📖 Overview
Infrastructure as Code (IaC) for the Comprofix homelab using OpenTofu.
This repository provisions and manages resources such as the Proxmox VMs and LXC containers used in the Comprofix Homelab
🚀 Features
- Declarative infrastructure management with OpenTofu
- Remote state stored in PostgreSQL backend
- Automated formatting, validation, and applies via GitHub Actions
- Secure injection of secrets into
terraform.auto.tfvars - Supports Proxmox VM provisioning and Omada configuration
📂 Repository Layout
├── dev-docker.tf # Docker VM definitions
├── github.tf # GitHub repo/org configuration
├── omada.tf # Omada network definitions
├── provider.tf # Provider setup and backend configuration
⚙️ Requirements
- OpenTofu (installed automatically in GitHub Actions via
opentofu/setup-opentofu) - PostgreSQL database for remote state
Connection string provided via secret:PG_CONN_STR - GitHub Actions self-hosted runner with access to Proxmox and Omada APIs
- Configured repository secrets:
PG_CONN_STRCI_USER,CI_PASSWORDPVE_API_URL,PVE_API_TOKEN_ID,PVE_API_TOKEN_SECRETSSH_PRIVATE_KEY,SSH_PASSPHRASE
🔄 Workflow
Infrastructure is applied automatically on pushes to the main branch.
- Checkout repo
- Generate
terraform.auto.tfvarsfrom GitHub secrets - Run
tofu init,tofu fmt,tofu validate - Execute
tofu plan - If successful, run
tofu apply
🔒 PRs and forks do not run workflows. Only code merged into
mainwill trigger an apply.
📖 Usage
Local testing:
# Initialize
tofu init
# Format configs
tofu fmt -recursive
# Validate configs
tofu validate
# Plan changes
PG_CONN_STR="postgres://..." tofu plan
# Apply changes
PG_CONN_STR="postgres://..." tofu apply