Hooked nonprod terraform up to nonprod proxmox host

Separates nonprod into its own working directory for independent
state isolation. Follows HashiCorp guidance on environment separation.

.gitignore

@@ -37,3 +37,4 @@ override.tf.json
 .terraformrc
 terraform.rc
 
+.claude

CLAUDE.md

@@ -0,0 +1,35 @@
+# Project: ProxmoxInfra
+
+Terraform infrastructure-as-code for a homelab Proxmox environment.
+
+## Context
+
+This repo was started *after* the Proxmox server was already set up manually.
+Existing infrastructure was provisioned by hand and must not be touched by
+Terraform. Only new resources going forward are managed here.
+
+## Key rules for this project
+
+- **Never import or manage existing Proxmox resources** unless the junior
+  explicitly decides to and understands the risk of state drift.
+- **Credentials never go in version control.** `.tfvars` files are gitignored.
+  Always use `terraform.tfvars.example` as the template pattern.
+- **No resources in root module.** As the repo grows, push toward a
+  `environments/` layout with reusable modules under `modules/`.
+- **State is not yet remote.** When a backend is introduced, make it a
+  deliberate decision with a knowledge transfer on why remote state matters
+  (locking, team access, DR).
+
+## Stack
+
+- Provider: `bpg/proxmox` (not the deprecated Telmate provider)
+- Terraform >= 1.0
+- Target: single-node Proxmox VE homelab
+
+## Learning goals for this project
+
+- Understand Terraform's core workflow (init / plan / apply / destroy)
+- Understand provider authentication and least-privilege API tokens
+- Understand state — what it is, why it matters, what happens when it drifts
+- Build intuition for when to use a VM vs an LXC container in Proxmox
+- Learn to structure a Terraform repo that can scale without becoming a mess

environments/nonprod/.terraform.lock.hcl

@@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/bpg/proxmox" {
+  version     = "0.101.1"
+  constraints = "~> 0.73"
+  hashes = [
+    "h1:2MjGiI3uWXkZXOvoLNYq3Mji/cnJCugdzcZAdmYZ4JI=",
+    "zh:0b2f899c59727b9d5ebc6324944653172e7d4f27fae2670dc10fb717f0dc085a",
+    "zh:0dfb5f212aef8d5b9372ba89fe08c2404311dc7842d216585f55cae4634e1aa6",
+    "zh:430c1096c801f615932d8e5ceba5cf1c46fb19c602733b12537292f0379d9875",
+    "zh:6b2de9a0cfe3939372bb1c4115be81a8f470b2f1f27ff4a47e92bbc1cd16308e",
+    "zh:6e32494c0e46754946e481473189bd14e9982fb4ab25938d9d8b7125f85ed09b",
+    "zh:98f847d3b67e551443cb81f96e59cb320f3a5c4bf45ac4a7194eb395f950774d",
+    "zh:a55dc4a1cdee600a867205cae89c57b36184f63d1fdf16945854ed2a5098012f",
+    "zh:a80b4777d9cb3c2fd545ecaa0d0f8315363b1a50801638c2866701c50b097710",
+    "zh:b0512be4d006abcbf91f2a8784ebc11055d3890bc119cf221373b6e820bc9cbb",
+    "zh:c0207c88fa879aac82a624b10099bfd31b7760ece82fa60fe943e65cc1e7add7",
+    "zh:c6e722112a1cee87ee621e7dec1cb9a8d2a64ba71d7ae021e1e9456dfb6584d8",
+    "zh:e0bbca20173fe9051f53b7c211cc5f52552a3c8fe766aca34b7b1880d57a5ec7",
+    "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
+    "zh:f5d7b772797b17fd61d199136e98281b5ca2472732cd97703a28b288cd6eefa4",
+  ]
+}

environments/nonprod/main.tf

@@ -0,0 +1,28 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    proxmox = {
+      source  = "bpg/proxmox"
+      version = "~> 0.73"
+    }
+  }
+}
+
+provider "proxmox" {
+  endpoint  = var.proxmox_endpoint
+  api_token = var.proxmox_api_token
+
+  # Set to true if using a self-signed certificate (common on home labs)
+  insecure = var.proxmox_insecure
+}
+
+data "proxmox_virtual_environment_nodes" "vm_nodes" {}
+
+output "data_proxmox_virtual_environment_nodes" {
+  value = {
+    names     = data.proxmox_virtual_environment_nodes.vm_nodes.names
+    cpu_count = data.proxmox_virtual_environment_nodes.vm_nodes.cpu_count
+    online    = data.proxmox_virtual_environment_nodes.vm_nodes.online
+  }
+}

environments/nonprod/terraform.tfvars.example

@@ -0,0 +1,6 @@
+# Copy this file to terraform.tfvars and fill in your values.
+# terraform.tfvars is gitignored to keep secrets out of version control.
+
+proxmox_endpoint = "https://192.168.1.10:8006/"
+proxmox_api_token = "terraform@pve!terraform-nonprod=<secret>"
+proxmox_insecure = true

environments/nonprod/variables.tf

@@ -0,0 +1,16 @@
+variable "proxmox_endpoint" {
+  description = "URL of the Proxmox API endpoint, e.g. https://192.168.1.10:8006/"
+  type        = string
+}
+
+variable "proxmox_api_token" {
+  description = "Proxmox API token in the form user@realm!token-id=secret, e.g. terraform@pve!api-token-name=<SECRET>"
+  type        = string
+  sensitive   = true
+}
+
+variable "proxmox_insecure" {
+  description = "Skip TLS certificate verification (set true for self-signed certs)"
+  type        = bool
+  default     = true
+}