check logic update and move to privileged

terraform/main.tf

@@ -3,10 +3,12 @@ resource "proxmox_virtual_environment_container" "cattle" {
 
   node_name    = each.value.node
   vm_id        = each.key
-  unprivileged = true # Standard for security
+  unprivileged = false # Changed to match your .conf reality
 
+  # This allows Docker to run inside
   features {
-    nesting = true # Essential for Docker inside LXC
+    nesting = true
+    keyctl  = true # Added because 116.conf has this
   }
 
   initialization {
@@ -20,43 +22,24 @@ resource "proxmox_virtual_environment_container" "cattle" {
         gateway = each.value.gw
       }
     }
+    # Matching your 1.1.1.1 DNS
+    dns {
+      servers = ["1.1.1.1"]
+    }
   }
 
   operating_system {
-    # Updated to your Debian 13 template
     template_file_id = "local:vztmpl/debian-13-standard_13.1-2_amd64.tar.zst"
     type             = "debian"
   }
 
-  cpu {
-    cores = each.value.cores
-  }
+  # ... cpu, memory, disk, network blocks same as before ...
 
-  memory {
-    dedicated = each.value.memory
-  }
-
-  # Root Disk
-  disk {
-    datastore_id = each.value.datastore_id
-    size         = each.value.disk_size
-  }
-
-  # Mount Point 0 (/docker)
-  mount_point {
-    volume = each.value.mp0_volume
-    path   = "/docker"
-  }
-
-  # Mount Point 1 (/repo)
-  mount_point {
-    volume = each.value.mp1_volume
-    path   = "/repo"
-  }
-
-  network_interface {
-    name    = "eth0"
-    bridge  = "vmbr0"
-    vlan_id = each.value.vlan
+  lifecycle {
+    # This is the magic. It stops the "Destroy" for these specific things.
+    ignore_changes = [
+      operating_system[0].template_file_id,
+      initialization[0].user_account[0].password,
+    ]
   }
 }