diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
new file mode 100644
index 0000000..289ca46
--- /dev/null
+++ b/.terraform.lock.hcl
@@ -0,0 +1,23 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/terraform-lxd/lxd" {
+  version     = "1.10.4"
+  constraints = "1.10.4"
+  hashes = [
+    "h1:bXGKFYEGvMUcFXzqbeuBuowMWANGchExHYHfmRynLGM=",
+    "zh:05cecd3928cf51c4f4bb081f5a5a9081c545f0c69087541e82ad92b57633e145",
+    "zh:18f9e5221adcc46a51917387959c64020142ec071880cd9ec43657cab24bb4ec",
+    "zh:486a5afb0f3fa33c6192ecdcbc08d5a2a936d30be3e5c6fa0725b12a1278cd37",
+    "zh:63bbf325f12ca9402483bd52b01fb455ff5e51b8f761cda136f8f48ae8226195",
+    "zh:6b3bdda7b857a6e0c0cc6ee78b018df6a72ddb738ee8831b19c3640b57e169c4",
+    "zh:795154f7632675ee881296034755955d4e891141086f0d3ce57cfdc103c2b800",
+    "zh:8218468736d15f0d0c2f7c41c9cdaefe9ac8388d676f2284118ae4818dd1504f",
+    "zh:89760aa6034befb723ee569dd807645b6fdee1fa105e40eab38fe72c5e8ea9ec",
+    "zh:91c3c20467e88143d2a5ce7bca8d9bb0774026215dbf634dff031abd0f55e59f",
+    "zh:9332081c150e0f2ea7f3a4f7a522a0bc7ba1edb7e94eb2d2c7e328610752e7e3",
+    "zh:947eb2094a036075f99964d720d5f611bc48d37c26c3db1d789488ae12a05056",
+    "zh:9ef747640207e23923b576182165eb819266ac769bd479add23a06833811aa3b",
+    "zh:f0c6d452e6ebb44433861936794697bbdfc7b4364b65e36363b8c80a1f79c9a2",
+  ]
+}
diff --git a/README.md b/README.md
index aed12e9..b346bde 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,86 @@
 # terraform-lxd
+Terraform with LXD: Creates a LXD Container, ZFS Pool, Userdata, etc.
 
+## Provider
+
+Using the [terraform-provider-lxd](https://registry.terraform.io/providers/terraform-lxd/lxd/latest/docs) to provision a LXD container.
+
+## Pre-Requisites
+
+You will require a host with LXD and you will also require to initialize the host and setup remote connections:
+```bash
+sudo snap install lxd
+lxd init --minimal
+lxc config set core.https_address IP_ADDRESS:8443
+lxc config set core.trust_password A-SECURE-LXD-PASSWORD
+sudo ufw allow in on lan to IP_ADDRESS port 8443 proto tcp
+sudo ufw allow in on wg0 to IP_ADDRESS port 8443 proto tcp
+```
+
+## Setup the client machine e.g. a notebook
+```bash
+sudo snap install lxd
+lxc remote add zot IP_ADDRESS
+lxc remote switch zot
+lxc remote list
+lxc list # shows instances running on the server zot
+lxc shell ubuntu # login as root to the container ubuntu
+lxc exec ubuntu -- uname -a # run a command inside the container ubuntu
+```
+
+## Terraform
+
+Populate your `lxd_host`, `lxd_password` and other variables in `terraform.tfvars` to fit your environment.
+
+Then provision a lxd instance and a zfs storage pool with terraform:
+
+```bash
+terraform init
+terraform plan
+terraform apply
+
+Outputs:
+
+ip = "10.0.10.134"
+```
+Execute the interactive shell inside the instance 
+
+`lxc shell ubuntu`
+
+Check if the configuration finished
+
+`cloud-init status --wait`
+
+Check the validation status
+
+`cloud-init schema --system --annotate`
+
+See the config
+
+`cloud-init query userdata`
+
+Delete the container ubuntu using terraform
+
+`terraform destroy --target lxd_instance.ubuntu`
+
+## SSH Config
+
+Then we should be able to ssh as an ldap user e.g. john:
+
+```bash
+$ ssh john@ubuntu.lxd
+Warning: Permanently added 'x.x.x.x' (x) to the list of known hosts.
+Warning: Permanently added '10.0.10.134' (ED25519) to the list of known hosts.
+Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.4.0-122-generic x86_64)
+
+john@ubuntu:~$
+```
+Or as ubuntu using a private key. The public key is set in the variable `ssh_pub_key` in file `terraform.tfvars`
+```bash
+$ ssh -i .ssh/id_ed25519 ubuntu@ubuntu.lxd
+Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.4.0-122-generic x86_64)
+
+ubuntu@ubuntu:~$
+```
+## If groups have changed in the LDAP cache must be invalidated. Flush nscd groups cache
+`sudo nscd --invalidate=group`
\ No newline at end of file
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..33f4184
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,149 @@
+resource "lxd_storage_pool" "virt" {
+  name   = "virt-pool"
+  driver = "zfs"
+  config = {
+    source          = "/var/snap/lxd/common/lxd/disks/virt-pool.img"
+    "zfs.pool_name" = "virt-pool"
+    size            = "50GB"
+  }
+}
+
+resource "lxd_volume" "volume" {
+  name = "virt-volume"
+  pool = lxd_storage_pool.virt.name
+  config = {
+    size = "10GB"
+  }
+}
+
+resource "lxd_network" "lxdbr1" {
+  name = "lxdbr1"
+  type = "bridge"
+  config = {
+    "ipv4.address" = "10.0.10.1/24"
+    "ipv4.nat"     = "true"
+    "ipv6.address" = "none"
+  }
+}
+
+resource "lxd_profile" "virt" {
+  name        = "virt"
+  description = "virt LXD profile"
+
+  config = {
+    "limits.cpu"    = 2
+    "limits.memory" = "3GB"
+  }
+
+  device {
+    name = "eth0"
+    type = "nic"
+
+    properties = {
+      name    = "eth0"
+      network = "lxdbr1"
+    }
+  }
+
+  device {
+    type = "disk"
+    name = "root"
+
+    properties = {
+      pool = lxd_storage_pool.virt.name
+      path = "/"
+      size = "5GiB"
+    }
+  }
+}
+locals {
+  # 'lxc.idmap' and 'lxc.cgroup2.devices.allow'
+  # couse errors
+  lxc-raw           = <<EOF
+lxc.idmap =
+lxc.idmap = u 0 100000 65536
+lxc.idmap = g 0 100000 44
+lxc.idmap = g 44 44 1
+lxc.idmap = g 45 100045 65
+lxc.idmap = g 110 109 1
+lxc.idmap = g 111 100111 65425
+lxc.cgroup2.devices.allow = c 226:0 rwm
+lxc.cgroup2.devices.allow = c 226:128 rwm
+lxc.mount.entry = /dev/dri/card0 dev/dri/card0 none bind,optional,create=file
+lxc.mount.entry = /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file
+EOF
+  cloud-init-config = <<EOF
+#cloud-config
+disable_root: True
+ssh_pwauth: True
+users:
+  - default
+package_upgrade: true
+apt:
+  debconf_selections:
+    set01: ldap-auth-config ldap-auth-config/bindpw password ${var.ldap_rootbindpw}
+    set02: ldap-auth-config ldap-auth-config/rootbindpw password ${var.ldap_rootbindpw}
+    set03: ldap-auth-config ldap-auth-config/ldapns/ldap-server string ${var.ldap_url}
+    set04: ldap-auth-config ldap-auth-config/dblogin boolean false
+    set05: ldap-auth-config ldap-auth-config/override boolean true
+    set06: ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3
+    set07: ldap-auth-config ldap-auth-config/rootbinddn string ${var.ldap_rootbinddn}
+    set08: ldap-auth-config ldap-auth-config/pam_password select crypt
+    set09: ldap-auth-config ldap-auth-config/ldapns/base-dn string ${var.ldap_searchbase}
+    set10: ldap-auth-config ldap-auth-config/move-to-debconf boolean true
+    set11: ldap-auth-config ldap-auth-config/dbrootlogin boolean true
+packages:
+  - libnss-ldap
+  - libpam-ldap
+  - ldap-utils
+  - nscd
+timezone: Europe/Bratislava
+runcmd:
+  - sed -i '/^passwd:/ s/$/ ldap/' /etc/nsswitch.conf
+  - sed -i '/^group:/ s/$/ ldap/' /etc/nsswitch.conf 
+  - sed -i 's/use_authtok//' /etc/pam.d/common-password
+  - echo "session optional  pam_mkhomedir.so  skel=/etc/skel  umask=077" >>/etc/pam.d/common-session
+EOF
+}
+
+resource "lxd_cached_image" "jammy" {
+  source_remote = "ubuntu"
+  source_image  = "22.04"
+}
+
+resource "lxd_instance" "ubuntu" {
+  name      = "ubuntu"
+  image     = lxd_cached_image.jammy.fingerprint
+  profiles  = ["virt"]
+  ephemeral = false
+
+  config = {
+    "boot.autostart" = true
+    "user.user-data" = local.cloud-init-config
+    # "raw.lxc"        = local.lxc-raw
+  }
+
+  limits = {
+    cpu = 2
+  }
+
+  device {
+    name = "virt-volume"
+    type = "disk"
+    properties = {
+      path   = "/mnt/data"
+      source = lxd_volume.volume.name
+      pool   = lxd_storage_pool.virt.name
+    }
+  }
+
+  device {
+    name = "shareddisk"
+    type = "disk"
+    properties = {
+      path   = "/mnt/raid5"
+      source = "/mnt/raid5"
+    }
+  }
+}
+
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..d4a0863
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,3 @@
+output "ubuntu_ip" {
+  value = lxd_instance.ubuntu.ipv4_address
+}
diff --git a/provider.tf b/provider.tf
new file mode 100644
index 0000000..6d72d0c
--- /dev/null
+++ b/provider.tf
@@ -0,0 +1,24 @@
+terraform {
+  required_providers {
+    lxd = {
+      source  = "terraform-lxd/lxd"
+      version = "1.10.4"
+    }
+  }
+}
+
+provider "lxd" {
+  generate_client_certificates = true
+  accept_remote_certificate    = true
+
+  lxd_remote {
+    name     = "my-lxd-host"
+    scheme   = "https"
+    address  = var.lxd_host
+    port     = var.lxd_port
+    password = var.lxd_password
+    default  = true
+  }
+
+}
+
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..38890db
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,30 @@
+variable "lxd_host" {
+  type = string
+}
+
+variable "lxd_port" {
+  type    = string
+  default = "8443"
+}
+
+variable "lxd_password" {
+  type = string
+}
+
+variable "ldap_rootbinddn" {
+  type = string
+}
+
+variable "ldap_rootbindpw" {
+  type = string
+}
+
+variable "ldap_url" {
+  type = string
+}
+
+variable "ldap_searchbase" {
+  type = string
+}
+
+