From cdf58844a8a8a8a5b51f025a800ecbd53bc1836d Mon Sep 17 00:00:00 2001 From: 21in7 Date: Thu, 18 Jun 2026 23:47:04 +0900 Subject: [PATCH] feat: add Hermes Agent LXC terraform config Defines Hermes Agent LXC (VMID 118) on node gihyeon with 2 cores, 4 GB RAM, 24 GB disk, DHCP on intra01. Token-safe: nesting/keyctl features and bind mounts are intentionally omitted and must be applied via pct set after initial deploy. Co-Authored-By: Claude Sonnet 4.6 --- hermes-variables.tf | 53 ++++++++++++++++++++++++++++++++++++ hermes.tf | 59 ++++++++++++++++++++++++++++++++++++++++ outputs.tf | 10 +++++++ terraform.tfvars | 9 ++++-- terraform.tfvars.example | 5 ++++ 5 files changed, 134 insertions(+), 2 deletions(-) create mode 100644 hermes-variables.tf create mode 100644 hermes.tf diff --git a/hermes-variables.tf b/hermes-variables.tf new file mode 100644 index 0000000..56d93e9 --- /dev/null +++ b/hermes-variables.tf @@ -0,0 +1,53 @@ +variable "hermes_vmid" { + description = "VMID for the Hermes Agent LXC" + type = number + default = 118 +} + +variable "hermes_hostname" { + description = "Hostname for the Hermes Agent LXC" + type = string + default = "hermes" +} + +variable "hermes_node" { + description = "Proxmox node to host the Hermes Agent LXC" + type = string + default = "gihyeon" +} + +variable "hermes_cores" { + description = "CPU cores for the Hermes Agent LXC" + type = number + default = 2 +} + +variable "hermes_memory" { + description = "Dedicated memory (MB) for the Hermes Agent LXC" + type = number + default = 4096 +} + +variable "hermes_swap" { + description = "Swap (MB) for the Hermes Agent LXC" + type = number + default = 512 +} + +variable "hermes_disk_size" { + description = "Root filesystem size (GB) for the Hermes Agent LXC" + type = number + default = 24 +} + +variable "hermes_datastore" { + description = "Datastore for the Hermes Agent LXC root filesystem" + type = string + default = "local-lvm" +} + +variable "hermes_network_bridge" { + description = "Network bridge (SDN VNET) for the Hermes Agent LXC" + type = string + default = "intra01" +} diff --git a/hermes.tf b/hermes.tf new file mode 100644 index 0000000..437e432 --- /dev/null +++ b/hermes.tf @@ -0,0 +1,59 @@ +# Download Debian 12 LXC template to gihyeon (node1). +resource "proxmox_virtual_environment_download_file" "debian12_template_gihyeon" { + content_type = "vztmpl" + datastore_id = "local" + node_name = var.hermes_node + url = "http://download.proxmox.com/images/system/debian-12-standard_12.12-1_amd64.tar.zst" +} + +# Hermes Agent LXC — token-safe skeleton. +# IMPORTANT: container `features` (nesting/keyctl) and bind mounts are NOT set +# here. The Proxmox API token cannot set host-security settings; they are applied +# once via the PVE web console with `pct set` (see scripts/hermes-bootstrap.sh +# and docs/superpowers/specs/2026-06-18-hermes-agent-lxc-design.md). +resource "proxmox_virtual_environment_container" "hermes" { + description = "Hermes Agent (Nous Research) - Managed by Terraform" + node_name = var.hermes_node + vm_id = var.hermes_vmid + start_on_boot = true + unprivileged = true + tags = ["ai", "agent", "terraform"] + + operating_system { + template_file_id = proxmox_virtual_environment_download_file.debian12_template_gihyeon.id + type = "debian" + } + + cpu { + cores = var.hermes_cores + } + + memory { + dedicated = var.hermes_memory + swap = var.hermes_swap + } + + disk { + datastore_id = var.hermes_datastore + size = var.hermes_disk_size + } + + network_interface { + name = "eth0" + bridge = var.hermes_network_bridge + } + + initialization { + hostname = var.hermes_hostname + + ip_config { + ipv4 { + address = "dhcp" + } + } + + dns { + servers = var.dns_servers + } + } +} diff --git a/outputs.tf b/outputs.tf index 26c89db..477a124 100644 --- a/outputs.tf +++ b/outputs.tf @@ -7,3 +7,13 @@ output "pbs_ip_address" { description = "PBS LXC IP address" value = var.pbs_ip_address } + +output "hermes_container_id" { + description = "Hermes Agent LXC container ID" + value = proxmox_virtual_environment_container.hermes.vm_id +} + +output "hermes_hostname" { + description = "Hermes Agent LXC hostname (IP is DHCP-assigned; discover via PVE/API)" + value = var.hermes_hostname +} diff --git a/terraform.tfvars b/terraform.tfvars index 48911a6..9f322dd 100644 --- a/terraform.tfvars +++ b/terraform.tfvars @@ -3,7 +3,12 @@ proxmox_endpoint = "https://192.168.50.87:8006" proxmox_api_token = "root@pam!terrform=1408ded5-c7c4-4384-8b19-64178837fb8c" # PBS 네트워크 설정 -pbs_network_bridge = "intra01" # TODO: SDN VNET 브릿지 이름으로 변경 +pbs_network_bridge = "intra01" # TODO: SDN VNET 브릿지 이름으로 변경 pbs_ip_address = "10.1.20.11/24" -pbs_gateway = "10.1.20.254" # TODO: SDN 게이트웨이 확인 +pbs_gateway = "10.1.20.254" # TODO: SDN 게이트웨이 확인 dns_servers = ["1.1.1.1", "8.8.8.8"] + +# Hermes Agent LXC 설정 (node1 / intra01) +hermes_vmid = 118 +hermes_node = "gihyeon" +hermes_network_bridge = "intra01" diff --git a/terraform.tfvars.example b/terraform.tfvars.example index 932e820..e6a705d 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -7,3 +7,8 @@ pbs_network_bridge = "vmbr0" # TODO: SDN VNET 브릿지 이름으로 변경 pbs_ip_address = "10.1.20.11/24" pbs_gateway = "10.1.20.1" # TODO: SDN 게이트웨이 확인 dns_servers = ["1.1.1.1", "8.8.8.8"] + +# Hermes Agent LXC 설정 (node1 / intra01) +hermes_vmid = 118 +hermes_node = "gihyeon" +hermes_network_bridge = "intra01"