From fe593b1190db68636107db417e4a01e138626264 Mon Sep 17 00:00:00 2001
From: Petar Cubela <petar.cubela@softbox.de>
Date: Sun, 21 Sep 2025 23:35:16 +0200
Subject: [PATCH] rewritten files such its more abstracted

---
 .terraform.lock.hcl                           |  58 +++++++++
 ...cloud_init_fedora42_ipa.cloud_config.tftpl |  32 +++++
 cloud-inits/qemu-guest-agent-deb.yml          |   6 +
 cloud-inits/qemu-guest-agent-rpm.yml          |   6 +
 files/user_data_cloud_init_fedora42_ipa.cfg   |  32 +++++
 scripts/create_template.sh                    | 121 ++++++++++++++++++
 variables.tf                                  |  16 ++-
 vm_freeipa.tf                                 |  57 ++++++++-
 8 files changed, 320 insertions(+), 8 deletions(-)
 create mode 100644 .terraform.lock.hcl
 create mode 100644 cloud-inits/cloud_init_fedora42_ipa.cloud_config.tftpl
 create mode 100644 cloud-inits/qemu-guest-agent-deb.yml
 create mode 100644 cloud-inits/qemu-guest-agent-rpm.yml
 create mode 100755 files/user_data_cloud_init_fedora42_ipa.cfg
 create mode 100644 scripts/create_template.sh

diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
new file mode 100644
index 0000000..b438763
--- /dev/null
+++ b/.terraform.lock.hcl
@@ -0,0 +1,58 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/hashicorp/local" {
+  version = "2.5.3"
+  hashes = [
+    "h1:31Clmfoe7hzkcdgwuhUuGuPGfeG2Ksk+YWcJgzBTN7M=",
+    "zh:32e1d4b0595cea6cda4ca256195c162772ddff25594ab4008731a2ec7be230bf",
+    "zh:48c390af0c87df994ec9796f04ec2582bcac581fb81ed6bb58e0671da1c17991",
+    "zh:4be7289c969218a57b40902e2f359914f8d35a7f97b439140cb711aa21e494bd",
+    "zh:4cf958e631e99ed6c8b522c9b22e1f1b568c0bdadb01dd002ca7dffb1c927764",
+    "zh:7a0132c0faca4c4c96aa70808effd6817e28712bf5a39881666ac377b4250acf",
+    "zh:7d60de08fac427fb045e4590d1b921b6778498eee9eb16f78c64d4c577bde096",
+    "zh:91003bee5981e99ec3925ce2f452a5f743827f9d0e131a86613549c1464796f0",
+    "zh:9fe2fe75977c8149e2515fb30c6cc6cfd57b225d4ce592c570d81a3831d7ffa3",
+    "zh:e210e6be54933ce93e03d0994e520ba289aa01b2c1f70e77afb8f2ee796b0fe3",
+    "zh:e8793e5f9422f2b31a804e51806595f335b827c9a38db18766960464566f21d5",
+  ]
+}
+
+provider "registry.opentofu.org/hashicorp/null" {
+  version = "3.2.4"
+  hashes = [
+    "h1:i+WKhUHL2REY5EGmiHjfUljJB8UKZ9QdhdM5uTeUhC4=",
+    "zh:1769783386610bed8bb1e861a119fe25058be41895e3996d9216dd6bb8a7aee3",
+    "zh:32c62a9387ad0b861b5262b41c5e9ed6e940eda729c2a0e58100e6629af27ddb",
+    "zh:339bf8c2f9733fce068eb6d5612701144c752425cebeafab36563a16be460fb2",
+    "zh:36731f23343aee12a7e078067a98644c0126714c4fe9ac930eecb0f2361788c4",
+    "zh:3d106c7e32a929e2843f732625a582e562ff09120021e510a51a6f5d01175b8d",
+    "zh:74bcb3567708171ad83b234b92c9d63ab441ef882b770b0210c2b14fdbe3b1b6",
+    "zh:90b55bdbffa35df9204282251059e62c178b0ac7035958b93a647839643c0072",
+    "zh:ae24c0e5adc692b8f94cb23a000f91a316070fdc19418578dcf2134ff57cf447",
+    "zh:b5c10d4ad860c4c21273203d1de6d2f0286845edf1c64319fa2362df526b5f58",
+    "zh:e05bbd88e82e1d6234988c85db62fd66f11502645838fff594a2ec25352ecd80",
+  ]
+}
+
+provider "registry.opentofu.org/telmate/proxmox" {
+  version     = "3.0.2-rc04"
+  constraints = "3.0.2-rc04"
+  hashes = [
+    "h1:ZPr93UUVOw1aCqsODLXsqNQ9Lq/WafX5jgCCLxKBHl4=",
+    "zh:00586a3e02061734f5ff4c309696ec1bbd6e00a7ed1281c44626f02929417f6e",
+    "zh:05af12aababd0a67a95309a803123f3c238b16ecdb73dc59c8d9c3d4a0b691c5",
+    "zh:4b6457bd0138f5c66c8b7043bdbffe3b8abcce2383293d77f653dbd77d14428f",
+    "zh:7b1b6e76d6b03c7829b8dadeb30de236782be314f5146d9f29ee12bd01961d7a",
+    "zh:87c21e0a8244b73c62ad3221773ec1c72fb918e0025b0664183a8ad8bebeb5bc",
+    "zh:954997c550285dfc167977683b97b045dd62923c251fad32c4ca81b564c2005f",
+    "zh:98781ef0199877580256e9f9a7f0666107f76af23f54f67d6392a66a6f5001b5",
+    "zh:9fc4dbd1752e2b9125223be2dd25597c0e6d534aa784c4829af3c3e3e58eb973",
+    "zh:a3f672019aee2d45c202668b95c48113e3c50001b740bd48956738ad1418c6b7",
+    "zh:a539852a4034132442e6dc6f644444994d83b0dc7a4d30bbe6464de420cfdf2d",
+    "zh:aade0b50a559a1da683c49ec8527e5e66b12ed42d4b1f10e69b25cbbf6c67805",
+    "zh:bdb7c2b78cfe039247948fa75fad49f871f8a8bb9b969aec4c45a24edc80ab0f",
+    "zh:c16209a6748f87a379a5a3132ca4f471a4807bd478664499593e09433ba39b7b",
+    "zh:cb015fb4a0a50d151c35c6a3505cdf7a337edd0b65eba82a43c8142c523adfb8",
+  ]
+}
diff --git a/cloud-inits/cloud_init_fedora42_ipa.cloud_config.tftpl b/cloud-inits/cloud_init_fedora42_ipa.cloud_config.tftpl
new file mode 100644
index 0000000..f892123
--- /dev/null
+++ b/cloud-inits/cloud_init_fedora42_ipa.cloud_config.tftpl
@@ -0,0 +1,32 @@
+#cloud-config
+
+package_update: true
+package_upgrade: true
+
+packages:
+  - curl
+  - qemu-guest-agent
+  - vim
+  - htop 
+  - bash-completion
+  - freeipa-server
+  - freeipa-server-dns
+
+users:
+- name: sbxadmin
+  groups: sudo
+  shell: /bin/bash
+  sudo: ['ALL=(ALL) NOPASSWD:ALL']
+  ssh_authorized_keys:
+    - ${ssh_key}
+
+preserve_hostname: false
+manage_etc_hosts: false
+fqdn: ${hostname}.${domain}
+hostname: ${hostname}
+prefer_fqdn_over_hostname: true
+create_hostname_file: true
+
+runcmd:
+  - systemctl start qemu-guest-agent
+  - systemctl enable --now qemu-guest-agent
diff --git a/cloud-inits/qemu-guest-agent-deb.yml b/cloud-inits/qemu-guest-agent-deb.yml
new file mode 100644
index 0000000..cb7bb67
--- /dev/null
+++ b/cloud-inits/qemu-guest-agent-deb.yml
@@ -0,0 +1,6 @@
+#cloud-config
+runcmd:
+  - apt update
+  - apt install -y qemu-guest-agent
+  - systemctl start qemu-guest-agent
+  - systemctl enable --now qemu-guest-agent
diff --git a/cloud-inits/qemu-guest-agent-rpm.yml b/cloud-inits/qemu-guest-agent-rpm.yml
new file mode 100644
index 0000000..e2d491f
--- /dev/null
+++ b/cloud-inits/qemu-guest-agent-rpm.yml
@@ -0,0 +1,6 @@
+#cloud-config
+runcmd:
+  - dnf update
+  - dnf install -y qemu-guest-agent
+  - systemctl start qemu-guest-agent
+  - systemctl enable --now qemu-guest-agent
diff --git a/files/user_data_cloud_init_fedora42_ipa.cfg b/files/user_data_cloud_init_fedora42_ipa.cfg
new file mode 100755
index 0000000..b4fda5c
--- /dev/null
+++ b/files/user_data_cloud_init_fedora42_ipa.cfg
@@ -0,0 +1,32 @@
+#cloud-config
+
+package_update: true
+package_upgrade: true
+
+packages:
+  - curl
+  - qemu-guest-agent
+  - vim
+  - htop 
+  - bash-completion
+  - freeipa-server
+  - freeipa-server-dns
+
+users:
+- name: sbxadmin
+  groups: sudo
+  shell: /bin/bash
+  sudo: ['ALL=(ALL) NOPASSWD:ALL']
+  ssh_authorized_keys:
+    - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBzh23ZkSVNbmDKk9esAT9qNkOoYFLhpX2nSLKPJaDVZ petar.cubela@sbx-mac-lab.local
+
+preserve_hostname: false
+manage_etc_hosts: false
+fqdn: ipa.lab.softbox.net
+hostname: ipa
+prefer_fqdn_over_hostname: true
+create_hostname_file: true
+
+runcmd:
+  - systemctl start qemu-guest-agent
+  - systemctl enable --now qemu-guest-agent
diff --git a/scripts/create_template.sh b/scripts/create_template.sh
new file mode 100644
index 0000000..3911286
--- /dev/null
+++ b/scripts/create_template.sh
@@ -0,0 +1,121 @@
+#!/bin/bash
+
+#Create template
+#args:
+# vm_id
+# vm_name
+# file name in the current directory
+function create_template() {
+    #Print all of the configuration
+    echo "Creating template $2 ($1)"
+
+    #Create new VM
+    #Feel free to change any of these to your liking
+    qm create "$1" --name "$2" --ostype l26
+    #Set networking to default bridge
+    qm set "$1" --net0 virtio,bridge=vmbr0
+    #Set display to serial
+    qm set "$1" --serial0 socket --vga serial0
+    #Set memory, cpu, type defaults
+    #If you are in a cluster, you might need to change cpu type
+    qm set "$1" --memory 2048 --cores 2 --cpu host
+    #Set boot device to new file
+    qm set "$1" --scsi0 ${storage}:0,import-from="$(pwd)/$3",discard=on
+    #Set scsi hardware as default boot disk using virtio scsi single
+    #qm set $1 --boot order=scsi0 --scsihw virtio-scsi-single
+    qm set "$1" --boot order=scsi0 --scsihw virtio-scsi-pci
+    #Enable Qemu guest agent in case the guest has it available
+    qm set "$1" --agent enabled=1,fstrim_cloned_disks=1
+    #Add cloud-init device
+    qm set "$1" --ide2 ${storage}:cloudinit
+    #Set CI ip config
+    #IP6 = auto means SLAAC (a reliable default with no bad effects on non-IPv6 networks)
+    #IP = DHCP means what it says, so leave that out entirely on non-IPv4 networks to avoid DHCP delays
+    qm set "$1" --ipconfig0 "ip6=auto"
+    #Import the ssh keyfile
+    qm set "$1" --sshkeys "${ssh_keyfile}"
+    #If you want to do password-based auth instaed
+    #Then use this option and comment out the line above
+    #qm set $1 --cipassword password
+    #Add the user
+    qm set "$1" --ciuser "${username}"
+    #Resize the disk to 8G, a reasonable minimum. You can expand it more later.
+    #If the disk is already bigger than 8G, this will fail, and that is okay.
+    qm disk resize "$1" scsi0 16G
+    #Make it a template
+    qm template "$1"
+
+    #Remove file when done
+    #rm "$3"
+    mv "$3" /var/lib/vz/template/iso
+}
+
+
+#Path to your ssh authorized_keys file
+#Alternatively, use /etc/pve/priv/authorized_keys if you are already authorized
+#on the Proxmox system
+export ssh_keyfile="$HOME/.ssh/id_ed25519.pub"
+#Username to create on VM template
+export username=sbxadmin
+
+#Name of your storage
+export storage=local-lvm
+
+#The images that I've found premade
+#Feel free to add your own
+
+## Debian
+#Buster (10) (really old at this point)
+#wget "https://cloud.debian.org/images/cloud/buster/latest/debian-10-genericcloud-amd64.qcow2"
+#create_template 900 "temp-debian-10" "debian-10-genericcloud-amd64.qcow2"
+#Bullseye (11) (oldoldstable)
+#wget "https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-genericcloud-amd64.qcow2"
+#create_template 901 "temp-debian-11" "debian-11-genericcloud-amd64.qcow2"
+#Bookworm (12) (oldstable)
+wget "https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-genericcloud-amd64.qcow2"
+create_template 902 "temp-debian-12" "debian-12-genericcloud-amd64.qcow2"
+#Trixie (13) (stable)
+wget "https://cloud.debian.org/images/cloud/trixie/latest/debian-13-genericcloud-amd64.qcow2"
+create_template 903 "temp-debian-13" "debian-13-genericcloud-amd64.qcow2"
+#Sid (unstable)
+#wget "https://cloud.debian.org/images/cloud/sid/daily/latest/debian-sid-genericcloud-amd64-daily.qcow2"
+#create_template 909 "temp-debian-sid" "debian-sid-genericcloud-amd64-daily.qcow2"
+
+## Ubuntu
+#20.04 (Focal Fossa) LTS (really old at this point)
+#wget "https://cloud-images.ubuntu.com/releases/focal/release/ubuntu-20.04-server-cloudimg-amd64.img"
+#create_template 910 "temp-ubuntu-20-04" "ubuntu-20.04-server-cloudimg-amd64.img"
+#22.04 (Jammy Jellyfish) LTS
+##wget "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-amd64.img"
+##create_template 911 "temp-ubuntu-22-04" "ubuntu-22.04-server-cloudimg-amd64.img"
+#24.04 (Noble Numbat) LTS
+wget "https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.img"
+create_template 912 "temp-ubuntu-24-04" "ubuntu-24.04-server-cloudimg-amd64.img"
+
+## Fedora 41
+#wget https://mirror.accum.se/mirror/fedora/linux/releases/41/Cloud/x86_64/images/Fedora-Cloud-Base-Generic-41-1.4.x86_64.qcow2
+#create_template 921 "temp-fedora-37" "Fedora-Cloud-Base-Generic-41-1.4.x86_64.qcow2"
+## Fedora 42
+wget https://mirror.accum.se/mirror/fedora/linux/releases/42/Cloud/x86_64/images/Fedora-Cloud-Base-Generic-42-1.1.x86_64.qcow2
+create_template 922 "temp-fedora-38" "Fedora-Cloud-Base-Generic-42-1.1.x86_64.qcow2"
+
+## Rocky Linux
+#Rocky 8 latest
+#wget "http://dl.rockylinux.org/pub/rocky/8/images/x86_64/Rocky-8-GenericCloud.latest.x86_64.qcow2"
+#create_template 930 "temp-rocky-8" "Rocky-8-GenericCloud.latest.x86_64.qcow2"
+#Rocky 9 latest
+#wget "http://dl.rockylinux.org/pub/rocky/9/images/x86_64/Rocky-9-GenericCloud.latest.x86_64.qcow2"
+#create_template 931 "temp-rocky-9" "Rocky-9-GenericCloud.latest.x86_64.qcow2"
+
+## Alpine Linux
+#Alpine 3.22.0
+#wget "https://dl-cdn.alpinelinux.org/alpine/v3.22/releases/cloud/generic_alpine-3.22.0-x86_64-bios-cloudinit-r0.qcow2"
+#create_template 940 "temp-alpine-3.22" "generic_alpine-3.22.0-x86_64-bios-cloudinit-r0.qcow2"
+
+## FreeBSD
+#FreeBSD 14.2 RELEASE
+#Despite the images being named CLOUDINIT, they do not actually use cloud-init
+#the default account is freebsd password freebsd
+#wget "https://download.freebsd.org/releases/VM-IMAGES/14.2-RELEASE/amd64/Latest/FreeBSD-14.2-RELEASE-amd64-BASIC-CLOUDINIT.ufs.qcow2.xz"
+#xz -d -v "FreeBSD-14.2-RELEASE-amd64-BASIC-CLOUDINIT.ufs.qcow2.xz"
+#create_template 960 "temp-freebsd-14.2" "FreeBSD-14.2-RELEASE-amd64-BASIC-CLOUDINIT.ufs.qcow2"
diff --git a/variables.tf b/variables.tf
index 8c3591e..176aa05 100644
--- a/variables.tf
+++ b/variables.tf
@@ -7,12 +7,24 @@ variable "realm" {
     type = string
 }
 
+variable "hostname_ipa" {
+    type = string
+}
+
 ## PVE
 
 variable "student_vm_template" {
   type = string
 }
 
+variable "proxmox_host" {
+  type = string
+}
+
+variable "prov_user" {
+  type = string
+}
+
 
 ## General
 variable "petar_ssh_public_key" {
@@ -25,4 +37,6 @@ variable "petar_ssh_private_key" {
   sensitive = true
 }
 
-
+variable "working_directory" {
+  type = string
+}
diff --git a/vm_freeipa.tf b/vm_freeipa.tf
index e4d3e85..202204f 100644
--- a/vm_freeipa.tf
+++ b/vm_freeipa.tf
@@ -1,9 +1,48 @@
+# Source the Cloud Init Config file
+#data "template_file" "cloud_init_fed42_ipa" {
+#  template  = "${file("${path.module}/files/cloud_init_fedora42_ipa.cloud_config")}"
+#
+#  vars = {
+#    ssh_key = var.petar_ssh_public_key
+#    hostname = var.hostname_ipa
+#    domain = var.domain
+#  }
+#}
+
+# Create a local copy of the file, to transfer to Proxmox
+resource "local_file" "cloud_init_fed42_ipa" {
+  #content   = data.template_file.cloud_init_deb10_vm-01.rendered
+  content  = templatefile("${var.working_directory}/cloud-inits/cloud_init_fedora42_ipa.cloud_config.tftpl", { ssh_key = var.petar_ssh_public_key, hostname = var.hostname_ipa , domain = var.domain })
+  filename  = "${path.module}/files/user_data_cloud_init_fedora42_ipa.cfg"
+}
+
+# Transfer the file to the Proxmox Host
+resource "null_resource" "cloud_init_fed42_ipa" {
+  connection {
+    type    = "ssh"
+    user    = var.prov_user
+    private_key = var.petar_ssh_private_key
+    host    = var.proxmox_host
+  }
+
+  provisioner "file" {
+    source       = local_file.cloud_init_fed42_ipa.filename
+    destination  = "/var/lib/vz/snippets/user_data_cloud_init_fedora42_ipa.yml"
+  }
+}
+
+
+
 resource "proxmox_vm_qemu" "vm-freeipa" {
-    name = "ipa"
+    name = var.hostname_ipa
+
+    depends_on = [
+    null_resource.cloud_init_fed42_ipa
+    ]
 
     # Node name has to be the same name as within the cluster
     # this might not include the FQDN
-    target_node = "pve"
+    target_node = "neo"
 
     # The template name to clone this vm from
     clone = "temp-fedora-38"
@@ -11,8 +50,10 @@ resource "proxmox_vm_qemu" "vm-freeipa" {
     # Activate QEMU agent for this VM
     agent = 1
 
+    #pool = linux
+
     os_type = "cloud-init"
-    vmid = 111
+    vmid = 1000
     vm_state = "running"
     
     cpu {
@@ -52,7 +93,7 @@ resource "proxmox_vm_qemu" "vm-freeipa" {
         bridge = "vmbr0"
         macaddr   = "bc:24:11:de:cb:30"
     }
-    nameserver = "9.9.9.9,10.11.12.254"
+    nameserver = ""
 
     onboot = true
     boot = "order=scsi0"
@@ -60,9 +101,11 @@ resource "proxmox_vm_qemu" "vm-freeipa" {
 
     # Setup the ip address using cloud-init.
     # Keep in mind to use the CIDR notation for the ip.
-    ipconfig0   = "ip=10.11.12.65/24,gw=10.11.12.254"
-    ciuser      = "sbxadmin"
-    cicustom    = "vendor=local:snippets/qemu-guest-agent.yml,user=local:snippets/cloud_init_fedora_vm_ipa.yml" # /var/lib/vz/snippets/qemu-guest-agent.yml
+    #ipconfig0   = "ip=10.11.12.65/24,gw=10.11.12.254"
+    ipconfig0   = "ip6=auto"
+    ciuser      = var.prov_user
+  #cicustom    = "vendor=local:snippets/qemu-guest-agent.yml,user=local:snippets/cloud_init_fedora_vm_ipa.yml" # /var/lib/vz/snippets/qemu-guest-agent.yml
+    cicustom    = "user=local:snippets/user_data_cloud_init_fedora42_ipa.yml" 
     ciupgrade   = true
 
     sshkeys     = var.petar_ssh_public_key