resource "proxmox_virtual_environment_container" "main_page" { node_name = "pve" vm_id = 1010 tags = ["dev"] unprivileged = true cpu { cores = 1 } memory { dedicated = 512 } disk { datastore_id = var.datastore_id size = 4 } network_interface { bridge = var.internal_network_bridge_name name = "eth-dev" firewall = true enabled = true } initialization { hostname = "main-page" ip_config { ipv4 { address = "192.168.0.10/24" gateway = "192.168.0.1" } } user_account { keys = [var.ssh_public_key] } } operating_system { template_file_id = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" type = "debian" } started = true startup { order = 500 up_delay = 0 down_delay = 0 } features { nesting = true } } resource "proxmox_virtual_environment_firewall_options" "main_page" { depends_on = [proxmox_virtual_environment_container.main_page] node_name = proxmox_virtual_environment_container.main_page.node_name vm_id = proxmox_virtual_environment_container.main_page.vm_id enabled = true dhcp = true input_policy = "DROP" output_policy = "ACCEPT" } resource "proxmox_virtual_environment_firewall_rules" "main_page" { depends_on = [proxmox_virtual_environment_container.main_page] node_name = proxmox_virtual_environment_container.main_page.node_name vm_id = proxmox_virtual_environment_container.main_page.vm_id rule { type = "in" source = split("/", data.terraform_remote_state.common.outputs.bastion_ct.initialization[0].ip_config[1].ipv4[0].address)[0] proto = "tcp" dport = "22" action = "ACCEPT" comment = "SSH from Bastion." } rule { type = "in" proto = "icmp" dport = "8" action = "ACCEPT" comment = "Ping." } rule { type = "in" source = split("/", data.terraform_remote_state.common.outputs.load_balancer_ct.initialization[0].ip_config[1].ipv4[0].address)[0] proto = "tcp" dport = "80" action = "ACCEPT" comment = "Nginx Static Serving." } rule { security_group = data.terraform_remote_state.common.outputs.prometheus_node_exporter_sg.name comment = "Allow Prometheus server to pull Prometheus node exporter from Monitoring Node." } }