From 6bbcd55bb465489cc3591041d2cbedf7d72caf21 Mon Sep 17 00:00:00 2001
From: Tony Du <tonydu121@hotmail.com>
Date: Tue, 11 Feb 2025 22:12:57 -0800
Subject: [PATCH] chore: Reorganize terraform

---
 ansible/jumper.yml                            |   2 +
 ansible/roles/docker/tasks/main.yml           |   3 +-
 .../compose/bind9/config/home.mnke.org.zone   |  17 +++
 docker/compose/bind9/config/named.conf        |  17 +++
 docker/compose/bind9/docker-compose.yaml      |  17 +++
 docker/compose/gitea/docker-compose.yml       |   1 +
 docker/compose/media/docker-compose.yml       |   2 +-
 docker/compose/traefik/docker-compose.yml     |   3 +
 .../configs/flux/discord-alert.yaml           |  10 +-
 tf/backend.tf                                 |  20 ----
 tf/cloud-init.tf                              |  44 ++++++++
 tf/dns-server.tf                              |   3 +-
 tf/dns.tf                                     |   6 +
 tf/docker-swarm.tf                            |   3 +-
 tf/huts.tf                                    |  82 +++++++++++++-
 tf/k8s.tf                                     |  10 +-
 tf/modules/dns-server/main.tf                 |  34 +++---
 tf/modules/dns-server/variables.tf            |  15 ++-
 tf/modules/docker-swarm/main.tf               |  70 ++++++------
 tf/modules/docker-swarm/variables.tf          |   7 +-
 tf/modules/k8s/main.tf                        | 105 +++++++++---------
 tf/modules/k8s/variables.tf                   |   7 +-
 tf/pools.tf                                   |   1 +
 tf/providers.tf                               |  32 ++++++
 tf/variables.tf                               |  11 ++
 tf/vars.auto.tfvars                           |   4 +-
 26 files changed, 383 insertions(+), 143 deletions(-)
 create mode 100644 docker/compose/bind9/config/home.mnke.org.zone
 create mode 100644 docker/compose/bind9/config/named.conf
 create mode 100644 docker/compose/bind9/docker-compose.yaml
 delete mode 100644 tf/backend.tf
 create mode 100644 tf/dns.tf

diff --git a/ansible/jumper.yml b/ansible/jumper.yml
index 25132a8..24b2305 100644
--- a/ansible/jumper.yml
+++ b/ansible/jumper.yml
@@ -2,6 +2,7 @@
 - name: Install
   hosts: jumper
   remote_user: ubuntu
+  serial: 1
   vars:
     pv_disks:
       - /dev/sda
@@ -12,6 +13,7 @@
     mount_path: /mnt/docker
     extra_docker_daemon_options: |
       "data-root": "/mnt/docker/docker-root",
+      "dns": ["10.0.123.123"],
   tasks:
     - import_role: name=dns-client
 
diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml
index 7ed9fa5..d290ad0 100644
--- a/ansible/roles/docker/tasks/main.yml
+++ b/ansible/roles/docker/tasks/main.yml
@@ -22,8 +22,7 @@
             "base": "172.168.0.0/16",
             "size": 24
           }
-        ],
-        "dns": ["10.0.123.123"]
+        ]
       }
     dest: /etc/docker/daemon.json
   register: docker_daemon_conf
diff --git a/docker/compose/bind9/config/home.mnke.org.zone b/docker/compose/bind9/config/home.mnke.org.zone
new file mode 100644
index 0000000..c1d619b
--- /dev/null
+++ b/docker/compose/bind9/config/home.mnke.org.zone
@@ -0,0 +1,17 @@
+$ORIGIN home.mnke.org.
+@                     900       IN  SOA           ns.home.mnke.org. info.mnke.org. (
+                                                  5          ; serial
+                                                  900        ; refresh
+                                                  300        ; retry
+                                                  604800     ; expire
+                                                  900        ; minimum ttl
+)
+@                     3600      IN  NS            ns.home.mnke.org.
+ns                    3600      IN  A             10.0.4.4
+
+
+truenas               600       IN  A             10.0.0.160
+nas                   600       IN  CNAME         truenas
+db                    600       IN  CNAME         truenas
+
+truenas-gpu           600       IN  A             10.0.0.250
diff --git a/docker/compose/bind9/config/named.conf b/docker/compose/bind9/config/named.conf
new file mode 100644
index 0000000..2958551
--- /dev/null
+++ b/docker/compose/bind9/config/named.conf
@@ -0,0 +1,17 @@
+acl internal {
+  10.0.0.0/16;
+  127.0.0.1;
+};
+
+options {
+  forwarders {
+    1.0.0.1;
+    1.1.1.1;
+  };
+  allow-query { internal; };
+};
+
+zone "home.mnke.org" IN {
+  type master;
+  file "/etc/bind/home.mnke.org.zone";
+};
diff --git a/docker/compose/bind9/docker-compose.yaml b/docker/compose/bind9/docker-compose.yaml
new file mode 100644
index 0000000..09f7836
--- /dev/null
+++ b/docker/compose/bind9/docker-compose.yaml
@@ -0,0 +1,17 @@
+---
+
+services:
+  bind9:
+    container_name: bind9
+    image: ubuntu/bind9:9.18-22.04_beta
+    environment:
+      - BIND9_USER=root
+      - TZ=America/Vancouver
+    ports:
+      - 53:53/tcp
+      - 53:53/udp
+    volumes:
+      - ./config:/etc/bind
+      - ./cache:/var/cache/bind
+      - ./records:/var/lib/bind
+    restart: unless-stopped
diff --git a/docker/compose/gitea/docker-compose.yml b/docker/compose/gitea/docker-compose.yml
index 8854caf..ec421a6 100644
--- a/docker/compose/gitea/docker-compose.yml
+++ b/docker/compose/gitea/docker-compose.yml
@@ -10,6 +10,7 @@ services:
   gitea:
     image: docker.io/gitea/gitea:1.23.1
     container_name: gitea
+    restart: unless-stopped
     environment:
       - USER_UID=1002
       - USER_GID=1002
diff --git a/docker/compose/media/docker-compose.yml b/docker/compose/media/docker-compose.yml
index 9f662af..e94d4d5 100644
--- a/docker/compose/media/docker-compose.yml
+++ b/docker/compose/media/docker-compose.yml
@@ -176,7 +176,7 @@ services:
       resources:
         limits:
           cpus: '0.25'
-          memory: 256M
+          memory: 512M
         reservations:
           cpus: '0.1'
           memory: 64M
diff --git a/docker/compose/traefik/docker-compose.yml b/docker/compose/traefik/docker-compose.yml
index 4ccbe0f..0c69ab2 100644
--- a/docker/compose/traefik/docker-compose.yml
+++ b/docker/compose/traefik/docker-compose.yml
@@ -8,6 +8,7 @@ services:
   traefik:
     image: traefik:v3.3
     container_name: traefik
+    restart: unless-stopped
     # This seems to be needed to solve the DNS challenge. Otherwise our own
     # DNS server is used, which isn't correctly configured to allow checking
     # the DNS entries have been propagated
@@ -62,6 +63,8 @@ services:
 
   whoami:
     image: "traefik/whoami"
+    container_name: whoami
+    restart: unless-stopped
     networks:
       - traefik
     labels:
diff --git a/k8s/infrastructure/configs/flux/discord-alert.yaml b/k8s/infrastructure/configs/flux/discord-alert.yaml
index d316e22..63bc8f2 100644
--- a/k8s/infrastructure/configs/flux/discord-alert.yaml
+++ b/k8s/infrastructure/configs/flux/discord-alert.yaml
@@ -32,7 +32,7 @@ spec:
 apiVersion: notification.toolkit.fluxcd.io/v1beta3
 kind: Alert
 metadata:
-  name: on-call-webapp
+  name: alerts
   namespace: flux-system
 spec:
   summary: "cluster addons"
@@ -47,5 +47,9 @@ spec:
       name: '*'
     - kind: Kustomization
       name: '*'
-
-
+    # - kind: HelmRelease
+      # name: '*'
+  exclusionList:
+    # These are so noisy
+    - "*HelmRepository/flux-system/prometheus-community configured*"
+    - "*HelmRepository/flux-system/traefik configured*"
diff --git a/tf/backend.tf b/tf/backend.tf
deleted file mode 100644
index 8c4513e..0000000
--- a/tf/backend.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-terraform {
-  backend "s3" {
-    bucket = "tfstate"
-
-    endpoints = {
-      s3 = var.s3_backend_endpoint
-    }
-
-    key        = "homelab.tfstate"
-    access_key = var.s3_access_key
-    secret_key = var.s3_secret_key
-
-    region                      = "main" # Region validation will be skipped
-    skip_credentials_validation = true   # Skip AWS related checks and validations
-    skip_requesting_account_id  = true
-    skip_metadata_api_check     = true
-    skip_region_validation      = true
-    use_path_style              = true # Enable path-style S3 URLs (https://<HOST>/<BUCKET> https://developer.hashicorp.com/terraform/language/settings/backends/s3#use_path_style
-  }
-}
diff --git a/tf/cloud-init.tf b/tf/cloud-init.tf
index 60927bf..1080ff2 100644
--- a/tf/cloud-init.tf
+++ b/tf/cloud-init.tf
@@ -38,3 +38,47 @@ power_state:
     condition: true
 EOF
 }
+
+resource "proxmox_virtual_environment_file" "common_cloud_init" {
+  content_type = "snippets"
+  datastore_id = var.proxmox_image_storage
+  node_name    = "pve"
+
+  source_raw {
+    data      = <<EOF
+#cloud-config
+chpasswd:
+  list: |
+    ubuntu:ubuntu
+    ${var.username}:${var.username}
+  expire: false
+packages:
+  - qemu-guest-agent
+  - nfs-common
+  - avahi-daemon
+timezone: America/Vancouver
+
+users:
+  - default
+  - name: ubuntu
+    groups: sudo
+    shell: /bin/bash
+    ssh-authorized-keys:
+      - ${trimspace(data.local_file.ssh_pub_key.content)}
+    sudo: ALL=(ALL) NOPASSWD:ALL
+  - name: ${var.username}
+    groups: sudo
+    shell: /bin/bash
+    ssh_import_id:
+      - ${var.ssh_import_id}
+    sudo: ALL=(ALL) NOPASSWD:ALL
+
+power_state:
+    delay: now
+    mode: reboot
+    message: Rebooting after cloud-init completion
+    condition: true
+EOF
+    file_name = "common-cloud-init.cloud-config.yaml"
+  }
+}
diff --git a/tf/dns-server.tf b/tf/dns-server.tf
index 3320031..ee40b51 100644
--- a/tf/dns-server.tf
+++ b/tf/dns-server.tf
@@ -14,6 +14,7 @@ module "dns_server" {
   proxmox_vm_storage    = var.proxmox_vm_storage
   proxmox_image_storage = var.proxmox_image_storage
 
-  common_cloud_init = local.common_cloud_init
+  cloud_init_file_id = proxmox_virtual_environment_file.common_cloud_init.id
   cloud_image_id    = proxmox_virtual_environment_file.ubuntu_cloud_image.id
+  ssh_private_key_file = var.ssh_private_key_file
 }
diff --git a/tf/dns.tf b/tf/dns.tf
new file mode 100644
index 0000000..10f6bdd
--- /dev/null
+++ b/tf/dns.tf
@@ -0,0 +1,6 @@
+# resource "dns_a_record_set" "test" {
+  # zone      = "home.mnke.org."
+  # name      = "test"
+  # addresses = ["10.0.123.123"]
+  # ttl       = 300
+# }
diff --git a/tf/docker-swarm.tf b/tf/docker-swarm.tf
index 2791f28..9ecc376 100644
--- a/tf/docker-swarm.tf
+++ b/tf/docker-swarm.tf
@@ -12,6 +12,7 @@ module "docker_swarm_stingray" {
   proxmox_vm_storage    = var.proxmox_vm_storage
   proxmox_image_storage = var.proxmox_image_storage
 
-  common_cloud_init = local.common_cloud_init
+  cloud_init_file_id = proxmox_virtual_environment_file.common_cloud_init.id
   cloud_image_id    = proxmox_virtual_environment_file.ubuntu_cloud_image.id
+  ssh_private_key_file = var.ssh_private_key_file
 }
diff --git a/tf/huts.tf b/tf/huts.tf
index 42d88cd..a761c8f 100644
--- a/tf/huts.tf
+++ b/tf/huts.tf
@@ -47,8 +47,8 @@ resource "proxmox_virtual_environment_vm" "jumper" {
   }
 
   memory {
-    dedicated = 4096
-    floating  = 4096
+    dedicated = 8192
+    floating  = 8192
   }
 
   agent {
@@ -113,3 +113,81 @@ resource "ansible_host" "jumper" {
   groups = ["jumper", "portainer_agent"]
 }
 
+resource "proxmox_virtual_environment_vm" "bench" {
+  name        = "bench"
+  description = "Managed by Terraform"
+  tags        = ["terraform", "ubuntu", "hut"]
+
+  node_name = "pve"
+  vm_id     = 20001
+
+  cpu {
+    cores = 1
+    type  = "host"
+  }
+
+  memory {
+    dedicated = 1024
+    floating  = 1024
+  }
+
+  agent {
+    enabled = true
+  }
+
+  startup {
+    order      = "1"
+    up_delay   = "60"
+    down_delay = "60"
+  }
+
+  disk {
+    datastore_id = var.proxmox_vm_storage
+    file_id      = proxmox_virtual_environment_file.ubuntu_cloud_image.id
+    interface    = "virtio0"
+    iothread     = true
+    discard      = "on"
+    size         = 16
+    file_format  = "qcow2"
+  }
+
+  initialization {
+    ip_config {
+      ipv4 {
+        address = "10.0.44.3/16"
+        gateway = var.gateway
+      }
+    }
+    datastore_id = var.proxmox_image_storage
+
+    user_data_file_id = proxmox_virtual_environment_file.common_cloud_init.id
+  }
+
+  network_device {
+    bridge = "vmbr0"
+  }
+
+  operating_system {
+    type = "l26"
+  }
+
+  connection {
+    type        = "ssh"
+    user        = "ubuntu"
+    private_key = file(var.ssh_private_key_file)
+    host        = split("/", self.initialization[0].ip_config[0].ipv4[0].address)[0]
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo hostnamectl set-hostname ${self.name}",
+      "sudo systemctl restart avahi-daemon",
+    ]
+  }
+
+  lifecycle {
+    ignore_changes = [
+      initialization[0].user_data_file_id,
+    ]
+  }
+}
diff --git a/tf/k8s.tf b/tf/k8s.tf
index 70d3dca..c1d3677 100644
--- a/tf/k8s.tf
+++ b/tf/k8s.tf
@@ -15,8 +15,9 @@ module "k8s_dolo" {
   proxmox_vm_storage    = var.proxmox_vm_storage
   proxmox_image_storage = var.proxmox_image_storage
 
-  common_cloud_init = local.common_cloud_init
-  cloud_image_id    = proxmox_virtual_environment_file.ubuntu_cloud_image.id
+  cloud_init_file_id = proxmox_virtual_environment_file.common_cloud_init.id
+  cloud_image_id     = proxmox_virtual_environment_file.ubuntu_cloud_image.id
+  ssh_private_key_file = var.ssh_private_key_file
 }
 
 module "k8s_folly" {
@@ -35,7 +36,8 @@ module "k8s_folly" {
   proxmox_vm_storage    = var.proxmox_vm_storage
   proxmox_image_storage = var.proxmox_image_storage
 
-  common_cloud_init = local.common_cloud_init
-  cloud_image_id    = proxmox_virtual_environment_file.ubuntu_cloud_image.id
+  cloud_init_file_id = proxmox_virtual_environment_file.common_cloud_init.id
+  cloud_image_id     = proxmox_virtual_environment_file.ubuntu_cloud_image.id
+  ssh_private_key_file = var.ssh_private_key_file
 }
 
diff --git a/tf/modules/dns-server/main.tf b/tf/modules/dns-server/main.tf
index 98ae3a6..6c720f3 100644
--- a/tf/modules/dns-server/main.tf
+++ b/tf/modules/dns-server/main.tf
@@ -19,8 +19,8 @@ resource "proxmox_virtual_environment_vm" "dns_server" {
   }
 
   memory {
-    dedicated = 512
-    floating  = 512
+    dedicated = 1024
+    floating  = 1024
   }
 
   agent {
@@ -54,7 +54,7 @@ resource "proxmox_virtual_environment_vm" "dns_server" {
     }
     datastore_id = var.proxmox_image_storage
 
-    user_data_file_id = proxmox_virtual_environment_file.dns_server.id
+    user_data_file_id = var.cloud_init_file_id
   }
 
   network_device {
@@ -65,22 +65,24 @@ resource "proxmox_virtual_environment_vm" "dns_server" {
     type = "l26"
   }
 
-  lifecycle {
+  connection {
+    type        = "ssh"
+    user        = "ubuntu"
+    private_key = file(var.ssh_private_key_file)
+    host        = split("/", self.initialization[0].ip_config[0].ipv4[0].address)[0]
   }
-}
 
-resource "proxmox_virtual_environment_file" "dns_server" {
-  content_type = "snippets"
-  datastore_id = var.proxmox_image_storage
-  node_name    = "pve"
+  provisioner "remote-exec" {
+    inline = [
+      "sudo hostnamectl set-hostname ${self.name}",
+      "sudo systemctl restart avahi-daemon",
+    ]
+  }
 
-  source_raw {
-    data      = <<EOF
-${var.common_cloud_init}
-
-hostname: ${local.dns_server.name}
-EOF
-    file_name = "${local.dns_server.name}.cloud-config.yaml"
+  lifecycle {
+    ignore_changes = [
+      initialization[0].user_data_file_id,
+    ]
   }
 }
 
diff --git a/tf/modules/dns-server/variables.tf b/tf/modules/dns-server/variables.tf
index df92e7c..cbf20ac 100644
--- a/tf/modules/dns-server/variables.tf
+++ b/tf/modules/dns-server/variables.tf
@@ -1,8 +1,3 @@
-variable "common_cloud_init" {
-  type        = string
-  description = "Base cloud-init template"
-}
-
 variable "cloud_image_id" {
   type        = string
   description = "Cloud image to use"
@@ -32,3 +27,13 @@ variable "pool_id" {
 variable "vm_id" {
   type = string
 }
+
+variable "cloud_init_file_id" {
+  type        = string
+  description = "Base cloud-init template"
+}
+
+variable "ssh_private_key_file" {
+  type = string
+  description = "Path to private key file. Make sure this matches the public key defined in the cloud init."
+}
diff --git a/tf/modules/docker-swarm/main.tf b/tf/modules/docker-swarm/main.tf
index c1c72f3..d02e00b 100644
--- a/tf/modules/docker-swarm/main.tf
+++ b/tf/modules/docker-swarm/main.tf
@@ -67,7 +67,7 @@ resource "proxmox_virtual_environment_vm" "swarm_manager" {
     }
     datastore_id = var.proxmox_image_storage
 
-    user_data_file_id = proxmox_virtual_environment_file.swarm_manager[count.index].id
+    user_data_file_id = var.cloud_init_file_id
   }
 
   network_device {
@@ -78,43 +78,28 @@ resource "proxmox_virtual_environment_vm" "swarm_manager" {
     type = "l26"
   }
 
+  connection {
+    type        = "ssh"
+    user        = "ubuntu"
+    private_key = file(var.ssh_private_key_file)
+    host        = split("/", self.initialization[0].ip_config[0].ipv4[0].address)[0]
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo hostnamectl set-hostname ${self.name}",
+      "sudo systemctl restart avahi-daemon",
+    ]
+  }
+
   lifecycle {
+    ignore_changes = [
+      initialization[0].user_data_file_id,
+    ]
   }
 }
 
 
-resource "proxmox_virtual_environment_file" "swarm_manager" {
-  count        = var.manager_count
-  content_type = "snippets"
-  datastore_id = var.proxmox_image_storage
-  node_name    = "pve"
-
-  source_raw {
-    data      = <<EOF
-${var.common_cloud_init}
-
-hostname: ${local.managers[count.index].name}
-EOF
-    file_name = "${local.managers[count.index].name}.cloud-config.yaml"
-  }
-}
-
-
-resource "proxmox_virtual_environment_file" "swarm_worker" {
-  count        = var.worker_count
-  content_type = "snippets"
-  datastore_id = var.proxmox_image_storage
-  node_name    = "pve"
-
-  source_raw {
-    data      = <<EOF
-${var.common_cloud_init}
-
-hostname: ${local.workers[count.index].name}
-EOF
-    file_name = "${local.workers[count.index].name}.cloud-config.yaml"
-  }
-}
 
 resource "proxmox_virtual_environment_vm" "swarm_worker" {
   count       = var.worker_count
@@ -166,7 +151,7 @@ resource "proxmox_virtual_environment_vm" "swarm_worker" {
     }
     datastore_id = var.proxmox_image_storage
 
-    user_data_file_id = proxmox_virtual_environment_file.swarm_worker[count.index].id
+    user_data_file_id = var.cloud_init_file_id
   }
 
   network_device {
@@ -177,7 +162,24 @@ resource "proxmox_virtual_environment_vm" "swarm_worker" {
     type = "l26"
   }
 
+  connection {
+    type        = "ssh"
+    user        = "ubuntu"
+    private_key = file(var.ssh_private_key_file)
+    host        = split("/", self.initialization[0].ip_config[0].ipv4[0].address)[0]
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo hostnamectl set-hostname ${self.name}",
+      "sudo systemctl restart avahi-daemon",
+    ]
+  }
+
   lifecycle {
+    ignore_changes = [
+      initialization[0].user_data_file_id,
+    ]
   }
 }
 
diff --git a/tf/modules/docker-swarm/variables.tf b/tf/modules/docker-swarm/variables.tf
index 90ed673..0019eec 100644
--- a/tf/modules/docker-swarm/variables.tf
+++ b/tf/modules/docker-swarm/variables.tf
@@ -35,7 +35,7 @@ variable "worker_count" {
   }
 }
 
-variable "common_cloud_init" {
+variable "cloud_init_file_id" {
   type        = string
   description = "Base cloud-init template"
 }
@@ -53,3 +53,8 @@ variable "subnet_cidr" {
 variable "dns_server_ip" {
   type = string
 }
+
+variable "ssh_private_key_file" {
+  type = string
+  description = "Path to private key file. Make sure this matches the public key defined in the cloud init."
+}
diff --git a/tf/modules/k8s/main.tf b/tf/modules/k8s/main.tf
index 99e7ad3..4186b6f 100644
--- a/tf/modules/k8s/main.tf
+++ b/tf/modules/k8s/main.tf
@@ -82,7 +82,7 @@ resource "proxmox_virtual_environment_vm" "k8s_control_plane" {
     }
     datastore_id = var.proxmox_image_storage
 
-    user_data_file_id = proxmox_virtual_environment_file.k8s_control_plane[count.index].id
+    user_data_file_id = var.cloud_init_file_id
   }
 
   network_device {
@@ -93,7 +93,24 @@ resource "proxmox_virtual_environment_vm" "k8s_control_plane" {
     type = "l26"
   }
 
+  connection {
+    type        = "ssh"
+    user        = "ubuntu"
+    private_key = file(var.ssh_private_key_file)
+    host        = split("/", self.initialization[0].ip_config[0].ipv4[0].address)[0]
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo hostnamectl set-hostname ${self.name}",
+      "sudo systemctl restart avahi-daemon",
+    ]
+  }
+
   lifecycle {
+    ignore_changes = [
+      initialization[0].user_data_file_id,
+    ]
   }
 }
 
@@ -154,7 +171,7 @@ resource "proxmox_virtual_environment_vm" "k8s_worker" {
     }
     datastore_id = var.proxmox_image_storage
 
-    user_data_file_id = proxmox_virtual_environment_file.k8s_worker[count.index].id
+    user_data_file_id = var.cloud_init_file_id
   }
 
   network_device {
@@ -165,58 +182,27 @@ resource "proxmox_virtual_environment_vm" "k8s_worker" {
     type = "l26"
   }
 
+  connection {
+    type        = "ssh"
+    user        = "ubuntu"
+    private_key = file(var.ssh_private_key_file)
+    host        = split("/", self.initialization[0].ip_config[0].ipv4[0].address)[0]
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo hostnamectl set-hostname ${self.name}",
+      "sudo systemctl restart avahi-daemon",
+    ]
+  }
+
   lifecycle {
+    ignore_changes = [
+      initialization[0].user_data_file_id,
+    ]
   }
 }
 
-resource "proxmox_virtual_environment_file" "k8s_control_plane" {
-  count        = var.control_plane_count
-  content_type = "snippets"
-  datastore_id = var.proxmox_image_storage
-  node_name    = "pve"
-
-  source_raw {
-    data      = <<EOF
-${var.common_cloud_init}
-
-hostname: ${local.control_plane[count.index].name}
-EOF
-    file_name = "${local.control_plane[count.index].name}.cloud-config.yaml"
-  }
-}
-
-
-resource "proxmox_virtual_environment_file" "k8s_worker" {
-  count        = var.worker_count
-  content_type = "snippets"
-  datastore_id = var.proxmox_image_storage
-  node_name    = "pve"
-
-  source_raw {
-    data      = <<EOF
-${var.common_cloud_init}
-
-hostname: ${local.workers[count.index].name}
-EOF
-    file_name = "${local.workers[count.index].name}.cloud-config.yaml"
-  }
-}
-
-resource "proxmox_virtual_environment_file" "k8s_storage_worker" {
-  count        = var.storage_worker_count
-  content_type = "snippets"
-  datastore_id = var.proxmox_image_storage
-  node_name    = "pve"
-
-  source_raw {
-    data      = <<EOF
-${var.common_cloud_init}
-
-hostname: ${local.storage_workers[count.index].name}
-EOF
-    file_name = "${local.storage_workers[count.index].name}.cloud-config.yaml"
-  }
-}
 
 # This is currently how we create "disks" that are independent of a VM: by
 # creating a dummy VM with a disk and then attaching the disk. This way, we
@@ -312,7 +298,7 @@ resource "proxmox_virtual_environment_vm" "k8s_storage_worker" {
     }
     datastore_id = var.proxmox_image_storage
 
-    user_data_file_id = proxmox_virtual_environment_file.k8s_storage_worker[count.index].id
+    user_data_file_id = var.cloud_init_file_id
   }
 
   network_device {
@@ -323,7 +309,24 @@ resource "proxmox_virtual_environment_vm" "k8s_storage_worker" {
     type = "l26"
   }
 
+  connection {
+    type        = "ssh"
+    user        = "ubuntu"
+    private_key = file(var.ssh_private_key_file)
+    host        = split("/", self.initialization[0].ip_config[0].ipv4[0].address)[0]
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo hostnamectl set-hostname ${self.name}",
+      "sudo systemctl restart avahi-daemon",
+    ]
+  }
+
   lifecycle {
+    ignore_changes = [
+      initialization[0].user_data_file_id,
+    ]
   }
 }
 
diff --git a/tf/modules/k8s/variables.tf b/tf/modules/k8s/variables.tf
index f7b01c1..22eeb67 100644
--- a/tf/modules/k8s/variables.tf
+++ b/tf/modules/k8s/variables.tf
@@ -58,7 +58,7 @@ variable "storage_size" {
   default     = 32
 }
 
-variable "common_cloud_init" {
+variable "cloud_init_file_id" {
   type        = string
   description = "Base cloud-init template"
 }
@@ -76,3 +76,8 @@ variable "subnet_cidr" {
 variable "dns_server_ip" {
   type = string
 }
+
+variable "ssh_private_key_file" {
+  type = string
+  description = "Path to private key file. Make sure this matches the public key defined in the cloud init."
+}
diff --git a/tf/pools.tf b/tf/pools.tf
index 04ecad6..a24a9c6 100644
--- a/tf/pools.tf
+++ b/tf/pools.tf
@@ -2,3 +2,4 @@ resource "proxmox_virtual_environment_pool" "core" {
   comment = "Managed by Terraform"
   pool_id = "core"
 }
+
diff --git a/tf/providers.tf b/tf/providers.tf
index 9814abb..8be3ef2 100644
--- a/tf/providers.tf
+++ b/tf/providers.tf
@@ -12,6 +12,29 @@ terraform {
       source  = "ansible/ansible"
       version = "1.3.0"
     }
+    dns = {
+      source  = "hashicorp/dns"
+      version = "3.4.2"
+    }
+  }
+
+  backend "s3" {
+    bucket = "tfstate"
+
+    endpoints = {
+      s3 = var.s3_backend_endpoint
+    }
+
+    key        = "homelab.tfstate"
+    access_key = var.s3_access_key
+    secret_key = var.s3_secret_key
+
+    region                      = "main" # Region validation will be skipped
+    skip_credentials_validation = true   # Skip AWS related checks and validations
+    skip_requesting_account_id  = true
+    skip_metadata_api_check     = true
+    skip_region_validation      = true
+    use_path_style              = true
   }
 }
 
@@ -24,3 +47,12 @@ provider "proxmox" {
     username = "root"
   }
 }
+
+provider "dns" {
+  update {
+    server        = local.dns_server_ip
+    key_name      = "terraform.mnke.org."
+    key_algorithm = "hmac-sha256"
+    key_secret    = var.technitium_tsig_secret
+  }
+}
diff --git a/tf/variables.tf b/tf/variables.tf
index e7fb3aa..a0176d1 100644
--- a/tf/variables.tf
+++ b/tf/variables.tf
@@ -6,6 +6,7 @@ variable "proxmox_api_endpoint" {
 variable "proxmox_api_token" {
   type        = string
   description = "Proxmox API token bpg proxmox provider with ID and token"
+  sensitive   = true
 }
 
 variable "gateway" {
@@ -44,3 +45,13 @@ variable "ssh_import_id" {
   type = string
   # example = "gh:tonyd33"
 }
+
+variable "technitium_tsig_secret" {
+  type      = string
+  sensitive = true
+}
+
+variable "ssh_private_key_file" {
+  type = string
+  description = "Path to private key file. Make sure this matches the public key defined in the cloud init."
+}
diff --git a/tf/vars.auto.tfvars b/tf/vars.auto.tfvars
index 8300a5b..bb65287 100644
--- a/tf/vars.auto.tfvars
+++ b/tf/vars.auto.tfvars
@@ -1,6 +1,8 @@
 proxmox_image_storage = "proxmox-local-directory"
 proxmox_vm_storage    = "proxmox-local-directory"
-gateway = "10.0.0.1"
+gateway               = "10.0.0.1"
 
 username      = "tony"
 ssh_import_id = "gh:tonyd33"
+
+ssh_private_key_file = "~/.ssh/id_rsa"