default = false
}
variable "proxmox_node" {
description = "Default Proxmox node name to place VMs on"
type = string
}
variable "vm_template_id" {
description = "Proxmox VM ID of the Debian 13 cloud-init template to clone"
type = number
}
variable "vm_datastore_id" {
description = "Proxmox datastore for VM disks and cloud-init drives"
type = string
default = "local-lvm"
}
variable "gateway" {
description = "Default IPv4 gateway for all VMs"
type = string
}
variable "vlan_tag" {
description = "802.1q VLAN tag for provisioned VMs — srv VLAN (ADR-007)"
type = number
default = 20
}
variable "dns_servers" {
description = "DNS servers provided to VMs via cloud-init"
type = list(string)
}
variable "dns_domain" {
description = "Search domain provided to VMs via cloud-init"
type = string
}
variable "ssh_public_keys" {
description = "Public SSH keys provisioned for the ansible user on each VM"
type = list(string)
}
# Note: `dns_servers` / `dns_domain` above are the cloud-init *resolver* settings
# (which DNS server a VM queries). Terraform does not write DNS *records* — the
# Ansible `dns` role owns the internal zone. See ADR-009.
Reference in a new issue View git blame Copy permalink