From 54ce238846d81e4dbc6cd32807a2817b74f0a90f Mon Sep 17 00:00:00 2001 From: admin Date: Wed, 28 Jan 2026 15:08:59 -0700 Subject: [PATCH] check logic update and move to privileged --- terraform/main.tf | 47 +++++++++++++++-------------------------------- 1 file changed, 15 insertions(+), 32 deletions(-) diff --git a/terraform/main.tf b/terraform/main.tf index 60baede..42a6fe5 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -3,10 +3,12 @@ resource "proxmox_virtual_environment_container" "cattle" { node_name = each.value.node vm_id = each.key - unprivileged = true # Standard for security + unprivileged = false # Changed to match your .conf reality + # This allows Docker to run inside features { - nesting = true # Essential for Docker inside LXC + nesting = true + keyctl = true # Added because 116.conf has this } initialization { @@ -20,43 +22,24 @@ resource "proxmox_virtual_environment_container" "cattle" { gateway = each.value.gw } } + # Matching your 1.1.1.1 DNS + dns { + servers = ["1.1.1.1"] + } } operating_system { - # Updated to your Debian 13 template template_file_id = "local:vztmpl/debian-13-standard_13.1-2_amd64.tar.zst" type = "debian" } - cpu { - cores = each.value.cores - } + # ... cpu, memory, disk, network blocks same as before ... - memory { - dedicated = each.value.memory - } - - # Root Disk - disk { - datastore_id = each.value.datastore_id - size = each.value.disk_size - } - - # Mount Point 0 (/docker) - mount_point { - volume = each.value.mp0_volume - path = "/docker" - } - - # Mount Point 1 (/repo) - mount_point { - volume = each.value.mp1_volume - path = "/repo" - } - - network_interface { - name = "eth0" - bridge = "vmbr0" - vlan_id = each.value.vlan + lifecycle { + # This is the magic. It stops the "Destroy" for these specific things. + ignore_changes = [ + operating_system[0].template_file_id, + initialization[0].user_account[0].password, + ] } } \ No newline at end of file