ProxmoxInfra
Terraform infrastructure-as-code for a homelab Proxmox environment. This repo was started after the Proxmox host was manually provisioned — existing resources are not managed here. Only new resources going forward are managed by Terraform.
Stack
- Provider:
bpg/proxmox - Terraform >= 1.0
- Target: single-node Proxmox VE homelab (
nonprod-pve) - Upstream network: Firewalla Gold → Switch → Proxmox
Repository Structure
environments/
nonprod/ # Nonprod environment root module
modules/
networking/ # Internal bridge segments
Network Architecture
All workload VMs and containers are isolated on internal bridges with no physical NIC. Inter-segment traffic routes exclusively through a firewall VM (OPNsense — see To Do).
| Bridge | CIDR | Purpose |
|---|---|---|
| vmbr0 | 192.168.68.0/24 | Existing uplink — Proxmox management + OPNsense WAN |
| management | 10.10.10.0/24 | Admin access. Proxmox host holds 10.10.10.1. |
| services | 10.10.20.0/24 | General workload VMs and containers. |
| dmz | 10.10.30.0/24 | Externally exposed workloads. |
| isolated | 10.10.40.0/24 | Lab and test. No outbound access by default. |
Completed
- Terraform connected to nonprod Proxmox host
- Environment/module repo structure established
- Internal network segments created (
management,services,dmz,isolated) - Proxmox host assigned IP on management bridge (
10.10.10.1/24)
To Do
- Download and upload OPNsense ISO to Proxmox
- Create OPNsense VM module with one NIC per bridge segment
- Configure OPNsense via Ansible (
ansibleguy.opnsense) — interfaces, DHCP, firewall rules, NAT - Create Windows VM on services bridge
- Introduce remote state backend (S3-compatible or Terraform Cloud)