5 files changed, 197 insertions, 4 deletions

diff --git a/opentofu/main.tf b/opentofu/main.tf
index 95ff76b..deedfd4 100644
--- a/opentofu/main.tf
+++ b/opentofu/main.tf
@@ -39,7 +39,8 @@ resource "proxmox_virtual_environment_vm" "docker_server" {
   initialization {
     ip_config {
       ipv4 {
-        address = "192.168.1.150/24,gw=192.168.1.1"
+        address = "192.168.1.150/24"
+        gateway = "192.168.1.1"
       }
     }
 
@@ -94,7 +95,8 @@ resource "proxmox_virtual_environment_vm" "k3s_master" {
   initialization {
     ip_config {
       ipv4 {
-        address = "192.168.1.14${count.index}/24,gw=192.168.1.1"
+        address = "192.168.1.14${count.index}/24"
+        gateway = "192.168.1.1"
       }
     }
 
@@ -147,7 +149,8 @@ resource "proxmox_virtual_environment_vm" "k3s_worker" {
   initialization {
     ip_config {
       ipv4 {
-        address = "192.168.1.13${count.index}/24,gw=192.168.1.1"
+        address = "192.168.1.13${count.index}/24"
+        gateway = "192.168.1.1"
       }
     }
 
@@ -157,3 +160,40 @@ resource "proxmox_virtual_environment_vm" "k3s_worker" {
     }
   }
 }
+
+#resource "openstack_networking_floatingip_v2" "vpstest_floatip1" {
+#  pool = "Ext-Net"
+#}
+
+#resource "openstack_compute_keypair_v2" "keypair" {
+#  name       = "tmv-keypair"
+#  public_key = var.ssh_public_key
+#}
+#
+#resource "openstack_compute_instance_v2" "debian13-uefi-test" {
+#  name      = "debian13-uefi-test"
+#  image_id  = "e9e08190-20ce-49f6-9d72-e76ec22de82e" # Debian 13 UEFI
+#  flavor_id = "dc3fe9e7-e374-4ad8-b200-fa3bdf45069f" # d2-2
+#  key_pair  = "tmv-keypair"
+#  user_data = file("./test-add-user-terraform.yaml")
+#
+#  security_groups = ["default"]
+#
+#  metadata = {
+#    tags = "debian,vps,docker"
+#  }
+#
+#  network {
+#    name = "Ext-Net"
+#  }
+#}
+
+#data "openstack_networking_port_v2" "vm-port" {
+#  device_id  = openstack_compute_instance_v2.debian13-uefi-test.id
+#  network_id = openstack_compute_instance_v2.debian13-uefi-test.network[0].uuid
+#}
+#
+#resource "openstack_networking_floatingip_associate_v2" "fip_vm" {
+#  floating_ip = openstack_networking_floatingip_v2.vpstest_floatip1.address
+#  port_id     = data.openstack_networking_port_v2.vm-port.id
+#}
diff --git a/opentofu/provider.tf b/opentofu/provider.tf
index cd476cb..a266807 100644
--- a/opentofu/provider.tf
+++ b/opentofu/provider.tf
@@ -3,3 +3,11 @@ provider "proxmox" {
   api_token = var.proxmox_api_token
   insecure  = true
 }
+
+provider "openstack" {
+  # user_name   = var.openstack_user_name
+  # tenant_name = var.openstack_project_name
+  # password    = var.openstack_password
+  # auth_url    = var.openstack_api_url
+  # region      = var.openstack_region_name
+}
diff --git a/opentofu/terraform.tfvars b/opentofu/terraform.tfvars
index 0632a53..b0bcc8c 100644
--- a/opentofu/terraform.tfvars
+++ b/opentofu/terraform.tfvars
@@ -1,5 +1,6 @@
-proxmox_api_url = "https://10.0.0.5:8006/api2/json"
+#proxmox_api_url = "https://10.0.0.5:8006/api2/json"
 #proxmox_api_url                        = "https://192.168.1.10:8006/api2/json"
+#proxmox_api_token 			= "xxxxxxx"
 proxmox_node                           = "pve"
 debian_server_bookworm_packer_image_id = "999"
 ubuntu_server_noble_packer_image_id    = "998"
diff --git a/opentofu/test-add-user-terraform.yaml b/opentofu/test-add-user-terraform.yaml
new file mode 100644
index 0000000..72d6e51
--- /dev/null
+++ b/opentofu/test-add-user-terraform.yaml
@@ -0,0 +1,140 @@
+#cloud-config
+# Add groups to the system
+# The following example adds the 'admingroup' group with members 'root' and 'sys'
+# and the empty group cloud-users.
+groups:
+  - admingroup: [root,sys]
+  - cloud-users
+
+# Add users to the system. Users are added after groups are added.
+# Note: Most of these configuration options will not be honored if the user
+#       already exists. Following options are the exceptions and they are
+#       applicable on already-existing users:
+#       - 'plain_text_passwd', 'hashed_passwd', 'lock_passwd', 'sudo',
+#         'ssh_authorized_keys', 'ssh_redirect_user'.
+users:
+  - default
+  - name: foobar
+    gecos: Foo B. Bar
+    primary_group: foobar
+    groups: users
+    selinux_user: staff_u
+    expiredate: '2032-09-01'
+    ssh_import_id:
+      - lp:falcojr
+      - gh:TheRealFalcon
+    lock_passwd: false
+#    passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/
+    passwd: "toto"
+  - name: barfoo
+    gecos: Bar B. Foo
+    sudo: "ALL=(ALL) NOPASSWD:ALL"
+    groups: users, admin
+    ssh_import_id:
+      - lp:falcojr
+      - gh:TheRealFalcon
+    lock_passwd: true
+  - name: testuser
+    gecos: Mr. Test
+    homedir: /local/testdir
+    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
+  - name: cloudy
+    gecos: Magic Cloud App Daemon User
+    inactive: '5'
+    system: true
+  - name: fizzbuzz
+    shell: /bin/bash
+  - snapuser: joe@joeuser.io
+  - name: nosshlogins
+    ssh_redirect_user: true
+
+# Valid Values:
+#   name: The user's login name
+#   expiredate: Date on which the user's account will be disabled.
+#   gecos: The user name's real name, i.e. "Bob B. Smith"
+#   homedir: Optional. Set to the local path you want to use. Defaults to
+#           /home/<username>
+#   primary_group: define the primary group. Defaults to a new group created
+#           named after the user.
+#   groups:  Optional. Additional groups to add the user to. Defaults to none
+#   selinux_user:  Optional. The SELinux user for the user's login, such as
+#           "staff_u". When this is omitted the system will select the default
+#           SELinux user.
+#   lock_passwd: Defaults to true. Lock the password to disable password login
+#   inactive: Number of days after password expires until account is disabled
+#   passwd: The hash -- not the password itself -- of the password you want
+#           to use for this user. You can generate a hash via:
+#               mkpasswd --method=SHA-512 --rounds=4096
+#           (the above command would create from stdin an SHA-512 password hash
+#           with 4096 salt rounds)
+#
+#           Please note: while the use of a hashed password is better than
+#               plain text, the use of this feature is not ideal. Also,
+#               using a high number of salting rounds will help, but it should
+#               not be relied upon.
+#
+#               To highlight this risk, running John the Ripper against the
+#               example hash above, with a readily available wordlist, revealed
+#               the true password in 12 seconds on a i7-2620QM.
+#
+#               In other words, this feature is a potential security risk and is
+#               provided for your convenience only. If you do not fully trust the
+#               medium over which your cloud-config will be transmitted, then you
+#               should not use this feature.
+#
+#   no_create_home: When set to true, do not create home directory.
+#   no_user_group: When set to true, do not create a group named after the user.
+#   no_log_init: When set to true, do not initialize lastlog and faillog database.
+#   ssh_import_id: Optional. Import SSH ids
+#   ssh_authorized_keys: Optional. [list] Add keys to user's authorized keys file
+#                        An error will be raised if no_create_home or system is
+#                        also set.
+#   ssh_redirect_user: Optional. [bool] Set true to block ssh logins for cloud
+#       ssh public keys and emit a message redirecting logins to
+#       use <default_username> instead. This option only disables cloud
+#       provided public-keys. An error will be raised if ssh_authorized_keys
+#       or ssh_import_id is provided for the same user.
+#
+#   sudo: Defaults to none. Accepts a sudo rule string, a list of sudo rule
+#         strings or False to explicitly deny sudo usage. Examples:
+#
+#         Allow a user unrestricted sudo access.
+#             sudo:  "ALL=(ALL) NOPASSWD:ALL"
+#                       or
+#             sudo: ["ALL=(ALL) NOPASSWD:ALL"]
+#
+#         Adding multiple sudo rule strings.
+#             sudo:
+#               - "ALL=(ALL) NOPASSWD:/bin/mysql"
+#               - "ALL=(ALL) ALL"
+#
+#         Note: Please double check your syntax and make sure it is valid.
+#               cloud-init does not parse/check the syntax of the sudo
+#               directive.
+#   system: Create the user as a system user. This means no home directory.
+#   snapuser: Create a Snappy (Ubuntu-Core) user via the snap create-user
+#             command available on Ubuntu systems.  If the user has an account
+#             on the Ubuntu SSO, specifying the email will allow snap to
+#             request a username and any public ssh keys and will import
+#             these into the system with username specified by SSO account.
+#             If 'username' is not set in SSO, then username will be the
+#             shortname before the email domain.
+#
+
+# Default user creation:
+#
+# Unless you define users, you will get a 'ubuntu' user on Ubuntu systems with the
+# legacy permission (no password sudo, locked user, etc). If however, you want
+# to have the 'ubuntu' user in addition to other users, you need to instruct
+# cloud-init that you also want the default user. To do this use the following
+# syntax:
+#   users:
+#     - default
+#     - bob
+#     - ....
+#  foobar: ...
+#
+# users[0] (the first user in users) overrides the user directive.
+#
+# The 'default' user above references the distro's config set in
+# /etc/cloud/cloud.cfg.
diff --git a/opentofu/versions.tf b/opentofu/versions.tf
index 9df6a1e..d6f8727 100644
--- a/opentofu/versions.tf
+++ b/opentofu/versions.tf
@@ -10,5 +10,9 @@ terraform {
       source  = "hashicorp/local"
       version = ">= 2.4.0"
     }
+    openstack = {
+      source  = "terraform-provider-openstack/openstack"
+      version = "3.4.0"
+    }
   }
 }