# Terraform

## Basic Proxmox setup
Add `TerraformProv` role
```sh
pveum role add TerraformProv -privs "Datastore.Allocate Datastore.AllocateSpace Datastore.Audit Pool.Allocate Sys.Audit Sys.Console Sys.Modify VM.Allocate VM.Audit VM.Clone VM.Config.CDROM VM.Config.Cloudinit VM.Config.CPU VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Console VM.Migrate VM.Monitor VM.PowerMgmt SDN.Use"
```

Add `terraform-prov` user
```sh
pveum user add terraform-prov@pve --password <password>
```

Set `terraform-prov` user `TerraformProv` role
```sh
pveum aclmod / -user terraform-prov@pve -role TerraformProv
```

Create proxmox token for terraform API
```sh
pveum user token add terraform-prov@pve terraform -expire 0 -privsep 0 -comment "Terraform token"
```

## Client Setup
Add environment variable
```sh
cp terraform.tfvars.example
```
fill with your secrets (do no push this file)


## Usefull commands
```sh
opentofu.tofu init
opentofu.tofu plan
opentofu.tofu apply
opentofu.tofu destroy
```
### On WSL
ssh agent could be off
if `ssh-add -L` gives
```sh
Could not open a connection to your authentication agent.
```
start and configure ssh agent
```sh
eval $(ssh-agent)
ssh-add ~/.ssh/id_ed25519
```