# terraform-lxd
Terraform with LXD: Creates a LXD Container, ZFS Pool, Userdata, etc.

## Provider

Using the [terraform-provider-lxd](https://registry.terraform.io/providers/terraform-lxd/lxd/latest/docs) to provision a LXD container.

## Pre-Requisites

You will require a host with LXD and you will also require to initialize the host and setup remote connections:
```bash
sudo snap install lxd
lxd init --minimal
lxc config set core.https_address IP_ADDRESS:8443
lxc config set core.trust_password A-SECURE-LXD-PASSWORD
sudo ufw allow in on lan to IP_ADDRESS port 8443 proto tcp
sudo ufw allow in on wg0 to IP_ADDRESS port 8443 proto tcp
```

## Setup the client machine e.g. a notebook
```bash
sudo snap install lxd
lxc remote add zot IP_ADDRESS
lxc remote switch zot
lxc remote list
lxc list # shows instances running on the server zot
lxc shell ubuntu # login as root to the container ubuntu
lxc exec ubuntu -- uname -a # run a command inside the container ubuntu
```

## Terraform

Populate your `lxd_host`, `lxd_password` and other variables in `terraform.tfvars` to fit your environment.

Then provision a lxd instance and a zfs storage pool with terraform:

```bash
terraform init
terraform plan
terraform apply

Outputs:

ip = "10.0.10.134"
```
Execute the interactive shell inside the instance 

`lxc shell ubuntu`

Check if the configuration finished

`cloud-init status --wait`

Check the validation status

`cloud-init schema --system --annotate`

See the config

`cloud-init query userdata`

Delete the container ubuntu using terraform

`terraform destroy --target lxd_instance.ubuntu`

## SSH Config

Then we should be able to ssh as an ldap user e.g. john:

```bash
$ ssh john@ubuntu.lxd
Warning: Permanently added 'x.x.x.x' (x) to the list of known hosts.
Warning: Permanently added '10.0.10.134' (ED25519) to the list of known hosts.
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.4.0-122-generic x86_64)

john@ubuntu:~$
```
Or as ubuntu using a private key. The public key is set in the variable `ssh_pub_key` in file `terraform.tfvars`
```bash
$ ssh -i .ssh/id_ed25519 ubuntu@ubuntu.lxd
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.4.0-122-generic x86_64)

ubuntu@ubuntu:~$
```
## If groups have changed in the LDAP cache must be invalidated. Flush nscd groups cache
`sudo nscd --invalidate=group`