kasun/homelab-infrastructure-as-code
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ae6c77915d5048dc926391ac6628085fd06c15a6
homelab-infrastructure-as-code/proxmox-infra/CLAUDE.md
T
kasun ae6c77915d
Deploy Proxmox Infra / Pulumi Preview (push) Has been skipped
Details
Deploy Proxmox Infra / Pulumi Deploy (push) Successful in 52s
Details
modified claude.md
2026-05-28 00:32:44 +02:00

63 lines
2.5 KiB
Markdown
Raw Blame History

# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Project Overview
This is a Pulumi TypeScript project (`proxmox-infra`) for provisioning VMs and LXC containers in Proxmox using the `@muhlba91/pulumi-proxmoxve` provider. The stack name is `dev`.
## Common Commands
```bash
# Install dependencies
npm install
# Preview infrastructure changes
pulumi preview
# Sync Pulumi state with actual Proxmox state (run before up if resources were changed manually)
pulumi refresh --yes
# Deploy infrastructure
pulumi refresh --yes && pulumi up --yes
# Destroy infrastructure
pulumi destroy
# View current stack outputs
pulumi stack output
# View stack config
pulumi config
```
## Architecture
- **Entry point**: `index.ts` — all Pulumi resources are declared here
- **Provider**: `@muhlba91/pulumi-proxmoxve` v8.x — community Proxmox provider (not an official Pulumi provider)
- **Stack**: `dev` — configured in `Pulumi.dev.yaml`
- **Runtime**: Node.js with `npm`, TypeScript compiled to `bin/` (excluded from git)
## CI/CD (Gitea Actions)
Workflow file: `../.gitea/workflows/deploy-proxmox-infra.yaml`
Triggers: push to `main` and pull requests targeting `main`, scoped to changes under `proxmox-infra/**` or `.gitea/workflows/**`.
- **Pull request** → `pulumi preview` (no changes deployed)
- **Push to main** → `pulumi refresh` then `pulumi up`
Secrets required in Gitea (`Settings → Actions → Secrets`):
- `PULUMI_BACKEND_URL` — PostgreSQL connection string for the self-hosted state backend
- `PULUMI_CONFIG_PASSPHRASE` — passphrase used to decrypt secrets in `Pulumi.dev.yaml`
- `PULUMI_DEV_YAML` — base64-encoded content of `Pulumi.dev.yaml` (auto-synced by pre-push hook)
## Key Notes
- Credentials for both Proxmox nodes are stored as encrypted secrets in `Pulumi.dev.yaml` and decrypted at runtime using `PULUMI_CONFIG_PASSPHRASE`. Do not pass Proxmox credentials via environment variables — the code uses `config.requireSecret()`.
- There are two Proxmox providers: `pveProvider` (main node `pve`) and `pveBckpProvider` (backup node `pve-bckp`). Always pass the correct provider when adding resources.
- `Pulumi.dev.yaml` contains the encryption salt — never delete it or secrets become unrecoverable.
- TypeScript is compiled with strict mode, `nodenext` module resolution, and `noImplicitReturns` — all functions must have explicit return types when TypeScript cannot infer them.
- Don't add a co-author when committing to git.
Reference in New Issue View Git Blame Copy Permalink