resource "proxmox_virtual_environment_container" "postgresql" { node_name = "pve" vm_id = 1030 tags = ["dev", "database"] unprivileged = true cpu { cores = 1 } memory { dedicated = 512 } disk { datastore_id = var.datastore_id size = 8 } network_interface { bridge = var.development_network_bridge_name name = "eth-dev" firewall = true enabled = true } initialization { hostname = "postgresql" ip_config { ipv4 { address = "192.168.0.3/24" gateway = "192.168.0.1" } } user_account { keys = [var.ssh_public_key] } } operating_system { template_file_id = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" type = "debian" } started = true startup { order = 100 up_delay = 0 down_delay = 0 } features { nesting = true } } resource "proxmox_virtual_environment_firewall_options" "postgresql" { depends_on = [proxmox_virtual_environment_container.postgresql] node_name = proxmox_virtual_environment_container.postgresql.node_name vm_id = proxmox_virtual_environment_container.postgresql.vm_id enabled = true dhcp = true input_policy = "DROP" output_policy = "ACCEPT" } resource "proxmox_virtual_environment_firewall_rules" "postgresql" { depends_on = [proxmox_virtual_environment_container.postgresql] node_name = proxmox_virtual_environment_container.postgresql.node_name vm_id = proxmox_virtual_environment_container.postgresql.vm_id rule { type = "in" source = split("/", proxmox_virtual_environment_container.bastion.initialization[0].ip_config[1].ipv4[0].address)[0] proto = "tcp" dport = "22" action = "ACCEPT" comment = "SSH from Bastion." } rule { type = "in" proto = "icmp" dport = "8" action = "ACCEPT" comment = "Ping." } rule { security_group = proxmox_virtual_environment_cluster_firewall_security_group.prometheus_node_exporter.name comment = "Allow Prometheus server to pull Prometheus node exporter from Monitoring Node." } }