bob/ProxmoxInfra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement bridges and fillout readme with current state

Browse Source
This commit is contained in:
bob
2026-04-10 23:34:51 -05:00
parent 7b6fcce11f
commit 940ecb3946
4 changed files with 55 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
README.md
View File

@@ -1,3 +1,46 @@
# ProxmoxInfra
Here lives the terraform infrastructure files. This has been added after setting up most of my proxmox. This means that its not all encompassing
Terraform infrastructure-as-code for a homelab Proxmox environment. This repo was started after the Proxmox host was manually provisioned — existing resources are not managed here. Only new resources going forward are managed by Terraform.
## Stack
- Provider: `bpg/proxmox`
- Terraform >= 1.0
- Target: single-node Proxmox VE homelab (`nonprod-pve`)
- Upstream network: Firewalla Gold → Switch → Proxmox
## Repository Structure
```
environments/
nonprod/ # Nonprod environment root module
modules/
networking/ # Internal bridge segments
```
## Network Architecture
All workload VMs and containers are isolated on internal bridges with no physical NIC. Inter-segment traffic routes exclusively through a firewall VM (OPNsense — see To Do).
| Bridge | CIDR | Purpose |
|--------|------|---------|
| vmbr0 | 192.168.68.0/24 | Existing uplink — Proxmox management + OPNsense WAN |
| management | 10.10.10.0/24 | Admin access. Proxmox host holds 10.10.10.1. |
| services | 10.10.20.0/24 | General workload VMs and containers. |
| dmz | 10.10.30.0/24 | Externally exposed workloads. |
| isolated | 10.10.40.0/24 | Lab and test. No outbound access by default. |
## Completed
- [x] Terraform connected to nonprod Proxmox host
- [x] Environment/module repo structure established
- [x] Internal network segments created (`management`, `services`, `dmz`, `isolated`)
- [x] Proxmox host assigned IP on management bridge (`10.10.10.1/24`)
## To Do
- [ ] Download and upload OPNsense ISO to Proxmox
- [ ] Create OPNsense VM module with one NIC per bridge segment
- [ ] Configure OPNsense via Ansible (`ansibleguy.opnsense`) — interfaces, DHCP, firewall rules, NAT
- [ ] Create Windows VM on services bridge
- [ ] Introduce remote state backend (S3-compatible or Terraform Cloud)