From 5243bb37cb92d288c4d843ccd09972098c576629 Mon Sep 17 00:00:00 2001
From: admin <jkilloran@mapletree.email>
Date: Wed, 28 Jan 2026 15:01:07 -0700
Subject: [PATCH] update for nesting and privilege

---
 terraform/main.tf | 33 ++++++++++++++++++++++++++-------
 1 file changed, 26 insertions(+), 7 deletions(-)

diff --git a/terraform/main.tf b/terraform/main.tf
index ac7b073..60baede 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -1,8 +1,13 @@
 resource "proxmox_virtual_environment_container" "cattle" {
   for_each = var.lxc_inventory
 
-  node_name = each.value.node
-  vm_id     = each.key
+  node_name    = each.value.node
+  vm_id        = each.key
+  unprivileged = true # Standard for security
+
+  features {
+    nesting = true # Essential for Docker inside LXC
+  }
 
   initialization {
     hostname = each.value.hostname
@@ -18,7 +23,8 @@ resource "proxmox_virtual_environment_container" "cattle" {
   }
 
   operating_system {
-    template_file_id = "local:vdebian-13-standard_13.1-2_amd64.tar.zst"
+    # Updated to your Debian 13 template
+    template_file_id = "local:vztmpl/debian-13-standard_13.1-2_amd64.tar.zst"
     type             = "debian"
   }
 
@@ -30,14 +36,27 @@ resource "proxmox_virtual_environment_container" "cattle" {
     dedicated = each.value.memory
   }
 
+  # Root Disk
   disk {
-    datastore_id = "local-lvm"
-    size         = tonumber(replace(each.value.disk_size, "G", "")) # Converts "20G" to 20
+    datastore_id = each.value.datastore_id
+    size         = each.value.disk_size
+  }
+
+  # Mount Point 0 (/docker)
+  mount_point {
+    volume = each.value.mp0_volume
+    path   = "/docker"
+  }
+
+  # Mount Point 1 (/repo)
+  mount_point {
+    volume = each.value.mp1_volume
+    path   = "/repo"
   }
 
   network_interface {
-    name   = "eth0"
-    bridge = "vmbr0"
+    name    = "eth0"
+    bridge  = "vmbr0"
     vlan_id = each.value.vlan
   }
 }
\ No newline at end of file