resource "proxmox_virtual_environment_container" "cattle" {
  for_each = var.lxc_inventory

  node_name    = each.value.node
  vm_id        = each.key
  unprivileged = false # Matches your 110.conf (which lacks unprivileged: 1)

  features {
    nesting = true
    keyctl  = true
  }

  initialization {
    hostname = each.value.hostname
    user_account {
      password = var.lxc_root_password
    }
    ip_config {
      ipv4 {
        address = each.value.ip
        gateway = each.value.gw
      }
    }
    dns {
      servers = ["1.1.1.1"]
    }
  }

  operating_system {
    template_file_id = "local:vztmpl/debian-13-standard_13.1-2_amd64.tar.zst"
    type             = "debian"
  }

  cpu {
    cores = each.value.cores
  }

  memory {
    dedicated = each.value.memory
    swap      = 0
  }

  disk {
    datastore_id = each.value.datastore_id
    size         = each.value.disk_size
  }

  # Mount Point 0
  mount_point {
    volume = each.value.mp0_volume
    path   = "/docker"
  }

  # Mount Point 1
  mount_point {
    volume = each.value.mp1_volume
    path   = "/repo"
  }

  network_interface {
    name    = "eth0"
    bridge  = "vmbr0"
    vlan_id = each.value.vlan
  }

  lifecycle {
    ignore_changes = [
      operating_system[0].template_file_id,
      initialization[0].user_account[0].password,
    ]
  }
}