chore: add github workflow

.github/workflows/infra-build.yml

@@ -0,0 +1,58 @@
+name: Build Infra
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  terraform:
+    name: Terraform Build
+    runs-on: self-hosted
+    defaults:
+      run:
+        working-directory: ./opentofu-homelab
+    env:
+      PG_CONN_STR: ${{ secrets.PG_CONN_STR }}   # <-- Add PostgreSQL backend connection string
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.9.0
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Terraform Format Check
+        run: terraform fmt -check -recursive
+
+      - name: Terraform Validate
+        run: terraform validate
+
+      - name: Terraform Plan
+        id: plan
+        run: |
+          terraform plan -out=tfplan -detailed-exitcode
+        continue-on-error: false
+
+      - name: Generate Dynamic Vars (Secrets)
+        run: |
+          cat <<EOF > terraform.auto.tfvars
+          ci_user = "${{ secrets.CI_USER }}"
+          ci_password = "${{ secrets.CI_PASSWORD }}"
+          proxmox_api_url = "${{ secrets.PVE_API_URL }}"
+          proxmox_api_token_id = "${{ secrets.PVE_API_TOKEN_ID }}"
+          proxmox_api_token_secret = "${{ secrets.PVE_API_TOKEN_SECRET }}"
+          ssh_key = "${{ secrets.SSH_PRIVATE_KEY }}"
+          passphrase = "${{ secrets.SSH_PASSPHRASE }}"
+          EOF
+
+      - name: Terraform Apply
+        if: success()
+        run: terraform apply -auto-approve tfplan

provider.tf

@@ -11,7 +11,9 @@ terraform {
     }
   }
 
-  backend "pg" {}
+  backend "pg" {
+    conn_str = env.PG_CONN_STR
+  }
   encryption {
     key_provider "pbkdf2" "mykey" {
       passphrase    = var.passphrase