homelab/terraform/forgejo.tf.disabled

resource "proxmox_virtual_environment_container" "forgejo" {
  node_name = "pve"

  vm_id = 1200

  tags = ["dev"]

  unprivileged = true

  cpu {
    cores = 1
  }

  memory {
    dedicated = 1536
  }

  disk {
    datastore_id = var.datastore_id
    size         = 32
  }

  network_interface {
    bridge   = var.development_network_bridge_name
    name     = "eth-dev"
    firewall = true
    enabled  = true
  }

  initialization {
    hostname = "forgejo"
    ip_config {
      ipv4 {
        address = "192.168.0.12/24"
        gateway = "192.168.0.1"
      }
    }
    user_account {
      keys = [var.ssh_public_key]
    }
  }

  operating_system {
    template_file_id = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
    type             = "debian"
  }

  started = true

  startup {
    order      = 500
    up_delay   = 0
    down_delay = 0
  }

  features {
    nesting = true
  }
}

resource "proxmox_virtual_environment_firewall_options" "forgejo" {
  depends_on = [proxmox_virtual_environment_container.forgejo]

  node_name = proxmox_virtual_environment_container.forgejo.node_name
  vm_id     = proxmox_virtual_environment_container.forgejo.vm_id

  enabled       = true
  dhcp          = true
  input_policy  = "DROP"
  output_policy = "ACCEPT"
}

resource "proxmox_virtual_environment_firewall_rules" "forgejo" {
  depends_on = [proxmox_virtual_environment_container.forgejo]

  node_name = proxmox_virtual_environment_container.forgejo.node_name
  vm_id     = proxmox_virtual_environment_container.forgejo.vm_id

  rule {
    type    = "in"
    source  = split("/", proxmox_virtual_environment_container.bastion.initialization[0].ip_config[1].ipv4[0].address)[0]
    proto   = "tcp"
    dport   = "22"
    action  = "ACCEPT"
    comment = "SSH from Bastion."
  }

  rule {
    type    = "in"
    proto   = "icmp"
    dport   = "8"
    action  = "ACCEPT"
    comment = "Ping."
  }

  rule {
    type    = "in"
    source  = split("/", proxmox_virtual_environment_container.load_balancer.initialization[0].ip_config[1].ipv4[0].address)[0]
    proto   = "tcp"
    dport   = "3000"
    action  = "ACCEPT"
    comment = "Forgejo."
  }

  rule {
    security_group = proxmox_virtual_environment_cluster_firewall_security_group.prometheus_node_exporter.name
    comment = "Allow Prometheus server to pull Prometheus node exporter from Monitoring Node."
  }
}