Provision VMs and LXCs from a single terragrunt apply. The first thing that runs.
tofu-proxmox defines every VM and LXC in the homelab as OpenTofu resources. Terragrunt provides DRY config across environments. The Proxmox provider talks to the cluster API; nothing here touches a host directly.
What it does
- Reads its desired-state from the
deployment.jsoncontract — one versioned S3 object, fetched fail-loud, single-writer via the state lock - Defines compute, network, and storage for every homelab guest
- Wraps the
bpg/proxmoxprovider - Places guests across cluster nodes via a per-resource
node_name(defaults to the primary node) - Declares per-node ZFS storage (
node_storage) that Ansible provisions — OpenTofu references the datastore by id and never creates the pool itself (zpool createis an OS-level operation) - Uses Terragrunt to share variables across
prod,staging, and one-off environments - Outputs a list of provisioned hosts that Ansible inventories consume directly
How it fits
| Upstream | Downstream | |
|---|---|---|
| Trigger | terragrunt apply from the operator | Outputs an Ansible-ready inventory |
| Talks to | Proxmox cluster API (read/write) | ansible-proxmox, ansible-proxmox-apps |
Getting started
Clone and enter the dev shell
git clone https://github.com/JacobPEvans/terraform-proxmox && cd terraform-proxmox && nix developProvide Proxmox API credentials
Doppler resolves
PROXMOX_VE_USERNAME, PROXMOX_VE_PASSWORD, and PROXMOX_VE_ENDPOINT at run time. The README.md covers the exact var names.Apply
terragrunt run-all apply from the env folder. Review the plan; nothing destructive runs without confirmation.Related repos
ansible-proxmox
Configures the host once OpenTofu has provisioned it.
ansible-proxmox-apps
Deploys HAProxy, Cribl Edge, Cribl Stream on top.
tf-splunk-aws
The AWS-side equivalent for Splunk’s DR footprint.
Source on GitHub
Modules, examples, full README.