Implement bridges and fillout readme with current state

environments/nonprod/providers.tf

@@ -0,0 +1,7 @@
+provider "proxmox" {
+  endpoint  = var.proxmox_endpoint
+  api_token = var.proxmox_api_token
+
+  # Set to true if using a self-signed certificate (common on home labs)
+  insecure = var.proxmox_insecure
+}

environments/nonprod/terraform.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    proxmox = {
+      source  = "bpg/proxmox"
+      version = "~> 0.73"
+    }
+  }
+}

modules/networking/README.md

@@ -0,0 +1,35 @@
+# Module: networking
+
+Creates the internal Linux bridge network segments on a Proxmox node. These bridges are purely virtual — no physical NIC is attached. All inter-segment traffic is routed through a firewall VM (OPNsense).
+
+## Segments
+
+| Bridge | CIDR | Purpose |
+|--------|------|---------|
+| management | 10.10.10.0/24 | Proxmox API access and admin tools. Proxmox host holds 10.10.10.1. |
+| services | 10.10.20.0/24 | General workload VMs and containers. |
+| dmz | 10.10.30.0/24 | Externally exposed workloads (e.g. web servers). |
+| isolated | 10.10.40.0/24 | Lab and test workloads. No outbound access by default. |
+
+The Proxmox host has no IP on services, dmz, or isolated — VMs on those segments have no direct path to the hypervisor.
+
+## Usage
+
+```hcl
+module "networking" {
+  source = "../../modules/networking"
+
+  proxmox_node_name = "pve"
+}
+```
+
+## Inputs
+
+| Name | Type | Description |
+|------|------|-------------|
+| proxmox_node_name | string | Name of the Proxmox node to create bridges on. |
+
+## Notes
+
+- After apply, Proxmox automatically reloads the network configuration — no manual intervention required.
+- `Sys.Modify` must be granted to the Terraform API token role to manage node network interfaces.

modules/networking/main.tf

@@ -0,0 +1,29 @@
+resource "proxmox_network_linux_bridge" "management" {
+  node_name = var.proxmox_node_name
+  name      = "management"
+
+  address = "10.10.10.1/24"
+
+  comment = "Terraform managed Linux bridge for Proxmox API access and admin tools"
+}
+
+resource "proxmox_network_linux_bridge" "services" {
+  node_name = var.proxmox_node_name
+  name      = "services"
+
+  comment = "Terraform managed Linux bridge for general workload VMs and containers"
+}
+
+resource "proxmox_network_linux_bridge" "dmz" {
+  node_name = var.proxmox_node_name
+  name      = "dmz"
+
+  comment = "Terraform managed Linux bridge for externally exposed VMs and containers (e.g. web servers)"
+}
+
+resource "proxmox_network_linux_bridge" "isolated" {
+  node_name = var.proxmox_node_name
+  name      = "isolated"
+
+  comment = "Terraform managed Linux bridge for Lab/test VMs and containers with no external connectivity"
+}

modules/networking/terraform.tf

@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source = "bpg/proxmox"
+    }
+  }
+}

modules/networking/variables.tf

@@ -0,0 +1,4 @@
+variable "proxmox_node_name" {
+  description = "Name of the Proxmox node to manage resources on"
+  type        = string
+}