![Header Image](https://miro.medium.com/v2/resize:fit:4000/1*16DgdobhWUUXKzF4fwjOdw.png) [![deploy-containers](https://github.com/comprofix/opentofu-homelab/actions/workflows/infra-build.yml/badge.svg)](https://github.com/comprofix/opentofu-homelab/actions) ## 📖 Overview Infrastructure as Code (IaC) for the Comprofix homelab using [OpenTofu](https://opentofu.org/). This repository provisions and manages resources such as the Proxmox VMs and LXC containers used in the Comprofix Homelab --- ## 🚀 Features - Declarative infrastructure management with OpenTofu - Remote state stored in PostgreSQL backend - Automated formatting, validation, and applies via GitHub Actions - Secure injection of secrets into `terraform.auto.tfvars` - Supports Proxmox VM provisioning and Omada configuration --- ## 📂 Repository Layout ``` ├── dev-docker.tf # Docker VM definitions ├── github.tf # GitHub repo/org configuration ├── omada.tf # Omada network definitions ├── provider.tf # Provider setup and backend configuration ``` --- ## ⚙️ Requirements - **OpenTofu** (installed automatically in GitHub Actions via [`opentofu/setup-opentofu`](https://github.com/opentofu/setup-opentofu)) - **PostgreSQL** database for remote state Connection string provided via secret: `PG_CONN_STR` - **GitHub Actions self-hosted runner** with access to Proxmox and Omada APIs - Configured repository secrets: - `PG_CONN_STR` - `CI_USER`, `CI_PASSWORD` - `PVE_API_URL`, `PVE_API_TOKEN_ID`, `PVE_API_TOKEN_SECRET` - `SSH_PRIVATE_KEY`, `SSH_PASSPHRASE` --- ## 🔄 Workflow Infrastructure is applied automatically on pushes to the `main` branch. 1. Checkout repo 2. Generate `terraform.auto.tfvars` from GitHub secrets 3. Run `tofu init`, `tofu fmt`, `tofu validate` 4. Execute `tofu plan` 5. If successful, run `tofu apply` > 🔒 PRs and forks do not run workflows. Only code merged into `main` will trigger an apply. --- ## 📖 Usage Local testing: ```bash # Initialize tofu init # Format configs tofu fmt -recursive # Validate configs tofu validate # Plan changes PG_CONN_STR="postgres://..." tofu plan # Apply changes PG_CONN_STR="postgres://..." tofu apply