feat: add Hermes Agent LXC terraform config

Defines Hermes Agent LXC (VMID 118) on node gihyeon with 2 cores, 4 GB RAM, 24 GB disk, DHCP on intra01. Token-safe: nesting/keyctl features and bind mounts are intentionally omitted and must be applied via pct set after initial deploy. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-18 23:47:04 +09:00
parent 92851a384f
commit cdf58844a8
5 changed files with 134 additions and 2 deletions
--- a/hermes-variables.tf
+++ b/hermes-variables.tf
@@ -0,0 +1,53 @@
+variable "hermes_vmid" {
+  description = "VMID for the Hermes Agent LXC"
+  type        = number
+  default     = 118
+}
+
+variable "hermes_hostname" {
+  description = "Hostname for the Hermes Agent LXC"
+  type        = string
+  default     = "hermes"
+}
+
+variable "hermes_node" {
+  description = "Proxmox node to host the Hermes Agent LXC"
+  type        = string
+  default     = "gihyeon"
+}
+
+variable "hermes_cores" {
+  description = "CPU cores for the Hermes Agent LXC"
+  type        = number
+  default     = 2
+}
+
+variable "hermes_memory" {
+  description = "Dedicated memory (MB) for the Hermes Agent LXC"
+  type        = number
+  default     = 4096
+}
+
+variable "hermes_swap" {
+  description = "Swap (MB) for the Hermes Agent LXC"
+  type        = number
+  default     = 512
+}
+
+variable "hermes_disk_size" {
+  description = "Root filesystem size (GB) for the Hermes Agent LXC"
+  type        = number
+  default     = 24
+}
+
+variable "hermes_datastore" {
+  description = "Datastore for the Hermes Agent LXC root filesystem"
+  type        = string
+  default     = "local-lvm"
+}
+
+variable "hermes_network_bridge" {
+  description = "Network bridge (SDN VNET) for the Hermes Agent LXC"
+  type        = string
+  default     = "intra01"
+}
--- a/hermes.tf
+++ b/hermes.tf
@@ -0,0 +1,59 @@
+# Download Debian 12 LXC template to gihyeon (node1).
+resource "proxmox_virtual_environment_download_file" "debian12_template_gihyeon" {
+  content_type = "vztmpl"
+  datastore_id = "local"
+  node_name    = var.hermes_node
+  url          = "http://download.proxmox.com/images/system/debian-12-standard_12.12-1_amd64.tar.zst"
+}
+
+# Hermes Agent LXC — token-safe skeleton.
+# IMPORTANT: container `features` (nesting/keyctl) and bind mounts are NOT set
+# here. The Proxmox API token cannot set host-security settings; they are applied
+# once via the PVE web console with `pct set` (see scripts/hermes-bootstrap.sh
+# and docs/superpowers/specs/2026-06-18-hermes-agent-lxc-design.md).
+resource "proxmox_virtual_environment_container" "hermes" {
+  description   = "Hermes Agent (Nous Research) - Managed by Terraform"
+  node_name     = var.hermes_node
+  vm_id         = var.hermes_vmid
+  start_on_boot = true
+  unprivileged  = true
+  tags          = ["ai", "agent", "terraform"]
+
+  operating_system {
+    template_file_id = proxmox_virtual_environment_download_file.debian12_template_gihyeon.id
+    type             = "debian"
+  }
+
+  cpu {
+    cores = var.hermes_cores
+  }
+
+  memory {
+    dedicated = var.hermes_memory
+    swap      = var.hermes_swap
+  }
+
+  disk {
+    datastore_id = var.hermes_datastore
+    size         = var.hermes_disk_size
+  }
+
+  network_interface {
+    name   = "eth0"
+    bridge = var.hermes_network_bridge
+  }
+
+  initialization {
+    hostname = var.hermes_hostname
+
+    ip_config {
+      ipv4 {
+        address = "dhcp"
+      }
+    }
+
+    dns {
+      servers = var.dns_servers
+    }
+  }
+}
--- a/outputs.tf
+++ b/outputs.tf
@@ -7,3 +7,13 @@ output "pbs_ip_address" {
  description = "PBS LXC IP address"
  value       = var.pbs_ip_address
 }
+
+output "hermes_container_id" {
+  description = "Hermes Agent LXC container ID"
+  value       = proxmox_virtual_environment_container.hermes.vm_id
+}
+
+output "hermes_hostname" {
+  description = "Hermes Agent LXC hostname (IP is DHCP-assigned; discover via PVE/API)"
+  value       = var.hermes_hostname
+}
--- a/terraform.tfvars
+++ b/terraform.tfvars
@@ -7,3 +7,8 @@ pbs_network_bridge = "intra01"  # TODO: SDN VNET 브릿지 이름으로 변경
 pbs_ip_address     = "10.1.20.11/24"
 pbs_gateway        = "10.1.20.254" # TODO: SDN 게이트웨이 확인
 dns_servers        = ["1.1.1.1", "8.8.8.8"]
+
+# Hermes Agent LXC 설정 (node1 / intra01)
+hermes_vmid           = 118
+hermes_node           = "gihyeon"
+hermes_network_bridge = "intra01"
--- a/terraform.tfvars.example
+++ b/terraform.tfvars.example
@@ -7,3 +7,8 @@ pbs_network_bridge = "vmbr0"  # TODO: SDN VNET 브릿지 이름으로 변경
 pbs_ip_address     = "10.1.20.11/24"
 pbs_gateway        = "10.1.20.1"  # TODO: SDN 게이트웨이 확인
 dns_servers        = ["1.1.1.1", "8.8.8.8"]
+
+# Hermes Agent LXC 설정 (node1 / intra01)
+hermes_vmid           = 118
+hermes_node           = "gihyeon"
+hermes_network_bridge = "intra01"