kasun/homelab-infrastructure-as-code
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f89822e4f7f7d08cee97f0ee53ae309b56fcfc56
homelab-infrastructure-as-code/01-proxmox-infra/CLAUDE.md
T
kasun 94be23def7
Deploy Proxmox Infra / Pulumi Preview (pull_request) Successful in 1m8s
Details
Deploy Proxmox Infra / Pulumi Deploy (pull_request) Has been skipped
Details
Deploy k8s Infra / Pulumi Preview (pull_request) Successful in 47s
Details
Deploy k8s Infra / Pulumi Deploy (pull_request) Has been skipped
Details
fix: added shutdown logic to deployment yaml to speed up deployment runs
2026-06-01 22:33:43 +02:00

2.7 KiB
Raw Blame History

CLAUDE.md

This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.

Project Overview

This is a Pulumi TypeScript project (proxmox-infra) for provisioning VMs and LXC containers in Proxmox using the @muhlba91/pulumi-proxmoxve provider. The stack name is dev.

Common Commands

# Install dependencies
npm install

# Preview infrastructure changes
pulumi preview

# Sync Pulumi state with actual Proxmox state (run before up if resources were changed manually)
# Note: shut down all k3s VMs in Proxmox first — refresh is slow against running VMs
pulumi refresh --yes

# Deploy infrastructure
# Note: shut down all k3s VMs in Proxmox first, then run:
pulumi refresh --yes && pulumi up --yes

# Destroy infrastructure
pulumi destroy

# View current stack outputs
pulumi stack output

# View stack config
pulumi config

Architecture

  • Entry point: index.ts — all Pulumi resources are declared here
  • Provider: @muhlba91/pulumi-proxmoxve v8.x — community Proxmox provider (not an official Pulumi provider)
  • Stack: dev — configured in Pulumi.dev.yaml
  • Runtime: Node.js with npm, TypeScript compiled to bin/ (excluded from git)

CI/CD (Gitea Actions)

Workflow file: ../.gitea/workflows/deploy-proxmox-infra.yaml

Triggers: push to main and pull requests targeting main, scoped to changes under proxmox-infra/** or .gitea/workflows/**.

  • Pull requestpulumi preview (no changes deployed)
  • Push to mainpulumi refresh then pulumi up

Secrets required in Gitea (Settings → Actions → Secrets):

  • PULUMI_BACKEND_URL — PostgreSQL connection string for the self-hosted state backend
  • PULUMI_CONFIG_PASSPHRASE — passphrase used to decrypt secrets in Pulumi.dev.yaml
  • PULUMI_DEV_YAML — base64-encoded content of Pulumi.dev.yaml; update manually whenever the file changes: base64 -w 0 Pulumi.dev.yaml

Key Notes

  • Credentials for both Proxmox nodes are stored as encrypted secrets in Pulumi.dev.yaml and decrypted at runtime using PULUMI_CONFIG_PASSPHRASE. Do not pass Proxmox credentials via environment variables — the code uses config.requireSecret().
  • There are two Proxmox providers: pveProvider (main node pve) and pveBckpProvider (backup node pve-bckp). Always pass the correct provider when adding resources.
  • Pulumi.dev.yaml contains the encryption salt — never delete it or secrets become unrecoverable.
  • TypeScript is compiled with strict mode, nodenext module resolution, and noImplicitReturns — all functions must have explicit return types when TypeScript cannot infer them.
  • Don't add a co-author when committing to git.
Reference in New Issue View Git Blame Copy Permalink